Home
  •  

Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery

Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery (Discovery)

Discovery module for class Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security

Element properties:

TargetMicrosoft.KnowledgeServices.SCM.Windows.Server.2008.R2
EnabledTrue
Frequency14402
RemotableFalse

Object Discovery Details:

Discovered Classes and their attribuets:
  • Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security
    • NetworkaccessLetEveryonepermissionsapplytoanonymoususers
    • NetworkaccessSharingandsecuritymodelforlocalaccounts
    • InteractivelogonDonotrequireCTRLALTDEL
    • RecoveryconsoleAllowautomaticadministrativelogon
    • NetworkaccessDonotallowanonymousenumerationofSAMaccounts
    • ShutdownClearvirtualmemorypagefile
    • SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks
    • DomainmemberDigitallyencryptsecurechanneldatawhenpossible
    • MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers
    • DomainmemberDigitallyencryptorsignsecurechanneldataalways
    • MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees
    • DomainmemberRequirestrongWindows2000orlatersessionkey
    • DomainmemberDigitallysignsecurechanneldatawhenpossible
    • NetworksecurityLDAPclientsigningrequirements
    • NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange
    • AuditShutdownsystemimmediatelyifunabletologsecurityaudits
    • UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations
    • UserAccountControlBehavioroftheelevationpromptforstandardusers
    • UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation
    • UserAccountControlOnlyelevateexecutablesthataresignedandvalidated
    • UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop
    • UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations
    • UserAccountControlRunalladministratorsinAdminApprovalMode
    • UserAccountControlDetectapplicationinstallationsandpromptforelevation
    • UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode
    • DomainmemberDisablemachineaccountpasswordchanges
    • AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly
    • MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire

Member Modules:

ID Module Type TypeId RunAs 
Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery DataSource Microsoft.Windows.TimedPowerShell.DiscoveryProvider Default

Source Code:

<Discovery ID="Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery" Enabled="true" Target="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2" ConfirmDelivery="true" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security">

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessLetEveryonepermissionsapplytoanonymoususers"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessSharingandsecuritymodelforlocalaccounts"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="InteractivelogonDonotrequireCTRLALTDEL"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="RecoveryconsoleAllowautomaticadministrativelogon"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworkaccessDonotallowanonymousenumerationofSAMaccounts"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="ShutdownClearvirtualmemorypagefile"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallyencryptsecurechanneldatawhenpossible"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallyencryptorsignsecurechanneldataalways"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberRequirestrongWindows2000orlatersessionkey"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDigitallysignsecurechanneldatawhenpossible"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworksecurityLDAPclientsigningrequirements"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="AuditShutdownsystemimmediatelyifunabletologsecurityaudits"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlBehavioroftheelevationpromptforstandardusers"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlOnlyelevateexecutablesthataresignedandvalidated"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlRunalladministratorsinAdminApprovalMode"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlDetectapplicationinstallationsandpromptforelevation"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="DomainmemberDisablemachineaccountpasswordchanges"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly"/>

      <Property TypeID="MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security" PropertyID="MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security_Discovery" TypeID="Windows!Microsoft.Windows.TimedPowerShell.DiscoveryProvider">

    <IntervalSeconds>14402</IntervalSeconds>

    <SyncTime/>

    <ScriptName>WindowsServer2008R2Security.ps1</ScriptName>

    <ScriptBody><Script>



param($SourceId,$ManagedEntityId,$KeyPropertyPrincipalName)



$ErrorActionPreference = "Stop"



# Set up the arguments

$scriptargs = new-object psobject

$scriptargs | add-member NoteProperty "SourceId" $SourceId

$scriptargs | add-member NoteProperty "ManagedEntityId" $ManagedEntityId

$scriptargs | add-member NoteProperty "KeyPropertyPrincipalName" $KeyPropertyPrincipalName



# Set up the discovery output

$discoveryoutput = new-object psobject

$discoveryoutput | add-member NoteProperty "NetworkaccessLetEveryonepermissionsapplytoanonymoususers" ""

$discoveryoutput | add-member NoteProperty "NetworkaccessSharingandsecuritymodelforlocalaccounts" ""

