To all -
we are currently working on a commissioning script for servers and I don't like the way we currently check for security status on boxes.
* Please note all variables are defined above
The first thing we do is this.
strFilePath = NullstrFilePath = "secedit /export /mergedpolicy /cfg " & strsysdrv & "seccfg.txt"set wshShellrun = WshShell.run(strFilePath, 0, true)
and the next few steps we do either query RSOP or read INSTR on the files..
I am looking for a more dynamic way that we are currently doing it..
Script is below.... I know it's messy, I inherited it..
WScript.Echo ""WScript.Echo "----------------------------------------------------------------"WScript.Echo " Security"WScript.Echo "----------------------------------------------------------------"WScript.Echo ""Wscript.Echo "Effective Audit Settings"WScript.Echo "------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"AuditSystemEvents = 0") If sLoc = 1 then WScript.Echo "Audit System Events = No Auditing" sLoc = InStr(sLine,"AuditSystemEvents = 1") If sLoc = 1 then WScript.Echo "Audit System Events = Success" sLoc = InStr(sLine,"AuditSystemEvents = 2") If sLoc = 1 then WScript.Echo "Audit System Events = Failure" sLoc = InStr(sLine,"AuditSystemEvents = 3") If sLoc = 1 then WScript.Echo "Audit System Events = Success, Failure" sLoc = InStr(sLine,"AuditLogonEvents = 0") If sLoc = 1 then WScript.Echo "Audit Logon Events = No Auditing" sLoc = InStr(sLine,"AuditLogonEvents = 1") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success" sLoc = InStr(sLine,"AuditLogonEvents = 2") If sLoc = 1 then WScript.Echo "Audit Logon Events = Failure" sLoc = InStr(sLine,"AuditLogonEvents = 3") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success, Failure" sLoc = InStr(sLine,"AuditObjectAccess = 0") If sLoc = 1 then WScript.Echo "Audit Object Access = No Auditing" sLoc = InStr(sLine,"AuditObjectAccess = 1") If sLoc = 1 then WScript.Echo "Audit Object Access = Success" sLoc = InStr(sLine,"AuditObjectAccess = 2") If sLoc = 1 then WScript.Echo "Audit Object Access = Failure" sLoc = InStr(sLine,"AuditObjectAccess = 3") If sLoc = 1 then WScript.Echo "Audit Object Access = Success, Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 0") If sLoc = 1 then WScript.Echo "Audit Privilege Use = No Auditing" sLoc = InStr(sLine,"AuditPrivilegeUse = 1") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Success" sLoc = InStr(sLine,"AuditPrivilegeUse = 2") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 3") If sLoc = 1 then WScript.Echo "Audit Privilege User = Success, Failure" sLoc = InStr(sLine,"AuditPolicyChange = 0") If sLoc = 1 then WScript.Echo "Audit Policy Change = No Auditing" sLoc = InStr(sLine,"AuditPolicyChange = 1") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success" sLoc = InStr(sLine,"AuditPolicyChange = 2") If sLoc = 1 then WScript.Echo "Audit Policy Change = Failure" sLoc = InStr(sLine,"AuditPolicyChange = 3") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success, Failure" sLoc = InStr(sLine,"AuditAccountManage = 0") If sLoc = 1 then WScript.Echo "Audit Account Management = No Auditing" sLoc = InStr(sLine,"AuditAccountManage = 1") If sLoc = 1 then WScript.Echo "Audit Account Management = Success" sLoc = InStr(sLine,"AuditAccountManage = 2") If sLoc = 1 then WScript.Echo "Audit Account Management = Failure" sLoc = InStr(sLine,"AuditAccountManage = 3") If sLoc = 1 then WScript.Echo "Audit Account Management = Success, Failure" sLoc = InStr(sLine,"AuditProcessTracking") If sLoc = 1 then NoAudit = "False" sLoc = InStr(sLine,"AuditProcessTracking = 0") If sLoc = 1 then WScript.Echo "Audit Process Tracking = No Auditing" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 1") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success" If sLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 2") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Failure" If SLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 3") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success, Failure" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditDSAccess = 0") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = No Auditing" sLoc = InStr(sLine,"AuditDSAccess = 1") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success" sLoc = InStr(sLine,"AuditDSAccess = 2") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Failure" sLoc = InStr(sLine,"AuditDSAccess = 3") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success, Failure" sLoc = InStr(sLine,"AuditAccountLogon = 0") If sLoc = 1 then WScript.Echo "Audit Account Logon = No Auditing" sLoc = InStr(sLine,"AuditAccountLogon = 1") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success" sLoc = InStr(sLine,"AuditAccountLogon = 2") If sLoc = 1 then WScript.Echo "Audit Account Logon = Failure" sLoc = InStr(sLine,"AuditAccountLogon = 3") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success, Failure"Loop fsostr.Close If (NoAudit <> "False" and ScriptOK <> "True") then WScript.Echo "Audit Process Tracking = No Auditing" End If
