Network Policy Server Log Configuration Discovery
The following configurations are discovered:
NPS Event log configuration
NPS File log configuration
NPS SQL log configuration
NPS Ports configuration
NPS registration of an NPS Server in the Active Directory
Target | Microsoft.NetworkPolicyServer.NPSServers |
Enabled | True |
Frequency | 28800 |
Remotable | False |
Discovered Classes and their attribuets: |
---|
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.TimedScript.DiscoveryProvider | Default |
<Discovery ID="Microsoft.NetworkPolicyServer.LogDiscovery" Enabled="true" Target="Microsoft.NetworkPolicyServer.NPSServers" ConfirmDelivery="false" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Microsoft.NetworkPolicyServer.LogConfiguration">
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="EVENTAcceptedauthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="EVENTRejectedauthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEAccounting"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEAuthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEPeriodicaccounting"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEPeriodicauthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEDirectory"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEFormat"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEDeleteoldlogs"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEFrequency"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEMaxsize"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLConnection"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLDescription"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLAccounting"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLAuthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLPeriodicaccounting"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLPeriodicauthentication"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLMaxsessions"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="PORTSAccountingports"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="PORTSAuthenticationports"/>
<Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="REGISTEREDStatus"/>
</DiscoveryClass>
</DiscoveryTypes>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.TimedScript.DiscoveryProvider">
<IntervalSeconds>28800</IntervalSeconds>
<SyncTime/>
<ScriptName>NPS-LogConfig.vbs</ScriptName>
<Arguments>$MPElement$ $Target/Id$ $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Arguments>
<ScriptBody> <![CDATA['Script Start
'On Error Resume next
Dim oAPI, oArgs
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oArgs = Wscript.Arguments
If oArgs.Count < 3 Then
Call oAPI.LogScriptEvent("NPS-LogConfig.vbs", 101, 1, "NPS LogConfig script was called with fewer than three arguments and was not executed.")
Wscript.Quit
end If
SourceId = oArgs(0)
ManagedEntityId = oArgs(1)
TargetComputer = oArgs(2)
Set oDiscoveryData = oAPI.CreateDiscoveryData(0, SourceId, ManagedEntityId)
Set oShell = CreateObject("WScript.Shell")
' Create the application instance.
'Set oHost = odiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.NetworkPolicyServer.NPSServers']$")
' Define the property values.
'Call oHost.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", TargetComputer)
'Call oHost.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "NPS Config on " & TargetComputer)
'Call oDiscoveryData.AddInstance(oHost)
' NPS Event log configuration
Set oQuery = oShell.Exec("netsh nps show eventlog")
Dim strEVENTAcceptedauthentication, strEVENTRejectedauthentication
Do while not oquery.StdOut.AtendOfStream
strline = oQuery.StdOut.ReadLine
If instr(strline, "=") > 0 then
fields = Split(strLine,"=")
If inStr(1, fields(0),"Accepted authentication requests") Then
strEVENTAcceptedauthentication = trim(Fields(1))
ElseIf inStr(1, fields(0),"Rejected authentication requests") Then
strEVENTRejectedauthentication = trim(Fields(1))
End If
End If
loop
' NPS File log configuration
Set oQuery = oShell.Exec("netsh nps show filelog")
Dim strFILEAccounting, strFILEAuthentication, strFILEPeriodicaccounting, strFILEPeriodicauthentication
Dim strFILEDirectory, strFILEFormat, strFILEDeleteoldlogs, strFILEFrequency, strFILEMaxsize
Do while not oquery.StdOut.AtendOfStream
strline = oQuery.StdOut.ReadLine
If instr(strline, "=") > 0 then
fields = Split(strLine,"=")
If inStr(1, fields(0),"Accounting") Then
strFILEAccounting = trim(Fields(1))
ElseIf inStr(1, fields(0),"Authentication") Then
strFILEAuthentication = trim(Fields(1))
ElseIf inStr(1, fields(0),"Periodic accounting status") Then
strFILEPeriodicaccounting = trim(Fields(1))
ElseIf inStr(1, fields(0),"Periodic authentication status") Then
strFILEPeriodicauthentication = trim(Fields(1))
ElseIf inStr(1, fields(0),"Directory") Then
