This topic contains 2 replies, has 2 voices, and was last updated by
October 3, 2018 at 9:18 am #113129ParticipantPoints: -19Rank: Member
I am currently working on PowerShell cmdlets to apply server hardening (more to IIS hardening) based on CIS benchmark framework.
my task is to relate the hardening steps which is in GUI from to PowerShell cmd to able to automate the hardening processes.
I need some help on this portion
" Ensure 'passwordFormat' is not set to clear (Scored)"
element of the
element allows optional definitions of name and password for IIS Manager User accounts within the configuration file. Forms based authentication also uses these elements to define the users. IIS Manager Users can use the administration interface to connect to sites and applications in which they've been granted authorization. Note that the
element only applies when the default provider,
ConfigurationAuthenticationProvider, is configured as the authentication provider. It is recommended that
passwordFormatbe set to a value other than
Clear, such as
Authentication credentials should always be protected to reduce the risk of stolen authentication credentials.
with all the information provided above, I tried to do up an automated script.
thus, I had some difficulties locating machine.config file via PowerShell to configure the passwordFormat from clear to sha1.
Really appreciate some help from those who have managed to do before to share some idea.
Thank you @Ratty
October 3, 2018 at 9:41 am #113132ParticipantPoints: 1,091Rank: Community Hero
Are you planning to change machine.config directly ?
You should be using cmdlets(Set-WebConfigurationProperty) from WebAdministration module.
October 5, 2018 at 2:34 am #113290ParticipantPoints: -19Rank: Member
Thanks for the response.
Yes, I am changing values within the machine.config file.
Well, the real difficulty is I am trying to figure out what is the path.
Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/basicAuthentication" -Name Enabled -Value True
This cmdlet above allows to enables and disable (need to change the value a little to disable)
the basic authentications.
I am looking for the filters that direct me to the preferences I will want to change.
which will be changing the passwordFormat = Clear to PasswordFormat=Sha 1 in the machine.config file.
looking forward to your knowledge sharing
The topic ‘Ensure 'passwordFormat' is not set to clear (Scored)’ is closed to new replies.