Querying for Security Information

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Wed Oct 10, 2007 10:08 pm

To all -

we are currently working on a commissioning script for servers and I don't like the way we currently check for security status on boxes.

* Please note all variables are defined above
The first thing we do is this.

strFilePath = NullstrFilePath = "secedit /export /mergedpolicy /cfg " & strsysdrv & "seccfg.txt"set wshShellrun = WshShell.run(strFilePath, 0, true)

and the next few steps we do either query RSOP or read INSTR on the files..

I am looking for a more dynamic way that we are currently doing it..

Script is below.... I know it's messy, I inherited it..

WScript.Echo ""WScript.Echo "----------------------------------------------------------------"WScript.Echo " Security"WScript.Echo "----------------------------------------------------------------"WScript.Echo ""Wscript.Echo "Effective Audit Settings"WScript.Echo "------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"AuditSystemEvents = 0") If sLoc = 1 then WScript.Echo "Audit System Events = No Auditing" sLoc = InStr(sLine,"AuditSystemEvents = 1") If sLoc = 1 then WScript.Echo "Audit System Events = Success" sLoc = InStr(sLine,"AuditSystemEvents = 2") If sLoc = 1 then WScript.Echo "Audit System Events = Failure" sLoc = InStr(sLine,"AuditSystemEvents = 3") If sLoc = 1 then WScript.Echo "Audit System Events = Success, Failure" sLoc = InStr(sLine,"AuditLogonEvents = 0") If sLoc = 1 then WScript.Echo "Audit Logon Events = No Auditing" sLoc = InStr(sLine,"AuditLogonEvents = 1") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success" sLoc = InStr(sLine,"AuditLogonEvents = 2") If sLoc = 1 then WScript.Echo "Audit Logon Events = Failure" sLoc = InStr(sLine,"AuditLogonEvents = 3") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success, Failure" sLoc = InStr(sLine,"AuditObjectAccess = 0") If sLoc = 1 then WScript.Echo "Audit Object Access = No Auditing" sLoc = InStr(sLine,"AuditObjectAccess = 1") If sLoc = 1 then WScript.Echo "Audit Object Access = Success" sLoc = InStr(sLine,"AuditObjectAccess = 2") If sLoc = 1 then WScript.Echo "Audit Object Access = Failure" sLoc = InStr(sLine,"AuditObjectAccess = 3") If sLoc = 1 then WScript.Echo "Audit Object Access = Success, Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 0") If sLoc = 1 then WScript.Echo "Audit Privilege Use = No Auditing" sLoc = InStr(sLine,"AuditPrivilegeUse = 1") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Success" sLoc = InStr(sLine,"AuditPrivilegeUse = 2") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 3") If sLoc = 1 then WScript.Echo "Audit Privilege User = Success, Failure" sLoc = InStr(sLine,"AuditPolicyChange = 0") If sLoc = 1 then WScript.Echo "Audit Policy Change = No Auditing" sLoc = InStr(sLine,"AuditPolicyChange = 1") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success" sLoc = InStr(sLine,"AuditPolicyChange = 2") If sLoc = 1 then WScript.Echo "Audit Policy Change = Failure" sLoc = InStr(sLine,"AuditPolicyChange = 3") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success, Failure" sLoc = InStr(sLine,"AuditAccountManage = 0") If sLoc = 1 then WScript.Echo "Audit Account Management = No Auditing" sLoc = InStr(sLine,"AuditAccountManage = 1") If sLoc = 1 then WScript.Echo "Audit Account Management = Success" sLoc = InStr(sLine,"AuditAccountManage = 2") If sLoc = 1 then WScript.Echo "Audit Account Management = Failure" sLoc = InStr(sLine,"AuditAccountManage = 3") If sLoc = 1 then WScript.Echo "Audit Account Management = Success, Failure" sLoc = InStr(sLine,"AuditProcessTracking") If sLoc = 1 then NoAudit = "False" sLoc = InStr(sLine,"AuditProcessTracking = 0") If sLoc = 1 then WScript.Echo "Audit Process Tracking = No Auditing" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 1") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success" If sLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 2") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Failure" If SLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 3") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success, Failure" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditDSAccess = 0") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = No Auditing" sLoc = InStr(sLine,"AuditDSAccess = 1") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success" sLoc = InStr(sLine,"AuditDSAccess = 2") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Failure" sLoc = InStr(sLine,"AuditDSAccess = 3") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success, Failure" sLoc = InStr(sLine,"AuditAccountLogon = 0") If sLoc = 1 then WScript.Echo "Audit Account Logon = No Auditing" sLoc = InStr(sLine,"AuditAccountLogon = 1") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success" sLoc = InStr(sLine,"AuditAccountLogon = 2") If sLoc = 1 then WScript.Echo "Audit Account Logon = Failure" sLoc = InStr(sLine,"AuditAccountLogon = 3") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success, Failure"Loop fsostr.Close If (NoAudit <> "False" and ScriptOK <> "True") then WScript.Echo "Audit Process Tracking = No Auditing" End If
