This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CIS based Report 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote De

ozakiakemi
Engaged Sweeper

‎04-16-2020 08:52 PM

I am trying to create a SQL query to report on machines that are not following the security policy according the with CIS recommendation. But so far I have not been able to find the table that does contain the security polices.


In summary, I need to create a SQL query that will tell me if any of the machines in my environment do not follow:

2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (Scored)


Any suggestions on when I would be able to find this information in Lansweeper DB?
Labels:
0 Kudos
2 REPLIES 2
grimstar
Champion Sweeper II

‎05-08-2020 08:08 PM

Lansweeper doesn't scan group policy.

Is your goal to identify the devices that are not abiding by that CIS recommendation, or to remediate them? If it's the latter, you could create the group policy which sets your desired configuration and be done with it.

If you truly need to query this information, the actual value you are looking for can be exported via secedit, however it displays the accounts in SID format.

Example - secedit /export /cfg C:\windows\temp\SecPolInformation.inf /areas User_Rights /log c:\windows\temp\ExportLog.log

You will get multiple values returned to you, however the line you are interested in seeing is this one:

SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555

You could find a way to consolidate and verify via running this as a script against everything, however this is a lot of extra work if the end result is that you just need to make sure no one has modified the policy on their device. If I'm not mistaken, the CIS tool you are looking at tells you whether or not a device is compliant for a particular item as well.
0 Kudos
ozakiakemi
Engaged Sweeper

‎05-05-2020 08:32 PM

What I need is to find the Group Policy in lansweeper.

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services

Does anyone knows how to access this data?
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now