diff --git a/.github/workflows/Deploy MkDocs.yml b/.github/workflows/Deploy MkDocs.yml
index 889737e2..ea1ba028 100644
--- a/.github/workflows/Deploy MkDocs.yml
+++ b/.github/workflows/Deploy MkDocs.yml
@@ -10,7 +10,7 @@ on:
branches:
#- main # The branch you want to deploy from
- testing
- paths: # Only deploy MkDocs when the contents of the docs folder change or when this workflow changes.
+ paths: # Only deploy MkDocs when the contents of the docs folder change or when this workflow changes
- 'Docs/**'
- '.github/workflows/Deploy MkDocs.yml'
- './mkdocs.yml'
diff --git a/Docs/index.md b/Docs/index.md
index 79401356..82d8ce7e 100644
--- a/Docs/index.md
+++ b/Docs/index.md
@@ -1,7 +1,5 @@
-
# Locksmith
-
```text
_ _____ _______ _ _ _______ _______ _____ _______ _ _
| | | | |____/ |______ | | | | | |_____|
@@ -11,9 +9,7 @@
\'-' .---'-''-'-' \'-' .--'--''-'-' \'-' .--'--'-''-'
'--' '--' '--'
```
-
-A ~~tiny~~ small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
-
+A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
@@ -23,9 +19,7 @@ A ~~tiny~~ small tool built to find and fix common misconfigurations in Active D
-
## Contents
-
1. [Installation](#Installation)
2. [Run Locksmith](#RunLocksmith)
1. [Mode 0](#Mode0)
@@ -34,191 +28,137 @@ A ~~tiny~~ small tool built to find and fix common misconfigurations in Active D
4. [Mode 3](#Mode3)
5. [Mode 4](#Mode4)
6. [Scans](#Scans)
-
-
-
## Installation
### Prerequisites
-
1. Locksmith must be run on a domain joined system.
2. The ActiveDirectory and ServerManager PowerShell modules must be installed before importing the Locksmith module.
3. Administrative rights may be required for some checks and for remediation.
-
-
### Standard Module Installation
-
Open a PowerShell prompt and install Locksmith from the PowerShell Gallery:
-
```powershell
Install-Module -Name Locksmith -Scope CurrentUser
```
-
-
### Alternative Installation Methods
-
1. Download and Use the Module Without Installing It
-
1. Download the [latest module version](https://github.com/TrimarcJake/Locksmith/releases/latest/download/Locksmith.zip).
2. Open a PowerShell prompt to the location of the extracted file and run:
-
```powershell
Unblock-File .\Locksmith.zip # if necessary to unblock the download
Expand-Archive .\Locksmith.zip
Import-Module .\Locksmith\Locksmith.psd1
Invoke-Locksmith
```
-
2. Download the Standalone Script Without Module
-
1. Download the latest monolithic (all-in-one) script version: [https://github.com/TrimarcJake/Locksmith/releases/latest/download/Invoke-Locksmith.zip](https://github.com/TrimarcJake/Locksmith/releases/latest/download/Invoke-Locksmith.zip).
2. Open a PowerShell prompt to the location of the downloaded file and run:
-
```powershell
Unblock-File .\Invoke-Locksmith.zip
Expand-Archive .\Invoke-Locksmith.zip -DestinationPath .\
.\Invoke-Locksmith.ps1
```
-
-
-
## Run Locksmith
-
There are several modes you can chose from when running `Invoke-Locksmith`. You can also use the **Scans** parameter to choose which scans you want to invoke.
-
-
+
### Mode 0: Identify Issues, Output to Console (Default)
Running `Invoke-Locksmith.ps1` with no parameters or with `-Mode 0` will scan the current Active Directory forest and output all discovered AD CS issues to the console in **Table** format.
-
``` powershell
# Module Syntax
Invoke-Locksmith
```
-
``` powershell
# Script Syntax
.\Invoke-Locksmith.ps1
```
-
Example Output for Mode 0:
-
-
### Mode 1: Identify Issues and Fixes, Output to Console
-
This mode scans the current forest and outputs all discovered AD CS issues and possible fixes to the console in **List** format.
``` powershell
# Module Syntax
Invoke-Locksmith -Mode 1
```
-
``` powershell
# Script Syntax
.\Invoke-Locksmith.ps1 -Mode 1
```
-
Example Output for Mode 1:
-
-
### Mode 2: Identify Issues, Output to CSV
-
Locksmith Mode 2 scans the current forest and outputs all discovered AD CS issues to ADCSIssues.CSV in the present working directory.
``` powershell
# Module Syntax
Invoke-Locksmith -Mode 2
```
-
``` powershell
# Script Syntax
.\Invoke-Locksmith.ps1 -Mode 2
```
-
Example Output for Mode 2:
-
-
### Mode 3: Identify Issues and Fixes, Output to CSV
-
In Mode 3, Locksmith scans the current forest and outputs all discovered AD CS issues and example fixes to ADCSRemediation.CSV in the present working directory.
-
``` powershell
# Module Syntax
Invoke-Locksmith -Mode 3
```
-
``` powershell
# Script Syntax
.\Invoke-Locksmith.ps1 -Mode 3
```
-
Example Output for Mode 3:
-
-
### Mode 4: Fix All Issues
-
Mode 4 is the "easy button." Running Locksmith in Mode 4 will identify all misconfigurations and offer to fix each issue. If there is any possible operational impact, Locksmith will warn you.
``` powershell
# Module Syntax
Invoke-Locksmith -Mode 4
```
-
``` powershell
# Script Syntax
.\Invoke-Locksmith.ps1 -Mode 4
```
-
Example Output for Mode 4:
-
-
### Scans: Select Which Scans to Invoke
-
Use the `-Scans` parameter to choose which vulnerabilities to scan for. Acceptable values include `All`, `Auditing`, `ESC1`, `ESC2`, `ESC3`, `ESC4`, `ESC5`, `ESC6`, `ESC8`, `ESC11`, `ESC13`, `ESC15`, `EKEUwu`, or `PromptMe`. The `PromptMe` option presents an interactive list allowing you to select one or more scans.
``` powershell
# Run all scans
Invoke-Locksmith -Scan All
```
-
``` powershell
# Prompt the user for a list of scans to select
Invoke-Locksmith.ps1 -Scans PromptMe
```
-
``` powershell
# Scan for ESC1 vulnerable paths
Invoke-Locksmith.ps1 -Scans ESC1
```
-
``` powershell
# Scan for ESC1, ESC2, and ESC8 vulnerable paths
Invoke-Locksmith.ps1 -Scans ESC1,ESC2,ESC8
```
-
-
-
Thank you for using Locksmith! 💜