{"id":255892,"date":"2024-05-17T11:44:57","date_gmt":"2024-05-17T11:44:57","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=255892"},"modified":"2024-05-17T11:44:57","modified_gmt":"2024-05-17T11:44:57","slug":"almacenamiento-local-de-hashes-lm","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/es\/script-hub\/almacenamiento-local-de-hashes-lm\/","title":{"rendered":"C\u00f3mo configurar eficazmente el almacenamiento local de hashes LM con PowerShell"},"content":{"rendered":"<p><strong>Configurar el almacenamiento local de hashes LM<\/strong> desempe\u00f1a un papel fundamental en los sistemas basados en Windows. Para los profesionales de TI, la configuraci\u00f3n de este almacenamiento puede afectar en gran medida a la seguridad del sistema. El script PowerShell proporcionado simplifica notablemente el proceso de activar o desactivar esta funci\u00f3n. Profundicemos en su significado y su funcionamiento.<\/p>\n<h2>Antecedentes<\/h2>\n<p>El hash LM, o hash de administrador de LAN, existe desde hace alg\u00fan tiempo y es conocido por sus vulnerabilidades. Con el tiempo, muchos profesionales de la seguridad han recomendado desactivar los hashes LM para reforzar la seguridad del sistema. Sin embargo, las configuraciones manuales pueden resultar tediosas, por lo que las herramientas y los scripts, como el que analizamos en este post, se convierten en activos de valor incalculable para los profesionales de TI y los <a href=\"https:\/\/www.ninjaone.com\/es\/que-es-un-msp\">proveedores de servicios gestionados (MSP).<\/a><\/p>\n<h2>El script para configurar el almacenamiento local de hashes LM<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 5.1\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Disable or Enable Local LM Hash Storage\r\n.DESCRIPTION\r\n    Disable or Enable Local LM Hash Storage\r\n.EXAMPLE\r\n    -Enable\r\n    Enable Local LM Hash Storage\r\n.EXAMPLE\r\n    -Disable\r\n    Disable Local LM Hash Storage\r\n.EXAMPLE\r\n    PS C:&gt; Disable-LMHash.ps1 -Disable\r\n    Disable Local LM Hash Storage\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n.COMPONENT\r\n    ProtocolSecurity\r\n#&gt;\r\n\r\n[CmdletBinding(DefaultParameterSetName = \"Disable\")]\r\nparam (\r\n    [Parameter(Mandatory, ParameterSetName = \"Disable\")]\r\n    [switch]\r\n    $Disable,\r\n    [Parameter(Mandatory, ParameterSetName = \"Enable\")]\r\n    [switch]\r\n    $Enable\r\n)\r\n\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        if ($p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator))\r\n        { Write-Output $true }\r\n        else\r\n        { Write-Output $false }\r\n    }\r\n    function Set-ItemProp {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        New-Item -Path $Path -Force -ErrorAction SilentlyContinue | Out-Null\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {\r\n            Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false | Out-Null\r\n        }\r\n        else {\r\n            New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false | Out-Null\r\n        }\r\n    }\r\n}\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n    $Path = \"HKLM:SYSTEMCurrentControlSetControlLsa\"\r\n    $Name = \"NoLMHash\"\r\n    $Value = if ($Enable) { 1 }elseif ($Disable) { 0 }else { throw \"No Param used.\" }\r\n    # Sets NoLMHash to 1\r\n    try {\r\n        Set-ItemProp -Path $Path -Name $Name -Value $Value\r\n    }\r\n    catch {\r\n        Write-Error $_\r\n        exit 1\r\n    }\r\n    Write-Host \"Set $Path$Name to $Value\"\r\n}\r\nend {}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p style=\"text-align: center;\">Accede a m\u00e1s de 300 scripts en el Dojo de NinjaOne<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.ninjaone.com\/es\/prueba-gratuita-formulario\/\">Obt\u00e9n acceso<\/a><\/p>\n<\/div>\n<h2>An\u00e1lisis detallado<\/h2>\n<p>El script comienza estableciendo los requisitos para la versi\u00f3n 5.1 de PowerShell. Aqu\u00ed tienes un desglose paso a paso de su funcionamiento:<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Cmdlet Binding<\/strong>: el script utiliza CmdletBinding, lo que le permite aceptar par\u00e1metros, concretamente <strong>-Enable<\/strong> o <strong>-Disable<\/strong>.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Funci\u00f3n Test-IsElevated<\/strong>: esta funci\u00f3n comprueba si el script se est\u00e1 ejecutando con privilegios elevados (como administrador). De no ser el caso, el script devolver\u00e1 un error.