$discoveryoutput | add-member NoteProperty "InteractivelogonDonotrequireCTRLALTDEL" ""

$discoveryoutput | add-member NoteProperty "RecoveryconsoleAllowautomaticadministrativelogon" ""

$discoveryoutput | add-member NoteProperty "NetworkaccessDonotallowanonymousenumerationofSAMaccounts" ""

$discoveryoutput | add-member NoteProperty "ShutdownClearvirtualmemorypagefile" ""

$discoveryoutput | add-member NoteProperty "SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks" ""

$discoveryoutput | add-member NoteProperty "DomainmemberDigitallyencryptsecurechanneldatawhenpossible" ""

$discoveryoutput | add-member NoteProperty "MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers" ""

$discoveryoutput | add-member NoteProperty "DomainmemberDigitallyencryptorsignsecurechanneldataalways" ""

$discoveryoutput | add-member NoteProperty "MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees" ""

$discoveryoutput | add-member NoteProperty "DomainmemberRequirestrongWindows2000orlatersessionkey" ""

$discoveryoutput | add-member NoteProperty "DomainmemberDigitallysignsecurechanneldatawhenpossible" ""

$discoveryoutput | add-member NoteProperty "NetworksecurityLDAPclientsigningrequirements" ""

$discoveryoutput | add-member NoteProperty "NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange" ""

$discoveryoutput | add-member NoteProperty "AuditShutdownsystemimmediatelyifunabletologsecurityaudits" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlBehavioroftheelevationpromptforstandardusers" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlOnlyelevateexecutablesthataresignedandvalidated" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlRunalladministratorsinAdminApprovalMode" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlDetectapplicationinstallationsandpromptforelevation" ""

$discoveryoutput | add-member NoteProperty "UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode" ""

$discoveryoutput | add-member NoteProperty "DomainmemberDisablemachineaccountpasswordchanges" ""

$discoveryoutput | add-member NoteProperty "AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly" ""

$discoveryoutput | add-member NoteProperty "MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire" ""



#-----------------------------------------------------

# Globals

#-----------------------------------------------------

$auditConfig = $null



#-----------------------------------------------------

# Helper Functions for all setting types

#-----------------------------------------------------

function GetRegistryData()

{

	param($keyPath, $valueName)

	$valReturn = "" #default to empty string

	try

	{

		$regPath = "HKLM:\$keyPath"

		if (Test-Path -Path $regPath)

		{

			$key = Get-Item -Path $regPath

			$values = Get-ItemProperty -Path $key.PSPath

			if(!($values.$valueName -eq $null))

			{

				$valReturn = $values.$valueName

			}

		}

	}

	catch [System.Exception]

	{

		$error.Clear()

	}

    return $valReturn

}



function GetWMIData()

{

# TODO

}



function GetAuditData()

{

	param($subCategoryGUID)

	$valReturn = $null

	try

	{

        # Init the audit config hashtable

        # Should only execute the first time called

        if ($auditConfig -eq $null)

        {

            $auditConfig = @{}

            $tempFile1 = "$env:temp\temp_audit_with_spaces.csv"

            $tempFile2 = "$env:temp\temp_audit_without_spaces.csv"



            # Get the local machines audit config

            invoke-expression "$env:windir\system32\auditpol.exe /get /category:* /r &gt;$tempFile1"



            # Remove empty lines

            get-content $tempFile1 | where {$_ -ne ""} &gt;$tempFile2



            # Create hashtable from the imported CSV data

            import-csv $tempFile2 | Select "Subcategory GUID","Inclusion Setting" | ForEach-Object {$auditConfig[$_."Subcategory GUID"] = $_."Inclusion Setting"}

            

            # Supported fields in the CSV:

            #,"Policy Target"

            #,Subcategory

            #,"Subcategory GUID"

            #,"Machine Name"

            #,"Exclusion Setting"

            #,"Inclusion Setting"



            # Cleanup temp files

            remove-item -path $tempFile1 -force

            remove-item -path $tempFile2 -force

        }



        $valReturn = $auditConfig["$subCategoryGUID"]

    }

	catch [System.Exception]

	{

		$error.Clear()

