PingCastle 3.3.0.1 (#262)

Author: vletoux

Healthcheck/HealthcheckAnalyzer.cs

@@ -900,6 +900,9 @@ private void GenerateComputerData(ADDomainInfo domainInfo, ADWebService adws)
                         if (!string.IsNullOrEmpty(x.OperatingSystemVersion) && x.OperatingSystem != null && x.OperatingSystem.Contains("Windows"))
                         {
                             string key = (x.OperatingSystem.Contains("Server") ? "s" : "w") + "|" + x.OperatingSystemVersion;
+                            var isLTSC = x.OperatingSystem.Contains("LTSC") || x.OperatingSystem.Contains("LTSB");
+                            if (isLTSC)
+                                key += "|LTSC";
                             if (!operatingSystemVersion.ContainsKey(key))
                             {
                                 operatingSystemVersion[key] = new HealthcheckOSVersionData(x);

Healthcheck/Rules/HeatlcheckRuleAnomalyAdminSDHolder.cs

@@ -32,8 +32,8 @@ public class HeatlcheckRuleAnomalyAdminSDHolder : RuleBase<HealthcheckData>
                     {
                         AddRawDetail(healthcheckData.AdminSDHolderNotOK[i].DistinguishedName);
                     }
+                    return null;
                 }
-                return null;
             }
             return healthcheckData.AdminSDHolderNotOKCount;
         }

Healthcheck/Rules/HeatlcheckRuleStaledDesEnabled.cs

@@ -38,8 +38,10 @@ public class HeatlcheckRuleStaledDesEnabled : RuleBase<HealthcheckData>
                         }
                     }
                 }
-                return null;
             }
+
+            if (healthcheckData.UserAccountData.NumberDesEnabled + healthcheckData.ComputerAccountData.NumberDesEnabled < maxNumDisplayAccount)
+                return null;
             return healthcheckData.UserAccountData.NumberDesEnabled + healthcheckData.ComputerAccountData.NumberDesEnabled;
         }
     }

Healthcheck/Rules/HeatlcheckRuleStaledPrimaryGroup.cs

@@ -24,8 +24,8 @@ public class HeatlcheckRuleStaledPrimaryGroup : RuleBase<HealthcheckData>
                     {
                         AddRawDetail(healthcheckData.UserAccountData.ListBadPrimaryGroup[i].DistinguishedName);
                     }
+                    return null;
                 }
-                return null;
             }
             return healthcheckData.UserAccountData.NumberBadPrimaryGroup;
         }

Healthcheck/Rules/HeatlcheckRuleStaledPwdNeverExpires.cs

@@ -25,8 +25,8 @@ public class HeatlcheckRuleStaledPwdNeverExpires : RuleBase<HealthcheckData>
                     {
                         AddRawDetail(healthcheckData.UserAccountData.ListPwdNeverExpires[i].DistinguishedName);
                     }
+                    return null;
                 }
-                return null;
             }
             return healthcheckData.UserAccountData.NumberPwdNeverExpires;
         }

Healthcheck/Rules/HeatlcheckRuleStaledPwdNotRequired.cs

@@ -25,8 +25,8 @@ public class HeatlcheckRuleStaledPwdNotRequired : RuleBase<HealthcheckData>
                     {
                         AddRawDetail(healthcheckData.UserAccountData.ListPwdNotRequired[i].DistinguishedName);
                     }
+                    return null;
                 }
-                return null;
             }
             return healthcheckData.UserAccountData.NumberPwdNotRequired;
         }

Healthcheck/Rules/RuleDescription.resx

@@ -176,7 +176,7 @@
     <value>The purpose is to make sure that there is a proper password policy in place for the native local administrator account.</value>
   </data>
   <data name="A_LAPS_Not_Installed_Solution" xml:space="preserve">
-    <value>If you don't have any provisioning process or password solution to manage local administrators, you should install the LAPS solution. If you mitigate the risk differently, you should add this rule as an exception, as the risk is covered.</value>
+    <value>If you don't have any provisioning process or password solution to manage local administrators, you should install the LAPS solution. If you address the risk through alternative measures, you can disregard this finding. Customers using Netwrix PingCastle Pro or Enterprise versions can add this item as an exception.</value>
   </data>
   <data name="A_LAPS_Not_Installed_Rationale" xml:space="preserve">
     <value>LAPS doesn't seem to be installed</value>

Program.cs

@@ -219,7 +219,7 @@ private void Run(string[] args)
             ConsoleMenu.Header = @"  \==--O___      PingCastle (Version " + version.ToString(4) + @"     " + ConsoleMenu.GetBuildDateTime(Assembly.GetExecutingAssembly()) + @")
    \  / \  ¨¨>   Get Active Directory Security at 80% in 20% of the time
     \/   \ ,’    " + (license.EndTime < DateTime.MaxValue ? "End of support: " + license.EndTime.ToString("yyyy-MM-dd") : "") + @"
-     O¨---O      To find out more about PingCastle, visit https://www.pingcastle.com                                              
+     O¨---O      To find out more about PingCastle, visit https://www.pingcastle.com
       \ ,'       For online documentation, visit https://helpcenter.netwrix.com/category/pingcastle
        v         For support and questions:
                  -	Open-source community, visit https://github.com/netwrix/pingcastle/issues

Properties/AssemblyInfo.cs

@@ -28,5 +28,5 @@
 //      Numéro de build
 //      Révision
 //
-[assembly: AssemblyVersion("3.3.0.0")]
-[assembly: AssemblyFileVersion("3.3.0.0")]
+[assembly: AssemblyVersion("3.3.0.1")]
+[assembly: AssemblyFileVersion("3.3.0.1")]

changelog.txt

@@ -1,3 +1,6 @@
+3.3.0.1
+* fix an issue where rule is not displayed when impacted users/computers count is less than 100.
+
 3.3.0.0
 * adjusted the rules S-DesEnabled, S-PwdNotRequired, S-PwdNeverExpires, P-Delegated, A-PreWin2000Other, S-PrimaryGroup, P-ServiceDomainAdmin, 
   A-AdminSDHolder to display directly the list of impacted users in the rule if the number is limited (hardcoded to 100) so Pro / Enterprise users can set accounts in exceptions