WScript.Echo ""'Enumerate Local Administrators Group'If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"'If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"'WScript.Echo "-------------------------------------"'Set oNet = WScript.CreateObject("WScript.Network") 'Set objGroup = GetObject("WinNT://"& oNet.ComputerName & _'"/Administrators") 'For Each objUser in objGroup.Members 'Wscript.echo objUser.AdsPath'Skip the first 8 characters with a length of a 155'WScript.Echo mid(objUser.Adspath,9,155)'Next
If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"WScript.Echo "-------------------------------------"Set fso = CreateObject("Scripting.FileSystemObject")strfilepath = strsysdrv & "lcladm.txt"Set fsostr = fso.OpenTextFile(strfilepath, 1, True, -2)Do Until fsostr.AtEndOfStream sLine = fsostr.ReadLine sLoc = InStr(sLine,"The command completed successfully") If sLoc = 0 then WScript.Echo sLineLoop
'--------------------------------------------------------------------'' Start of GPO Section ''--------------------------------------------------------------------''strComputer = "."Set oWMI = GetObject("WinMgmts://" & strComputer & "/root/cimv2")Set cComputerData = oWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")For Each oItem In cComputerData strOS = oItem.Caption Next
If InStr(strOS, "Server 2003") Then Sys = "Windows 2003" End IfIf InStr(strOS, "Windows 2000") Then Sys = "Windows 2000"END If
Select Case Sys Case "Windows 2003" win2k3() Case "Windows 2000" win2k() End Select
Function win2k3()'WScript.Echo SysOS'WScript.QuitstrComputer = "."WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_UserPrivilegeRight")For Each objItem in colItemsIf objItem.UserRight = "SeNetworkLogonRight" Then For Each strAccountList in objItem.AccountList Wscript.Echo "Access this Computer From the Network: " & strAccountList Next End IfNext
Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_SecurityEventLogSettingBoolean")For Each objItem In colItems If objItem.Type = "2" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" ElseIf objItem.Type = "1" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" ElseIf objItem.Type = "0" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" End If Next
WScript.Echo "----------------------------------------------------------------"WScript.Echo " Applied Group Policy Objects "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")For Each objItem In colItems If objitem.FilterAllowed = True And objitem.Enabled = True Then Wscript.Echo objItem.Name '"Name: " & 'Wscript.Echo "Applied: " & objItem.Enabled End If NextEnd Function
Function win2k()
strComputer = "."
WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set sh = CreateObject("Wscript.Shell")strSysDrv = sh.ExpandEnvironmentStrings("%SYSTEMDRIVE%")strFilePath = strSysDrv & "seccfg.txt"Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLineIf InStr(strLine, "senetworklogonright") Then'WScript.Echo strLinenetwork = TrueEnd If Select Case network Case True If instr(strLine,"senetworklogonright = *S-1-5-11,*S-1-5-32-544") <> 0 Then 'WScript.Echo strLine Wscript.Echo "Access this Computer From the Network: Administrators, Authenticated Users " End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Application Log]") <> 0 Then app = True ElseIf instr(strLine, "[Event Audit]") <> 0 Then 'Identify end of Application app = False end If Select Case app Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Security Log]") <> 0 Then sec = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sec = False End If Select Case sec Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject) Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, [System Log]") <> 0 Then sys = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sys = False End If Select Case sys Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" 'WScript.Echo "" End If End Select Loop End Function

Wscript.Echo ""WScript.Echo "Local Account Policy Settings"WScript.Echo "---------------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"MinimumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MaximumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MinimumPasswordLength") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"PasswordHistorySize") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutBadCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"ResetLockoutCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutDuration") If sLoc = 1 then WScript.Echo sLineLoop fsostr.Closeset fso = Nullset fsostr=Null

User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Wed Oct 10, 2007 10:08 pm

To all -

we are currently working on a commissioning script for servers and I don't like the way we currently check for security status on boxes.

