' Copyright 2022 Firstwave (www.firstwave.com)
'
' This file is part of Open-AudIT.
'
' Open-AudIT is free software: you can redistribute it and/or modify
' it under the terms of the GNU Affero General Public License as published
' by the Free Software Foundation, either version 3 of the License, or
' (at your option) any later version.
'
' Open-AudIT is distributed in the hope that it will be useful,
' but WITHOUT ANY WARRANTY; without even the implied warranty of
' MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
' GNU Affero General Public License for more details.
'
' You should have received a copy of the GNU Affero General Public License
' along with Open-AudIT (most likely in a file named LICENSE).
' If not, see
'
' For further information on Open-AudIT or for a license other than AGPL please see
' www.firstwave.com or email sales@firstwave.com
'
' *****************************************************************************
' @package Open-AudIT
' @author Mark Unwin
' @version GIT: Open-AudIT_4.4.1
' @copyright Copyright (c) 2022, Firstwave
' @license http://www.gnu.org/licenses/agpl-3.0.html aGPL v3
Option Explicit
forceCScriptExecution
' these can be overridden on the command line
dim user, debugging, help, arg, arg_name, arg_value
' script variables
dim colItems, objItem, objArgs, objNetwork, objConnection, objCommand, objRecordSet
dim objUser, colMembers, strMember, strPath, objNestedGroup
dim colGroups, objGroups, objGroup, oReg
dim temp, temp2, temp3
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
const HKEY_CLASSES_ROOT = &H80000000
const HKEY_CURRENT_USER = &H80000001
const HKEY_LOCAL_MACHINE = &H80000002
const HKEY_USERS = &H80000003
debugging = 0
' below we take any command line arguements
' to override the variables above, simply include them on the command line like submit_online=n
' NOTE - argurments are case sensitive
Set objArgs = wscript.arguments
for each arg in objArgs
if instr(arg, "=") then
arg_name = lcase(left(arg,inStr(arg,"=")-1))
arg_value = mid(arg,inStr(arg,"=")+1)
select case lcase(arg_name)
'case "user"
' user = arg_value
case "help"
help = arg_value
case "debugging"
debugging = arg_value
end select
else
if (arg = "/help") or (arg = "/?") then
help = "y"
else
user = arg
end if
end if
next
wscript.echo "--------------------------------------------------"
wscript.echo "Open-AudIT Windows Client Connectivity Test Script"
wscript.echo "(c) Firstwave, 2022."
wscript.echo "--------------------------------------------------"
if (help = "y") then
wscript.echo "This script should be run on a Windows based computer."
wscript.echo ""
wscript.echo "It tests the required attributes to determine if the specified user (or the user running this script if no user is specified) has the required permissions to audit this PC remotely."
wscript.echo ""
wscript.echo "Also tested are the required firewall rules. No changes are made by this script."
wscript.echo ""
wscript.echo "This script should be copied to the target PC and run via 'cscript test_windows_target.vbs'"
wscript.echo ""
wscript.echo "To run the script and test another user (useful if having a 'normal' user run this on their PC, run the script like 'cscript test_windows_target.vbs user=administrator@your_domain'. NOTE - no need to specificy the complete domain name, the short version should not be supplied. IE - mydomain, not mydomain.com"
wscript.echo ""
wscript.echo "Valid command line options are below (items containing * are the defaults) and should take the format name=value (eg: user=user@domain)."
wscript.echo ""
'wscript.echo " user"
'wscript.echo " - This is not set by default. If supplied it will test the supplied user. If not set it will test the user runninng this script. Format should be user@domain."
'wscript.echo ""
wscript.echo " debugging"
wscript.echo " *0 - If set to 1 verbose output will be generated."
wscript.echo ""
wscript.echo ""
wscript.echo "NOTE - As there is no need to supply the password for the account being tested, an example of having a remote user run the script to test the audit users credentials and send the result to a text file:"
wscript.echo ""
wscript.echo "cscript test_windows_target.vbs user=administrator@domain > output.txt"
wscript.echo ""
wscript.echo "This file can the be attached or copied/pasted into an email for easy viewing by the actual administrator."
wscript.echo ""
wscript.echo "NOTE - If you run this script to test a domain user account, the user actually running the script must be a domain user."
