This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cisco Duo and associated registry keys

dhoward
Engaged Sweeper III

‎03-30-2021 02:07 AM

Hoping that someone else has already tackled this. I'd like a report of all Windows devices with Duo installed ("Duo Authentication for Windows Logon"). The report should show the following registry values for each asset with the program installed. All are in HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv

  • AutoPush
  • ElevationOfflineEnable
  • ElevationOfflineEnrollment
  • ElevationProtectionMode
  • EnableSmartCards
  • FailOpen
  • OfflineAvailable
  • RdpOnly
  • UsernameFormatForService
  • WrapSmartCards


Any gestures in the right direction would be appreciated!
Labels:
0 Kudos
2 REPLIES 2
dhoward
Engaged Sweeper III

‎04-15-2021 01:30 AM

Thanks! I'm actually looking for the values contained within those registry keys, not just whether or not they exist. Whether the program was installed or not would have been determined by something similar to this:

Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetID In (Select Top 1000000 tblSoftware.AssetID
      From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
          tblSoftware.softID
      Where tblSoftwareUni.softwareName Like '%Duo Authentication for Windows Logon%') And
  tblAssetCustom.State = 1
Order By tblAssets.Domain,
  tblAssets.AssetName


Then, from these assets, obtain the contents of the registry values listed in the OP. For example AutoPush should either be a 0 or a 1, the Elevation* values should contain a 0, 1, or 2, etc.
0 Kudos
Andy_Sismey
Champion Sweeper III

‎03-31-2021 01:55 PM

Hi, Not sure if I have got this correct as I dont have the keys you have listed or CISCO installed, but I'm assuming your after a report which confirms whether or not the registry keys you listed are installed , if this is correct this should get you started , so if you have the registry key in your scan criteria then this has the first 2 keys setup you just need to repeat the process and create all the keys you require by adding the additional sub queries.....

Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  Case
    When AutoPush.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As AutoPush,
  Case
    When ElavationOFF.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As ElevationOfflineEnable,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tsysOS.OSname
From tblAssets
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join (Select Top 1000000 tblRegistry.AssetID,
        tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'AutoPush') AutoPush On AutoPush.AssetID =
    tblAssets.AssetID
  Left Join (Select tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.AssetID,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'ElevationOfflineEnable') ElavationOFF
    On ElavationOFF.AssetID = tblAssets.AssetID
Order By tblAssets.Domain,
  tblAssets.AssetName
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now