Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery
Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery (Discovery)
Discovery module for class Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security
Element properties: Object Discovery Details: Member Modules:
Source Code: <Discovery ID="Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery" Enabled="true" Target="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2" ConfirmDelivery="true" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security">
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessLetEveryonepermissionsapplytoanonymoususers"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessSharingandsecuritymodelforlocalaccounts"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="InteractivelogonDonotrequireCTRLALTDEL"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="RecoveryconsoleAllowautomaticadministrativelogon"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessDonotallowanonymousenumerationofSAMaccounts"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="ShutdownClearvirtualmemorypagefile"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallyencryptsecurechanneldatawhenpossible"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallyencryptorsignsecurechanneldataalways"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberRequirestrongWindows2000orlatersessionkey"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallysignsecurechanneldatawhenpossible"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworksecurityLDAPclientsigningrequirements"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="AuditShutdownsystemimmediatelyifunabletologsecurityaudits"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlBehavioroftheelevationpromptforstandardusers"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlOnlyelevateexecutablesthataresignedandvalidated"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlRunalladministratorsinAdminApprovalMode"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlDetectapplicationinstallationsandpromptforelevation"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDisablemachineaccountpasswordchanges"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly"/>
<Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire"/>
</DiscoveryClass>
</DiscoveryTypes>
<DataSource ID="Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery" TypeID="Windows!Microsoft.Windows.TimedPowerShell.DiscoveryProvider">
<IntervalSeconds>14402</IntervalSeconds>
<SyncTime/>
<ScriptName>WindowsServer2008R2Security.ps1</ScriptName>
<ScriptBody><Script>
param($SourceId,$ManagedEntityId,$KeyPropertyPrincipalName)
$ErrorActionPreference = "Stop"
# Set up the arguments
$scriptargs = new-object psobject
$scriptargs | add-member NoteProperty "SourceId" $SourceId
$scriptargs | add-member NoteProperty "ManagedEntityId" $ManagedEntityId
$scriptargs | add-member NoteProperty "KeyPropertyPrincipalName" $KeyPropertyPrincipalName
# Set up the discovery output
$discoveryoutput = new-object psobject
$discoveryoutput | add-member NoteProperty "NetworkaccessLetEveryonepermissionsapplytoanonymoususers" ""
$discoveryoutput | add-member NoteProperty "NetworkaccessSharingandsecuritymodelforlocalaccounts" ""
$discoveryoutput | add-member NoteProperty "InteractivelogonDonotrequireCTRLALTDEL" ""
$discoveryoutput | add-member NoteProperty "RecoveryconsoleAllowautomaticadministrativelogon" ""
$discoveryoutput | add-member NoteProperty "NetworkaccessDonotallowanonymousenumerationofSAMaccounts" ""
$discoveryoutput | add-member NoteProperty "ShutdownClearvirtualmemorypagefile" ""
$discoveryoutput | add-member NoteProperty "SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks" ""
$discoveryoutput | add-member NoteProperty "DomainmemberDigitallyencryptsecurechanneldatawhenpossible" ""
$discoveryoutput | add-member NoteProperty "MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers" ""
$discoveryoutput | add-member NoteProperty "DomainmemberDigitallyencryptorsignsecurechanneldataalways" ""
$discoveryoutput | add-member NoteProperty "MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees" ""
$discoveryoutput | add-member NoteProperty "DomainmemberRequirestrongWindows2000orlatersessionkey" ""
$discoveryoutput | add-member NoteProperty "DomainmemberDigitallysignsecurechanneldatawhenpossible" ""
$discoveryoutput | add-member NoteProperty "NetworksecurityLDAPclientsigningrequirements" ""
$discoveryoutput | add-member NoteProperty "NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange" ""
$discoveryoutput | add-member NoteProperty "AuditShutdownsystemimmediatelyifunabletologsecurityaudits" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlBehavioroftheelevationpromptforstandardusers" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlOnlyelevateexecutablesthataresignedandvalidated" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlRunalladministratorsinAdminApprovalMode" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlDetectapplicationinstallationsandpromptforelevation" ""
$discoveryoutput | add-member NoteProperty "UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode" ""
$discoveryoutput | add-member NoteProperty "DomainmemberDisablemachineaccountpasswordchanges" ""
$discoveryoutput | add-member NoteProperty "AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly" ""
$discoveryoutput | add-member NoteProperty "MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire" ""