wscript.quit
end if
On Error Resume Next
Set objNetwork = WScript.CreateObject("WScript.Network")
If Err.Number <> 0 Then ShowError("Cannot create wscript.network.") end if
dim objWMIService
On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")
If Err.Number <> 0 Then ShowError("Cannot connect to local WMI.") end if
dim objShell
set objShell = CreateObject("WScript.Shell")
dim hostname, running_user, running_user_domain, objWMIService2
hostname = objNetwork.ComputerName
If Err.Number <> 0 Then ShowError("Cannot retrieve local computer name.") end if
running_user = objNetwork.userName
If Err.Number <> 0 Then ShowError("Cannot retrieve user name of user running this script.") end if
running_user_domain = objNetwork.userDomain
If Err.Number <> 0 Then ShowError("Cannot retrieve user domain of user running this script.") end if
dim user_domain, user_name, user_from_cs
user_from_cs = "False"
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_ComputerSystem (1).") end if
if (user = "") then
For Each objItem In colItems
user = objItem.userName
If Err.Number <> 0 Then ShowError("Cannot select userName.") end if
Next
'wscript.echo "User from Win32_ComputerSystem is: " & user
If InStr(user, "\") > 0 then
temp = split(user, "\")
user_domain = temp(0)
user_name = temp(1)
user_from_cs = "True"
else
wscript.echo "WARNING - No slash in retrieved userName, using previously detected attributes."
user_domain = running_user_domain
user_name = running_user
end if
'wscript.echo "User Name from Win32_ComputerSystem: " & user_name
'wscript.echo "User Domain from Win32_ComputerSystem: " & user_domain
else
temp = split(user, "@")
If Err.Number <> 0 Then ShowError("No @ in supplied user name.") end if
user_domain = temp(1)
If Err.Number <> 0 Then ShowError("No domain in supplied user name.") end if
user_name = temp(0)
If Err.Number <> 0 Then ShowError("No name in supplied user name.") end if
end if
dim cs_current_timezone, cs_daylight_in_effect, cs_dns_hostname, cs_domain
dim cs_domain_role, cs_enable_ds_time, cs_part_of_domain, cs_workgroup
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_ComputerSystem (2).") end if
For Each objItem In colItems
cs_current_timezone = objItem.CurrentTimeZone
If Err.Number <> 0 Then ShowError("Cannot select CurrentTimezone from Win32_ComputerSystem.") end if
cs_daylight_in_effect = objItem.DaylightInEffect
If Err.Number <> 0 Then ShowError("Cannot select DaylightInEffect from Win32_ComputerSystem.") end if
cs_dns_hostname = objItem.DNSHostName
If Err.Number <> 0 Then ShowError("Cannot select DNSHostName from Win32_ComputerSystem.") end if
cs_domain = objItem.Domain
If Err.Number <> 0 Then ShowError("Cannot select Domain from Win32_ComputerSystem.") end if
cs_enable_ds_time = objItem.EnableDaylightSavingsTime
If Err.Number <> 0 Then ShowError("Cannot select EnableDaylightSavingsTime from Win32_ComputerSystem.") end if
cs_part_of_domain = objItem.PartOfDomain
If Err.Number <> 0 Then ShowError("Cannot select PartOfDomain from Win32_ComputerSystem.") end if
cs_workgroup = objItem.Workgroup
If Err.Number <> 0 Then ShowError("Cannot select Workgroup from Win32_ComputerSystem.") end if
if objItem.DomainRole = 0 then cs_domain_role = "Standalone Workstation" end if
if objItem.DomainRole = 1 then cs_domain_role = "Member Workstation" end if
if objItem.DomainRole = 2 then cs_domain_role = "Standalone Server" end if
if objItem.DomainRole = 3 then cs_domain_role = "Member Server" end if
if objItem.DomainRole = 4 then cs_domain_role = "Backup Domain Controller" end if
if objItem.DomainRole = 5 then cs_domain_role = "Primary Domain Controller" end if
Next
dim os_number, os_name
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_OperatingSystem.") end if
for each objItem In colItems
os_name = objItem.Caption
os_number = objItem.BuildNumber
next
dim lt_local_time
set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_LocalTime", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_LocalTime.") end if
For Each objItem In colItems
lt_local_time = objItem.Year & "-" & objItem.Month & "-" & objItem.Day & " " & objItem.Hour & ":" & objItem.Minute & ":" & objItem.Second
If Err.Number <> 0 Then ShowError("Failed to create local time (1).")
