Detection:
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters"
$regName = "CloudKerberosTicketRetrievalEnabled"
$expectedValue = 1
try {
if (Test-Path $regPath) {
$currentValue = Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue
if ($currentValue -ne $null -and $currentValue.$regName -eq $expectedValue) {
Write-Host "Value exists and is set correctly."
exit 0
}
}
Write-Host "Value doesn't exist or is not set correctly."
exit 1
}
catch {
Write-Host "Error checking registry value."
exit 1
}
Remediation:
try {
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters" /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1 /f
exit 0
}
catch {
Write-Host "Error setting registry value."
exit 1
}
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1