Skip to content

History

Jump to bottom
Robin Granberg edited this page Mar 27, 2019 · 19 revisions 
Version: 5.6.2
27 Mars, 2019

*SHA256:* 55CB7745DB9B5B5CC0E74E7294A5847A49180D96B0A235EED0B7C6D323800905

*Fixed issues*
** Wrong state of ACE in CSV when running a compare, "New" was shown as "Match"

*New Features*
** IF MSHTA.EXE is blocked or missing a browser will show the result in a HTML file. 

----
Version: 5.6.1
9 July, 2018

*SHA256:* B51FB4F0F794934C98CEBE9E850957D508BCF2AF1FDCC4F06C12929DBC8D8F85

*Fixed issues*
** Changed CSV file encoding from Unicode to UTF8.

----
Version: 5.6
8 January, 2018

*SHA256:* 908819F1E2BAAC1B8BDBDB58C4DA7325606173555E1188CBEE22D54E2A3D612A

*New Features*
** Run effective rights report from the command line.
** New parameter from command line to get modified date of security descriptor in report.

----
Version: 5.5.1
8 January, 2018

*SHA256:* 2206815374C5CDCF4091F177B60CFDADC2B9BFBDBBCE4B208A061AC3B403F115

*Fixed issues*
** Failed to run compare where objects are missing.

----
Version: 5.5
22 October, 2017

*SHA256:* 7BADE8A248F461325535C1240741AC57133D41EBA1557681A16B9EFE60158F11

*New Features*
** Supported output format for comparison report now includes CSV and EXCEL.

*Fixed issues*
** Translation of security principals failed when running compare mode.

----
Version: 5.4.4
18 September, 2017

*SHA256:* 89E4BC55774CA11A432FD731A0CA163CB4E7FF8383DF7E80EA44E6A28DB03227

*Fixed issues*
** Unresolved schemaGUID string will be written in report instead of nothing.
** Typo corrected 

----
Version: 5.4.3
20 August, 2017

*SHA256:* 534D84F4B46F63DAE278938873787BCA63CF8A2E1C9BFE3168C8DD06C6572D76

*Fixed issues*
** Convert CSV to HTML report was broken, missing parameter added.

----
Version: 5.4.2
29 August, 2017

*SHA256:* CC03A16FCDFA94B03DD61B0772B481100098D638A85D92B9023F3A143D61FC0E

*Fixed issues*
** Effective rights report broken, now comparing using SIDs instead of names.

----
Version: 5.4.1
26 August, 2017

*SHA256:* 8CB8785927EE353DEA60C1A0F331795D3AAC08EBF0D8D6D8311CB5A809A7E73D

*Fixed issues*
** Compare function got broken report.

----
Version: 5.4
25 August, 2017

*SHA256:* D6BAC8FD6E4BDA7931329E41F0BAEC4CA4A45232D046C777CC13A74138441C3E

*New Features*
** New output format. Save to excel file without excel installed. Both from UI and command line. Requires ImportExcel PowerShell Module.

----
Version: 5.3
25 August, 2017

*SHA256:* 39193B85E9B9977CF1231D14986D1799216D9AC132461806DC0C0F4F2710B54C

*Minor Fixed issues*
** Removed Splash Window
** Makes modal pop-up windows visible in the taskbar - exchange12rocks (Kirill Nikolaev)
** Replaced UNIX endings with Windows endings - exchange12rocks (Kirill Nikolaev)

----
Version: 5.2.1
30 June, 2017

*SHA256:* 5E80AC4E22EDC19878F1B9504F16EA0CFBA8E0D8DF18972157B0EC86AD6ED0B7

*Minor Fixed issues*
** New-GUID not recongnized in Windows PowerShell versions lower than 5.0

----
Version: 5.2
29 June, 2017

*SHA256:* B378746599D75747F38CD7E8BEEE67F04A62AC0F525E590CB3918C6015E23EC3

*Fixed issues*
** Unused variable name
** Simultaneously running instances mess up with each other`s data 
** Console errors are registered when a machine cannot connect to LDAP 

----
Version: 5.1
26 April, 2017

*SHA256:* 2EB425DC449B70F2741AEA8E982FADA5D5733D75E259D0B8F86EDD72BB6F10D9

*Fixed issues*
** Domain node was not included in the results, unless you used a custom filter.

