This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- CIS based Report 'Allow log on through Remote Desk...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-16-2020 08:52 PM
I am trying to create a SQL query to report on machines that are not following the security policy according the with CIS recommendation. But so far I have not been able to find the table that does contain the security polices.
In summary, I need to create a SQL query that will tell me if any of the machines in my environment do not follow:
2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (Scored)
Any suggestions on when I would be able to find this information in Lansweeper DB?
In summary, I need to create a SQL query that will tell me if any of the machines in my environment do not follow:
2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (Scored)
Any suggestions on when I would be able to find this information in Lansweeper DB?
Labels:
- Labels:
-
General Discussion
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-08-2020 08:08 PM
Lansweeper doesn't scan group policy.
Is your goal to identify the devices that are not abiding by that CIS recommendation, or to remediate them? If it's the latter, you could create the group policy which sets your desired configuration and be done with it.
If you truly need to query this information, the actual value you are looking for can be exported via secedit, however it displays the accounts in SID format.
Example - secedit /export /cfg C:\windows\temp\SecPolInformation.inf /areas User_Rights /log c:\windows\temp\ExportLog.log
You will get multiple values returned to you, however the line you are interested in seeing is this one:
SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555
You could find a way to consolidate and verify via running this as a script against everything, however this is a lot of extra work if the end result is that you just need to make sure no one has modified the policy on their device. If I'm not mistaken, the CIS tool you are looking at tells you whether or not a device is compliant for a particular item as well.
Is your goal to identify the devices that are not abiding by that CIS recommendation, or to remediate them? If it's the latter, you could create the group policy which sets your desired configuration and be done with it.
If you truly need to query this information, the actual value you are looking for can be exported via secedit, however it displays the accounts in SID format.
Example - secedit /export /cfg C:\windows\temp\SecPolInformation.inf /areas User_Rights /log c:\windows\temp\ExportLog.log
You will get multiple values returned to you, however the line you are interested in seeing is this one:
SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555
You could find a way to consolidate and verify via running this as a script against everything, however this is a lot of extra work if the end result is that you just need to make sure no one has modified the policy on their device. If I'm not mistaken, the CIS tool you are looking at tells you whether or not a device is compliant for a particular item as well.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2020 08:32 PM
What I need is to find the Group Policy in lansweeper.
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services
Does anyone knows how to access this data?
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services
Does anyone knows how to access this data?
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now