{"id":208428,"date":"2024-01-31T13:11:40","date_gmt":"2024-01-31T13:11:40","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/powershell-configurer-stockage-hachages-lm\/"},"modified":"2024-03-04T18:42:08","modified_gmt":"2024-03-04T18:42:08","slug":"powershell-configurer-stockage-hachages-lm","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaonesandbox.dev\/fr\/script-hub\/powershell-configurer-stockage-hachages-lm\/","title":{"rendered":"Powershell\u00a0: comment configurer efficacement le stockage local des hachages LM\u00a0?"},"content":{"rendered":"<p><strong>La configuration du stockage local des hachages LM<\/strong> joue un r\u00f4le essentiel dans les syst\u00e8mes bas\u00e9s sur Windows. Pour les professionnels de l&rsquo;informatique, la configuration de ce stockage peut avoir une incidence consid\u00e9rable sur la s\u00e9curit\u00e9 du syst\u00e8me. Le script PowerShell fourni simplifie \u00e9l\u00e9gamment le processus d&rsquo;activation ou de d\u00e9sactivation de cette fonctionnalit\u00e9. Voyons ce qu&rsquo;il signifie et comment il fonctionne.<\/p>\n<h2>Contexte<\/h2>\n<p>Le hachage LM (LAN Manager) existe depuis un certain temps et est connu pour ses vuln\u00e9rabilit\u00e9s. Au fil du temps, de nombreux sp\u00e9cialistes de la s\u00e9curit\u00e9 ont recommand\u00e9 de d\u00e9sactiver les hachages LM pour renforcer la s\u00e9curit\u00e9 du syst\u00e8me. Les configurations manuelles pouvant \u00eatre fastidieuses, les outils et les scripts (comme celui fourni ici) deviennent des atouts inestimables pour les professionnels de l&rsquo;informatique et les <a href=\"https:\/\/www.ninjaonesandbox.dev\/fr\/quest-ce-quun-msp\">fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a>.<\/p>\n<h2>Le script<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 5.1\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Disable or Enable Local LM Hash Storage\r\n.DESCRIPTION\r\n    Disable or Enable Local LM Hash Storage\r\n.EXAMPLE\r\n    -Enable\r\n    Enable Local LM Hash Storage\r\n.EXAMPLE\r\n    -Disable\r\n    Disable Local LM Hash Storage\r\n.EXAMPLE\r\n    PS C:&gt; Disable-LMHash.ps1 -Disable\r\n    Disable Local LM Hash Storage\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaonesandbox.dev\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    ProtocolSecurity\r\n#&gt;\r\n\r\n[CmdletBinding(DefaultParameterSetName = \"Disable\")]\r\nparam (\r\n    [Parameter(Mandatory, ParameterSetName = \"Disable\")]\r\n    [switch]\r\n    $Disable,\r\n    [Parameter(Mandatory, ParameterSetName = \"Enable\")]\r\n    [switch]\r\n    $Enable\r\n)\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))\r\n        { Write-Output $true }\r\n        else\r\n        { Write-Output $false }\r\n    }\r\n    function Set-ItemProp {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        New-Item -Path $Path -Force -ErrorAction SilentlyContinue | Out-Null\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {\r\n            Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false | Out-Null\r\n        }\r\n        else {\r\n            New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false | Out-Null\r\n        }\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    $Path = \"HKLM:SYSTEMCurrentControlSetControlLsa\"\r\n    $Name = \"NoLMHash\"\r\n    $Value = if ($Enable) { 1 }elseif ($Disable) { 0 }else { throw \"No Param used.\" }\r\n    # Sets NoLMHash to 1\r\n    try {\r\n        Set-ItemProp -Path $Path -Name $Name -Value $Value\r\n    }\r\n    catch {\r\n        Write-Error $_\r\n        exit 1\r\n    }\r\n    Write-Host \"Set $Path$Name to $Value\"\r\n}\r\nend {}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p style=\"text-align: center;\">Acc\u00e9dez \u00e0 plus de 700\u00a0scripts dans le Dojo NinjaOne<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.ninjaonesandbox.dev\/fr\/phase-de-test-gratuit\/\">Obtenir l&rsquo;acc\u00e8s<\/a><\/p>\n<\/div>\n<h2>Description d\u00e9taill\u00e9e<\/h2>\n<p>Le script commence par d\u00e9finir les conditions requises pour la version\u00a05.1 de PowerShell. Voici une description d\u00e9taill\u00e9e de son fonctionnement\u00a0:<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Cmdlet Binding<\/strong>\u00a0: Le script utilise CmdletBinding, ce qui lui permet d&rsquo;accepter des param\u00e8tres, en particulier <strong>-Enable<\/strong> ou <strong>-Disable<\/strong>.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Fonction Test-IsElevated<\/strong>\u00a0: Cette fonction v\u00e9rifie si le script est ex\u00e9cut\u00e9 avec des privil\u00e8ges \u00e9lev\u00e9s (en tant qu&rsquo;administrateur). Si ce n&rsquo;est pas le cas, le script renvoie une erreur.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Fonction Set-ItemProp<\/strong>\u00a0: Cette fonction est con\u00e7ue pour attribuer une valeur donn\u00e9e \u00e0 une cl\u00e9 de registre sp\u00e9cifi\u00e9e, en la cr\u00e9ant si elle n&rsquo;existe pas.