vletoux
commented
4 months ago Ping Castle is a larger product environment than just the audit program. Your PR include the possibility to exclude some control but the current implementation (reserverd for Pro / Enterprise) allows granularity and flexibility. Aka remove only one item while keeping the rule active, or applying an exception only during a time period, etc. Your PR impacts this code so I cannot accept it.
First off, thanks for such a great tool! As I've been using with PingCastle, I've had a need to exclude certain rules that may show up in the environment, but that I don't care to include in the scoring (e.g. they are acceptable risks within the environment). I didn't see a way to exclude specific rules, so I tried to take the simplest approach to providing a method for accomplish that from the command line.
Example:
PingCastle.exe --exclude-rules S-PwdLastSet-45,S-PwdLastSet-90