Jake Hildreth

Establish Methodology for Criticality of Issues

2

We need a methodology for ranking risk. This should be in place before we surface risk ratings to the user.

ESC4 and ESC5 should report issues based on effective access instead of just filtering out Deny ACEs. Filtering Denys cuts down on false positives but doesn't provide a picture of...

msPKI-Certificate-Name-Flag check in ESC1-3 currently uses a direct comparison (`-eq`) instead of a bitwise comparison (`-band`) which could result in false negatives in situations where multiple msPKI-Certificate-Name-Flag bits are enabled.

Improve Contrast Between Colored Text and Background

3

Current text colors work fine on dark terminal backgrounds but not so well on light backgrounds.

Show- functions were using variables from the script scope, so they don't work standalone. Need to pass variables to them.

See: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/am-i-seeing-double-the-case-of-quot-multiple-copies-of-the-same/ba-p/255499 

There should be an option to select which type of new zone will be created. File-backed zones are likely a configuration and security nightmare and should not be an option....

Look for GlobalNames zone

2

Allows for single-name domains. Dangerous af. See: https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc137727(v=msdn.10)