v1.113.0: SMB signing + encryption enforcement

Changelog.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## v1.113.0
+
+SMB signing + encryption enforcement — two new CLI actions plus an Operations-menu item for hardening the SMB server on this host.
+
+- **`SmbSecurityCheck`** (read-only) — reports the current SMB server posture: required/enabled signing, `EncryptData`, `RejectUnencryptedAccess`, and whether SMBv1 is still enabled. `-OutputFormat JSON` emits the posture for fleet auditing; no changes are made.
+- **`SmbEnforce`** (reversible) — requires SMB signing **and** encryption for every share served by this host (`Set-SmbServerConfiguration -RequireSecuritySignature $true -EncryptData $true`). The prior signing/encryption state is captured first and registered as a session undo action, and the change is fully Dry-Run aware (queued with an `Undo` closure that restores the prior values).
+
+Operations Menu gains **[35] SMB Signing & Encryption Enforcement** (interactive, with a confirmation prompt and a heads-up that very old clients that cannot sign/encrypt SMB may lose access). Addition to 56-OperationsMenu (no new module). CLI actions: 194 → 196.
+
 ## v1.112.0
 
 Richer VM inventory — the existing `VMInventoryExport` action now captures more per-VM detail for fleet auditing:

Header.ps1

@@ -30,7 +30,7 @@
     7h3 4b1d3r
 
 .VERSION
-    1.112.0
+    1.113.0
 
 .LAST UPDATED
     05/23/2026
@@ -1391,7 +1391,7 @@
 param(
     # CLI headless mode: run a specific action without interactive menus
     # Usage: RackStack.exe -Action Cleanup [-Tier Standard] [-Silent] [-OutputFormat JSON]
-    [ValidateSet('Cleanup', 'Debloat', 'HealthCheck', 'Batch', 'QuickScan', 'Inventory', 'DriftCheck', 'Snapshot', 'Compliance', 'Harden', 'Remediate', 'Aggregate', 'Compare', 'Export', 'Trend', 'CertCheck', 'ReportHTML', 'ListeningPorts', 'SoftwareList', 'Uptime', 'ServiceAudit', 'EventAudit', 'NetInfo', 'ScheduledExport', 'ValidateConfig', 'Watch', 'Query', 'Diff', 'Baseline', 'Alert', 'FleetScan', 'PatchStatus', 'UserAudit', 'FirewallAudit', 'TaskAudit', 'DiskAudit', 'TLSAudit', 'SMBAudit', 'DriverAudit', 'TimeAudit', 'BootAudit', 'GPOAudit', 'MemoryAudit', 'ProcessAudit', 'BackupAudit', 'ShareAudit', 'DNSAudit', 'PowerAudit', 'RegistryAudit', 'ProfileAudit', 'HyperVAudit', 'NetworkAudit', 'StorageAudit', 'FeatureAudit', 'AutoStartAudit', 'BIOSAudit', 'ClusterAudit', 'AuditPolicyAudit', 'EnvAudit', 'CrashAudit', 'LocalGroupAudit', 'WMIAudit', 'TempAudit', 'UpdatePolicyAudit', 'IISAudit', 'SSHAudit', 'BitLockerAudit', 'PrintAudit', 'CredGuardAudit', 