→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dhoward
Engaged Sweeper III
Hoping that someone else has already tackled this. I'd like a report of all Windows devices with Duo installed ("Duo Authentication for Windows Logon"). The report should show the following registry values for each asset with the program installed. All are in HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv

  • AutoPush
  • ElevationOfflineEnable
  • ElevationOfflineEnrollment
  • ElevationProtectionMode
  • EnableSmartCards
  • FailOpen
  • OfflineAvailable
  • RdpOnly
  • UsernameFormatForService
  • WrapSmartCards


Any gestures in the right direction would be appreciated!
2 REPLIES 2
dhoward
Engaged Sweeper III
Thanks! I'm actually looking for the values contained within those registry keys, not just whether or not they exist. Whether the program was installed or not would have been determined by something similar to this:

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetID In (Select Top 1000000 tblSoftware.AssetID
From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblSoftware.softID
Where tblSoftwareUni.softwareName Like '%Duo Authentication for Windows Logon%') And
tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


Then, from these assets, obtain the contents of the registry values listed in the OP. For example AutoPush should either be a 0 or a 1, the Elevation* values should contain a 0, 1, or 2, etc.
Andy_Sismey
Champion Sweeper III
Hi, Not sure if I have got this correct as I dont have the keys you have listed or CISCO installed, but I'm assuming your after a report which confirms whether or not the registry keys you listed are installed , if this is correct this should get you started , so if you have the registry key in your scan criteria then this has the first 2 keys setup you just need to repeat the process and create all the keys you require by adding the additional sub queries.....

Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
Case
When AutoPush.Valuename Is Not Null Then 'Installed'
Else '?'
End As AutoPush,
Case
When ElavationOFF.Valuename Is Not Null Then 'Installed'
Else '?'
End As ElevationOfflineEnable,
tblAssets.Domain,
tblAssets.Username,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried,
tsysOS.OSname
From tblAssets
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value
From tblRegistry
Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
tblRegistry.Valuename = 'AutoPush') AutoPush On AutoPush.AssetID =
tblAssets.AssetID
Left Join (Select tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.AssetID,
tblRegistry.Value
From tblRegistry
Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
tblRegistry.Valuename = 'ElevationOfflineEnable') ElavationOFF
On ElavationOFF.AssetID = tblAssets.AssetID
Order By tblAssets.Domain,
tblAssets.AssetName