Next
dim group_domain, member_domain, local_administrators
Set colGroups = GetObject("WinNT://" & hostname & "")
If Err.Number <> 0 Then ShowError("Cannot select from WinNT.") end if
colGroups.Filter = Array("group")
If Err.Number <> 0 Then ShowError("Cannot filter Group from WinNT.") end if
For Each objGroup In colGroups
if objGroup.Name = "Administrators" then
If Err.Number <> 0 Then
ShowError("Cannot select Name from WinNT.")
end if
For Each objUser in objGroup.Members
group_domain = split(objUser.ADSPath, "/")
If Err.Number <> 0 Then
ShowError("Cannot split ADSPath from WinNT.")
end if
member_domain = group_domain(ubound(group_domain)-1)
If Err.Number <> 0 Then
ShowError("Cannot get domain from split ADSPath.")
end if
local_administrators = local_administrators & objUser.name & "@" & member_domain & ","
Next
end if
Next
wscript.echo ""
wscript.echo "Computer Settings"
wscript.echo "================="
wscript.echo "Computer Time: " & lt_local_time
wscript.echo "Computer Name: " & hostname
' wscript.echo "User Running Name: " & running_user
' wscript.echo "User Running Domain: " & running_user_domain
wscript.echo "User Name: " & user_name
wscript.echo "User Domain: " & user_domain
wscript.echo "User derived from CS: " & user_from_cs
wscript.echo "Daylight In Effect: " & cs_daylight_in_effect
wscript.echo "EnableDaylightSavingsTime: " & cs_enable_ds_time
wscript.echo "Current Time Zone: " & cs_current_timezone
wscript.echo "Computer DNS Name: " & cs_dns_hostname
wscript.echo "Computer Domain: " & cs_domain
wscript.echo "Workgroup: " & cs_workgroup
wscript.echo "PartOfDomain: " & cs_part_of_domain
wscript.echo "DomainRole: " & cs_domain_role
wscript.echo "OS Name: " & os_name
wscript.echo "OS Build Number: " & os_number
wscript.echo "Local Administrators: " & left(local_administrators,len(local_administrators)-1)
wscript.echo ""
dim ad_client_site_name, ad_dc_site_name, ad_description, ad_dns_forest_name
dim ad_domain_controller_address, ad_domain_controller_address_type, ad_domain_controller_name, ad_domain_name
if (cs_part_of_domain = "True") then
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTDomain where domainname = '" & user_domain & "' ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then
wscript.echo "-----ERROR-----"
wscript.echo "Cannot select from Win32_NTDomain."
wscript.echo "Error Number: " & Err.Number
wscript.echo "Source: " & Err.Source
wscript.echo "Description: " & Err.Description
wscript.echo "---------------"
Else
For Each objItem In colItems
ad_client_site_name = objItem.ClientSiteName
If Err.Number <> 0 Then ShowError("Cannot select ClientSiteName from Win32_NTDomain.") end if
ad_dc_site_name = objItem.DcSiteName
If Err.Number <> 0 Then ShowError("Cannot select DcSiteName from Win32_NTDomain.") end if
ad_description = objItem.Description
If Err.Number <> 0 Then ShowError("Cannot select Description from Win32_NTDomain.") end if
ad_dns_forest_name = objItem.DnsForestName
If Err.Number <> 0 Then ShowError("Cannot select DnsForestName from Win32_NTDomain.") end if
ad_domain_controller_address = objItem.DomainControllerAddress
If Err.Number <> 0 Then ShowError("Cannot select DomainControllerAddress from Win32_NTDomain.") end if
ad_domain_controller_address_type = objItem.DomainControllerAddressType
If Err.Number <> 0 Then ShowError("Cannot select DomainControllerAddressType from Win32_NTDomain.") end if
ad_domain_controller_name = objItem.DomainControllerName
If Err.Number <> 0 Then ShowError("Cannot select DomainControllerName from Win32_NTDomain.") end if
ad_domain_name = objItem.DomainName
If Err.Number <> 0 Then ShowError("Cannot select DomainName from Win32_NTDomain.") end if
Next
end If
end If
if (cs_part_of_domain = "True" and _
lcase(user_domain) <> lcase(hostname) and _
lcase(user_domain) <> lcase(cs_domain) and _
lcase(user_domain) <> lcase(ad_description) and _
lcase(user_domain) <> lcase(ad_domain_name)) then
' we need to use an Active Directory account to be able to query Active Directory
wscript.echo vbcrlf & "FAIL - You must use a domain account to run this script if you are querying a domain. Please log on to this computer with a domain account and re-run this script."
