Ermittelt Windows Server-Systeme, die Terminalserver im Remoteverwaltungsmodus ausführen (standardmäßig deaktiviert, kann mit Überschreibungen aktiviert werden).
Ermittlung von Systemen, auf denen Terminaldienste im Remoteverwaltungsmodus (Remotedesktop) ausgeführt wird.
Diese Ermittlungsregel ist standardmäßig deaktiviert. Verwenden Sie Außerkraftsetzungen zur Aktivierung auf ausgewählten Systemen oder Gruppensystemen.
Target | Microsoft.Windows.Server.Computer |
Enabled | False |
Frequency | 86400 |
Remotable | False |
Discovered Classes and their attribuets: |
---|
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DiscoveryDataSource | DataSource | Microsoft.Windows.FilteredRegistryDiscoveryProvider | Default |
<Discovery ID="Microsoft.Windows.Server.2003.TerminalServerRole.RemoteAdminMode.Discovery" Target="Windows!Microsoft.Windows.Server.Computer" Enabled="false">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Microsoft.Windows.Server.2003.TerminalServerRole">
<Property TypeID="TS!Microsoft.Windows.Server.TerminalServerRole" PropertyID="Mode"/>
<Property TypeID="TS!Microsoft.Windows.Server.TerminalServicesRole" PropertyID="StartMode"/>
</DiscoveryClass>
</DiscoveryTypes>
<DataSource ID="DiscoveryDataSource" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider">
<ComputerName>\\$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<RegistryAttributeDefinitions>
<RegistryAttributeDefinition>
<AttributeName>MS_Windows_CurrentVersion</AttributeName>
<Path>SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion</Path>
<PathType>1</PathType>
<AttributeType>1</AttributeType>
</RegistryAttributeDefinition>
<RegistryAttributeDefinition>
<AttributeName>MS_Windows_TS_main</AttributeName>
<Path>SYSTEM\CurrentControlSet\Services\TermService\Start</Path>
<PathType>1</PathType>
<AttributeType>2</AttributeType>
</RegistryAttributeDefinition>
<RegistryAttributeDefinition>
<AttributeName>TS_AppMode</AttributeName>
<Path>SYSTEM\CurrentControlSet\Control\Terminal Server\TSAppCompat</Path>
<PathType>1</PathType>
<AttributeType>2</AttributeType>
</RegistryAttributeDefinition>
<RegistryAttributeDefinition>
<AttributeName>MS_Windows_TS_main_name</AttributeName>
<Path>SYSTEM\CurrentControlSet\Services\TermService\DisplayName</Path>
<PathType>1</PathType>
<AttributeType>1</AttributeType>
</RegistryAttributeDefinition>
</RegistryAttributeDefinitions>
<Frequency>86400</Frequency>
<ClassId>$MPElement[Name="Microsoft.Windows.Server.2003.TerminalServerRole"]$</ClassId>
<InstanceSettings>
<Settings>
<Setting>
<Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name>
<Value>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>
</Setting>
<Setting>
<Name>$MPElement[Name="System!System.Entity"]/DisplayName$</Name>
<Value>$Data/Values/MS_Windows_TS_main_name$</Value>
</Setting>
<Setting>
<Name>$MPElement[Name="TS!Microsoft.Windows.Server.TerminalServerRole"]/Mode$</Name>
<Value>Remote Admin</Value>
</Setting>
<Setting>
<Name>$MPElement[Name="TS!Microsoft.Windows.Server.TerminalServicesRole"]/StartMode$</Name>
<Value>$Data/Values/MS_Windows_TS_main$</Value>
</Setting>
</Settings>
</InstanceSettings>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Values/MS_Windows_CurrentVersion</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>5.2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Values/TS_AppMode</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>0</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Values/MS_Windows_TS_main</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Values/MS_Windows_TS_main</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</DataSource>
</Discovery>