----
Version: 5.0
9 April, 2017

*SHA256:* 4DA5B52BECED5829AAE53916CFF1FBF9222D0954F76F683DE90C21CC994C9C5C

*New Features*
** Command line support.
** Custom search filter for scanning objects. 
** Support input form pipeline. You can call ADACLScn.ps1 by sending a distinguishedName via pipeline.
** Added formated synopsis to the script.

*Fixed issues*
** Effective rights did not consider membership in Pre-Windows 2000 Compatible Access.
** Failed to scan objects with "/" in the name.Removed all instances of replacing distinguishedNames containing "/" with "\/". It's a legacy from when AD ACL Scanner was using SDS (System.DirectoryServices) namespace. S.DS.P (System.DirectoryServices.Protocols) take care of special characters.


----
Version: 4.8
7 February, 2017

*SHA256:* 8FCC040FA75E0593372C3F4397F26F0A1B7418A8B69491C08F565F5C566BA6E1

*New Features*
** Templates for Windows Server 2016
** Removed requirement on localization of names on well-known groups and built-in groups.
** Comparing using SIDs of security principals gives us the true state instead of names that could be modified.
** Better download windows.

*Fixed issues*
** Users could not view permissions due to the collection of attributes that user possibly didn't have access to. (Credit to Kirill Nikolaev, Kaspersky Lab)
** Removed unnecessary retrieval of ldap attributes. (Credit to Kirill Nikolaev, Kaspersky Lab)
** Removed unused functions (Credit to Kirill Nikolaev, Kaspersky Lab)
** Removed duplicated function name (Credit to Kirill Nikolaev, Kaspersky Lab)
** LoadWithPartialName is deprecated (Credit to Kirill Nikolaev, Kaspersky Lab)
** A mandatory parameter has a default value (Credit to Kirill Nikolaev, Kaspersky Lab)
** Fixed unreachable code (Credit to Kirill Nikolaev, Kaspersky Lab)
** Removed unused variables (Credit to Kirill Nikolaev, Kaspersky Lab)
** Fixed typo (Credit to Kirill Nikolaev, Kaspersky Lab) 

----
Version: 4.7.2
12 January, 2017

*SHA256:* C1FDC71E46229EA11482D99EBB80CA1A24C0284D3F01FAC618277EA9C91F98F0

*New Features*
** 

*Fixed issues*
** Browsing a container with more than 999 child objects and you will get (Exception calling "SendRequest" with "1" argument(s): "The size limit was exceeded")
** Updated windows size. Increased height to not render a scroll bar under large screen size.
** Reduced the window size when it is adapting to smaller screen size.


----
Version: 4.7.0
6 December, 2016

*SHA256:* 82DDB2263C7969AF5608246560A340CAB997F554CBE989A816A03C98F0E7582F

*New Features*
** Improved performance in preparing the scan. Updated function GetAllChildNodes. (Credit to Kirill Nikolaev, Kaspersky Lab)
** Improved support for connecting via IP-address only.
** Height of windows adapts to screen size.
** Better color coded criticality.

