Audit

MS Stack Audit (Jan 2019)

Script does a wmic lookup to determine if the proper KB is installed. The list by OS can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001. Will write result to the procedure log and send an email if patch is missing. Can report using $KBaudit$ and $OOD$. This script was created on Jan 15, 2019 and includes patches listed…

Read More

Programs Installed within X days (w/ blacklist)

Searches registry for installed programs in both HKLM and USERS. Table of results will be saved in the Docs tab of the agent. Can report using $ProgInstallX$ Script uses 3 variables that can be set manually by editing the script if additional filters are desired. Those fields can be used to specify the 1) number…

Read More

Programs Installed (Prompt for Name)

Script prompts for a program name to search for. Script goes through Add/Remove Programs and creates a list of all programs that contain the requested prompted name. Output is written to Agent Procedure log, uploaded to Documents, and email sent to the Kaseya Admin that executed the script. Can report using $ProgInstalled$. Additional filters are…

Read More

Programs Installed within X days

Script prompts for number of days days. Searches registry for installed programs in both HKLM and USERS. Table of results will be saved in the Docs tab of the agent. Can report using $ProgInstallX$ Script uses 3 variables that can be set manually by editing the script if additional filters are desired. Those fields can…

Read More

HP Warranty Expiration and Start Date to Custom Field (Workstations Only)

Script downloads a powershell script that grabs the local machine’s serial number and part number and makes an api query to HP. Requires powershell v3 or later. Results are printed to the procedure log and the script updates 2 custom fields with “Date Purchased” and “Warranty Exp”. Can use different custom field names by editing…

Read More

Windows Service status and start type

Prompts for service name. Script will then grab the service status and start type. Writes the information to the procedure log. Can report using the service name entered bracketed by $ signs (i.e. $BITS$).

Read More

Windows Build Reg Check (WaaSAssessment)

Script checks for build number. First looks for WaasAssesment, which provides a more detailed number. If it is not found, then uses a wmi query to pull the regular version number. Can report using $WinBuild$, $WaaSBuild$, $NoWaaSBuild$.

Read More

Audit Physical NICs

Runs PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.

Read More

Audit – MS Outlook Version (by build)

Microsoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017 This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook…

Read More

Windows Defender Definitions Updated within X days

Performs a dump of protectionManagement (VBS) and/or Get-MpComputerStatus (Powershell). If either returns the Windows Defender information the script will use another VBS to pull the virus signature age and compare it to the number you will be asked to input when the script is run. Defender information does not appear to be accessible on anything…

Read More