* Please note all variables are defined above
The first thing we do is this.

strFilePath = NullstrFilePath = "secedit /export /mergedpolicy /cfg " & strsysdrv & "seccfg.txt"set wshShellrun = WshShell.run(strFilePath, 0, true)

and the next few steps we do either query RSOP or read INSTR on the files..

I am looking for a more dynamic way that we are currently doing it..

Script is below.... I know it's messy, I inherited it..

WScript.Echo ""WScript.Echo "----------------------------------------------------------------"WScript.Echo " Security"WScript.Echo "----------------------------------------------------------------"WScript.Echo ""Wscript.Echo "Effective Audit Settings"WScript.Echo "------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"AuditSystemEvents = 0") If sLoc = 1 then WScript.Echo "Audit System Events = No Auditing" sLoc = InStr(sLine,"AuditSystemEvents = 1") If sLoc = 1 then WScript.Echo "Audit System Events = Success" sLoc = InStr(sLine,"AuditSystemEvents = 2") If sLoc = 1 then WScript.Echo "Audit System Events = Failure" sLoc = InStr(sLine,"AuditSystemEvents = 3") If sLoc = 1 then WScript.Echo "Audit System Events = Success, Failure" sLoc = InStr(sLine,"AuditLogonEvents = 0") If sLoc = 1 then WScript.Echo "Audit Logon Events = No Auditing" sLoc = InStr(sLine,"AuditLogonEvents = 1") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success" sLoc = InStr(sLine,"AuditLogonEvents = 2") If sLoc = 1 then WScript.Echo "Audit Logon Events = Failure" sLoc = InStr(sLine,"AuditLogonEvents = 3") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success, Failure" sLoc = InStr(sLine,"AuditObjectAccess = 0") If sLoc = 1 then WScript.Echo "Audit Object Access = No Auditing" sLoc = InStr(sLine,"AuditObjectAccess = 1") If sLoc = 1 then WScript.Echo "Audit Object Access = Success" sLoc = InStr(sLine,"AuditObjectAccess = 2") If sLoc = 1 then WScript.Echo "Audit Object Access = Failure" sLoc = InStr(sLine,"AuditObjectAccess = 3") If sLoc = 1 then WScript.Echo "Audit Object Access = Success, Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 0") If sLoc = 1 then WScript.Echo "Audit Privilege Use = No Auditing" sLoc = InStr(sLine,"AuditPrivilegeUse = 1") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Success" sLoc = InStr(sLine,"AuditPrivilegeUse = 2") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 3") If sLoc = 1 then WScript.Echo "Audit Privilege User = Success, Failure" sLoc = InStr(sLine,"AuditPolicyChange = 0") If sLoc = 1 then WScript.Echo "Audit Policy Change = No Auditing" sLoc = InStr(sLine,"AuditPolicyChange = 1") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success" sLoc = InStr(sLine,"AuditPolicyChange = 2") If sLoc = 1 then WScript.Echo "Audit Policy Change = Failure" sLoc = InStr(sLine,"AuditPolicyChange = 3") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success, Failure" sLoc = InStr(sLine,"AuditAccountManage = 0") If sLoc = 1 then WScript.Echo "Audit Account Management = No Auditing" sLoc = InStr(sLine,"AuditAccountManage = 1") If sLoc = 1 then WScript.Echo "Audit Account Management = Success" sLoc = InStr(sLine,"AuditAccountManage = 2") If sLoc = 1 then WScript.Echo "Audit Account Management = Failure" sLoc = InStr(sLine,"AuditAccountManage = 3") If sLoc = 1 then WScript.Echo "Audit Account Management = Success, Failure" sLoc = InStr(sLine,"AuditProcessTracking") If sLoc = 1 then NoAudit = "False" sLoc = InStr(sLine,"AuditProcessTracking = 0") If sLoc = 1 then WScript.Echo "Audit Process Tracking = No Auditing" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 1") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success" If sLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 2") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Failure" If SLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 3") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success, Failure" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditDSAccess = 0") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = No Auditing" sLoc = InStr(sLine,"AuditDSAccess = 1") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success" sLoc = InStr(sLine,"AuditDSAccess = 2") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Failure" sLoc = InStr(sLine,"AuditDSAccess = 3") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success, Failure" sLoc = InStr(sLine,"AuditAccountLogon = 0") If sLoc = 1 then WScript.Echo "Audit Account Logon = No Auditing" sLoc = InStr(sLine,"AuditAccountLogon = 1") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success" sLoc = InStr(sLine,"AuditAccountLogon = 2") If sLoc = 1 then WScript.Echo "Audit Account Logon = Failure" sLoc = InStr(sLine,"AuditAccountLogon = 3") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success, Failure"Loop fsostr.Close If (NoAudit <> "False" and ScriptOK <> "True") then WScript.Echo "Audit Process Tracking = No Auditing" End If
