Windows Admin Users Compliance Status - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Windows Admin Users Compliance Status9/15/2018 9:15:36 PM
2Windows Admin Users Compliance Status9/17/2018 9:29:14 PM

Description

<enter a description of the analysis here>

Property Details

ID2998596
StatusBeta - Preliminary testing ready for more
TitleWindows Admin Users Compliance Status
DomainBESC
KeywordsManage Local Windows Administrators
Added by on 9/15/2018 9:15:36 PM
Last Modified by on 9/15/2018 9:15:36 PM
Counters 1206 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Status
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file (parent folder of regapp "besclient.exe" as string & "\ComplianceWhitelist\ComplianceWhitelist.txt") then if number of (elements of (set of ((following texts of firsts "\" of unique values of ((members of local group "Administrators") as string) as lowercase)) - set of (unique values of (lines of file (parent folder of regapp "besclient.exe" as string & "\ComplianceWhitelist\ComplianceWhitelist.txt"))))) = 0 then "Compliant" else "Not-Compliant" else "No Compliance Whitelist on Endpoint"
Unauthorized Admins
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file (parent folder of regapp "besclient.exe" as string & "\ComplianceWhitelist\ComplianceWhitelist.txt") then "[" & concatenation "] - [" of (elements of (set of ((following texts of firsts "\" of unique values of ((members of local group "Administrators") as string) as lowercase)) - set of (unique values of (lines of file (parent folder of regapp "besclient.exe" as string & "\ComplianceWhitelist\ComplianceWhitelist.txt"))))) & "]" else "No Compliance Whitelist on Endpoint"
Whitelist Files Match
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt") then if exists file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt") then (sha1 of file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt") = sha1 of file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt")) as string else "Primary Whitelist File Missing" else "Whitelist Backup File Missing"
Backup File hash
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt") then (sha1 of file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt")) else "Backup Whitelist File Missing"
Primary File hash
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt") then sha1 of file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt") else "Primary Whitelist File Missing"
Primary File Date
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt") then (modification time of file ((parent folder of regapp "BESClient.exe" as string) & "\ComplianceWhitelist\ComplianceWhitelist.txt")) as string else "Primary Whitelist File Missing"
Backup File Date
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt") then (modification time of file (((data folder of client) as string) & "\__Global\__Download\actionsite\_listbackup.txt")) as string else "Backup Whitelist File Missing"
Name/Pwd Age of Admins
Period Every Report
 
  * Results in a true/false
Show indented relevance
"[" & concatenation "] - [" of (((names of it, password age of it) of users whose (admin privilege of it as string contains "True")) as string) & "]"

Relevance

isWindows (Relevance 274)
Used in 257 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!