Add RPC encryption CA reg key

JonasBK · JonasBK · commit 43e87c2dffe7 · 2025-08-06T11:27:20.000+02:00
diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs
@@ -767,6 +767,7 @@ await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
                 var enrollmentAgentRestrictionsCollected = false;
                 var isUserSpecifiesSanEnabledCollected = false;
                 var roleSeparationEnabledCollected = false;
+                var rPCEncryptionCollected = false;
                 var caName = entry.GetProperty(LDAPProperties.Name);
                 var dnsHostName = entry.GetProperty(LDAPProperties.DNSHostName);
                 if (caName != null && dnsHostName != null) {
@@ -789,6 +790,7 @@ await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
                         EnrollmentAgentRestrictions = await _certAbuseProcessor.ProcessEAPermissions(caName,
                             resolvedSearchResult.Domain, dnsHostName, ret.HostingComputer),
                         RoleSeparationEnabled = _certAbuseProcessor.RoleSeparationEnabled(dnsHostName, caName),
+                        RPCEncryptionEnforced = _certAbuseProcessor.RPCEncryptionEnforced(dnsHostName, caName),
 
                         // The CASecurity exist in the AD object DACL and in registry of the CA server. We prefer to use the values from registry as they are the ground truth.
                         // If changes are made on the CA server, registry and the AD object is updated. If changes are made directly on the AD object, the CA server registry is not updated.
@@ -800,6 +802,7 @@ await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
                     enrollmentAgentRestrictionsCollected = cARegistryData.EnrollmentAgentRestrictions.Collected;
                     isUserSpecifiesSanEnabledCollected = cARegistryData.IsUserSpecifiesSanEnabled.Collected;
                     roleSeparationEnabledCollected = cARegistryData.RoleSeparationEnabled.Collected;
+                    rPCEncryptionCollected = cARegistryData.RPCEncryptionEnforced.Collected;
                     ret.CARegistryData = cARegistryData;
                 } else {
                     _log.LogWarning("The CA name or dnsHostname properties are null.");
@@ -809,6 +812,7 @@ await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
                 ret.Properties.Add("enrollmentagentrestrictionscollected", enrollmentAgentRestrictionsCollected);
                 ret.Properties.Add("isuserspecifiessanenabledcollected", isUserSpecifiesSanEnabledCollected);
                 ret.Properties.Add("roleseparationenabledcollected", roleSeparationEnabledCollected);
+                ret.Properties.Add("rpcencryptioncollected", rPCEncryptionCollected);
             }
 
             return ret;