WScript.Echo ""'Enumerate Local Administrators Group'If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"'If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"'WScript.Echo "-------------------------------------"'Set oNet = WScript.CreateObject("WScript.Network") 'Set objGroup = GetObject("WinNT://"& oNet.ComputerName & _'"/Administrators") 'For Each objUser in objGroup.Members 'Wscript.echo objUser.AdsPath'Skip the first 8 characters with a length of a 155'WScript.Echo mid(objUser.Adspath,9,155)'Next
If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"WScript.Echo "-------------------------------------"Set fso = CreateObject("Scripting.FileSystemObject")strfilepath = strsysdrv & "lcladm.txt"Set fsostr = fso.OpenTextFile(strfilepath, 1, True, -2)Do Until fsostr.AtEndOfStream sLine = fsostr.ReadLine sLoc = InStr(sLine,"The command completed successfully") If sLoc = 0 then WScript.Echo sLineLoop
'--------------------------------------------------------------------'' Start of GPO Section ''--------------------------------------------------------------------''strComputer = "."Set oWMI = GetObject("WinMgmts://" & strComputer & "/root/cimv2")Set cComputerData = oWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")For Each oItem In cComputerData strOS = oItem.Caption Next
If InStr(strOS, "Server 2003") Then Sys = "Windows 2003" End IfIf InStr(strOS, "Windows 2000") Then Sys = "Windows 2000"END If
Select Case Sys Case "Windows 2003" win2k3() Case "Windows 2000" win2k() End Select
Function win2k3()'WScript.Echo SysOS'WScript.QuitstrComputer = "."WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_UserPrivilegeRight")For Each objItem in colItemsIf objItem.UserRight = "SeNetworkLogonRight" Then For Each strAccountList in objItem.AccountList Wscript.Echo "Access this Computer From the Network: " & strAccountList Next End IfNext
Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_SecurityEventLogSettingBoolean")For Each objItem In colItems If objItem.Type = "2" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" ElseIf objItem.Type = "1" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" ElseIf objItem.Type = "0" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" End If Next
WScript.Echo "----------------------------------------------------------------"WScript.Echo " Applied Group Policy Objects "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")For Each objItem In colItems If objitem.FilterAllowed = True And objitem.Enabled = True Then Wscript.Echo objItem.Name '"Name: " & 'Wscript.Echo "Applied: " & objItem.Enabled End If NextEnd Function
Function win2k()
strComputer = "."
WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set sh = CreateObject("Wscript.Shell")strSysDrv = sh.ExpandEnvironmentStrings("%SYSTEMDRIVE%")strFilePath = strSysDrv & "seccfg.txt"Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLineIf InStr(strLine, "senetworklogonright") Then'WScript.Echo strLinenetwork = TrueEnd If Select Case network Case True If instr(strLine,"senetworklogonright = *S-1-5-11,*S-1-5-32-544") <> 0 Then 'WScript.Echo strLine Wscript.Echo "Access this Computer From the Network: Administrators, Authenticated Users " End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Application Log]") <> 0 Then app = True ElseIf instr(strLine, "[Event Audit]") <> 0 Then 'Identify end of Application app = False end If Select Case app Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Security Log]") <> 0 Then sec = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sec = False End If Select Case sec Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject) Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, [System Log]") <> 0 Then sys = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sys = False End If Select Case sys Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" 'WScript.Echo "" End If End Select Loop End Function
Wscript.Echo ""WScript.Echo "Local Account Policy Settings"WScript.Echo "---------------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"MinimumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MaximumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MinimumPasswordLength") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"PasswordHistorySize") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutBadCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"ResetLockoutCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutDuration") If sLoc = 1 then WScript.Echo sLineLoop fsostr.Closeset fso = Nullset fsostr=Null
Querying for Security Information
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- goldyfarbs
- Posts: 239
- Last visit: Thu Mar 07, 2013 8:15 am
Querying for Security Information
To all -
we are currently working on a commissioning script for servers and I don't like the way we currently check for security status on boxes.
* Please note all variables are defined above
The first thing we do is this.
strFilePath = NullstrFilePath = "secedit /export /mergedpolicy /cfg " & strsysdrv & "seccfg.txt"set wshShellrun = WshShell.run(strFilePath, 0, true)
and the next few steps we do either query RSOP or read INSTR on the files..
I am looking for a more dynamic way that we are currently doing it..
Script is below.... I know it's messy, I inherited it..
