Detección del modo de administración remota de la función de Terminal Server en Windows Server 2003

Microsoft.Windows.Server.2003.TerminalServerRole.RemoteAdminMode.Discovery (Discovery)

Detecta la ejecución de Terminal Server en Windows Server en modo de administración remota (deshabilitado de forma predeterminada; use invalidaciones para habilitarlo)

Knowledge Base article:

Resumen

Detección de sistemas que ejecuten los Servicios de Terminal Server en modo de administración remota (Escritorio remoto).

Configuración

Esta regla de detección está deshabilitada de forma predeterminada. Use invalidaciones para habilitarla, si lo desea, en los sistemas seleccionados o los sistemas del grupo.

Element properties:

Target	Microsoft.Windows.Server.Computer
Enabled	False
Frequency	86400
Remotable	False

Object Discovery Details:

Discovered Classes and their attribuets:
Microsoft.Windows.Server.2003.TerminalServerRole Mode StartMode

Member Modules:

ID	Module Type	TypeId	RunAs
DiscoveryDataSource	DataSource	Microsoft.Windows.FilteredRegistryDiscoveryProvider	Default

Source Code:

<Discovery ID="Microsoft.Windows.Server.2003.TerminalServerRole.RemoteAdminMode.Discovery" Target="Windows!Microsoft.Windows.Server.Computer" Enabled="false">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Microsoft.Windows.Server.2003.TerminalServerRole">

      <Property TypeID="TS!Microsoft.Windows.Server.TerminalServerRole" PropertyID="Mode"/>

      <Property TypeID="TS!Microsoft.Windows.Server.TerminalServicesRole" PropertyID="StartMode"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="DiscoveryDataSource" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider">

    <ComputerName>\\$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <RegistryAttributeDefinitions>

      <RegistryAttributeDefinition>

        <AttributeName>MS_Windows_CurrentVersion</AttributeName>

        <Path>SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion</Path>

        <PathType>1</PathType>

        <AttributeType>1</AttributeType>

      </RegistryAttributeDefinition>

      <RegistryAttributeDefinition>

        <AttributeName>MS_Windows_TS_main</AttributeName>

        <Path>SYSTEM\CurrentControlSet\Services\TermService\Start</Path>

        <PathType>1</PathType>

        <AttributeType>2</AttributeType>

      </RegistryAttributeDefinition>

      <RegistryAttributeDefinition>

        <AttributeName>TS_AppMode</AttributeName>

        <Path>SYSTEM\CurrentControlSet\Control\Terminal Server\TSAppCompat</Path>

        <PathType>1</PathType>

        <AttributeType>2</AttributeType>

      </RegistryAttributeDefinition>

      <RegistryAttributeDefinition>

        <AttributeName>MS_Windows_TS_main_name</AttributeName>

        <Path>SYSTEM\CurrentControlSet\Services\TermService\DisplayName</Path>

        <PathType>1</PathType>

        <AttributeType>1</AttributeType>

      </RegistryAttributeDefinition>

    </RegistryAttributeDefinitions>

    <Frequency>86400</Frequency>

    <ClassId>$MPElement[Name="Microsoft.Windows.Server.2003.TerminalServerRole"]$</ClassId>

    <InstanceSettings>

      <Settings>

        <Setting>

          <Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name>

          <Value>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

        </Setting>

        <Setting>

          <Name>$MPElement[Name="System!System.Entity"]/DisplayName$</Name>

          <Value>$Data/Values/MS_Windows_TS_main_name$</Value>

        </Setting>

        <Setting>

          <Name>$MPElement[Name="TS!Microsoft.Windows.Server.TerminalServerRole"]/Mode$</Name>

          <Value>Remote Admin</Value>

        </Setting>

        <Setting>

          <Name>$MPElement[Name="TS!Microsoft.Windows.Server.TerminalServicesRole"]/StartMode$</Name>

          <Value>$Data/Values/MS_Windows_TS_main$</Value>

        </Setting>

      </Settings>

    </InstanceSettings>

    <Expression>

      <And>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery>Values/MS_Windows_CurrentVersion</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value>5.2</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery>Values/TS_AppMode</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value>0</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery>Values/MS_Windows_TS_main</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value>2</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery>Values/MS_Windows_TS_main</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value>3</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

      </And>

    </Expression>

  </DataSource>

</Discovery>