'PortAudit', 'AntivirusAudit', 'DotNetAudit', 'RDPAudit', 'VPNAudit', 'HostsFileAudit', 'NetStatAudit', 'LicenseAudit', 'USBDeviceAudit', 'AppLockerAudit', 'EventSubAudit', 'HotfixAudit', 'SysInfoAudit', 'LogonAudit', 'ACLAudit', 'RecoveryAudit', 'ServiceAccountAudit', 'ProxyAudit', 'PendingRebootAudit', 'PageFileAudit', 'CPUAudit', 'DefenderExclusionAudit', 'KerberosAudit', 'DHCPAudit', 'NUMAAudit', 'SymlinkAudit', 'StartupScriptAudit', 'SecureChannelAudit', 'ComObjectAudit', 'FirewallLogAudit', 'ScheduledRebootAudit', 'PowerShellAudit', 'RouteTableAudit', 'TokenPrivilegeAudit', 'WindowsCapabilityAudit', 'ARPTableAudit', 'LocaleAudit', 'TaskHistoryAudit', 'NTFSAudit', 'Win11Cleanup', 'DarkMode', 'LightMode', 'iSCSIAudit', 'NICTeamAudit', 'SMBSessionAudit', 'WindowsUpdateAudit', 'ClusterQuorumAudit', 'S2DAudit', 'VirtualSwitchAudit', 'MPIOPathAudit', 'ServiceRecoveryAudit', 'VMOvercommitAudit', 'DedupAudit', 'ClusterNetworkAudit', 'ReplicaLagAudit', 'HandleLeakAudit', 'ShadowCopyAudit', 'QoSPolicyAudit', 'LiveMigrationAudit', 'DomainTrustAudit', 'DiskLatencyAudit', 'NICOffloadAudit', 'StorageTimeoutAudit', 'EventLogCapacityAudit', 'TcpSettingsAudit', 'WinRMAudit', 'ClusterHealthScore', 'VMInventoryExport', 'VMSnapshotAudit', 'StorageHealthScore', 'CSVSpaceAudit', 'SMBConnectionAudit', 'VolumeLabelAudit', 'NICErrorAudit', 'VMResourceWaste', 'HealthDashboard', 'SCCMClientAudit', 'SCOMAgentAudit', 'WACConnectivityAudit', 'AzureADAudit', 'ServerScore', 'FleetReport', 'PasswordPolicy', 'FirewallRuleAudit', 'GPResultAudit', 'DNSCacheAudit', 'TPMAudit', 'SecureBootAudit', 'TimeSkewAudit', 'NetworkProfileAudit', 'InsecureServiceAudit', 'SelfTest', 'CheckForUpdate', 'ExportLogs', 'UpdateSelf', 'Rollback', 'ScheduleUpdateCheck', 'Dashboard', 'History', 'Replay', 'AzureArcEnroll', 'DefenderEndpointOnboard', 'WSUSSetup', 'ADCSSetup', 'StorageMigrationSetup', 'GPOBackup', 'GPODrift', 'JEAList', 'NPSSetup', 'AlwaysOnVPNSetup', 'CISScan', 'SIEMSetup', 'SIEMStatus', 'WACSetup', 'WACStatus', 'VHDXEncryptionAudit', 'ADRecycleBin', 'ClusterValidationReport')]
+    [ValidateSet('Cleanup', 'Debloat', 'HealthCheck', 'Batch', 'QuickScan', 'Inventory', 'DriftCheck', 'Snapshot', 'Compliance', 'Harden', 'Remediate', 'Aggregate', 'Compare', 'Export', 'Trend', 'CertCheck', 'ReportHTML', 'ListeningPorts', 'SoftwareList', 'Uptime', 'ServiceAudit', 'EventAudit', 'NetInfo', 'ScheduledExport', 'ValidateConfig', 'Watch', 'Query', 'Diff', 'Baseline', 'Alert', 'FleetScan', 'PatchStatus', 'UserAudit', 'FirewallAudit', 'TaskAudit', 'DiskAudit', 'TLSAudit', 'SMBAudit', 'DriverAudit', 