Hardens permissions on Server service to prevent session enumeration by all users.

Usage: NetSessionEnumHarden.exe [-u] | [-r] | [-ro] [-f CSV | XML]
-u Update Permissions
-r Restore Permissions
-ro Restore Original Permissions
-f Specify output format (CSV or XML). Default is XML.

Called without switches the permissions are enumerated on registry value:
Key: HKLM\System\CurrentControlSet\Services\LanManServer\DefaultSecurity
Value: SrvsvcSessionInfo

If no parameters are specified, the default action is to enumerate the permissions and write them to the console and application event log.

If the -u switch is specified, the permissions for Authenticiated Users is removed, and QueryValues permissions for the following identities are added:
  • InteractiveSid
  • ServiceSid
  • BatchSid

If -r switch is specified, registry key is restored from the default backup registry value, "SrvsvcSessionInfoBackup".

If -ro switch is specified, registry key is restored from the default backup registry value, "SrvsvcSessionInfoBackupOriginal".

When -u is specified, two backups are created:

"SrvsvcSessionInfoBackup" and "SrvsvcSessionInfoBackupOriginal".

SrvsvcSessionInfoBackupOriginal is never overwritten. SrvsvcSessionInfoBackup is overwritten every time it is run with -u.

NOTE:
  • Restarting the server service (or the computer) is required for the changes to go into effect.
  • Works on computers where PowerShell is not an option due to it is disabled or configured for Constrained Language Mode.
  • Requires .NET Framework 4.5.2 or higher.


Last edited Oct 22, 2016 at 8:46 PM by GregAskew, version 8