wscript.quit 1
end if
dim ldap_domain, user_ldap, user_ldap_groups
if (cs_part_of_domain = "True" and lcase(user_domain) <> lcase(hostname)) then
' this PC belongs to a domain.
ldap_domain = "dc=" & replace(cs_domain, ".", ",dc=")
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
If Err.Number <> 0 Then ShowError("Cannot create ADODB.Connection.") end if
Set objCommand = CreateObject("ADODB.Command")
If Err.Number <> 0 Then ShowError("Cannot create ADODB.Command.") end if
objConnection.Provider = "ADsDSOObject"
If Err.Number <> 0 Then ShowError("Cannot create ADODB.Provider.") end if
objConnection.Open "Active Directory Provider"
If Err.Number <> 0 Then ShowError("Cannot open ADODB.Connection.") end if
Set objCommand.ActiveConnection = objConnection
If Err.Number <> 0 Then ShowError("Cannot create objConnection.") end if
objCommand.Properties("Page Size") = 1000
If Err.Number <> 0 Then ShowError("Cannot set Page Size.") end if
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
If Err.Number <> 0 Then ShowError("Cannot set Search Scope.") end if
dim command_text : command_text = "SELECT distinguishedName FROM 'LDAP://" & ldap_domain & "' WHERE objectCategory='user' AND sAMAccountName='" & user_name & "'"
objCommand.CommandText = command_text
If Err.Number <> 0 Then ShowError("Cannot set CommandText.") end if
Set objRecordSet = objCommand.Execute
If Err.Number <> 0 Then ShowError("Cannot execute CommandText.") end if
objRecordSet.MoveFirst
If Err.Number <> 0 Then ShowError("Cannot moveFirst over CommandText.") end if
Do Until objRecordSet.EOF
user_ldap = objRecordSet.Fields("distinguishedName").Value
If Err.Number <> 0 Then ShowError("Cannot get distinguishedName.") end if
objRecordSet.MoveNext
Loop
Set objUser = GetObject("LDAP://" & user_ldap)
If Err.Number <> 0 Then ShowError("Cannot connect to LDAP.") end if
Set colGroups = objUser.Groups
If Err.Number <> 0 Then ShowError("Cannot get Groups from LDAP.") end if
For Each objGroup in colGroups
if (debugging = 1) then wscript.echo "objGroup.CN: " & objGroup.CN end if
if (instr(lcase(user_ldap_groups), lcase(objGroup.CN & ",")) > 0) then
if (debugging = 1) then wscript.echo "Not Adding 1 " & objGroup.CN end if
else
if (debugging = 1) then wscript.echo "Adding 1 " & objGroup.CN end if
user_ldap_groups = user_ldap_groups & objGroup.CN & ","
GetNested(objGroup)
end if
Next
Function GetNested(objGroup)
if (debugging = 1) then wscript.echo "objGroup.CN: " & objGroup.CN end if
if (instr(lcase(user_ldap_groups), lcase(objGroup.CN & ",")) > 0) then
if (debugging = 1) then wscript.echo "Not Adding 2 " & objGroup.CN end if
else
if (debugging = 1) then wscript.echo "Adding 2 " & objGroup.CN end if
user_ldap_groups = user_ldap_groups & objGroup.CN & ","
end if
On Error Resume Next
colMembers = objGroup.GetEx("memberOf")
For Each strMember in colMembers
strPath = "LDAP://" & strMember
Set objNestedGroup = GetObject(strPath)
if (debugging = 1) then wscript.Echo "objNestedGroup.CN: " & objNestedGroup.CN end if
if (instr(lcase(user_ldap_groups), lcase(objNestedGroup.CN & ",")) > 0) then
if (debugging = 1) then wscript.echo "Not Adding 3 " & objNestedGroup.CN end if
else
if (debugging = 1) then wscript.echo "Adding 3 " & objNestedGroup.CN end if
user_ldap_groups = user_ldap_groups & objNestedGroup.CN & ","
GetNested(objNestedGroup)
end if
Next
End Function
end if
if (cs_part_of_domain = "True") then
wscript.echo "Active Directory Details"
wscript.echo "========================"
wscript.echo "AD Client Site Name: " & ad_client_site_name
wscript.echo "AD DC Site Name: " & ad_dc_site_name
wscript.echo "AD Description: " & ad_description
wscript.echo "AD Domain Name (short): " & ad_domain_name
wscript.echo "AD DNS Forest Name: " & ad_dns_forest_name
wscript.echo "AD Domain Controller Address: " & ad_domain_controller_address
wscript.echo "AD Domain Controller Name: " & ad_domain_controller_name
wscript.echo "AD Domain Controller Address Type: " & ad_domain_controller_address_type
wscript.echo "LDAP Connect String: " & command_text
wscript.echo "LDAP Domain: " & ldap_domain
wscript.echo "LDAP User Account: " & user_ldap
if (user_ldap_groups > "") then
wscript.echo "User LDAP Groups: " & left(user_ldap_groups,len(user_ldap_groups)-1)
else
wscript.echo "User LDAP Groups: None other than primary."
