for win2008,win2012
\n\u4fdd\u5b58\u4e3aVBS\u683c\u5f0f\u3002
\n\u7ba1\u7406\u5458\u6743\u9650CMD\u6267\u884ccscript+\u811a\u672c\u540d
\n=============================================================
\nOn Error Resume Next
\nSet p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% \/c Md c:\\test3”)
\nOn Error GoTo 0
\nSet p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% \/c secedit \/export \/cfg c:\\test3\\2.inf”)
\nWScript.Sleep 200
\nstrIniFile = “C:\\test3\\2.inf”
\nSet WshShell = Wscript.CreateObject(“Wscript.Shell”)
\nstrAdmi = ReadINI(strIniFile, “System Access”, “NewAdministratorName”)
\nstrGues = ReadINI(strIniFile, “System Access”, “EnableGuestAccount”)
\nstrPassCom = ReadINI(strIniFile, “System Access”, “PasswordComplexity”)
\nstrMaxPassAge = ReadINI(strIniFile, “System Access”, “MaximumPasswordAge”)
\nstrLockOut = ReadINI(strIniFile, “System Access”, “LockoutBadCount”)
\nstrRemoteShutDown = ReadINI(strIniFile, “Privilege Rights”, “SeRemoteShutdownPrivilege”)
\nstrShutdownPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeShutdownPrivilege”)
\nstrTakeOwnershipPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeTakeOwnershipPrivilege”)
\nstrDontDisplayLastUserName = ReadINI(strIniFile, “Registry Values”, “MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DontDisplayLastUserName”)
\nstrDisableDomainCreds = ReadINI(strIniFile, “Registry Values”, “MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\DisableDomainCreds”)
\nstrDenyNetworkLogonRight = ReadINI(strIniFile, “Privilege Rights”, “SeDenyNetworkLogonRight”)
\nIntMaxPassAge = cint(strMaxPassAge)
\nIf IntMaxPassAge <= 90 Then
\nstrMaxPassAge = “Maximum Password Age is no more than 90 days(comply)”
\nElse
\nstrMaxPassAge = “Maximum Password Age is? more than 90 days(not comply)”
\nEnd If
\nIntLockOut = cint(strLockOut)
\nIf IntLockOut <= 6 Then
\nstrLockOut = “Account lockout threshold no more than 6 invalid logon attempts(comply)”
\nElse
\nstrLockOut = “Account lockout threshold? more than 6 invalid logon attempts(not comply)”
\nEnd If
\nIf strAdmi = “””Administrator””” Then
\nstrAdmi = “AdministratorName has not been changed(not comply)”
\nElse
\nstrAdmi = “AdministratorName has been changed(comply)”
\nEnd If
\nj = Instr(strDenyNetworkLogonRight,”Guest”)
\nIf j > 0 Then
\nstrDenyNetworkLogonRight = “Guest is included in DenyNetworkLogonRight (comply)”
\nElse
\nstrDenyNetworkLogonRight = “Guest is not included in DenyNetworkLogonRight (not comply)”
\nEnd If
\nj = Instr(strDontDisplayLastUserName,”0″)
\nIf j > 0 Then
\nstrDontDisplayLastUserName = “Don’t display last user name is disabled(not comply)”
\nElse
\nstrDontDisplayLastUserName = “Don’t display last user name is enabled(comply)”
\nEnd If
\nj = Instr(strDisableDomainCreds,”0″)
\nIf j > 0 Then
\nstrDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is disabled(not comply)”
\nElse
\nstrDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is enabled(comply)”
\nEnd If
\nj = Instr(strGues,”0″)
\nIf j > 0 Then
\nstrGues = “Guest account status is disabled(comply)”
\nElse
\nstrGues = “Guest account status is enabled(not comply)”
\nEnd If
\nj = Instr(strPassCom,”0″)
\nIf j > 0 Then
\nstrPassCom = “Password must meet complexity requirements is disabled(not comply)”
\nElse
\nstrPassCom = “Password must meet complexity requirements is enabled(comply)”
\nEnd If
\nj = Instr(strShutdownPrivilege,”,”)
\nIf j > 0 Then
\nstrShutdownPrivilege = “More than one has shut down the system Privilege(not comply) ”
\nElse
\nstrShutdownPrivilege = “Only administrator has shut down the system Privilege(comply) ”
\nEnd If
\nj = Instr(strTakeOwnershipPrivilege,”,”)
\nIf j > 0 Then
\nstrTakeOwnershipPrivilege = “More than one has take ownership of files or other objects Privilege(not comply)”
\nElse
\nstrTakeOwnershipPrivilege = “Only administrator has take ownership of files or other objects Privilege(comply)”
\nEnd If
\nj = Instr(strRemoteShutDown,”,”)
\nIf j > 0 Then
\nstrRemoteShutDown = “More than one has force shutdown from a remote system Privilege(not comply)”
\nElse
\nstrRemoteShutDown = “Only administrator has force shutdown from a remote system Privilege(comply)”
\nEnd If
\nWscript.Echo?? strDisableDomainCreds & vbCrLf & strDenyNetworkLogonRight & vbCrLf &strDontDisplayLastUserName & vbCrLf & strShutdownPrivilege & vbCrLf &strTakeOwnershipPrivilege & vbCrLf &strRemoteShutDown & vbCrLf & strLockOut & vbCrLf & strAdmi & vbCrLf & strGues & vbCrlf & strPassCom & vbCrLf & strMaxPassAge
