Minor fixes

Malcolm-Stewart · Malcolm-Stewart · commit 64bf612b1ac1 · 2022-02-08T12:04:39.000-05:00
Fixed the SupportedEncryptionTypes registry key.
Fixed the SupportedEncryptionTypes warning message test.
Fixed an incorrect filed name in the Contrained Delegation SPNs report.
diff --git a/SQLCheck/SQLCheck/Collectors.cs b/SQLCheck/SQLCheck/Collectors.cs
@@ -678,13 +678,15 @@ public static void CollectSecurity(DataSet ds)
             // Kerbeos enabled encryption methods
             //
 
-            string kerbEncrypt = Utility.GetRegistryValueAsString(@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Kerberos\Parameters", "SupportedEncryptionTypes", RegistryValueKind.DWord, "");
+            // string kerbEncrypt = Utility.GetRegistryValueAsString(@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Kerberos\Parameters", "SupportedEncryptionTypes", RegistryValueKind.DWord, "");
+            string kerbEncrypt = Utility.GetRegistryValueAsString(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters", "SupportedEncryptionTypes", RegistryValueKind.DWord, "");
+
             if (kerbEncrypt == "") kerbEncrypt = "Not Specified"; 
             int encrypt = kerbEncrypt == "Not Specified" ? 28 : kerbEncrypt.ToInt();  // 0x1C = 28 decimal = RC4 + AES128 + AES256
             if (encrypt == 0) encrypt = 4; // RC4
             string encryptNames = Utility.KerbEncryptNames(encrypt);
             Security["KerberosLocalEncryption"] = $"{kerbEncrypt} ({encryptNames})";
-            if (encrypt != 0 && encrypt != 4) Security.LogWarning("RC4 encryption for Kerberos has been disabled.");
+            if (encrypt != 0 && (((byte)encrypt & 4) != 4)) Security.LogWarning("RC4 encryption for Kerberos has been disabled.");
 
             //
             // Warn if change in cryptography providers (default is rsaenh.dll) in:
diff --git a/SQLCheck/SQLCheck/Properties/AssemblyInfo.cs b/SQLCheck/SQLCheck/Properties/AssemblyInfo.cs
@@ -10,7 +10,7 @@
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("Microsoft Corporation - SQL Server Customer Support")]
 [assembly: AssemblyProduct("SQLCheck")]
-[assembly: AssemblyCopyright("Copyright ©  2021")]
+[assembly: AssemblyCopyright("Copyright ©  2021, 2022")]
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 
@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.1193.0")]
-[assembly: AssemblyFileVersion("1.0.1193.0")]
+[assembly: AssemblyVersion("1.0.1196.0")]
+[assembly: AssemblyFileVersion("1.0.1196.0")]
diff --git a/SQLCheck/SQLCheck/TextReport.cs b/SQLCheck/SQLCheck/TextReport.cs
@@ -569,7 +569,7 @@ static void ReportService(DataSet ds, TextWriter s)  // outputs computer and dom
                 s.WriteLine();
                 rf = new ReportFormatter();
                 rf.SetColumnNames("Account:L", "SPN:L");
-                foreach (DataRow ConstrainedDelegationSPN in dtConstrainedDelegationSPN.Select("","Account,SPN"))
+                foreach (DataRow ConstrainedDelegationSPN in dtConstrainedDelegationSPN.Select("","ServiceAccount,SPN"))
                 {
                     rf.SetcolumnData(ConstrainedDelegationSPN.GetString("ServiceAccount"),
                                      ConstrainedDelegationSPN.GetString("SPN"));
@@ -909,11 +909,11 @@ static void ReportMessages(DataSet ds, TextWriter s, string tableName, int table
             DataView dv = null;
             if (tableRow == -1)  // Messages for all rows
             {
-                dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}'", "Severity desc", DataViewRowState.CurrentRows);
+                dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}'", "Severity desc, Message asc", DataViewRowState.CurrentRows);
             }
             else
             {
-                dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}' AND TableRow={tableRow}", "Severity desc", DataViewRowState.CurrentRows);
+                dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}' AND TableRow={tableRow}", "Severity desc, Message asc", DataViewRowState.CurrentRows);
             }
             
             if (dv.Count == 0)

Original file line number	Diff line number	Diff line change
`@@ -569,7 +569,7 @@ static void ReportService(DataSet ds, TextWriter s) // outputs computer and dom`
`569`	`569`	`s.WriteLine();`
`570`	`570`	`rf = new ReportFormatter();`
`571`	`571`	`rf.SetColumnNames("Account:L", "SPN:L");`
`572`		`- foreach (DataRow ConstrainedDelegationSPN in dtConstrainedDelegationSPN.Select("","Account,SPN"))`
	`572`	`+ foreach (DataRow ConstrainedDelegationSPN in dtConstrainedDelegationSPN.Select("","ServiceAccount,SPN"))`
`573`	`573`	`{`
`574`	`574`	`rf.SetcolumnData(ConstrainedDelegationSPN.GetString("ServiceAccount"),`
`575`	`575`	`ConstrainedDelegationSPN.GetString("SPN"));`
`@@ -909,11 +909,11 @@ static void ReportMessages(DataSet ds, TextWriter s, string tableName, int table`
`909`	`909`	`DataView dv = null;`
`910`	`910`	`if (tableRow == -1) // Messages for all rows`
`911`	`911`	`{`
`912`		`- dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}'", "Severity desc", DataViewRowState.CurrentRows);`
	`912`	`+ dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}'", "Severity desc, Message asc", DataViewRowState.CurrentRows);`
`913`	`913`	`}`
`914`	`914`	`else`
`915`	`915`	`{`
`916`		`- dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}' AND TableRow={tableRow}", "Severity desc", DataViewRowState.CurrentRows);`
	`916`	`+ dv = new DataView(ds.Tables["Message"], $"TableName='{tableName}' AND TableRow={tableRow}", "Severity desc, Message asc", DataViewRowState.CurrentRows);`
`917`	`917`	`}`
`918`	`918`
`919`	`919`	`if (dv.Count == 0)`