'TimeAudit', 'BootAudit', 'GPOAudit', 'MemoryAudit', 'ProcessAudit', 'BackupAudit', 'ShareAudit', 'DNSAudit', 'PowerAudit', 'RegistryAudit', 'ProfileAudit', 'HyperVAudit', 'NetworkAudit', 'StorageAudit', 'FeatureAudit', 'AutoStartAudit', 'BIOSAudit', 'ClusterAudit', 'AuditPolicyAudit', 'EnvAudit', 'CrashAudit', 'LocalGroupAudit', 'WMIAudit', 'TempAudit', 'UpdatePolicyAudit', 'IISAudit', 'SSHAudit', 'BitLockerAudit', 'PrintAudit', 'CredGuardAudit', 'PortAudit', 'AntivirusAudit', 'DotNetAudit', 'RDPAudit', 'VPNAudit', 'HostsFileAudit', 'NetStatAudit', 'LicenseAudit', 'USBDeviceAudit', 'AppLockerAudit', 'EventSubAudit', 'HotfixAudit', 'SysInfoAudit', 'LogonAudit', 'ACLAudit', 'RecoveryAudit', 'ServiceAccountAudit', 'ProxyAudit', 'PendingRebootAudit', 'PageFileAudit', 'CPUAudit', 'DefenderExclusionAudit', 'KerberosAudit', 'DHCPAudit', 'NUMAAudit', 'SymlinkAudit', 'StartupScriptAudit', 'SecureChannelAudit', 'ComObjectAudit', 'FirewallLogAudit', 'ScheduledRebootAudit', 'PowerShellAudit', 'RouteTableAudit', 'TokenPrivilegeAudit', 'WindowsCapabilityAudit', 'ARPTableAudit', 'LocaleAudit', 'TaskHistoryAudit', 'NTFSAudit', 'Win11Cleanup', 'DarkMode', 'LightMode', 'iSCSIAudit', 'NICTeamAudit', 'SMBSessionAudit', 'WindowsUpdateAudit', 'ClusterQuorumAudit', 'S2DAudit', 'VirtualSwitchAudit', 'MPIOPathAudit', 'ServiceRecoveryAudit', 'VMOvercommitAudit', 'DedupAudit', 'ClusterNetworkAudit', 'ReplicaLagAudit', 'HandleLeakAudit', 'ShadowCopyAudit', 'QoSPolicyAudit', 'LiveMigrationAudit', 'DomainTrustAudit', 'DiskLatencyAudit', 'NICOffloadAudit', 'StorageTimeoutAudit', 'EventLogCapacityAudit', 'TcpSettingsAudit', 'WinRMAudit', 'ClusterHealthScore', 'VMInventoryExport', 'VMSnapshotAudit', 'StorageHealthScore', 'CSVSpaceAudit', 'SMBConnectionAudit', 'VolumeLabelAudit', 'NICErrorAudit', 'VMResourceWaste', 'HealthDashboard', 'SCCMClientAudit', 'SCOMAgentAudit', 'WACConnectivityAudit', 'AzureADAudit', 'ServerScore', 'FleetReport', 'PasswordPolicy', 'FirewallRuleAudit', 'GPResultAudit', 'DNSCacheAudit', 'TPMAudit', 'SecureBootAudit', 'TimeSkewAudit', 'NetworkProfileAudit', 'InsecureServiceAudit', 'SelfTest', 'CheckForUpdate', 'ExportLogs', 'UpdateSelf', 'Rollback', 'ScheduleUpdateCheck', 'Dashboard', 'History', 'Replay', 'AzureArcEnroll', 'DefenderEndpointOnboard', 'WSUSSetup', 'ADCSSetup', 'StorageMigrationSetup', 'GPOBackup', 'GPODrift', 'JEAList', 'NPSSetup', 'AlwaysOnVPNSetup', 'CISScan', 'SIEMSetup', 'SIEMStatus', 'WACSetup', 'WACStatus', 'VHDXEncryptionAudit', 'ADRecycleBin', 'ClusterValidationReport', 'SmbEnforce', 'SmbSecurityCheck')]
     [string]$Action,
 