WScript.Echo ""WScript.Echo "----------------------------------------------------------------"WScript.Echo " Security"WScript.Echo "----------------------------------------------------------------"WScript.Echo ""Wscript.Echo "Effective Audit Settings"WScript.Echo "------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"AuditSystemEvents = 0") If sLoc = 1 then WScript.Echo "Audit System Events = No Auditing" sLoc = InStr(sLine,"AuditSystemEvents = 1") If sLoc = 1 then WScript.Echo "Audit System Events = Success" sLoc = InStr(sLine,"AuditSystemEvents = 2") If sLoc = 1 then WScript.Echo "Audit System Events = Failure" sLoc = InStr(sLine,"AuditSystemEvents = 3") If sLoc = 1 then WScript.Echo "Audit System Events = Success, Failure" sLoc = InStr(sLine,"AuditLogonEvents = 0") If sLoc = 1 then WScript.Echo "Audit Logon Events = No Auditing" sLoc = InStr(sLine,"AuditLogonEvents = 1") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success" sLoc = InStr(sLine,"AuditLogonEvents = 2") If sLoc = 1 then WScript.Echo "Audit Logon Events = Failure" sLoc = InStr(sLine,"AuditLogonEvents = 3") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success, Failure" sLoc = InStr(sLine,"AuditObjectAccess = 0") If sLoc = 1 then WScript.Echo "Audit Object Access = No Auditing" sLoc = InStr(sLine,"AuditObjectAccess = 1") If sLoc = 1 then WScript.Echo "Audit Object Access = Success" sLoc = InStr(sLine,"AuditObjectAccess = 2") If sLoc = 1 then WScript.Echo "Audit Object Access = Failure" sLoc = InStr(sLine,"AuditObjectAccess = 3") If sLoc = 1 then WScript.Echo "Audit Object Access = Success, Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 0") If sLoc = 1 then WScript.Echo "Audit Privilege Use = No Auditing" sLoc = InStr(sLine,"AuditPrivilegeUse = 1") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Success" sLoc = InStr(sLine,"AuditPrivilegeUse = 2") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 3") If sLoc = 1 then WScript.Echo "Audit Privilege User = Success, Failure" sLoc = InStr(sLine,"AuditPolicyChange = 0") If sLoc = 1 then WScript.Echo "Audit Policy Change = No Auditing" sLoc = InStr(sLine,"AuditPolicyChange = 1") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success" sLoc = InStr(sLine,"AuditPolicyChange = 2") If sLoc = 1 then WScript.Echo "Audit Policy Change = Failure" sLoc = InStr(sLine,"AuditPolicyChange = 3") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success, Failure" sLoc = InStr(sLine,"AuditAccountManage = 0") If sLoc = 1 then WScript.Echo "Audit Account Management = No Auditing" sLoc = InStr(sLine,"AuditAccountManage = 1") If sLoc = 1 then WScript.Echo "Audit Account Management = Success" sLoc = InStr(sLine,"AuditAccountManage = 2") If sLoc = 1 then WScript.Echo "Audit Account Management = Failure" sLoc = InStr(sLine,"AuditAccountManage = 3") If sLoc = 1 then WScript.Echo "Audit Account Management = Success, Failure" sLoc = InStr(sLine,"AuditProcessTracking") If sLoc = 1 then NoAudit = "False" sLoc = InStr(sLine,"AuditProcessTracking = 0") If sLoc = 1 then WScript.Echo "Audit Process Tracking = No Auditing" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 1") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success" If sLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 2") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Failure" If SLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 3") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success, Failure" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditDSAccess = 0") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = No Auditing" sLoc = InStr(sLine,"AuditDSAccess = 1") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success" sLoc = InStr(sLine,"AuditDSAccess = 2") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Failure" sLoc = InStr(sLine,"AuditDSAccess = 3") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success, Failure" sLoc = InStr(sLine,"AuditAccountLogon = 0") If sLoc = 1 then WScript.Echo "Audit Account Logon = No Auditing" sLoc = InStr(sLine,"AuditAccountLogon = 1") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success" sLoc = InStr(sLine,"AuditAccountLogon = 2") If sLoc = 1 then WScript.Echo "Audit Account Logon = Failure" sLoc = InStr(sLine,"AuditAccountLogon = 3") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success, Failure"Loop fsostr.Close If (NoAudit <> "False" and ScriptOK <> "True") then WScript.Echo "Audit Process Tracking = No Auditing" End If
WScript.Echo ""'Enumerate Local Administrators Group'If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"'If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"'WScript.Echo "-------------------------------------"'Set oNet = WScript.CreateObject("WScript.Network") 'Set objGroup = GetObject("WinNT://"& oNet.ComputerName & _'"/Administrators") 'For Each objUser in objGroup.Members 'Wscript.echo objUser.AdsPath'Skip the first 8 characters with a length of a 155'WScript.Echo mid(objUser.Adspath,9,155)'Next