strFILEDirectory = trim(Fields(1))
ElseIf inStr(1, fields(0),"Format") Then
strFILEFormat= trim(Fields(1))
ElseIf inStr(1, fields(0),"Delete old logs") Then
strFILEDeleteoldlogs = trim(Fields(1))
ElseIf inStr(1, fields(0),"Frequency") Then
strFILEFrequency = trim(Fields(1))
ElseIf inStr(1, fields(0),"Max size") Then
strFILEMaxsize = trim(Fields(1))
End If
End If
loop
' NPS SQL log configuration
Set oQuery = oShell.Exec("netsh nps show SQLlog")
Dim strSQLConnection, strSQLDescription, strSQLAccounting, strSQLAuthentication
Dim strSQLPeriodicaccounting, strSQLPeriodicauthentication, strSQLMaxsessions
Do while not oquery.StdOut.AtendOfStream
strline = oQuery.StdOut.ReadLine
If instr(strline, "=") > 0 then
fields = Split(strLine,"=")
If inStr(1, fields(0),"Connection") Then
strSQLConnection = trim(Fields(1))
ElseIf inStr(1, fields(0),"Description") Then
strSQLDescription = trim(Fields(1))
ElseIf inStr(1, fields(0),"Accounting") Then
strSQLAccounting = trim(Fields(1))
ElseIf inStr(1, fields(0),"Authentication") Then
strSQLAuthentication = trim(Fields(1))
ElseIf inStr(1, fields(0),"Periodic accounting status") Then
strSQLPeriodicaccounting = trim(Fields(1))
ElseIf inStr(1, fields(0),"Periodic authentication status") Then
strSQLPeriodicauthentication = trim(Fields(1))
ElseIf inStr(1, fields(0),"Max sessions") Then
strSQLMaxsessions = trim(Fields(1))
End If
End If
loop
' NPS Ports configuration
Set oQuery = oShell.Exec("netsh nps show ports")
Dim strPORTSAccountingports, strPORTSAuthenticationports
Do while not oquery.StdOut.AtendOfStream
strline = oQuery.StdOut.ReadLine
If instr(strline, "=") > 0 then
fields = Split(strLine,"=")
If inStr(1, fields(0),"Accounting ports") Then
strPORTSAccountingports = trim(Fields(1))
ElseIf inStr(1, fields(0),"Authentication ports") Then
strPORTSAuthenticationports = trim(Fields(1))
End If
End If
loop
' NPS registration of an NPS Server in the Active Directory
Set oQuery = oShell.Exec("netsh nps show registeredserver")
Dim strREGISTEREDStatus
Do while not oquery.StdOut.AtendOfStream
strline = oQuery.StdOut.ReadLine
If instr(strline, "=") > 0 then
fields = Split(strLine,"=")
If inStr(1, fields(0),"Status") Then
strREGISTEREDStatus = trim(Fields(1))
End If
End If
loop
' Create the application Component instance.
Set oLogConfig = oDiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']$")
' Define the property values for the class.
' The ailable properties are detemined by the
' Management Pack that defines the class.
Call oLogConfig.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", TargetComputer)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/EVENTAcceptedauthentication$", strEVENTAcceptedauthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/EVENTRejectedauthentication$", strEVENTRejectedauthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEAccounting$", strFILEAccounting)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEAuthentication$", strFILEAuthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEPeriodicaccounting$", strFILEPeriodicaccounting)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEPeriodicauthentication$", strFILEPeriodicauthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEDirectory$", strFILEDirectory)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEFormat$", strFILEFormat)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEDeleteoldlogs$", strFILEDeleteoldlogs)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEFrequency$", strFILEFrequency)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEMaxsize$", strFILEMaxsize)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLConnection$", strSQLConnection)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLDescription$", strSQLDescription)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLAccounting$", strSQLAccounting)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLAuthentication$", strSQLAuthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLPeriodicaccounting$", strSQLPeriodicaccounting)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLPeriodicauthentication$", strSQLPeriodicauthentication)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLMaxsessions$", strSQLMaxsessions)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/PORTSAccountingports$", strPORTSAccountingports)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/PORTSAuthenticationports$", strPORTSAuthenticationports)
Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/REGISTEREDStatus$", strREGISTEREDStatus)
Call oDiscoveryData.AddInstance(oLogConfig)
Call oAPI.Return(oDiscoveryData)
Call oAPI.LogScriptEvent ("NPS-LogConfig.vbs", 100, 0, "NPS LogConfig script is finished.") ]]> </ScriptBody>
<TimeoutSeconds>60</TimeoutSeconds>
</DataSource>
</Discovery>