	}

    return $valReturn

}



function GetScriptData()

{

# TODO

}



#-----------------------------------------------------

# Main Discovery Function

#-----------------------------------------------------

function AdvisorDiscovery($scriptargs, $discoveryoutput)

{

    Try

    {

        $discoveryoutput.NetworkaccessLetEveryonepermissionsapplytoanonymoususers = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'EveryoneIncludesAnonymous' 

        $discoveryoutput.NetworkaccessSharingandsecuritymodelforlocalaccounts = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'ForceGuest' 

        $discoveryoutput.InteractivelogonDonotrequireCTRLALTDEL = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'DisableCAD' 

        $discoveryoutput.RecoveryconsoleAllowautomaticadministrativelogon = GetRegistryData 'Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole' 'securitylevel' 

        $discoveryoutput.NetworkaccessDonotallowanonymousenumerationofSAMaccounts = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'RestrictAnonymousSAM' 

        $discoveryoutput.ShutdownClearvirtualmemorypagefile = GetRegistryData 'System\CurrentControlSet\Control\Session Manager\Memory Management' 'ClearPageFileAtShutdown' 

        $discoveryoutput.SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks = GetRegistryData 'System\CurrentControlSet\Control\Session Manager' 'ProtectionMode' 

        $discoveryoutput.DomainmemberDigitallyencryptsecurechanneldatawhenpossible = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'sealsecurechannel' 

        $discoveryoutput.MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers = GetRegistryData 'System\CurrentControlSet\Services\LanmanWorkstation\Parameters' 'EnablePlainTextPassword' 

        $discoveryoutput.DomainmemberDigitallyencryptorsignsecurechanneldataalways = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'requiresignorseal' 

        $discoveryoutput.MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees = GetRegistryData 'System\CurrentControlSet\Services\LanmanWorkstation\Parameters' 'EnableSecuritySignature' 

        $discoveryoutput.DomainmemberRequirestrongWindows2000orlatersessionkey = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'requirestrongkey' 

        $discoveryoutput.DomainmemberDigitallysignsecurechanneldatawhenpossible = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'signsecurechannel' 

        $discoveryoutput.NetworksecurityLDAPclientsigningrequirements = GetRegistryData 'System\CurrentControlSet\Services\LDAP' 'LDAPClientIntegrity' 

        $discoveryoutput.NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'NoLMHash' 

        $discoveryoutput.AuditShutdownsystemimmediatelyifunabletologsecurityaudits = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'crashonauditfail' 

        $discoveryoutput.UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableSecureUIAPaths' 

        $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforstandardusers = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ConsentPromptBehaviorUser' 

        $discoveryoutput.UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'PromptOnSecureDesktop' 

        $discoveryoutput.UserAccountControlOnlyelevateexecutablesthataresignedandvalidated = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ValidateAdminCodeSignatures' 

        $discoveryoutput.UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop = GetRegistryData 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableUIADesktopToggle' 

        $discoveryoutput.UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableVirtualization' 

        $discoveryoutput.UserAccountControlRunalladministratorsinAdminApprovalMode = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableLUA' 

        $discoveryoutput.UserAccountControlDetectapplicationinstallationsandpromptforelevation = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'EnableInstallerDetection' 

        $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode = GetRegistryData 'Software\Microsoft\Windows\CurrentVersion\Policies\System' 'ConsentPromptBehaviorAdmin' 

        $discoveryoutput.DomainmemberDisablemachineaccountpasswordchanges = GetRegistryData 'System\CurrentControlSet\Services\Netlogon\Parameters' 'disablepasswordchange' 

        $discoveryoutput.AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly = GetRegistryData 'System\CurrentControlSet\Control\Lsa' 'LimitBlankPasswordUse' 

        $discoveryoutput.MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire = GetRegistryData 'System\CurrentControlSet\Services\LanManServer\Parameters' 'enableforcedlogoff' 

      

    }

    Catch [system.exception]

    {

		$Exception = $error[$error.Count - 1].Exception

		$oAPI.LogScriptEvent("SCM Exception", 8000, 1, "Exception in Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security: " + $Exception.Message)

		$error.Clear()