end if
end if
dim ad_dc_current_timezone, ad_dc_daylight_in_effect, ad_dc_enable_daylight_savings_time, ad_dc_local_time
' Connect to the AD Controller and retrieve it's time
if (cs_part_of_domain = "True") then
if (instr(lcase(cs_domain_role), "ontroller") = 0 ) then
' we belong to a domain and we are not a domain controller.
set objWMIService2 = GetObject("winmgmts:\\" & domain_controller_name & "\root\cimv2")
If Err.Number <> 0 Then ShowError("Problem authenticating to Domain Controller '" & ad_domain_controller_name & "'") end if
colItems = objWMIService2.ExecQuery("SELECT * FROM Win32_LocalTime", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_LocalTime on " & ad_domain_controller_name) end if
For Each objItem In colItems
ad_dc_local_time = objItem.Year & "-" & objItem.Month & "-" & objItem.Day & " " & objItem.Hour & ":" & objItem.Minute & ":" & objItem.Second
If Err.Number <> 0 Then ShowError("Failed to create local time (2).") end if
Next
Set colItems = objWMIService2.ExecQuery("SELECT * FROM Win32_ComputerSystem", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
ad_dc_current_timezone = objItem.CurrentTimeZone
If Err.Number <> 0 Then ShowError("Cannot select CurrentTimezone from Win32_ComputerSystem on " & domain_controller_name) end if
ad_dc_daylight_in_effect = objItem.DaylightInEffect
If Err.Number <> 0 Then ShowError("Cannot select DaylightInEffect from Win32_ComputerSystem on " & domain_controller_name) end if
ad_dc_enable_daylight_savings_time = objItem.EnableDaylightSavingsTime
If Err.Number <> 0 Then ShowError("Cannot select EnableDaylightSavingsTime from Win32_ComputerSystem on " & domain_controller_name) end if
next
wscript.echo "DC Current Time: " & ad_dc_local_time
wscript.echo "DC Current Time Zone: " & ad_dc_current_timezone
wscript.echo "DC Daylight In Effect: " & ad_dc_daylight_in_effect
wscript.echo "DC Enable Daylight Savings Time: " & ad_dc_enable_daylight_savings_time
wscript.echo
end if
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Running Tests"
wscript.echo "------------------------"
wscript.echo
wscript.echo "------------------------"
wscript.echo "Testing 64-bit"
wscript.echo "------------------------"
dim address_width
set colItems = objWMIService.ExecQuery("Select * from Win32_Processor where DeviceID = 'CPU0' ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_Processor") end if
for each objItem In colItems
address_width = objItem.AddressWidth
next
if (address_width = "32") then
wscript.echo "FAIL - Discovery requires a 64bit Processor."
else
wscript.echo "PASS - 64bit processor detected."
end if
set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
If Err.Number <> 0 Then ShowError("Cannot select from Win32_OperatingSystem") end if
for each objItem In colItems
address_width = objItem.OSArchitecture
next
if (address_width <> "64-bit") then
wscript.echo "FAIL - Discovery requires a 64bit operating system."
else
wscript.echo "PASS - 64bit operating system detected."