If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"WScript.Echo "-------------------------------------"Set fso = CreateObject("Scripting.FileSystemObject")strfilepath = strsysdrv & "lcladm.txt"Set fsostr = fso.OpenTextFile(strfilepath, 1, True, -2)Do Until fsostr.AtEndOfStream sLine = fsostr.ReadLine sLoc = InStr(sLine,"The command completed successfully") If sLoc = 0 then WScript.Echo sLineLoop
'--------------------------------------------------------------------'' Start of GPO Section ''--------------------------------------------------------------------''strComputer = "."Set oWMI = GetObject("WinMgmts://" & strComputer & "/root/cimv2")Set cComputerData = oWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")For Each oItem In cComputerData strOS = oItem.Caption Next
If InStr(strOS, "Server 2003") Then Sys = "Windows 2003" End IfIf InStr(strOS, "Windows 2000") Then Sys = "Windows 2000"END If
Select Case Sys Case "Windows 2003" win2k3() Case "Windows 2000" win2k() End Select
Function win2k3()'WScript.Echo SysOS'WScript.QuitstrComputer = "."WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_UserPrivilegeRight")For Each objItem in colItemsIf objItem.UserRight = "SeNetworkLogonRight" Then For Each strAccountList in objItem.AccountList Wscript.Echo "Access this Computer From the Network: " & strAccountList Next End IfNext
Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_SecurityEventLogSettingBoolean")For Each objItem In colItems If objItem.Type = "2" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" ElseIf objItem.Type = "1" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" ElseIf objItem.Type = "0" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" End If Next
WScript.Echo "----------------------------------------------------------------"WScript.Echo " Applied Group Policy Objects "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")For Each objItem In colItems If objitem.FilterAllowed = True And objitem.Enabled = True Then Wscript.Echo objItem.Name '"Name: " & 'Wscript.Echo "Applied: " & objItem.Enabled End If NextEnd Function
Function win2k()
strComputer = "."
WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set sh = CreateObject("Wscript.Shell")strSysDrv = sh.ExpandEnvironmentStrings("%SYSTEMDRIVE%")strFilePath = strSysDrv & "seccfg.txt"Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLineIf InStr(strLine, "senetworklogonright") Then'WScript.Echo strLinenetwork = TrueEnd If Select Case network Case True If instr(strLine,"senetworklogonright = *S-1-5-11,*S-1-5-32-544") <> 0 Then 'WScript.Echo strLine Wscript.Echo "Access this Computer From the Network: Administrators, Authenticated Users " End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Application Log]") <> 0 Then app = True ElseIf instr(strLine, "[Event Audit]") <> 0 Then 'Identify end of Application app = False end If Select Case app Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Security Log]") <> 0 Then sec = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sec = False End If Select Case sec Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject) Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, [System Log]") <> 0 Then sys = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sys = False End If Select Case sys Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" 'WScript.Echo "" End If End Select Loop End Function
Wscript.Echo ""WScript.Echo "Local Account Policy Settings"WScript.Echo "---------------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"MinimumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MaximumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MinimumPasswordLength") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"PasswordHistorySize") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutBadCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"ResetLockoutCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutDuration") If sLoc = 1 then WScript.Echo sLineLoop fsostr.Closeset fso = Nullset fsostr=Null
we are currently working on a commissioning script for servers and I don't like the way we currently check for security status on boxes.
* Please note all variables are defined above
The first thing we do is this.
strFilePath = NullstrFilePath = "secedit /export /mergedpolicy /cfg " & strsysdrv & "seccfg.txt"set wshShellrun = WshShell.run(strFilePath, 0, true)
and the next few steps we do either query RSOP or read INSTR on the files..
I am looking for a more dynamic way that we are currently doing it..
Script is below.... I know it's messy, I inherited it..