     [ValidateSet('Light', 'Standard', 'Aggressive')]

Modules/00-Initialization.ps1

@@ -225,7 +225,7 @@ if (-not $PSCommandPath -and $script:ScriptPath) {
 if (-not $script:ModuleRoot -and $script:ScriptPath) {
     $script:ModuleRoot = [System.IO.Path]::GetDirectoryName($script:ScriptPath)
 }
-$script:ScriptVersion = "1.112.0"
+$script:ScriptVersion = "1.113.0"
 $script:ScriptStartTime = Get-Date
 
 # Post-update cleanup: UpdateSelf / Rollback leave a `.pending-delete` sibling next to RackStack.exe.

Modules/34-Help.ps1

@@ -253,7 +253,7 @@ function Search-HelpTopics {
         @{ Title = "Performance"; Keywords = @("performance", "cpu", "memory", "disk", "io", "bandwidth", "dashboard", "process"); Description = "Live performance dashboard with CPU, memory, disk I/O, and network bandwidth monitoring" }
         @{ Title = "Licensing & NTP"; Keywords = @("license", "activation", "kms", "avma", "ntp", "time", "timezone", "clock"); Description = "Windows licensing status (KMS/AVMA/Retail), NTP configuration, time sync, and timezone setup" }
         @{ Title = "VM Management"; Keywords = @("checkpoint", "snapshot", "export", "import", "migration", "vhd", "iso"); Description = "VM checkpoints, export/import, migration readiness, VHD health, and ISO inventory" }
-        @{ Title = "CLI Actions"; Keywords = @("cli", "action", "headless", "automation", "fleet", "json", "audit", "scan", "score", "dashboard", "monitor", "policy", "sla", "netmap", "validate"); Description = "194 CLI actions for headless automation. Run -ListActions to see all. JSON output via -OutputFormat JSON. Key: ServerScore, HealthDashboard, FleetReport, CISScan, NPSSetup, AlwaysOnVPNSetup, SIEMStatus." }
+        @{ Title = "CLI Actions"; Keywords = @("cli", "action", "headless", "automation", "fleet", "json", "audit", "scan", "score", "dashboard", "monitor", "policy", "sla", "netmap", "validate"); Description = "196 CLI actions for headless automation. Run -ListActions to see all. JSON output via -OutputFormat JSON. Key: ServerScore, HealthDashboard, FleetReport, CISScan, NPSSetup, AlwaysOnVPNSetup, SIEMStatus." }
         @{ Title = "SelfTest Action"; Keywords = @("selftest", "self-test", "diagnose", "diagnostic", "verify", "healthcheck", "sanity"); Description = "Internal diagnostic. -Action SelfTest checks PS version, elevation, module count, version consistency, defaults.json validity, temp path writability, FileServer reachability, and agent installer config. Exit 1 on any failure. Use -OutputFormat JSON for structured output." }
         @{ Title = "Security Audits"; Keywords = @("security", "audit", "hardening", "compliance", "tls", "smb", "kerberos", "credguard", "applocker", "bitlockeraudit", "defenderexclusionaudit", "audit-policy", "secureboot", "tpm"); Description = "Security-focused CLI audits: TLSAudit, SMBAudit, KerberosAudit, CredGuardAudit, AppLockerAudit, BitLockerAudit, DefenderExclusionAudit, AuditPolicyAudit, SecureBootAudit, TPMAudit, UserAudit, LogonAudit, InsecureServiceAudit, RegistryAudit. All support -OutputFormat JSON." }
         @{ Title = "Network Audits"; Keywords = @("netaudit", "dns", "firewall-audit", "firewalllog", "arp", "route", "tcp", "netstat", "dhcp", "netprofile", "winrm", "qos", "nicoffload"); Description = "Network audits: DNSAudit, DNSCacheAudit, FirewallAudit, FirewallRuleAudit, FirewallLogAudit, ARPTableAudit, RouteTableAudit, TcpSettingsAudit, NetStatAudit, DHCPAudit, NetworkProfileAudit, WinRMAudit, QoSPolicyAudit, NICOffloadAudit, NICErrorAudit, HostsFileAudit, VPNAudit, ProxyAudit." }

Modules/50-EntryPoint.ps1

@@ -412,6 +412,8 @@ function Assert-Elevation {
                 @{ Action = 'VHDXEncryptionAudit'; Description = 'Read-only: report whether each VM virtual disk sits on a BitLocker-protected volume' }
                 @{ Action = 'ADRecycleBin';     Description = 'Show AD Recycle Bin status (JSON) or enable it interactively (irreversible)' }
                 @{ Action = 'ClusterValidationReport'; Description = 'Run a non-disruptive failover-cluster validation and archive the HTML report (JSON-aware)' }
+                @{ Action = 'SmbSecurityCheck'; Description = 'Read-only: report SMB server signing/encryption posture (JSON-aware)' }
+                @{ Action = 'SmbEnforce';       Description = 'Enforce SMB server signing + encryption (reversible)' }
                 @{ Action = 'Batch';            Description = 'JSON-driven full configuration' }
             )
             if ($script:CLIOutputFormat -eq 'JSON') {
@@ -2059,6 +2061,16 @@ footer{text-align:center;color:#999;font-size:12px;padding:16px}
             $cvrOk = Start-ClusterValidationReport
             [Environment]::Exit([int](-not $cvrOk))
         }
+        'SmbSecurityCheck' {
+            # Read-only SMB signing/encryption posture (JSON-aware).
+            $smbChkOk = Start-SmbSecurityCheck
+            [Environment]::Exit([int](-not $smbChkOk))
+        }
+        'SmbEnforce' {
+            # Enforce SMB signing + encryption (reversible; headless applies, console interactive).
+            $smbEnfOk = Start-SmbEnforce
+            [Environment]::Exit([int](-not $smbEnfOk))
+        }
         'Batch' {
             if (-not $script:CLIConfig) {
                 Write-OutputColor "  ERROR: -Action Batch requires -Config <path>" -color "Error"

