cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ozakiakemi
Engaged Sweeper
I am trying to create a SQL query to report on machines that are not following the security policy according the with CIS recommendation. But so far I have not been able to find the table that does contain the security polices.


In summary, I need to create a SQL query that will tell me if any of the machines in my environment do not follow:

2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (Scored)


Any suggestions on when I would be able to find this information in Lansweeper DB?
2 REPLIES 2
grimstar
Champion Sweeper II
Lansweeper doesn't scan group policy.

Is your goal to identify the devices that are not abiding by that CIS recommendation, or to remediate them? If it's the latter, you could create the group policy which sets your desired configuration and be done with it.

If you truly need to query this information, the actual value you are looking for can be exported via secedit, however it displays the accounts in SID format.

Example - secedit /export /cfg C:\windows\temp\SecPolInformation.inf /areas User_Rights /log c:\windows\temp\ExportLog.log

You will get multiple values returned to you, however the line you are interested in seeing is this one:

SeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555

You could find a way to consolidate and verify via running this as a script against everything, however this is a lot of extra work if the end result is that you just need to make sure no one has modified the policy on their device. If I'm not mistaken, the CIS tool you are looking at tells you whether or not a device is compliant for a particular item as well.
ozakiakemi
Engaged Sweeper
What I need is to find the Group Policy in lansweeper.

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services

Does anyone knows how to access this data?