#-----------------------------------------------------
# Globals
#-----------------------------------------------------
$auditConfig = $null
#-----------------------------------------------------
# Helper Functions for all setting types
#-----------------------------------------------------
function GetRegistryData()
{
param($keyPath, $valueName)
$valReturn = "" #default to empty string
try
{
$regPath = "HKLM:\$keyPath"
if (Test-Path -Path $regPath)
{
$key = Get-Item -Path $regPath
$values = Get-ItemProperty -Path $key.PSPath
if(!($values.$valueName -eq $null))
{
$valReturn = $values.$valueName
}
}
}
catch [System.Exception]
{
$error.Clear()
}
return $valReturn
}
function GetWMIData()
{
# TODO
}
function GetAuditData()
{
param($subCategoryGUID)
$valReturn = $null
try
{
# Init the audit config hashtable
# Should only execute the first time called
if ($auditConfig -eq $null)
{
$auditConfig = @{}
$tempFile1 = "$env:temp\temp_audit_with_spaces.csv"
$tempFile2 = "$env:temp\temp_audit_without_spaces.csv"
# Get the local machines audit config
invoke-expression "$env:windir\system32\auditpol.exe /get /category:* /r >$tempFile1"
# Remove empty lines
get-content $tempFile1 | where {$_ -ne ""} >$tempFile2
# Create hashtable from the imported CSV data
import-csv $tempFile2 | Select "Subcategory GUID","Inclusion Setting" | ForEach-Object {$auditConfig[$_."Subcategory GUID"] = $_."Inclusion Setting"}
# Supported fields in the CSV:
#,"Policy Target"
#,Subcategory
#,"Subcategory GUID"
#,"Machine Name"
#,"Exclusion Setting"
#,"Inclusion Setting"
# Cleanup temp files
remove-item -path $tempFile1 -force
remove-item -path $tempFile2 -force
}
$valReturn = $auditConfig["$subCategoryGUID"]
}
catch [System.Exception]
{
$error.Clear()
}
return $valReturn
}
function GetScriptData()
{
# TODO
}
#-----------------------------------------------------
# Main Discovery Function
#-----------------------------------------------------
function AdvisorDiscovery($scriptargs, $discoveryoutput)
{
Try
{
$discoveryoutput.NetworkaccessLetEveryonepermissionsapplytoanonymoususers = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'EveryoneIncludesAnonymous'
$discoveryoutput.NetworkaccessSharingandsecuritymodelforlocalaccounts = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'ForceGuest'
$discoveryoutput.InteractivelogonDonotrequireCTRLALTDEL = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableCAD'
$discoveryoutput.RecoveryconsoleAllowautomaticadministrativelogon = GetRegistryData 'Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole' 'securitylevel'
$discoveryoutput.NetworkaccessDonotallowanonymousenumerationofSAMaccounts = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'RestrictAnonymousSAM'
$discoveryoutput.ShutdownClearvirtualmemorypagefile = GetRegistryData 'System\CurrentControlSet\Control\Session Manager\Memory Management' 'ClearPageFileAtShutdown'
$discoveryoutput.SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks = GetRegistryData 'System\CurrentControlSet\Control\Session Manager' 'ProtectionMode'
$discoveryoutput.DomainmemberDigitallyencryptsecurechanneldatawhenpossible = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'sealsecurechannel'
$discoveryoutput.MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers = GetRegistryData 'System\CurrentControlSet\Services\LanmanWorkstation\Parameters' 'EnablePlainTextPassword'
$discoveryoutput.DomainmemberDigitallyencryptorsignsecurechanneldataalways = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'requiresignorseal'
$discoveryoutput.MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees = GetRegistryData 'System\CurrentControlSet\Services\LanmanWorkstation\Parameters' 'EnableSecuritySignature'
$discoveryoutput.DomainmemberRequirestrongWindows2000orlatersessionkey = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'requirestrongkey'
$discoveryoutput.DomainmemberDigitallysignsecurechanneldatawhenpossible = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'signsecurechannel'
$discoveryoutput.NetworksecurityLDAPclientsigningrequirements = GetRegistryData 'System\CurrentControlSet\Services\LDAP' 'LDAPClientIntegrity'
$discoveryoutput.NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'NoLMHash'
$discoveryoutput.AuditShutdownsystemimmediatelyifunabletologsecurityaudits = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'crashonauditfail'
$discoveryoutput.UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableSecureUIAPaths'
$discoveryoutput.UserAccountControlBehavioroftheelevationpromptforstandardusers = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ConsentPromptBehaviorUser'
$discoveryoutput.UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'PromptOnSecureDesktop'
$discoveryoutput.UserAccountControlOnlyelevateexecutablesthataresignedandvalidated = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ValidateAdminCodeSignatures'
$discoveryoutput.UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop = GetRegistryData 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableUIADesktopToggle'
$discoveryoutput.UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableVirtualization'
$discoveryoutput.UserAccountControlRunalladministratorsinAdminApprovalMode = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableLUA'
$discoveryoutput.UserAccountControlDetectapplicationinstallationsandpromptforelevation = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableInstallerDetection'
$discoveryoutput.UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ConsentPromptBehaviorAdmin'