Modules/56-OperationsMenu.ps1

@@ -70,6 +70,7 @@ function Show-OperationsMenu {
         Write-MenuItem "[29] Reboot Pending Details"
         Write-MenuItem "[30] Memory Pressure Diagnostics"
         Write-MenuItem "[34] CIS Compliance Scan (CIS L1)"
+        Write-MenuItem "[35] SMB Signing & Encryption Enforcement"
         Write-OutputColor "  └────────────────────────────────────────────────────────────────────────┘" -color "Info"
         Write-OutputColor "" -color "Info"
 
@@ -103,6 +104,7 @@ function Show-OperationsMenu {
                 @{Num="29"; Name="Reboot Pending Details"};    @{Num="30"; Name="Memory Pressure Diagnostics"}
                 @{Num="31"; Name="Batch VM Cleanup"};          @{Num="32"; Name="VM Migration Pre-Flight"}
                 @{Num="33"; Name="Logged-On Users"};           @{Num="34"; Name="CIS Compliance Scan (CIS L1)"}
+                @{Num="35"; Name="SMB Signing & Encryption Enforcement"}
             )
             $matched = @($opsItems | Where-Object { $_.Name -match [regex]::Escape($searchTerm) })
             Write-OutputColor "" -color "Info"
@@ -272,10 +274,14 @@ function Show-OperationsMenu {
                 Invoke-CISScanInteractive
                 Write-PressEnter
             }
+            "35" {
+                Set-SMBServerSecurity
+                Write-PressEnter
+            }
             "b" { return }
             "B" { return }
             default {
-                Write-OutputColor "  Invalid choice. Enter 1-34, [/] to search, or B." -color "Error"
+                Write-OutputColor "  Invalid choice. Enter 1-35, [/] to search, or B." -color "Error"
                 Start-Sleep -Seconds 1
             }
         }
@@ -2283,4 +2289,104 @@ function Test-VMMigrationReadiness {
 
