Updates The Arose From a Demo

[jakehildreth]

Hooman:

I did a Locksmith demo internally for Semperis in June. While working through that demo, I made some small improvements here and there.

Clanker:

This pull request updates the Locksmith module with improvements to risk rating logic, messaging, and PowerShell code consistency. The most notable changes include refining how dangerous rights are defined, enhancing risk assessment for certain AD objects, improving user guidance messages, and standardizing PowerShell syntax across the codebase.

Risk rating logic improvements:

• Updated the risk calculation in Set-RiskRating to add a minor risk value (0.1) for certain principals, improving the granularity of risk assessment for ESC5 templates. [1] [2]

Dangerous rights definition:

• Simplified the $DangerousRights variable in Invoke-Locksmith to 'GenericAll|Write' instead of including additional rights, focusing checks on the most critical permissions. [1] [2]

User guidance and messaging enhancements:

• Revised Mode 0 summary messaging to clarify available details and encourage users to try Mode 1 for deeper insights, including more specific remediation guidance and risk ratings. [1] [2]
• Improved the final output to include a direct link to the Locksmith GitHub repository for easier access to documentation and support. [1] [2]

PowerShell code consistency and modernization:

• Standardized PowerShell syntax by replacing Return with return, switching double quotes to single quotes for here-strings and arrays, and using lowercase function declarations for better style and compatibility. [1] [2] [3] [4] [5] [6] [7] [8] [9]

Version updates:

• Bumped the module and script version numbers to 2025.8.25 to reflect these changes. [1] [2]