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = CreateObject(“Wscript.Shell”).RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\\AutoShareSever”)
\nOn Error GoTo 0
\nIf RegValue = “” Then
\nRegValue = “AutoShare need is not shutted down(not comply)”
\nElse
\nj = Instr(RegValue,”0″)
\nIf j > 0 Then
\nRegValue = “AutoShare is shutted down(comply)”
\nElse
\nRegValue = “AutoShare is not shutted down(not comply)”
\nEnd If
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoDriveTypeAutoRun”)
\nOn Error GoTo 0
\nj = Instr(RegValue,”255″)
\nIf j > 0 Then
\nWscript.Echo “AutoPlay Disabled(comply)”
\nElse
\nWscript.Echo “AutoPlay Enabled(not comply)”
\nEnd If
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SNMP\\Parameters\\ValidCommunities\\public”)
\nOn Error GoTo 0
\nIf RegValue = “” Then
\nRegValue = “community string is not public? or snmp? not started(not comply)”
\nElse
\nRegValue = “community string is public(comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\application\\Maxsize”)
\nOn Error GoTo 0
\nIf RegValue < 8388608 Then
\nRegValue = “Application Log MaxSize is lower than 8192KB(not comply)”
\nElse
\nRegValue = “Application Log MaxSize is not lower than 8192KB(comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\application\\Retention”)
\nOn Error GoTo 0
\nIf RegValue = 0 Then
\nRegValue = “Application Log retention is true(comply)”
\nElse
\nRegValue = “Application Log retention is false(not comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security\\Maxsize”)
\nOn Error GoTo 0
\nIf RegValue < 8388608 Then
\nRegValue = “Security Log MaxSize is lower than 8192KB(not comply)”
\nElse
\nRegValue = “Security Log MaxSize is not lower than 8192KB(comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security\\Retention”)
\nOn Error GoTo 0
\nIf RegValue = 0 Then
\nRegValue = “Security Log retention is true(comply)”
\nElse
\nRegValue = “Security Log retention is false(not comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\Maxsize”)
\nOn Error GoTo 0
\nIf RegValue < 8388608 Then
\nRegValue = “System Log MaxSize is lower than 8192KB(not comply)”
\nElse
\nRegValue = “System Log MaxSize is not lower than 8192KB(comply)”
\nEnd If
\nWscript.Echo RegValue
\nRegValue = “”
\nOn Error Resume Next
\nRegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\Retention”)
\nOn Error GoTo 0
\nIf RegValue = 0 Then
\nRegValue = “System Log retention is true(comply)”
\nElse
\nRegValue = “System Log retention is false(not comply)”
\nEnd If
\nWscript.Echo RegValue
\nSet p = CreateObject(“Wscript.Shell”).Exec(“%COMSPEC% \/c sc query MpsSvc”)
\nDo While p.Status = 0
\nWScript.Sleep 100
\nLoop
\nDo While p.StdOut.AtEndOfStream = False
\nstr = p.StdOut.Readline()
\nj = Instr(str,”STATE”)
\nIf j > 0 Then
\nh = Instr(str,”1″)
\nIf h > 0 Then
\nWscript.echo “firewall not on(not comply)”
\nElse
\nSet m = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% \/c netsh advfirewall show currentprofile”)
\nDo While m.Status = 0
\nWScript.Sleep 100
\nLoop
\nDo While m.StdOut.AtEndOfStream = False
\nstr1 = m.StdOut.Readline()
\nIf Instr(str1,”\u72b6\u6001”) > 0 Then
\nIf Instr(str1,”\u542f\u7528”) > 0 Then
\nWscript.Echo “firewall currentProfile is on(comply)”
\nElse
\nWscript.Echo “firewall currentProfile is off(not comply)”
\nEnd If
\nEnd If
\nLoop
\nEnd If
\nEnd If
\nLoop
\n
\n
\nSet p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% \/c auditpol \/get \/category:*”)
\nDo While p.Status = 0
\nWScript.Sleep 100
\nLoop
\nDo While p.StdOut.AtEndOfStream = False
\nstr = p.StdOut.Readline()
\nIf Instr(str,”\u51ed\u636e\u9a8c\u8bc1”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Credential Vaildation Success and Failure(comply)”
\nElse
\nWscript.Echo “Credential Vaildation not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”Kerberos \u8eab\u4efd\u9a8c\u8bc1\u670d\u52a1”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Kerberos Authentication Service Success and Failure(comply)”
\nElse
\nWscript.Echo “Kerberos Authentication Service not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u8ba1\u7b97\u673a\u5e10\u6237\u7ba1\u7406”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Computer Account Management Success and Failure(comply)”
\nElse
\nWscript.Echo “Computer Account Management not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u5b89\u5168\u7ec4\u7ba1\u7406”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Security Group Management Success and Failure(comply)”
\nElse
