Folder Redirection Audit - Windows
Log In or Register to download the BES file, and more.

0 Votes

Description

 

Reference: https://bigfix.me/relevance/details/3019150

 

Property Details

ID2998509
StatusAlpha - Code that was just developed
TitleFolder Redirection Audit - Windows
DomainBESC
Added by on 1/6/2017 5:12:52 PM
Last Modified by on 1/6/2017 5:12:52 PM
Counters 4279 Views / 46 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

number of redirected folders - WMI
Period 6 hours
 
  * Results in a true/false
Show indented relevance
number of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis
Parent Folder Name of Redirected Folders ( typically the username )
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values whose("My Documents" != it AND "Documents" != it AND "AppData" != it AND "%25USERNAME%25" != it AND "Windows" != it AND "" != it) of (it as trimmed string) of following texts of lasts "\" of ( if (exists it whose("\" = it) of characters (length of it - 1) of it) then ( preceding texts of lasts "\" of it) else it ) of unique values of (it as trimmed string) of (preceding text of last "\" of it | it) of string values of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis
Parent Folder PathName of Redirected Folders - WMI
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values of (it as trimmed string) of (preceding text of last "\" of it | it) of string values of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis

Relevance

isWindows (Relevance 1172)
Used in 1155 fixlets and 538 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 analsis   * Results in a true/false
Show indented relevance
( exists values whose(it as string starts with "\\") of (keys "Shell Folders" of it; keys "User Shell Folders" of it) of keys "Software\Microsoft\Windows\CurrentVersion\Explorer" of keys of keys "HKEY_USERS" of (x64 registries;x32 registries) ) OR ( exists selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis )

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
jgstew -
See this related relevance challenge: https://forum.bigfix.com/t/challenge-2-provide-equivalent-relevance-using-different-inspector/19744
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as