RC4-ADAssessment
4.2.0-preview0002
PowerShell toolkit for assessing DES and RC4 Kerberos encryption usage in Active Directory. Discovers RC4/DES dependencies across DC encryption, trusts, KRBTGT, service accounts, KDC registry, KDCSVC events, and Security event logs — with inline remediation commands and assessment comparison for tracking progress toward the July 2026 RC4 removal deadline.
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) Jan Tiedemann. All rights reserved.
Package Details
Author(s)
- Jan Tiedemann
Tags
ActiveDirectory Kerberos RC4 DES AES Encryption Security Assessment Remediation
Functions
Invoke-RC4Assessment Invoke-RC4AssessmentComparison Invoke-RC4ForestAssessment
Dependencies
This module has no dependencies.
Release Notes
## [4.2.0-preview0002] - 2026-03-31
### Changed
- GPO recommendation text now includes **Future encryption types** alongside AES128_HMAC_SHA1 and AES256_HMAC_SHA1, per CIS Benchmark 2.3.11.4
- `Get-EncryptionTypeString` recognises the `0x80000000` (Future encryption types) bit
- Updated guidance in `Get-GuidancePlainText` and `Show-ManualValidationGuidance` GPO Validation sections
- Updated DeepScan inline info message to reference Future encryption types
FileList
- RC4-ADAssessment.nuspec
- RC4-ADAssessment.psm1
- RC4-ADAssessment.psd1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 4.2.0-previe... (current version) | 3 | 3/31/2026 |
| 4.2.0-previe... | 2 | 3/31/2026 |
| 4.1.2 | 6 | 3/31/2026 |
| 4.1.1 | 6 | 3/30/2026 |
| 4.1.0-previe... | 2 | 3/30/2026 |
| 4.1.0-previe... | 2 | 3/30/2026 |
| 4.0.0 | 5 | 3/30/2026 |
| 4.0.0-previe... | 2 | 3/30/2026 |
| 4.0.0-previe... | 2 | 3/30/2026 |