WScript.Echo ""'Enumerate Local Administrators Group'If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"'If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"'WScript.Echo "-------------------------------------"'Set oNet = WScript.CreateObject("WScript.Network") 'Set objGroup = GetObject("WinNT://"& oNet.ComputerName & _'"/Administrators") 'For Each objUser in objGroup.Members 'Wscript.echo objUser.AdsPath'Skip the first 8 characters with a length of a 155'WScript.Echo mid(objUser.Adspath,9,155)'Next
If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"WScript.Echo "-------------------------------------"Set fso = CreateObject("Scripting.FileSystemObject")strfilepath = strsysdrv & "lcladm.txt"Set fsostr = fso.OpenTextFile(strfilepath, 1, True, -2)Do Until fsostr.AtEndOfStream sLine = fsostr.ReadLine sLoc = InStr(sLine,"The command completed successfully") If sLoc = 0 then WScript.Echo sLineLoop
'--------------------------------------------------------------------'' Start of GPO Section ''--------------------------------------------------------------------''strComputer = "."Set oWMI = GetObject("WinMgmts://" & strComputer & "/root/cimv2")Set cComputerData = oWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")For Each oItem In cComputerData strOS = oItem.Caption Next
If InStr(strOS, "Server 2003") Then Sys = "Windows 2003" End IfIf InStr(strOS, "Windows 2000") Then Sys = "Windows 2000"END If
Select Case Sys Case "Windows 2003" win2k3() Case "Windows 2000" win2k() End Select
Function win2k3()'WScript.Echo SysOS'WScript.QuitstrComputer = "."WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_UserPrivilegeRight")For Each objItem in colItemsIf objItem.UserRight = "SeNetworkLogonRight" Then For Each strAccountList in objItem.AccountList Wscript.Echo "Access this Computer From the Network: " & strAccountList Next End IfNext
Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_SecurityEventLogSettingBoolean")For Each objItem In colItems If objItem.Type = "2" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" ElseIf objItem.Type = "1" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" ElseIf objItem.Type = "0" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" End If Next
WScript.Echo "----------------------------------------------------------------"WScript.Echo " Applied Group Policy Objects "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")For Each objItem In colItems If objitem.FilterAllowed = True And objitem.Enabled = True Then Wscript.Echo objItem.Name '"Name: " & 'Wscript.Echo "Applied: " & objItem.Enabled End If NextEnd Function
Function win2k()
strComputer = "."
WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set sh = CreateObject("Wscript.Shell")strSysDrv = sh.ExpandEnvironmentStrings("%SYSTEMDRIVE%")strFilePath = strSysDrv & "seccfg.txt"Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLineIf InStr(strLine, "senetworklogonright") Then'WScript.Echo strLinenetwork = TrueEnd If Select Case network Case True If instr(strLine,"senetworklogonright = *S-1-5-11,*S-1-5-32-544") <> 0 Then 'WScript.Echo strLine Wscript.Echo "Access this Computer From the Network: Administrators, Authenticated Users " End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Application Log]") <> 0 Then app = True ElseIf instr(strLine, "[Event Audit]") <> 0 Then 'Identify end of Application app = False end If Select Case app Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Security Log]") <> 0 Then sec = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sec = False End If Select Case sec Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject) Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, [System Log]") <> 0 Then sys = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sys = False End If Select Case sys Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" 'WScript.Echo "" End If End Select Loop End Function