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Testing Services"
wscript.echo "------------------------"
set colItems = objWMIService.ExecQuery("Select * from Win32_Service Where name = 'RpcSs' ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
for each objItem In colItems
if (objItem.Caption = "Remote Procedure Call (RPC)") then
if (objItem.State = "Stopped") then
wscript.echo "FAIL - RPC service not running."
else
wscript.echo "PASS - RPC service registered and running."
end if
else
wscript.echo "FAIL - RPC service not returned."
end if
next
set colItems = objWMIService.ExecQuery("Select * from Win32_Service Where name = 'Netlogon' ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
for each objItem In colItems
if (objItem.Caption = "Netlogon") then
if (objItem.State = "Stopped") then
wscript.echo "INFO - Netlogon service not running."
else
wscript.echo "PASS - Netlogon service registered and running."
end if
else
wscript.echo "FAIL - Netlogon service not returned."
end if
next
wscript.echo
wscript.echo "------------------------"
wscript.echo "Testing DNS"
wscript.echo "------------------------"
' Check we can resolve all IPv4 IP's to DNS Names
dim i, ip_address, ip_address_version, strParams, hit, strhost, strText, objExecObj
set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = True ", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
for each objItem in colItems
if (objItem.MACAddress > "") then
for i = LBound(objItem.IPAddress) to UBound(objItem.IPAddress)
if len(objItem.IPAddress(i)) > 15 then
ip_address_version = "6"
else
ip_address_version = "4"
end if
if objItem.IPAddress(i) <> "0.0.0.0" and ip_address_version = "4" then
strParams = "%comspec% /c NSlookup " & objItem.IPAddress(i) & " | findStr Name: "
wscript.echo "NSLookup for " & objItem.IPAddress(i)
Set objExecObj = objShell.exec(strParams)
hit = "false"
strhost = ""
do while Not objExecObj.StdOut.AtEndOfStream
strText = objExecObj.StdOut.Readline()
if (strText <> "") then
if (instr (strText, "Name") and instr(lcase(strText), lcase(hostname))) then
'hit = "true"
'strhost = trim(replace(strText,"Name:",""))
wscript.echo "PASS - Could resolve " & objItem.IPAddress(i) & " to " & trim(replace(strText,"Name:",""))
elseif (instr (strText, "Name")) then
wscript.echo "INFO - Resolved " & objItem.IPAddress(i) & " to " & trim(replace(strText,"Name:","")) & ", but this isn't the hostname"
else
wscript.echo "FAIL - Could not resolve " & objItem.IPAddress(i)
end if
end if
loop
' if (hit = "true") then
' wscript.echo "PASS - Could resolve " & objItem.IPAddress(i) & " to " & strhost
' else
' wscript.echo "FAIL - Could not resolve " & objItem.IPAddress(i)
' end if
end if
next
end if
next
wscript.echo
wscript.echo "------------------------"
wscript.echo "Testing Account"
wscript.echo "------------------------"
' check localtime versus domain controller time
if (cs_part_of_domain = "True" and instr(lcase(cs_domain_role), "controller") = 0 ) then
if ( abs(datediff("s", lt_local_time, ad_dc_local_time)) > 300) then
wscript.echo "FAIL - There is a difference of greater than 5 minutes between your local time and that of your nearest Domain Controller."
end if
if (cs_current_timezone <> dc_current_timezone) then
wscript.echo "FAIL - Local timezone should be the same as your nearest Domain Controller."
end if
if (cs_daylight_in_effect <> dc_daylight_in_effect) then
wscript.echo "FAIL - Daylight Savings in Effect should be the same as your nearest Domain Controller."
end if
if (cs_enable_daylight_savings_time <> dc_enable_daylight_savings_time) then
wscript.echo "FAIL - Enable Daylight Savings should be the same as your nearest Domain Controller."
end if
end if
' Domain or Non-domain can use the local administrator account
if (lcase(user_domain) = lcase(hostname)) then
if (lcase(user_name) = "administrator") then
wscript.echo "PASS - Account is the local Administrator."
else
wscript.echo "FAIL - Local account but not the actual Administrator account."
end if
end if
' The domain user must be a member of the local Administrators group
if (cs_part_of_domain = "True" and lcase(user_domain) <> lcase(hostname) and instr(lcase(local_administrators), lcase(user))) then
wscript.echo "PASS - Domain account is in the local Administrators group."
end if
' The domain user must be in the local Administrators group
' or in a group that is in the local Administrators group
dim local_admin, domain_admin
if (cs_part_of_domain = "True" and lcase(user_domain) <> lcase(hostname)) then
temp = split(local_administrators, ",")
temp2 = split(user_ldap_groups, ",")
dim hit_la, d_group
for each local_admin in temp
if (local_admin <> "") then
temp3 = split(local_admin, "@")
local_admin = temp3(0)
if (debugging = 1) then wscript.echo "" end if
for each domain_admin in temp2
if (domain_admin <> "") then
if (lcase(local_admin) = lcase(domain_admin)) then
if (debugging = 1) then wscript.echo "Local Admin (" & local_admin & "), Domain Group (" & domain_admin & ") - MATCH." end if
hit_la = "y"
d_group = domain_admin
else
if (debugging = 1) then wscript.echo "Local Admin (" & local_admin & "), Domain Group (" & domain_admin & ") - NO MATCH." end if
end if
end if
next
end if
next
if (hit_la = "y") then
wscript.echo "PASS - Domain account is a member of " & d_group & " which is a member of the local Administrators group."
