1. Admin rights
2. USB disabled status
3. Windows Security Patches
4. AV version
5. Software Compliance
There are enterprise tools to do this, however I have found using small one liners for each a quick way to check this.
1. Admin Rights - You want to check if locally logged on user has admin rights.
net localgroup administrators | findstr %USERNAME%2. USB Disabled - There are many different way to check this
sc qc usbstor | findstr "START_TYPE"
cacls %SystemRoot%\Inf\Usbstor.inf
cacls %SystemRoot%\Inf\Usbstor.pnf
3. Windows Security patches
wmic qfe get InstalledOn | findstr "11/"Here "11/" is used coz I was looking for patches installed in the month of November. You can change that or even omit to findstr part to list the dates for all installed patches.
4. AV Version - I only look for the latest DAT version - this will vary but what you need is the registry key which hold the DAT value.
e.g for McAfee
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800" | findstr "DAT"5. Software Compliance - this one is tricky but again there are number of ways to do this. You can either look up the registry hive where this information is stored. You could do a Dir listing of the Program Files folder. Each may cover different things depending on how your operating environment is.
e.g going through registry -
reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall %TEMP%\temp1.txt
find "DisplayName" %TEMP%\temp1.txt| find /V "ParentDisplayName" > %TEMP%\temp2.txt
for /f "tokens=2,3 delims==" %%a in (%TEMP%\temp2.txt) do echo %%a
Note - I have found parts of some of the scripts by searching on google. Unfortunately I did that almost 2 months back and dont have the links to add as reference. Not all of the above is my work and I dont wish to take credit for all the scripts. Next time I'll save the links so that I can give due credit to people who created them.
No comments:
Post a Comment