\nWscript.Echo “Security Group Management not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u7528\u6237\u5e10\u6237\u7ba1\u7406”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “User Account Management Success and Failure(comply)”
\nElse
\nWscript.Echo “User Account Management not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u76ee\u5f55\u670d\u52a1\u66f4\u6539”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Directory Service Changes Success and Failure(comply)”
\nElse
\nWscript.Echo “Directory Service Changes not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”? \u767b\u5f55”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Logon Success and Failure(comply)”
\nElse
\nWscript.Echo “Logon not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u7f51\u7edc\u7b56\u7565\u670d\u52a1\u5668”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Network Policy Server Success and Failure(comply)”
\nElse
\nWscript.Echo “Network Policy Server not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”? \u7279\u6b8a\u767b\u5f55”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Special Logon Success and Failure(not comply)”
\nElseIf Instr(str, “\u6210\u529f”) > 0 Then
\nWscript.Echo “Special Logon Success(comply)”
\nElse
\nWscript.Echo “Special Logon not Success(not comply)”
\nEnd If
\nElseIf Instr(str,”\u6587\u4ef6\u7cfb\u7edf”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “File System Success and Failure(comply)”
\nElse
\nWscript.Echo “File System not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u5ba1\u6838\u7b56\u7565\u66f4\u6539”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Audit Policy Change Success and Failure(comply)”
\nElse
\nWscript.Echo “Audit Policy Change not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u8eab\u4efd\u9a8c\u8bc1\u7b56\u7565\u66f4\u6539”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Authentication Policy Change Success and Failure(comply)”
\nElse
\nWscript.Echo “Authentication Policy Change not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,” \u654f\u611f\u6743\u9650\u4f7f\u7528?????????????? “) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Sensitive Privilege use Success and Failure(comply)”
\nElse
\nWscript.Echo “Sensitive Privilege use not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u5176\u4ed6\u7cfb\u7edf\u4e8b\u4ef6”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Other System Events Success and Failure(comply)”
\nElse
\nWscript.Echo “Other System Events not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u5b89\u5168\u72b6\u6001\u66f4\u6539”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “Security State Change Success and Failure(comply)”
\nElse
\nWscript.Echo “Security State Change not Success and Failure(not comply)”
\nEnd If
\nElseIf Instr(str,”\u7cfb\u7edf\u5b8c\u6574\u6027”) > 0 Then
\nIf Instr(str, “\u6210\u529f\u548c\u5931\u8d25”) > 0 Then
\nWscript.Echo “System Integrity Success and Failure(comply)”
\nElse
\nWscript.Echo “System Integrity not Success and Failure(not comply)”
\nEnd If
\nEnd If
\nLoop
\n
\n
\n
\nFunction ReadInI(strIniFilePath, strPrimary, strSubKey)
\nDim objStream
\nSet objStream = CreateObject(“ADODB.Stream”)
\nWith objStream
\n.Type = 2
\n.Mode = 3
\n.Open
\n.Charset = “Unicode”
\n.LoadFromFile strIniFilePath
\nstrText = .ReadText
\n.Close
\nEnd With
\nSet objStream = Nothing
\narrText = Split(strText, vbCrLf)
\nFor Each strLine In arrText
\nIf intCount = 0 Then
\nIf strLine = “[” & strPrimary & “]” Then
\nintCount = 1
\nEnd If
\nElse
\nIf Left(strLine,1) = “[” Then Exit For
\nj = InStr(strLine, “=”)
\nIf j > 0 Then
\nIf InStr(Left(strLine, j), strSubKey) > 0 Then
\nReadInI = Trim(Right(strLine, Len(strLine) – InStr(strLine, “=”)))
\nExit For
\nEnd If
\nEnd If
\nEnd If
\nNext
\nEnd Function
\n=================================<\/p>\n","protected":false},"excerpt":{"rendered":"
for win2008,win2012 \u4fdd\u5b58\u4e3aVBS\u683c\u5f0f\u3002 \u7ba1\u7406\u5458\u6743\u9650CMD\u6267\u884ccscript+\u811a\u672c\u540d === […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[178],"tags":[364,363,360],"_links":{"self":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/412"}],"collection":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=412"}],"version-history":[{"count":1,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions"}],"predecessor-version":[{"id":413,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions\/413"}],"wp:attachment":[{"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=412"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.huike007.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}