Security Protocol Cipher Class Discovery

Security.Protocol.Cipher.Class.Discovery (Discovery)

Discover all Ciphers in the registry.

Element properties:

Object Discovery Details:

Member Modules:

Source Code:

<Discovery ID="Security.Protocol.Cipher.Class.Discovery" Enabled="true" Target="Windows!Microsoft.Windows.OperatingSystem" ConfirmDelivery="false" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Security.Protocol.Cipher.Class">

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="AES128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="AES256"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="DES56"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="NULL"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC2128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC240128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC256128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC4128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC440128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC456128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="RC464128"/>

      <Property TypeID="Security.Protocol.Cipher.Class" PropertyID="TriDES168"/>

      <Property TypeID="Security.Protocol.Class" PropertyID="KeyPath"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="ObjectStatus"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="AssetStatus"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="Notes"/>

      <Property TypeID="System!System.Entity" PropertyID="DisplayName"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.TimedPowerShell.DiscoveryProvider">

    <IntervalSeconds>43200</IntervalSeconds>

    <SyncTime/>

    <ScriptName>Security.Protocol.Cipher.Class.Discovery.ps1</ScriptName>

    <ScriptBody><Script>#=================================================================================



			  #  Author: Sean Christie

			  #  v1.0

			  #=================================================================================

			  param($SourceId,$ManagedEntityId,$ComputerName)





			  $ScriptName = "Security.Protocol.Cipher.Class.Discovery.ps1"

			  $EventID = "1137"



			  $StartTime = Get-Date

			  $whoami = whoami

			  $momapi = New-Object -comObject MOM.ScriptAPI

			  $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).")





			  $DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId)







			  # Begin MAIN script section

			  #=================================================================================

			  $AES128 = "Enabled By Default"

			  $AES256 = "Enabled By Default"

			  $DES56 = "Enabled By Default"

			  $NULLc = "Enabled By Default"

			  $RC2128 = "Enabled By Default"

			  $RC240128 = "Enabled By Default"

			  $RC256128 = "Enabled By Default"

			  $RC4128 = "Enabled By Default"

			  $RC440128 = "Enabled By Default"

			  $RC456128 = "Enabled By Default"

			  $RC464128 = "Enabled By Default"

			  $3DES168 = "Enabled By Default"

			  $keypath = $computername+":HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\"



			  $ciphers = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers



			  if($ciphers -ne $null)

			  {

			  foreach($cipher in $ciphers)

			  {





			  $type = ($cipher.PSPath | Get-ItemProperty).PSChildName

			  $value = ($cipher.PsPath | Get-ItemProperty).Enabled





			  if($value -eq "4294967295")

			  {



			  if($type -eq "AES 128/128"){$AES128 = "Enabled"}

			  if($type -eq "AES 256/256"){$AES256 = "Enabled"}

			  if($type -eq "DES 56/56"){$DES56 = "Enabled"}

			  if($type -eq "NULL" ){$NULLc = "Enabled"}

			  if($type -eq "RC2 128/128"){$RC2128 = "Enabled"}

			  if($type -eq "RC2 40/128"){$RC240128 = "Enabled"}

			  if($type -eq "RC2 56/128"){$RC256128 = "Enabled"}

			  if($type -eq "RC4 128/128"){$RC4128 = "Enabled"}

			  if($type -eq "RC4 40/128"){$RC440128 = "Enabled"}

			  if($type -eq "RC4 56/128"){$RC456128 = "Enabled"}

			  if($type -eq "RC4 64/128"){$RC464128 = "Enabled"}

			  if($type -eq "Triple DES 168"){$3DES168 = "Enabled"}





			  }

			  if($value -eq "0")

			  {

			  if($type -eq "AES 128/128"){$AES128 = "Disabled"}

			  if($type -eq "AES 256/256"){$AES256 = "Disabled"}

			  if($type -eq "DES 56/56"){$DES56 = "Disabled"}

			  if($type -eq "NULL" ){$NULLc = "Disabled"}

			  if($type -eq "RC2 128/128"){$RC2128 = "Disabled"}

			  if($type -eq "RC2 40/128"){$RC240128 = "Disabled"}

			  if($type -eq "RC2 56/128"){$RC256128 = "Disabled"}

			  if($type -eq "RC4 128/128"){$RC4128 = "Disabled"}

			  if($type -eq "RC4 40/128"){$RC440128 = "Disabled"}

			  if($type -eq "RC4 56/128"){$RC456128 = "Disabled"}

			  if($type -eq "RC4 64/128"){$RC464128 = "Disabled"}

			  if($type -eq "Triple DES 168"){$3DES168 = "Disabled"}

			  }





			  }





			  





			  }



			  $instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='Security.Protocol.Cipher.Class']$")

			  $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $ComputerName)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/AES128$", $AES128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/AES256$", $AES256)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/DES56$", $DES56)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/NULL$", $NULLc)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC2128$", $RC2128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC240128$", $RC240128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC256128$", $RC256128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC4128$", $RC4128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC440128$", $RC440128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC456128$", $RC456128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/RC464128$", $RC464128)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Cipher.Class']/TriDES168$", $3DES168)

			  $instance.AddProperty("$MPElement[Name='Security.Protocol.Class']/KeyPath$", $KeyPath)

			  $instance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $ComputerName)

			  $DiscoveryData.AddInstance($instance)













			  $DiscoveryData

			  #=================================================================================

			  # End MAIN script section





			  # End of script section

			  #=================================================================================

			  #Log an event for script ending and total execution time.

			  $EndTime = Get-Date

			  $ScriptTime = ($EndTime - $StartTime).TotalSeconds

			  $momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script Completed. `n Script Runtime: ($ScriptTime) seconds.")

			  #=================================================================================

			  # End of script

</Script></ScriptBody>

    <Parameters>

      <Parameter>

        <Name>sourceId</Name>

        <Value>$MPElement$</Value>

      </Parameter>

      <Parameter>

        <Name>managedEntityId</Name>

        <Value>$Target/Id$</Value>

      </Parameter>

      <Parameter>

        <Name>computerName</Name>

        <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

      </Parameter>

    </Parameters>

    <TimeoutSeconds>120</TimeoutSeconds>

    <StrictErrorHandling>false</StrictErrorHandling>

  </DataSource>

</Discovery>