RC4-ADAssessment

4.17.0

PowerShell toolkit for assessing DES and RC4 Kerberos encryption usage in Active Directory. Discovers RC4/DES dependencies across DC encryption, trusts, KRBTGT, service accounts, KDC registry, KDCSVC events, and Security event logs — with inline remediation commands and assessment comparison for tracking progress toward the July 2026 RC4 removal deadline.

Minimum PowerShell version

5.1

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name RC4-ADAssessment -RequiredVersion 4.17.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name RC4-ADAssessment -Version 4.17.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

BetaHydri

Copyright

Package Details

Author(s)

Jan Tiedemann

Functions

Invoke-RC4Assessment Invoke-RC4AssessmentComparison Invoke-RC4ForestAssessment

Dependencies

This module has no dependencies.

Release Notes

## [4.17.0] - 2026-04-28

### Added

- GPO-vs-AD etype drift detection in `Get-KdcRegistryAssessment` — reads
`SupportedEncryptionTypes` from the GPO Policies registry path on each DC and
compares against the DC's `msDS-SupportedEncryptionTypes` AD attribute to detect
pending Kerberos service restarts or manual overrides (#31)
- Etype drift tracking in `Invoke-RC4AssessmentComparison` — shows drift DC count
changes between baseline and current assessments (#31)

### Fixed

- `Get-KdcRegistryAssessment` falls back to local registry read when
`Invoke-Command` fails on the DC the tool is running on (loopback WinRM
cold-start issue)
- GPO `SupportedEncryptionTypes` value `0x80000018` (2147483672) caused
`Int32` overflow — now uses `[long]` before stripping the high bit
- Local fallback and remote DC failure messages now show the actual error
for diagnostics

FileList

Version History

Version	Downloads	Last updated
5.1.0	48	4/29/2026
5.1.0-previe...	3	4/29/2026
5.0.0	8	4/29/2026
5.0.0-previe...	2	4/29/2026
5.0.0-previe...	3	4/29/2026
5.0.0-previe...	3	4/29/2026
4.18.0-previ...	4	4/28/2026
4.17.0 (current version)	48	4/28/2026
4.16.0-previ...	6	4/28/2026
4.16.0-previ...	5	4/28/2026
4.16.0-previ...	4	4/28/2026
4.16.0-previ...	5	4/28/2026
4.15.0	21	4/28/2026
4.15.0-previ...	4	4/28/2026
4.14.0	5	4/28/2026
4.14.0-previ...	3	4/27/2026
4.13.0	165	4/17/2026
4.13.0-previ...	4	4/17/2026
4.13.0-previ...	3	4/17/2026
4.12.0	14	4/16/2026
4.12.0-previ...	2	4/16/2026
4.11.0	4	4/16/2026
4.11.0-previ...	2	4/16/2026
4.10.0	21	4/15/2026
4.10.0-previ...	3	4/15/2026
4.9.0	16	4/15/2026
4.9.0-previe...	3	4/15/2026
4.8.0	7	4/15/2026
4.8.0-previe...	3	4/15/2026
4.8.0-previe...	2	4/14/2026
4.8.0-previe...	2	4/14/2026
4.8.0-previe...	2	4/14/2026
4.7.0	14	4/13/2026
4.7.0-previe...	3	4/13/2026
4.7.0-previe...	3	4/10/2026
4.6.0	15	4/10/2026
4.6.0-previe...	2	4/10/2026
4.5.0	26	4/7/2026
4.5.0-previe...	2	4/7/2026
4.5.0-previe...	2	4/7/2026
4.5.0-previe...	2	4/7/2026
4.5.0-previe...	2	4/7/2026
4.4.0	4	4/7/2026
4.4.0-previe...	2	4/7/2026
4.4.0-previe...	2	4/7/2026
4.4.0-previe...	5	4/7/2026
4.4.0-previe...	5	4/7/2026
4.3.0	24	4/7/2026
4.3.0-previe...	4	4/7/2026
4.3.0-previe...	4	4/7/2026
4.3.0-previe...	4	4/7/2026
4.2.0	15	4/7/2026
4.2.0-previe...	4	4/7/2026
4.2.0-previe...	7	4/7/2026
4.2.0-previe...	5	3/31/2026
4.2.0-previe...	2	3/31/2026
4.1.2	39	3/31/2026
4.1.1	7	3/30/2026
4.1.0-previe...	2	3/30/2026
4.1.0-previe...	2	3/30/2026
4.0.0	20	3/30/2026
4.0.0-previe...	2	3/30/2026
4.0.0-previe...	2	3/30/2026

Show less