Wscript.Echo ""WScript.Echo "Local Account Policy Settings"WScript.Echo "---------------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"MinimumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MaximumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MinimumPasswordLength") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"PasswordHistorySize") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutBadCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"ResetLockoutCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutDuration") If sLoc = 1 then WScript.Echo sLineLoop fsostr.Closeset fso = Nullset fsostr=Null

User avatar
jhicks
Posts: 1789
Joined: Sun Jan 21, 2007 11:31 pm

Querying for Security Information

Post by jhicks » Wed Oct 10, 2007 10:40 pm

Something like this should be more efficient for parsing out the audit section:

Code: Select all

If InStr(sLine,"=") Then
 'split line into an array
 arrData=Split(sLine,"=")
 'Trim removes any spaces
 sItem=Trim(arrData(0))
 iData=Trim(arrData(1))
  If InStr(sItem,"Audit") Then
  Select Case iData
    Case 0 sText="No Auditing"
    Case 1 sText="Succes"
    Case 2 sText="Failure"
    Case 3 sText="Success,Failure"
    Case Else sText="Unknown"
  End Select
  WScript.Echo sItem & "=" & sText
  End If
End If
But I'm not clear on what else you are trying to do. Are you looking to only display certain lines from the config file you are creating? Is there some part of the script that you don't think is working?

jhicks2007-10-11 05:42:17

User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Wed Oct 10, 2007 11:07 pm

Jhicks, - Thanks for the reply.. This is so much I want to do with this script.. I basically inherited a server commisisoning script with 1700 lines of code and I want to rewrite the whole script, but it so big its like, where do I start..

All the new stuff I have added was in functions to help modularize the script.

Just to give you a little background.

We need to commission all servers that get put in our environment as we are in a highly regulated environment. So, I inherited the initial release of the script. the section I want to focus on now and make more dynamic is our Security functions.

We capture all the data I am requesting below, but it's messy as hell and I am looking for a better way to modularize this and also, the problem I have is that this has to work on Both windows 2000 and windows 2003.

I think the best way to do this to maybe create a Security function for both windows 2000 and windows 2003

See below for settings we want to capture... - again thanks for all your help...

My skill level is beginner to intermediate.. Close to the end of beginner side.. I am working on getting better... :-)

We want to capture the following settings.

- Effective Audit Settings
- Local Administrators Group Membership
- Access this computer from the Network
- Prevent Local guests from accessing the application Log
- Prevent local guests from accessing the system log
- Prevent local guests from acessing the security log
- Applied group policy
- Local Account Policy
- Guest account Status
- System shutdown rights
- Legal Notice

User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Thu Oct 11, 2007 12:02 am

Oh, wait it gets better.. We have a multi-million dollar agreement with NetIQ and we use their SCM product, but they want the commissioning of servers scripted.


The hardest part is trying to develop a global solution for this script to work in all environments. I wish I could post the script, it's 40 pages long and is in complete shambles, so that is why I am taking a section at a time and going to modulize it. I told my boss about 6 - 12 months away before a new script can be done... B/C that isn't my only task.. as you can image.

Thanks for your continued support - jg

User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Thu Oct 11, 2007 1:48 am

I am excited to be here and be a regular.. I have been a regular on Ars forum for years, but I decided I love scripting and had my company pay for just about everything SAPIEN so now I will join here...

As for Powershell vs. Vbscript.. Man I would love to.. But I don't even know where to start..

And yes you are going to be seeing a lot of me as I am trying to expand upon my Vbscript ability.

Also, I am realzing that Vbscript is helping me think outside the box more and more dynamic which is very good.. It's like.. Hum.. How can I make this more dynamic. I like to make sure our scripts have brains..and are logica..