WScript.Echo ""WScript.Echo "----------------------------------------------------------------"WScript.Echo " Security"WScript.Echo "----------------------------------------------------------------"WScript.Echo ""Wscript.Echo "Effective Audit Settings"WScript.Echo "------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"AuditSystemEvents = 0") If sLoc = 1 then WScript.Echo "Audit System Events = No Auditing" sLoc = InStr(sLine,"AuditSystemEvents = 1") If sLoc = 1 then WScript.Echo "Audit System Events = Success" sLoc = InStr(sLine,"AuditSystemEvents = 2") If sLoc = 1 then WScript.Echo "Audit System Events = Failure" sLoc = InStr(sLine,"AuditSystemEvents = 3") If sLoc = 1 then WScript.Echo "Audit System Events = Success, Failure" sLoc = InStr(sLine,"AuditLogonEvents = 0") If sLoc = 1 then WScript.Echo "Audit Logon Events = No Auditing" sLoc = InStr(sLine,"AuditLogonEvents = 1") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success" sLoc = InStr(sLine,"AuditLogonEvents = 2") If sLoc = 1 then WScript.Echo "Audit Logon Events = Failure" sLoc = InStr(sLine,"AuditLogonEvents = 3") If sLoc = 1 then WScript.Echo "Audit Logon Events = Success, Failure" sLoc = InStr(sLine,"AuditObjectAccess = 0") If sLoc = 1 then WScript.Echo "Audit Object Access = No Auditing" sLoc = InStr(sLine,"AuditObjectAccess = 1") If sLoc = 1 then WScript.Echo "Audit Object Access = Success" sLoc = InStr(sLine,"AuditObjectAccess = 2") If sLoc = 1 then WScript.Echo "Audit Object Access = Failure" sLoc = InStr(sLine,"AuditObjectAccess = 3") If sLoc = 1 then WScript.Echo "Audit Object Access = Success, Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 0") If sLoc = 1 then WScript.Echo "Audit Privilege Use = No Auditing" sLoc = InStr(sLine,"AuditPrivilegeUse = 1") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Success" sLoc = InStr(sLine,"AuditPrivilegeUse = 2") If sLoc = 1 then WScript.Echo "Audit Privilege Use = Failure" sLoc = InStr(sLine,"AuditPrivilegeUse = 3") If sLoc = 1 then WScript.Echo "Audit Privilege User = Success, Failure" sLoc = InStr(sLine,"AuditPolicyChange = 0") If sLoc = 1 then WScript.Echo "Audit Policy Change = No Auditing" sLoc = InStr(sLine,"AuditPolicyChange = 1") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success" sLoc = InStr(sLine,"AuditPolicyChange = 2") If sLoc = 1 then WScript.Echo "Audit Policy Change = Failure" sLoc = InStr(sLine,"AuditPolicyChange = 3") If sLoc = 1 then WScript.Echo "Audit Policy Change = Success, Failure" sLoc = InStr(sLine,"AuditAccountManage = 0") If sLoc = 1 then WScript.Echo "Audit Account Management = No Auditing" sLoc = InStr(sLine,"AuditAccountManage = 1") If sLoc = 1 then WScript.Echo "Audit Account Management = Success" sLoc = InStr(sLine,"AuditAccountManage = 2") If sLoc = 1 then WScript.Echo "Audit Account Management = Failure" sLoc = InStr(sLine,"AuditAccountManage = 3") If sLoc = 1 then WScript.Echo "Audit Account Management = Success, Failure" sLoc = InStr(sLine,"AuditProcessTracking") If sLoc = 1 then NoAudit = "False" sLoc = InStr(sLine,"AuditProcessTracking = 0") If sLoc = 1 then WScript.Echo "Audit Process Tracking = No Auditing" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 1") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success" If sLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 2") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Failure" If SLoc = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditProcessTracking = 3") If sLoc = 1 then WScript.Echo "Audit Process Tracking = Success, Failure" If SLOC = 1 then ScriptOK = "True" sLoc = InStr(sLine,"AuditDSAccess = 0") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = No Auditing" sLoc = InStr(sLine,"AuditDSAccess = 1") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success" sLoc = InStr(sLine,"AuditDSAccess = 2") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Failure" sLoc = InStr(sLine,"AuditDSAccess = 3") If sLoc = 1 then WScript.Echo "Audit Directory Service Access = Success, Failure" sLoc = InStr(sLine,"AuditAccountLogon = 0") If sLoc = 1 then WScript.Echo "Audit Account Logon = No Auditing" sLoc = InStr(sLine,"AuditAccountLogon = 1") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success" sLoc = InStr(sLine,"AuditAccountLogon = 2") If sLoc = 1 then WScript.Echo "Audit Account Logon = Failure" sLoc = InStr(sLine,"AuditAccountLogon = 3") If sLoc = 1 then WScript.Echo "Audit Account Logon = Success, Failure"Loop fsostr.Close If (NoAudit <> "False" and ScriptOK <> "True") then WScript.Echo "Audit Process Tracking = No Auditing" End If
WScript.Echo ""'Enumerate Local Administrators Group'If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"'If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"'WScript.Echo "-------------------------------------"'Set oNet = WScript.CreateObject("WScript.Network") 'Set objGroup = GetObject("WinNT://"& oNet.ComputerName & _'"/Administrators") 'For Each objUser in objGroup.Members 'Wscript.echo objUser.AdsPath'Skip the first 8 characters with a length of a 155'WScript.Echo mid(objUser.Adspath,9,155)'Next
