AutoAdminLogon audit - Windows
Log In or Register to download the BES file, and more.

0 Votes

Description

<enter a description of the analysis here>

Property Details

ID2994788
StatusAlpha - Code that was just developed
TitleAutoAdminLogon audit - Windows
DomainBESC
Added by on 5/6/2015 9:49:47 AM
Last Modified by on 5/6/2015 9:49:47 AM
Counters 3334 Views / 11 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

AutoAdminLogon?
Period 12 hours
 
  * Results in a true/false
Show indented relevance
(exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" whose(value "AutoAdminLogon" of it as string as trimmed string as integer = 1) of (x64 registries; x32 registries))
DefaultUserName
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values whose(it != "") of (it as string as trimmed string) of values "DefaultUserName" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" of (x64 registries; x32 registries)
Password Length
Period 12 hours
 
  * Results in a true/false
Show indented relevance
lengths of unique values whose(it != "") of (it as string as trimmed string) of values "DefaultPassword" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" of (x64 registries; x32 registries)

Relevance

isWindows (Relevance 1172)
Used in 1152 fixlets and 540 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 analsis   * Results in a true/false
Show indented relevance
version of operating system >= "5.0"
Used in 1 analsis   * Results in a true/false
Show indented relevance
(exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" whose(value "AutoAdminLogon" of it as string as trimmed string as integer = 1) of (x64 registries; x32 registries))

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!