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Funci\u00f3n Set-ItemProp<\/strong>: esta funci\u00f3n est\u00e1 dise\u00f1ada para establecer una clave de registro especificada con un valor dado, cre\u00e1ndola si no existe.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Bloque de proceso<\/strong>: aqu\u00ed es donde reside la l\u00f3gica principal.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Comprueba si tienes derechos de administrador.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Define la ruta y el nombre del registro.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">En funci\u00f3n del par\u00e1metro utilizado (<strong>Activar<\/strong> o <strong>Desactivar<\/strong>), asigna un valor.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">A continuaci\u00f3n, establece este valor en el registro.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Bloque final<\/strong>: concluye el script.<\/li>\n<\/ul>\n<h2>Posibles casos de uso<\/h2>\n<p>Imagina un MSP que supervisa la seguridad de varios clientes. Uno de sus nuevos procedimientos de incorporaci\u00f3n es asegurarse de que el almacenamiento local de hashes LM est\u00e1 desactivado en todos los servidores. En lugar de actualizar manualmente la configuraci\u00f3n de cada servidor, el MSP podr\u00eda desplegar este script, realizando los cambios de forma eficiente y garantizando la coherencia.<\/p>\n<h2>Comparaciones<\/h2>\n<p>Navegar manualmente por el registro o utilizar la directiva de grupo son otros m\u00e9todos para lograr este resultado. Sin embargo, el uso de PowerShell es m\u00e1s eficiente, especialmente cuando es necesario realizar cambios en numerosos sistemas. Adem\u00e1s, los scripts son menos propensos al error humano en comparaci\u00f3n con los m\u00e9todos manuales.<\/p>\n<h2>FAQ<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>\u00bfQu\u00e9 representa \u00abNoLMHash\u00bb?<\/strong><br \/>\n\u00abNoLMHash\u00bb es una clave de registro que determina si se almacenan los hashes LM. Un valor de &#8216;0&#8217; significa que est\u00e1 activado, mientras que &#8216;1&#8217; significa que est\u00e1 desactivado.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>\u00bfSe puede ejecutar este script en cualquier sistema Windows?<\/strong><br \/>\nEl script tiene un requisito m\u00ednimo: Windows 10 o Windows Server 2016 y superior.<\/li>\n<\/ul>\n<h2>Implicaciones<\/h2>\n<p>La configuraci\u00f3n del almacenamiento local de hashes LM no es s\u00f3lo una cuesti\u00f3n de eficiencia operativa, sino tambi\u00e9n una importante consideraci\u00f3n de seguridad. Los hashes LM son notoriamente poco seguros. Disponer de un m\u00e9todo para desactivar estos hashes de forma r\u00e1pida y fiable puede reducir dr\u00e1sticamente las vulnerabilidades.<\/p>\n<h2>Recomendaciones<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Haz siempre una copia de seguridad del registro antes de realizar cambios.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Revisa y audita peri\u00f3dicamente las configuraciones del sistema para garantizar el cumplimiento de las mejores pr\u00e1cticas de seguridad.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Ejecuta s\u00f3lo scripts de fuentes fiables.<\/li>\n<\/ul>\n<h2>Reflexiones finales<\/h2>\n<p>Para los profesionales de TI que buscan simplificar sus tareas manteniendo un alto nivel de seguridad, resulta crucial utilizar herramientas potentes. Este script es una prueba de esa capacidad. Adem\u00e1s, plataformas como NinjaOne pueden mejorar el proceso <a href=\"https:\/\/www.ninjaone.com\/es\/rmm\/automatizacion-de-ti\/\">centralizando y automatizando las tareas<\/a> relacionadas con la configuraci\u00f3n y la seguridad del sistema. A medida que evoluciona el panorama digital, disponer de herramientas y plataformas fiables ser\u00e1 la clave para mantener una postura de seguridad s\u00f3lida.<\/p>\n","protected":false},"author":35,"featured_media":144851,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4262],"class_list":["post-255892","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows","use_cases-mantenimiento"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub\/255892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/comments?post=255892"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media\/144851"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media?parent=255892"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/operating_system?post=255892"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/use_cases?post=255892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}