If strDomainRole = "Member Server" then WScript.Echo "Local Administrators Group Membership"If strDomainRole = "Domain Controller" then WScript.Echo SysDomain & " Domain Administrators Group Membership"WScript.Echo "-------------------------------------"Set fso = CreateObject("Scripting.FileSystemObject")strfilepath = strsysdrv & "lcladm.txt"Set fsostr = fso.OpenTextFile(strfilepath, 1, True, -2)Do Until fsostr.AtEndOfStream sLine = fsostr.ReadLine sLoc = InStr(sLine,"The command completed successfully") If sLoc = 0 then WScript.Echo sLineLoop
'--------------------------------------------------------------------'' Start of GPO Section ''--------------------------------------------------------------------''strComputer = "."Set oWMI = GetObject("WinMgmts://" & strComputer & "/root/cimv2")Set cComputerData = oWMI.ExecQuery("SELECT * FROM Win32_OperatingSystem")For Each oItem In cComputerData strOS = oItem.Caption Next
If InStr(strOS, "Server 2003") Then Sys = "Windows 2003" End IfIf InStr(strOS, "Windows 2000") Then Sys = "Windows 2000"END If
Select Case Sys Case "Windows 2003" win2k3() Case "Windows 2000" win2k() End Select
Function win2k3()'WScript.Echo SysOS'WScript.QuitstrComputer = "."WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_UserPrivilegeRight")For Each objItem in colItemsIf objItem.UserRight = "SeNetworkLogonRight" Then For Each strAccountList in objItem.AccountList Wscript.Echo "Access this Computer From the Network: " & strAccountList Next End IfNext
Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_SecurityEventLogSettingBoolean")For Each objItem In colItems If objItem.Type = "2" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" ElseIf objItem.Type = "1" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" ElseIf objItem.Type = "0" And objItem.setting = "True" Then WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" End If Next
WScript.Echo "----------------------------------------------------------------"WScript.Echo " Applied Group Policy Objects "WScript.Echo "----------------------------------------------------------------"Set objWMIService = GetObject("winmgmts:" & strComputer & "rootrsopcomputer")Set colItems = objWMIService.ExecQuery("Select * from RSOP_GPO")For Each objItem In colItems If objitem.FilterAllowed = True And objitem.Enabled = True Then Wscript.Echo objItem.Name '"Name: " & 'Wscript.Echo "Applied: " & objItem.Enabled End If NextEnd Function
Function win2k()
strComputer = "."
WScript.Echo "----------------------------------------------------------------"WScript.Echo " GPO Machine Settings "WScript.Echo "----------------------------------------------------------------"Set sh = CreateObject("Wscript.Shell")strSysDrv = sh.ExpandEnvironmentStrings("%SYSTEMDRIVE%")strFilePath = strSysDrv & "seccfg.txt"Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLineIf InStr(strLine, "senetworklogonright") Then'WScript.Echo strLinenetwork = TrueEnd If Select Case network Case True If instr(strLine,"senetworklogonright = *S-1-5-11,*S-1-5-32-544") <> 0 Then 'WScript.Echo strLine Wscript.Echo "Access this Computer From the Network: Administrators, Authenticated Users " End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject")Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Application Log]") <> 0 Then app = True ElseIf instr(strLine, "[Event Audit]") <> 0 Then 'Identify end of Application app = False end If Select Case app Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Application log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, "[Security Log]") <> 0 Then sec = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sec = False End If Select Case sec Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing Security log: " & " Enabled" 'WScript.Echo "" End If End Select Loop Set fso = CreateObject("Scripting.FileSystemObject) Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2) Do Until fsostr.AtEndOfStream strLine = fsostr.ReadLine if instr(strLine, [System Log]") <> 0 Then sys = True 'WScript.Quit ElseIf instr(strLine, "[") <> 0 Then 'Identify end of security Log sys = False End If Select Case sys Case True If instr(strLine, "RestrictGuestAccess = 1") <> 0 Then 'WScript.Echo strLine WScript.Echo "Prevent local guests from accessing System log: " & " Enabled" 'WScript.Echo "" End If End Select Loop End Function
Wscript.Echo ""WScript.Echo "Local Account Policy Settings"WScript.Echo "---------------------------------"strFilePath = strsysdrv & "seccfg.txt" Set fso = CreateObject("Scripting.FileSystemObject") Set fsostr = fso.OpenTextFile(strFilePath, 1, False, -2)Do Until fsostr.AtEndOfStream Set sLine = null sLine = fsostr.ReadLine sLoc = InStr(sLine,"MinimumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MaximumPasswordAge") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"MinimumPasswordLength") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"PasswordHistorySize") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutBadCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"ResetLockoutCount") If sLoc = 1 then WScript.Echo sLine sLoc = InStr(sLine,"LockoutDuration") If sLoc = 1 then WScript.Echo sLineLoop fsostr.Closeset fso = Nullset fsostr=Null
Querying for Security Information
Something like this should be more efficient for parsing out the audit section:
But I'm not clear on what else you are trying to do. Are you looking to only display certain lines from the config file you are creating? Is there some part of the script that you don't think is working?