else
wscript.echo "FAIL - Account is not a member of the local Administrators group (or subgroup)."
end if
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Connecting to Registry"
wscript.echo "------------------------"
temp = ""
set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
If Err.Number <> 0 Then
ShowError("Cannot connect to local registry.")
else
wscript.echo "PASS - Can connect to registry"
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Testing UAC blocking inbound requests"
wscript.echo "------------------------"
oReg.GetDWORDValue HKEY_LOCAL_MACHINE,"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System","EnableLUA", temp
If Err.Number <> 0 Then ShowError("Cannot read local registry.") end if
if (isnull(temp) or temp <> "1") then
wscript.echo "INFO - UAC is not disabled for remote connections."
wscript.echo "You can disable it by entering the below in an administrative console window."
wscript.echo "reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f"
wscript.echo "This registry change will require a restart to take effect."
else
wscript.echo "PASS - UAC registry entry exists and is set to 1."
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Checking SMB1"
wscript.echo "------------------------"
dim smb1
Err.Clear
oreg.GetDWORDValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters", "SMB1", smb1
'if Err.Number <> 0 then
'' wscript.echo "INFO - SMB1 not present in registry, therefore enabled."
'else
if (smb1 = "" or isnull(smb1)) then
wscript.echo "INFO - SMB1 not present in registry, therefore enabled."
elseif (smb1 = "1" or smb1 = "" or isnull(smb1)) then
wscript.echo "INFO - SMB1 configured with a value of 1, therefore enabled."
elseif (smb1 = "0") then
wscript.echo "INFO - SMB1 configured with a value of 0, therefore disabled."
elseif (smb1 <> "0" and smb1 <> "1") then
wscript.echo "WARNING - SMB1 configured with an invalid value of " & smb1 & ", cannot determine SMB1 status."
else
wscript.echo "WARNING - Unknown issue detecting SMB1 in registry."
end if
'end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Checking DCOM"
wscript.echo "------------------------"
dim dcom_enabled
oreg.getstringvalue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Ole", "enableDCOM", dcom_enabled
if (dcom_enabled = "Y") then
wscript.echo "PASS - DCOM is enabled."
else
wscript.echo "FAIL - DCOM is disabled."
end if
if (instr(lcase(os_name), "xp")) then
wscript.echo
wscript.echo "------------------------"
wscript.echo "Checking SImple File Sharing on XP"
wscript.echo "------------------------"
dim force_guest
oreg.GetDWORDValue HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Control\Lsa", "ForceGuest", force_guest
if (force_guest = "0") then
wscript.echo "PASS - Simple File Sharing is disabled."
else
wscript.echo "FAIL - Simple File Sharing is enabled."
end if
end if
wscript.echo
wscript.echo "------------------------"
wscript.echo "Firewall State"
wscript.echo "------------------------"
Dim CurrentProfiles, InterfaceArray, LowerBound, UpperBound
Dim iterate, rule, firewall
' Profile Type
Const NET_FW_PROFILE2_DOMAIN = 1
Const NET_FW_PROFILE2_PRIVATE = 2
Const NET_FW_PROFILE2_PUBLIC = 4
' Protocol
Const NET_FW_IP_PROTOCOL_TCP = 6
Const NET_FW_IP_PROTOCOL_UDP = 17
Const NET_FW_IP_PROTOCOL_ICMPv4 = 1
Const NET_FW_IP_PROTOCOL_ICMPv6 = 58
' Direction
Const NET_FW_RULE_DIR_IN = 1
Const NET_FW_RULE_DIR_OUT = 2
' Action
Const NET_FW_ACTION_BLOCK = 0
Const NET_FW_ACTION_ALLOW = 1
' Create the FwPolicy2 object.