    }

}





# Create a new discovery data packet

$oAPI = new-object -comObject "MOM.ScriptAPI"



$discoverydata = $oAPI.CreateDiscoveryData(0, $scriptargs.SourceId, $scriptargs.ManagedEntityId)

$instance = $discoverydata.CreateClassInstance("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']$")

$instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $scriptargs.KeyPropertyPrincipalName)



AdvisorDiscovery $scriptargs $discoveryoutput



# set the discovery output

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessLetEveryonepermissionsapplytoanonymoususers$", $discoveryoutput.NetworkaccessLetEveryonepermissionsapplytoanonymoususers)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessSharingandsecuritymodelforlocalaccounts$", $discoveryoutput.NetworkaccessSharingandsecuritymodelforlocalaccounts)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/InteractivelogonDonotrequireCTRLALTDEL$", $discoveryoutput.InteractivelogonDonotrequireCTRLALTDEL)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/RecoveryconsoleAllowautomaticadministrativelogon$", $discoveryoutput.RecoveryconsoleAllowautomaticadministrativelogon)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworkaccessDonotallowanonymousenumerationofSAMaccounts$", $discoveryoutput.NetworkaccessDonotallowanonymousenumerationofSAMaccounts)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/ShutdownClearvirtualmemorypagefile$", $discoveryoutput.ShutdownClearvirtualmemorypagefile)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks$", $discoveryoutput.SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallyencryptsecurechanneldatawhenpossible$", $discoveryoutput.DomainmemberDigitallyencryptsecurechanneldatawhenpossible)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers$", $discoveryoutput.MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallyencryptorsignsecurechanneldataalways$", $discoveryoutput.DomainmemberDigitallyencryptorsignsecurechanneldataalways)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees$", $discoveryoutput.MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberRequirestrongWindows2000orlatersessionkey$", $discoveryoutput.DomainmemberRequirestrongWindows2000orlatersessionkey)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDigitallysignsecurechanneldatawhenpossible$", $discoveryoutput.DomainmemberDigitallysignsecurechanneldatawhenpossible)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworksecurityLDAPclientsigningrequirements$", $discoveryoutput.NetworksecurityLDAPclientsigningrequirements)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange$", $discoveryoutput.NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/AuditShutdownsystemimmediatelyifunabletologsecurityaudits$", $discoveryoutput.AuditShutdownsystemimmediatelyifunabletologsecurityaudits)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations$", $discoveryoutput.UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlBehavioroftheelevationpromptforstandardusers$", $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforstandardusers)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation$", $discoveryoutput.UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlOnlyelevateexecutablesthataresignedandvalidated$", $discoveryoutput.UserAccountControlOnlyelevateexecutablesthataresignedandvalidated)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop$", $discoveryoutput.UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations$", $discoveryoutput.UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlRunalladministratorsinAdminApprovalMode$", $discoveryoutput.UserAccountControlRunalladministratorsinAdminApprovalMode)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlDetectapplicationinstallationsandpromptforelevation$", $discoveryoutput.UserAccountControlDetectapplicationinstallationsandpromptforelevation)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode$", $discoveryoutput.UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/DomainmemberDisablemachineaccountpasswordchanges$", $discoveryoutput.DomainmemberDisablemachineaccountpasswordchanges)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly$", $discoveryoutput.AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly)

$instance.AddProperty("$MPElement[Name='MicrosoftKnowledgeServicesSCMLibrary!Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security']/MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire$", $discoveryoutput.MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire)



$discoverydata.AddInstance($instance)

$discoverydata



</Script></ScriptBody>

    <Parameters>

      <Parameter>

        <Name>SourceId</Name>

        <Value>$MPElement$</Value>

      </Parameter>

      <Parameter>

        <Name>ManagedEntityId</Name>

        <Value>$Target/Id$</Value>

      </Parameter>

      <Parameter>

        <Name>KeyPropertyPrincipalName</Name>

        <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

      </Parameter>

    </Parameters>

    <TimeoutSeconds>300</TimeoutSeconds>

    <StrictErrorHandling>false</StrictErrorHandling>

  </DataSource>

</Discovery>