jhicks2007-10-11 05:42:17
Code: Select all
If InStr(sLine,"=") Then
'split line into an array
arrData=Split(sLine,"=")
'Trim removes any spaces
sItem=Trim(arrData(0))
iData=Trim(arrData(1))
If InStr(sItem,"Audit") Then
Select Case iData
Case 0 sText="No Auditing"
Case 1 sText="Succes"
Case 2 sText="Failure"
Case 3 sText="Success,Failure"
Case Else sText="Unknown"
End Select
WScript.Echo sItem & "=" & sText
End If
End If
jhicks2007-10-11 05:42:17
- goldyfarbs
- Posts: 239
- Last visit: Thu Mar 07, 2013 8:15 am
Querying for Security Information
Jhicks, - Thanks for the reply.. This is so much I want to do with this script.. I basically inherited a server commisisoning script with 1700 lines of code and I want to rewrite the whole script, but it so big its like, where do I start..
All the new stuff I have added was in functions to help modularize the script.
Just to give you a little background.
We need to commission all servers that get put in our environment as we are in a highly regulated environment. So, I inherited the initial release of the script. the section I want to focus on now and make more dynamic is our Security functions.
We capture all the data I am requesting below, but it's messy as hell and I am looking for a better way to modularize this and also, the problem I have is that this has to work on Both windows 2000 and windows 2003.
I think the best way to do this to maybe create a Security function for both windows 2000 and windows 2003
See below for settings we want to capture... - again thanks for all your help...
My skill level is beginner to intermediate.. Close to the end of beginner side.. I am working on getting better...
We want to capture the following settings.
- Effective Audit Settings
- Local Administrators Group Membership
- Access this computer from the Network
- Prevent Local guests from accessing the application Log
- Prevent local guests from accessing the system log
- Prevent local guests from acessing the security log
- Applied group policy
- Local Account Policy
- Guest account Status
- System shutdown rights
- Legal Notice
All the new stuff I have added was in functions to help modularize the script.
Just to give you a little background.
We need to commission all servers that get put in our environment as we are in a highly regulated environment. So, I inherited the initial release of the script. the section I want to focus on now and make more dynamic is our Security functions.
We capture all the data I am requesting below, but it's messy as hell and I am looking for a better way to modularize this and also, the problem I have is that this has to work on Both windows 2000 and windows 2003.
I think the best way to do this to maybe create a Security function for both windows 2000 and windows 2003
See below for settings we want to capture... - again thanks for all your help...
My skill level is beginner to intermediate.. Close to the end of beginner side.. I am working on getting better...
We want to capture the following settings.
- Effective Audit Settings
- Local Administrators Group Membership
- Access this computer from the Network
- Prevent Local guests from accessing the application Log
- Prevent local guests from accessing the system log
- Prevent local guests from acessing the security log
- Applied group policy
- Local Account Policy
- Guest account Status
- System shutdown rights
- Legal Notice
- goldyfarbs
- Posts: 239
- Last visit: Thu Mar 07, 2013 8:15 am
Querying for Security Information
Oh, wait it gets better.. We have a multi-million dollar agreement with NetIQ and we use their SCM product, but they want the commissioning of servers scripted.
The hardest part is trying to develop a global solution for this script to work in all environments. I wish I could post the script, it's 40 pages long and is in complete shambles, so that is why I am taking a section at a time and going to modulize it. I told my boss about 6 - 12 months away before a new script can be done... B/C that isn't my only task.. as you can image.
Thanks for your continued support - jg
The hardest part is trying to develop a global solution for this script to work in all environments. I wish I could post the script, it's 40 pages long and is in complete shambles, so that is why I am taking a section at a time and going to modulize it. I told my boss about 6 - 12 months away before a new script can be done... B/C that isn't my only task.. as you can image.
Thanks for your continued support - jg
- goldyfarbs
- Posts: 239
- Last visit: Thu Mar 07, 2013 8:15 am
Querying for Security Information
I am excited to be here and be a regular.. I have been a regular on Ars forum for years, but I decided I love scripting and had my company pay for just about everything SAPIEN so now I will join here...
As for Powershell vs. Vbscript.. Man I would love to.. But I don't even know where to start..
And yes you are going to be seeing a lot of me as I am trying to expand upon my Vbscript ability.
Also, I am realzing that Vbscript is helping me think outside the box more and more dynamic which is very good.. It's like.. Hum.. How can I make this more dynamic. I like to make sure our scripts have brains..and are logica..
As for Powershell vs. Vbscript.. Man I would love to.. But I don't even know where to start..
And yes you are going to be seeing a lot of me as I am trying to expand upon my Vbscript ability.
Also, I am realzing that Vbscript is helping me think outside the box more and more dynamic which is very good.. It's like.. Hum.. How can I make this more dynamic. I like to make sure our scripts have brains..and are logica..