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Bloc \u00ab\u00a0process\u00a0\u00bb<\/strong>\u00a0: C&rsquo;est ici que r\u00e9side la logique principale.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">V\u00e9rifie les droits d&rsquo;administrateur.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">D\u00e9finit le chemin et le nom du registre.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">En fonction du param\u00e8tre utilis\u00e9 (<strong>Enable<\/strong> ou <strong>Disable<\/strong>), il attribue une valeur.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Il fixe ensuite cette valeur dans le registre.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Bloc \u00ab\u00a0end\u00a0\u00bb<\/strong>\u00a0: Conclut le script.<\/li>\n<\/ul>\n<h2>Cas d&rsquo;utilisation potentiels<\/h2>\n<p>Imaginez une entreprise MSP qui supervise la s\u00e9curit\u00e9 de plusieurs clients. L&rsquo;une de ses nouvelles proc\u00e9dures d&rsquo;int\u00e9gration consiste \u00e0 s&rsquo;assurer que le stockage des hachages LM est d\u00e9sactiv\u00e9 sur tous les serveurs. Plut\u00f4t que de mettre \u00e0 jour manuellement les param\u00e8tres de chaque serveur, l&rsquo;entreprise MSP peut d\u00e9ployer ce script, ce qui permet d&rsquo;effectuer efficacement les changements et de garantir la coh\u00e9rence.<\/p>\n<h2>Comparaisons<\/h2>\n<p>La navigation manuelle dans le registre ou l&rsquo;utilisation de la strat\u00e9gie de groupe sont d&rsquo;autres m\u00e9thodes permettant d&rsquo;obtenir ce r\u00e9sultat. Toutefois, l&rsquo;utilisation de PowerShell est plus efficace, en particulier lorsque des modifications doivent \u00eatre apport\u00e9es \u00e0 de nombreux syst\u00e8mes. En outre, les scripts sont moins sujets aux erreurs humaines que les m\u00e9thodes manuelles.<\/p>\n<h2>FAQ script et hachages LM<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Que repr\u00e9sente \u00ab\u00a0NoLMHash\u00a0\u00bb\u00a0?<\/strong><br \/>\n\u00ab\u00a0NoLMHash\u00a0\u00bb est une cl\u00e9 de registre qui d\u00e9termine si les hachages LM sont stock\u00e9s. La valeur \u00ab\u00a00\u00a0\u00bb signifie qu&rsquo;elle est activ\u00e9e, tandis que la valeur \u00ab\u00a01\u00a0\u00bb signifie qu&rsquo;elle est d\u00e9sactiv\u00e9e.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Ce script peut-il \u00eatre ex\u00e9cut\u00e9 sur n&rsquo;importe quel syst\u00e8me Windows\u00a0?<\/strong><br \/>\nLe script a une exigence minimale\u00a0: Windows\u00a010 ou Windows Server\u00a02016 et ult\u00e9rieur.<\/li>\n<\/ul>\n<h2>Implications<\/h2>\n<p>Configurer le stockage des hachages LM n&rsquo;est pas seulement une question d&rsquo;efficacit\u00e9 op\u00e9rationnelle, c&rsquo;est une consid\u00e9ration importante en mati\u00e8re de s\u00e9curit\u00e9. Les hachages LM sont notoirement peu s\u00fbrs. Le fait de disposer d&rsquo;une m\u00e9thode permettant de d\u00e9sactiver rapidement et de mani\u00e8re fiable ces hachages peut r\u00e9duire consid\u00e9rablement les vuln\u00e9rabilit\u00e9s.<\/p>\n<h2>Recommandations<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Sauvegardez toujours le registre avant d&rsquo;y apporter des modifications.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Examinez et auditez r\u00e9guli\u00e8rement les configurations des syst\u00e8mes afin de garantir le respect des bonnes pratiques en mati\u00e8re de s\u00e9curit\u00e9.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">N&rsquo;ex\u00e9cutez que des scripts provenant de sources fiables.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Pour les professionnels de l&rsquo;informatique qui cherchent \u00e0 simplifier leurs t\u00e2ches tout en maintenant un haut niveau de s\u00e9curit\u00e9, l&rsquo;utilisation d&rsquo;outils puissants devient cruciale. Ce script en est la preuve. En outre, des plateformes comme NinjaOne peuvent am\u00e9liorer le processus en <a href=\"https:\/\/www.ninjaonesandbox.dev\/fr\/rmm\/automatisation-informatique\/\">centralisant et en automatisant les t\u00e2ches<\/a> li\u00e9es \u00e0 la configuration et \u00e0 la s\u00e9curit\u00e9 du syst\u00e8me. Avec l&rsquo;\u00e9volution du paysage num\u00e9rique, disposer d&rsquo;outils et de plateformes fiables sera la cl\u00e9 du maintien d&rsquo;une s\u00e9curit\u00e9 performante.<\/p>\n","protected":false},"author":35,"featured_media":144844,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4284],"class_list":["post-208428","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/script_hub\/208428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/comments?post=208428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/media\/144844"}],"wp:attachment":[{"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/media?parent=208428"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/operating_system?post=208428"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaonesandbox.dev\/fr\/wp-json\/wp\/v2\/use_cases?post=208428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}