     Write-OutputColor "`n  Pre-flight check complete" -color "Success"
 }
+
+# Read-only: current SMB server signing / encryption posture.
+function Get-SMBServerSecurityStatus {
+    try {
+        $c = Get-SmbServerConfiguration -ErrorAction Stop
+        return [PSCustomObject]@{
+            Available                = $true
+            RequireSecuritySignature = [bool]$c.RequireSecuritySignature
+            EnableSecuritySignature  = [bool]$c.EnableSecuritySignature
+            EncryptData              = [bool]$c.EncryptData
+            RejectUnencryptedAccess  = [bool]$c.RejectUnencryptedAccess
+            SMB1Enabled              = [bool]$c.EnableSMB1Protocol
+        }
+    }
+    catch { return [PSCustomObject]@{ Available = $false } }
+}
+
+# Interactive: require SMB signing + encryption on this server (reversible).
+function Set-SMBServerSecurity {
+    Clear-Host
+    Write-CenteredOutput "SMB Signing & Encryption Enforcement" -color "Info"
+    $s = Get-SMBServerSecurityStatus
+    if (-not $s.Available) { Write-OutputColor "  SMB server configuration is not available." -color "Error"; return }
+    Write-OutputColor "  Current: RequireSigning=$($s.RequireSecuritySignature)  EncryptData=$($s.EncryptData)  SMBv1=$($s.SMB1Enabled)" -color "Info"
+    Write-OutputColor "  Enforcing requires SMB signing AND encryption for all shares served by this host." -color "Info"
+    Write-OutputColor "  NOTE: very old clients that cannot sign/encrypt SMB may lose access." -color "Warning"
+    if (-not (Confirm-UserAction -Message "Require SMB signing + encryption on this server?")) { Write-OutputColor "  Cancelled." -color "Info"; return }
+    $priorSign = $s.RequireSecuritySignature; $priorEnc = $s.EncryptData
+
+    if ($script:DryRunMode -and -not $script:ApplyingDryRunQueue) {
+        $cs = $priorSign; $ce = $priorEnc
+        Push-DryRunStep -Label "Enforce SMB signing + encryption" -Category "Security" -OneWay $false `
+            -Params @{ RequireSigning = $true; EncryptData = $true } `
+            -Preflight { $true }.GetNewClosure() `
+            -Apply { Set-SmbServerConfiguration -RequireSecuritySignature $true -EncryptData $true -Force -ErrorAction SilentlyContinue }.GetNewClosure() `
+            -Undo { Set-SmbServerConfiguration -RequireSecuritySignature $cs -EncryptData $ce -Force -ErrorAction SilentlyContinue }.GetNewClosure()
+        Write-OutputColor "  Queued (Dry-Run): enforce SMB signing + encryption." -color "Warning"
+        Add-SessionChange -Category "DryRun" -Description "Queued SMB signing+encryption enforcement"
+        return
+    }
+
+    try {
+        Set-SmbServerConfiguration -RequireSecuritySignature $true -EncryptData $true -Force -ErrorAction Stop
+        Write-OutputColor "  SMB signing + encryption are now required." -color "Success"
+        Add-SessionChange -Category "Security" -Description "Enforced SMB signing + encryption"
+        Add-UndoAction -Category "Security" -Description "Enforced SMB signing + encryption" -UndoScript {
+            param($Sign, $Enc)
+            Set-SmbServerConfiguration -RequireSecuritySignature $Sign -EncryptData $Enc -Force -ErrorAction SilentlyContinue
+        } -UndoParams @{ Sign = $priorSign; Enc = $priorEnc }
+        Clear-MenuCache
+    }
+    catch {
+        Write-OutputColor "  Failed to apply SMB security: $($_.Exception.Message)" -color "Error"
+    }
+}
+
+# Submenu: SMB signing / encryption.
+function Show-SMBSecurityManagement {
+    Clear-Host
+    Write-CenteredOutput "SMB Signing & Encryption" -color "Info"
+    $s = Get-SMBServerSecurityStatus
+    if ($s.Available) {
+        Write-OutputColor "  RequireSigning : $($s.RequireSecuritySignature)" -color "Info"
+        Write-OutputColor "  EncryptData    : $($s.EncryptData)" -color "Info"
+        Write-OutputColor "  SMBv1 enabled  : $($s.SMB1Enabled)" -color $(if ($s.SMB1Enabled) { "Warning" } else { "Info" })
+    }
+    Write-OutputColor "" -color "Info"
+    if (Confirm-UserAction -Message "Enforce SMB signing + encryption now?") { Set-SMBServerSecurity }
+}
+
+# CLI: SmbSecurityCheck — read-only JSON status.
+function Start-SmbSecurityCheck {
+    $s = Get-SMBServerSecurityStatus
+    if ($script:CLIOutputFormat -eq 'JSON') {
+        Write-Output (@{
+            Tool = $script:ToolFullName; Version = $script:ScriptVersion; Action = 'SmbSecurityCheck'
+            Timestamp = (Get-Date -Format "yyyy-MM-ddTHH:mm:ss"); Hostname = $env:COMPUTERNAME
+            Available = $s.Available; RequireSigning = $s.RequireSecuritySignature; EncryptData = $s.EncryptData; SMB1Enabled = $s.SMB1Enabled
+        } | ConvertTo-Json)
+    }
+    else { Show-SMBSecurityManagement }
+    return $true
+}
+
+# CLI: SmbEnforce — apply signing+encryption (headless applies; console is interactive).
+function Start-SmbEnforce {
+    if ($script:CLIOutputFormat -eq 'JSON') {
+        $ok = $true
+        try { Set-SmbServerConfiguration -RequireSecuritySignature $true -EncryptData $true -Force -ErrorAction Stop } catch { $ok = $false }
+        $s = Get-SMBServerSecurityStatus
+        Write-Output (@{
+            Tool = $script:ToolFullName; Version = $script:ScriptVersion; Action = 'SmbEnforce'
+            Timestamp = (Get-Date -Format "yyyy-MM-ddTHH:mm:ss"); Hostname = $env:COMPUTERNAME
+            Success = $ok; RequireSigning = $s.RequireSecuritySignature; EncryptData = $s.EncryptData
+        } | ConvertTo-Json)
+        return $ok
+    }
+    Set-SMBServerSecurity
+    return $true
+}
 #endregion