*Fixed issues*
** Removed unused LDAP attribute in LDAP search


----
Version: 4.6.0
6 October, 2016

*SHA256:* 2E80D4CD580B9EBD2AFC18FCE3614B386BA16ECEA7C416C81CD133B7361A003F

*New Features*
** Display group members in groups in the HTLM report.
** Present the value of the true SDDL in NTsecurityDescriptor, bypassing Object-Specific ACE merge done when a new instance of the ObjectSecurity class is initialized.
** Added Active Directory schema version check for Windows Server 2016.
** Added Exchange Schema Version check for Exchange Server 2016 CU2 and Exchange Server 2016 CU3

*Fixed issues*
** Get Forest Info search did not handle return of empty or zero response entries in a correct way 
** HTML and CSV file output option doesn't display HTA

----
Version: 4.5.0
19 June, 2016

*SHA256:* CDDA9E265995E23F8738A2914E4E05593F692B194C634DF0B4D9FBF1B6DC2298

*New Features*
** Added Exchange Schema Version check for Exchange Server 2016 CU1.(Credit to Kirill Nikolaev, Kaspersky Lab)

*Fixed issues*
** Heavily improved code for “Skip Default Permissions”. Removed possible memory problem while scanning many objects.
** Improved code for “Skip Protected Permissions”. One ACE was missing.
** Null-valued array error while composing the list of domains. (Credit to Kirill Nikolaev, Kaspersky Lab)
** Null-valued array error when closing domain picker window w/o actually selecting one. (Credit to Kirill Nikolaev, Kaspersky Lab)
** Updated LDAP filters for getting trusted domains.(Credit to Kirill Nikolaev, Kaspersky Lab)
** Fixed issues with use of credentials over trusts.
** Fixed issues with TokenGroups over trust lookup.
** Removed unused variables.
** Replaced aliases like %,?,Select,foreach and Sort.
** Put $null to the left in comparison strings.

----
Version: 4.4.0
16 June, 2016

*SHA256:* 2803906C909BB7DE7024FEE981BCE6D927A0826215051AEDD088D61C10F9AB97

*Fixed issues*
** Errors when scanning objects you don't have read access on.
** Comparing with template containing forest root failed when connected to child domain.
** Templates are updated with a more accurate DN.
** Errors when translating NT Identity fixed. 

----
Version: 4.3.0
2 May, 2016

*SHA256:* 3473DDB452DE7640FAB03CAD3E8AAF6A527BDD6A7A311909CFEF9DE0B4B78333

*New Features*
** You can exclude multiple paths, just for each object, select and right click to choose Exclude.

*Fixed issues*
** Unresolved security principals was shown as empty instead of SID.
** Searching for SID's included built-in groups that did not translate before compare.

----
Version: 4.2.0
14 April, 2016

*SHA256:* F340F6B56F11F879ED8A4C0DDA751FFF9538EE5105B2C0F39C79BED218E985E2:* 

*Fixed issues*
** The validated write was express as only "Self" in the report.
** The validated write was never enumerated from the list of ControlAccessRights.

----
Version: 4.1.0
12 April, 2016

*SHA256:* BE7ECB91AA0F819A1796739B0491CA4691DCBE718410CA8A7F9358B600754B2A

*Fixed issues*
** Comparing builtin groups differ from running on DC and domain member.
** Connecting to custom DC did not collected forest info.

----
Version: 4.0.0
11 April, 2016

*SHA256:* C72CD69C0E15C1A9A276485FD5073F958B26B1A777928740C67B7E347F38938B

*New Features*
** Faster compare of Access Control Lists using USN from replication metadata.
** Primary directory service API changed to System.DirectoryServices.Protocols (S.DS.P).
** Connect to custom directory server and port like mounted backup or snapshot of NTDS.dit.
** Support for scanning AD LDS Instances.
** Name translation of AD LDS Identity references in security descriptor.
** Option to connect using credentials.
** Export defaultSecurityDescriptor.
** Compare DefaultSecurityDescriptor.
** Download OS specific csv templates for DefaultSecuritydescriptor.
** Connection Information tab provides information about the current connection.
** Resizable Window

*Fixed issues*
** Change the column name in the header from "OU" to "Object".
** Display forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version did not work due to wrong formatting of attributes.
** Solved problem with returning schema version information about Exchange and Lync.
** Minor improvements in the GUI. 