$discoveryoutput.DomainmemberDisablemachineaccountpasswordchanges = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'disablepasswordchange'
$discoveryoutput.AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'LimitBlankPasswordUse'
$discoveryoutput.MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire = GetRegistryData 'System\CurrentControlSet\Services\LanManServer\Parameters' 'enableforcedlogoff'
}
Catch [system.exception]
{
$Exception = $error[$error.Count - 1].Exception
$oAPI.LogScriptEvent("SCM Exception", 8000, 1, "Exception in Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security: " + $Exception.Message)
$error.Clear()
}
}
# Create a new discovery data packet
$oAPI = new-object -comObject "MOM.ScriptAPI"
$discoverydata = $oAPI.CreateDiscoveryData(0, $scriptargs.SourceId, $scriptargs.ManagedEntityId)
$instance = $discoverydata.CreateClassInstance("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']$")
$instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $scriptargs.KeyPropertyPrincipalName)
AdvisorDiscovery $scriptargs $discoveryoutput
# set the discovery output
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessLetEveryonepermissionsapplytoanonymoususers$", $discoveryoutput.NetworkaccessLetEveryonepermissionsapplytoanonymoususers)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessSharingandsecuritymodelforlocalaccounts$", $discoveryoutput.NetworkaccessSharingandsecuritymodelforlocalaccounts)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/InteractivelogonDonotrequireCTRLALTDEL$", $discoveryoutput.InteractivelogonDonotrequireCTRLALTDEL)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/RecoveryconsoleAllowautomaticadministrativelogon$", $discoveryoutput.RecoveryconsoleAllowautomaticadministrativelogon)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessDonotallowanonymousenumerationofSAMaccounts$", $discoveryoutput.NetworkaccessDonotallowanonymousenumerationofSAMaccounts)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/ShutdownClearvirtualmemorypagefile$", $discoveryoutput.ShutdownClearvirtualmemorypagefile)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks$", $discoveryoutput.SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallyencryptsecurechanneldatawhenpossible$", $discoveryoutput.DomainmemberDigitallyencryptsecurechanneldatawhenpossible)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers$", $discoveryoutput.MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallyencryptorsignsecurechanneldataalways$", $discoveryoutput.DomainmemberDigitallyencryptorsignsecurechanneldataalways)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees$", $discoveryoutput.MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberRequirestrongWindows2000orlatersessionkey$", $discoveryoutput.DomainmemberRequirestrongWindows2000orlatersessionkey)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallysignsecurechanneldatawhenpossible$", $discoveryoutput.DomainmemberDigitallysignsecurechanneldatawhenpossible)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworksecurityLDAPclientsigningrequirements$", $discoveryoutput.NetworksecurityLDAPclientsigningrequirements)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange$", $discoveryoutput.NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/AuditShutdownsystemimmediatelyifunabletologsecurityaudits$", $discoveryoutput.AuditShutdownsystemimmediatelyifunabletologsecurityaudits)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations$", $discoveryoutput.UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlBehavioroftheelevationpromptforstandardusers$", $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforstandardusers)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation$", $discoveryoutput.UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlOnlyelevateexecutablesthataresignedandvalidated$", $discoveryoutput.UserAccountControlOnlyelevateexecutablesthataresignedandvalidated)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop$", $discoveryoutput.UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations$", $discoveryoutput.UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlRunalladministratorsinAdminApprovalMode$", $discoveryoutput.UserAccountControlRunalladministratorsinAdminApprovalMode)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlDetectapplicationinstallationsandpromptforelevation$", $discoveryoutput.UserAccountControlDetectapplicationinstallationsandpromptforelevation)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode$", $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDisablemachineaccountpasswordchanges$", $discoveryoutput.DomainmemberDisablemachineaccountpasswordchanges)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly$", $discoveryoutput.AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly)
$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire$", $discoveryoutput.MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire)
$discoverydata.AddInstance($instance)
$discoverydata
</Script> </ScriptBody>
<Parameters>
<Parameter>
<Name>SourceId</Name>
<Value>$MPElement$</Value>
</Parameter>
<Parameter>
<Name>ManagedEntityId</Name>
<Value>$Target/Id$</Value>
</Parameter>
<Parameter>
<Name>KeyPropertyPrincipalName</Name>
<Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>
</Parameter>
</Parameters>
<TimeoutSeconds>300</TimeoutSeconds>
<StrictErrorHandling>false</StrictErrorHandling>
</DataSource>
</Discovery>