Dim fwPolicy2
Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2")
CurrentProfiles = fwPolicy2.CurrentProfileTypes
dim fw_profile, fw_active
if ( CurrentProfiles AND NET_FW_PROFILE2_DOMAIN ) then
fw_profile = "Domain"
fw_active = fwPolicy2.FirewallEnabled(NET_FW_PROFILE2_DOMAIN)
elseif ( CurrentProfiles AND NET_FW_PROFILE2_PRIVATE ) then
fw_profile = "Private"
fw_active = fwPolicy2.FirewallEnabled(NET_FW_PROFILE2_PRIVATE)
elseif ( CurrentProfiles AND NET_FW_PROFILE2_PUBLIC ) then
fw_profile = "Public"
fw_active = fwPolicy2.FirewallEnabled(NET_FW_PROFILE2_PUBLIC)
end if
if (fw_active = "True") then
wscript.echo "INFO - Current firewall profile " & fw_profile & " is active."
else
wscript.echo "PASS - Current firewall profile " & fw_profile & " is not active."
end if
if (fw_active = "True") then
Dim RulesObject
Set RulesObject = fwPolicy2.Rules
dim rule_service, rule_protocol, rule_port, rule_direction, rule_state, rule_action
wscript.echo
wscript.echo "------------------------"
wscript.echo "Firewall Rules"
wscript.echo "------------------------"
for each rule in Rulesobject
if rule.Profiles and CurrentProfiles then
rule_service = rule.ServiceName
select case rule.Protocol
case NET_FW_IP_PROTOCOL_TCP rule_protocol = "tcp"
case NET_FW_IP_PROTOCOL_UDP rule_protocol = "udp"
case NET_FW_IP_PROTOCOL_ICMPv4 rule_protocol = "udp"
case NET_FW_IP_PROTOCOL_ICMPv6 rule_protocol = "udp"
case Else rule_protocol = rule.Protocol
end select
if rule.Protocol = NET_FW_IP_PROTOCOL_TCP or _
rule.Protocol = NET_FW_IP_PROTOCOL_UDP then
rule_port = rule.LocalPorts
end if
select case rule.Direction
case NET_FW_RULE_DIR_IN rule_direction = "in"
case NET_FW_RULE_DIR_OUT rule_direction = "out"
case else rule_direction = "unknown"
end select
if (rule.Enabled = "True") then
rule_state = "enabled"
else
rule_state = "disabled"
end if
select case rule.Action
case NET_FW_ACTION_ALLOW rule_action = "allowed"
case NET_FW_ACTION_BLOCk rule_action = "blocked"
end select
' test the required rules - WMI
if (instr(lcase(rule.Name), "windows management instrumentation") and rule_protocol = "tcp" ) then
if (rule_action = "allowed" and rule_state = "enabled") then
wscript.echo "PASS - WMI rule " & replace(rule.Name, "Windows Management Instrumentation ", "") & " for " & rule_direction & "-bound connections on port " & rule_port & " to service " & rule_service & " to be " & rule_action & " is " & rule_state & "."
else
wscript.echo "FAIL - WMI rule " & replace(rule.Name, "Windows Management Instrumentation ", "") & " for " & rule_direction & "-bound connections on port " & rule_port & " to service " & rule_service & " to be " & rule_action & " is " & rule_state & "."
end if
end if
' test the required rules - File & Printer Sharing
if (instr(rule.Name, "File and Printer Sharing (Echo Request - ICMPv4-In)")) then
if (rule_action = "allowed" and rule_state = "enabled") then
wscript.echo "PASS - File and Printer Sharing (Echo Request - ICMPv4-In) for " & rule_direction & "-bound connections to be " & rule_action & " is " & rule_state & "."
else
wscript.echo "FAIL - File and Printer Sharing (Echo Request - ICMPv4-In) for " & rule_direction & "-bound connections to be " & rule_action & " is " & rule_state & "."
end if
end if
end if ' rule / profile match
next ' each rule
end if
Sub forceCScriptExecution
Dim Arg, Str
if not lcase( Right( wscript.FullName, 12 ) ) = "\cscript.exe" then
for each arg in WScript.Arguments
If InStr( Arg, " " ) Then Arg = """" & Arg & """"
Str = Str & " " & Arg
Next
CreateObject("WScript.Shell").Run "cscript //nologo """ & WScript.ScriptFullName & """ " & Str
wscript.quit
end if
End Sub
Sub ShowError(strMessage)
wscript.echo "-----ERROR-----"
wscript.echo strMessage
wscript.echo "Error Number: " & Err.Number
wscript.echo "Source: " & Err.Source
wscript.echo "Description: " & Err.Description
wscript.echo "---------------"
Err.Clear
wscript.quit
End Sub