User avatar
jhicks
Posts: 1789
Joined: Sun Jan 21, 2007 11:31 pm

Querying for Security Information

Post by jhicks » Thu Oct 11, 2007 2:46 am

PowerShell is the way going forward for Microsoft so you should be able to convince the powers that be that it is well worth your time in learning it and building your management tools in it. You can start by picking up the PowerShell TFM book that Don and I wrote. We also run training classes. We actually have a public class in Las Vegas week after next but the registration deadline is tomorrow. But there will be more classes next year.As for the text file, there's really nothing wrong with the approach. Even in PowerShell you have to "read" the file to use the contents. It's just much easier and less code than using the FileSystemobject. What take about 5 or 6 lines of VBScript can be accomplished in 1 short PowerShell command.You decide what block of functionality you want to work on and we'll see what we can do. If you decide to go the PowerShell route, then use the PowerShell forum.

User avatar
jhicks
Posts: 1789
Joined: Sun Jan 21, 2007 11:31 pm

Querying for Security Information

Post by jhicks » Fri Oct 12, 2007 12:00 am

Based on part of your original script it looked like it was simply replacing the numeric value for each of the audit settings with an English equivalent. My code simply takes any line that has the work Audit in it and splits it into an array. Element 0 is the audit setting and element 1 is the value. The Select Case statement essentially replaces the number with a more meaningful string. The end result is that the audit lines from the config file are echoed back but with meaningful text instead of the numeric value.

Save this example to a vbs file and try it out:

Code: Select all

arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")

For Each sline In arrLines

If InStr(sLine,"=") Then
 'split line into an array
 arrData=Split(sLine,"=")
 'Trim removes any spaces
 sItem=Trim(arrData(0))
 iData=Trim(arrData(1))
  If InStr(sItem,"Audit") Then
  Select Case iData
    Case 0 sText="No Auditing"
    Case 1 sText="Success"
    Case 2 sText="Failure"
    Case 3 sText="Success,Failure"
    Case Else sText="Unknown"
  End Select
  WScript.Echo sItem & "=" & sText
  End If
End If

Next

User avatar
jhicks
Posts: 1789
Joined: Sun Jan 21, 2007 11:31 pm

Querying for Security Information

Post by jhicks » Fri Oct 12, 2007 2:09 am

I sacrificed the spacing for code simplicity. If that is important, then something like this might be a little more efficient than your original script:

Code: Select all

arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")

For Each sline In arrLines

If InStr(sLine,"=") Then
 'split line into an array
 arrData=Split(sLine,"=")
 'Trim removes any spaces
 sItem=Trim(arrData(0))
 iData=Trim(arrData(1))
  If InStr(sItem,"Audit") Then
  Select Case sItem
      Case "AuditAccountManage"
          sItem="Audit Account Manage"
      Case "AuditSystemEvents"
          sItem="Audit System Events"
      Case "AuditPolicyChange"
          sItem="Audit Policy Change"
      Case Else
          sItem="Unknown setting"
  End Select
  WScript.Echo sItem & " = " & DecodeAudit(iData)
  End If
End If

Next

Function DecodeAudit(iData)

  Select Case iData
    Case 0 sText="No Auditing"
    Case 1 sText="Success"
    Case 2 sText="Failure"
    Case 3 sText="Success,Failure"
    Case Else sText="Unknown"
  End Select

DecodeAudit=sText

End function
I'm using the array to simulate the line reading you would be doing. This will give you ouput like this:

Audit Account Manage = Failure
Audit System Events = No Auditing
Audit Policy Change = Success,Failure

jhicks2007-10-12 09:11:10

User avatar
goldyfarbs
Posts: 239
Joined: Wed Oct 10, 2007 10:08 pm

Querying for Security Information

Post by goldyfarbs » Fri Oct 12, 2007 2:23 am

Jeff,

Dude, I love what you did.. Brilliant..

But I do have one question.. I see you walk through your array with a For Next statement.
But what does this exact line that you are setting your array. Why AuditAccountManage = 2? etc...

arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")

Shouldn't arrLines be something with all of this output
Event Audit]AuditSystemEvents = 3AuditLogonEvents = 3AuditObjectAccess = 2AuditPrivilegeUse = 2AuditPolicyChange = 3AuditAccountManage = 3AuditDSAccess = 2AuditAccountLogon = 3



I don't fully understand the array, but I sure do functions. I love how you create you first array and then use a function with an array to get your selected output.. Brilliant..

Thanks for your continued Support..
-jg


Locked