Querying for Security Information
PowerShell is the way going forward for Microsoft so you should be able to convince the powers that be that it is well worth your time in learning it and building your management tools in it. You can start by picking up the PowerShell TFM book that Don and I wrote. We also run training classes. We actually have a public class in Las Vegas week after next but the registration deadline is tomorrow. But there will be more classes next year.As for the text file, there's really nothing wrong with the approach. Even in PowerShell you have to "read" the file to use the contents. It's just much easier and less code than using the FileSystemobject. What take about 5 or 6 lines of VBScript can be accomplished in 1 short PowerShell command.You decide what block of functionality you want to work on and we'll see what we can do. If you decide to go the PowerShell route, then use the PowerShell forum.
Querying for Security Information
Based on part of your original script it looked like it was simply replacing the numeric value for each of the audit settings with an English equivalent. My code simply takes any line that has the work Audit in it and splits it into an array. Element 0 is the audit setting and element 1 is the value. The Select Case statement essentially replaces the number with a more meaningful string. The end result is that the audit lines from the config file are echoed back but with meaningful text instead of the numeric value.
Save this example to a vbs file and try it out:
Save this example to a vbs file and try it out:
Code: Select all
arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")
For Each sline In arrLines
If InStr(sLine,"=") Then
'split line into an array
arrData=Split(sLine,"=")
'Trim removes any spaces
sItem=Trim(arrData(0))
iData=Trim(arrData(1))
If InStr(sItem,"Audit") Then
Select Case iData
Case 0 sText="No Auditing"
Case 1 sText="Success"
Case 2 sText="Failure"
Case 3 sText="Success,Failure"
Case Else sText="Unknown"
End Select
WScript.Echo sItem & "=" & sText
End If
End If
Next
Querying for Security Information
I sacrificed the spacing for code simplicity. If that is important, then something like this might be a little more efficient than your original script:
I'm using the array to simulate the line reading you would be doing. This will give you ouput like this:
Audit Account Manage = Failure
Audit System Events = No Auditing
Audit Policy Change = Success,Failure
jhicks2007-10-12 09:11:10
Code: Select all
arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")
For Each sline In arrLines
If InStr(sLine,"=") Then
'split line into an array
arrData=Split(sLine,"=")
'Trim removes any spaces
sItem=Trim(arrData(0))
iData=Trim(arrData(1))
If InStr(sItem,"Audit") Then
Select Case sItem
Case "AuditAccountManage"
sItem="Audit Account Manage"
Case "AuditSystemEvents"
sItem="Audit System Events"
Case "AuditPolicyChange"
sItem="Audit Policy Change"
Case Else
sItem="Unknown setting"
End Select
WScript.Echo sItem & " = " & DecodeAudit(iData)
End If
End If
Next
Function DecodeAudit(iData)
Select Case iData
Case 0 sText="No Auditing"
Case 1 sText="Success"
Case 2 sText="Failure"
Case 3 sText="Success,Failure"
Case Else sText="Unknown"
End Select
DecodeAudit=sText
End function
Audit Account Manage = Failure
Audit System Events = No Auditing
Audit Policy Change = Success,Failure
jhicks2007-10-12 09:11:10
- goldyfarbs
- Posts: 239
- Last visit: Thu Mar 07, 2013 8:15 am
Querying for Security Information
Jeff,
Dude, I love what you did.. Brilliant..
But I do have one question.. I see you walk through your array with a For Next statement.
But what does this exact line that you are setting your array. Why AuditAccountManage = 2? etc...
arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")
Shouldn't arrLines be something with all of this output
Event Audit]AuditSystemEvents = 3AuditLogonEvents = 3AuditObjectAccess = 2AuditPrivilegeUse = 2AuditPolicyChange = 3AuditAccountManage = 3AuditDSAccess = 2AuditAccountLogon = 3
I don't fully understand the array, but I sure do functions. I love how you create you first array and then use a function with an array to get your selected output.. Brilliant..
Thanks for your continued Support..
-jg
Dude, I love what you did.. Brilliant..
But I do have one question.. I see you walk through your array with a For Next statement.
But what does this exact line that you are setting your array. Why AuditAccountManage = 2? etc...
arrLines=Array("AuditAccountManage = 2","AuditSystemEvents = 0","AuditPolicyChange = 3")
Shouldn't arrLines be something with all of this output
Event Audit]AuditSystemEvents = 3AuditLogonEvents = 3AuditObjectAccess = 2AuditPrivilegeUse = 2AuditPolicyChange = 3AuditAccountManage = 3AuditDSAccess = 2AuditAccountLogon = 3
I don't fully understand the array, but I sure do functions. I love how you create you first array and then use a function with an array to get your selected output.. Brilliant..
Thanks for your continued Support..
-jg