----
Version: 3.2.0
7 September, 2015

*SHA1:* 61CB4D160B4003FDF51FFACDB777FF0DC28D83D1

*New Features*
** Report single or all classSchema objects default security descriptor.
** Option to select between DACL or SDDL output of default security descriptors.
** Displays forest information like FFL,DFL,Schema Version, Exchange and Lync Schema version.
----
Version: 3.1.0
2 September, 2015

*SHA1:* EBBB7083BE00108B14B661016A0D049EFF092971

*New Features*
** Option to show objectClass of objects reported
** Option skip ACE's for "Protect object from accidental deletion"
** Error control on .Net Framework CLRVersion
----
Version: 3.0.1
10 July, 2015


*Fixed issues*
** Reporting on modified default security descriptors in Schema did not work in Windows 10 or Windows Server Technical Preview 2.
----
Version: 3.0
9 July, 2015

*New Features*
** You can take a CSV file from one domain and use it for another. With replacing the old DN with the current domains you can resuse reports between domains. You can also replace the (Short domain name)Netbios name security principals.
** Reporting on modified default security descriptors in Schema.
** Verifying the format of the CSV files used in convert and compare functions.
** When comparing with CSV file Nodes missing in AD will be reported as "Node does not exist in AD"
** The progress bar can be disabled to gain speed in creating reports.
** If the fist node in the CSV file used for comparing can't be connected the scan will stop.

*Fixed issues*
** Only the first node in the CSV file was used in the comparison the rest was skipped.
** If a node in the CSV file did not exist in AD, the comparison failed.  
----
Version: 2.2.2
7 July, 2015

*Fixed issues*
** If you run AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would always get mismatch during comparing. Problem fixed with if statement on System.Enum in PowerShell 5. 
----
Version: 2.2.1
6 July, 2015

*New Features*
** Number of excluded objects reported in Log.

*Fixed issues*
** Broken scan! Everything are excluded when searching Onelevel or Subtree.
----
Version: 2.2.0
4 July, 2015

*New Features*
** Refresh Nodes by right-click container object. 
** Exclude of objects from report by matching string to distinguishedName
----
Version: 2.1.2
2 July, 2015

*Fixed issues*
** Every scan required SeSecurityPrivilege (Manage auditing and security log) due to modifications of the SecurityMasks. Now this is done only once you explicitly scan SACL's. 
----
Version: 2.1.1
12 June, 2015

*Fixed issues*
** If you ran AD ACL Scanner in Windows 10 or Windows Server Technical Preview 2 you would get an error. Problem fixed with if statement on System.Enum in PowerShell 5. 
----
Version: 2.1.0
21 May, 2015

*New Features*
** Changed format on CSV output file. New format according to regular CSV type.
** Removed dependency on Active Directory PowerShell module for reporting on SACL's.
** Rename html report headers, Rights are called Access and if SACL's is used it's called Audit.
** HTLM reports contain headers
** Summary of criticality for all report types
** Support statement included

*Fixed issues*
** Owner permissions are changed to the more accurate :Read permissions, Modify permissions.
** Error when running PS 2.0 "ProgressBarWindow".
** Correct name of SPN report file.
** Criticality coloring of "Info"-level fixed.
** Added error control for enumerating objects.
----
Version: 2.0.3
29 October, 2014

*Fixed issues*
** PS 2.0 "Where-Object : Cannot bind argument to 'FilterScript' because it is null":5369.
----
Version: 2.0.2
28 October, 2014

*New Features*
** Scan for SACL's
** Option to skip Splash through new parameter "NoSplash"
** Option to show help text through new parameter "Help"
** Translation of object GUID in CSV file.

*Fixed issues*
** Require connection to domain before converting CSV to  HTML, otherwise object GUID translation will fail.
----
Version: 2.0.1
15 October, 2014

*Fixed issues*
** issues related to connecting to ForestDnsZones and DomainDnsZones
----
Version: 2.0
October, 2014

*New Features*
** New GUI
** Progress Bar
** Better browsing experience
** Better logging function
** Bug fixes
Clone this wiki locally