Security Protocol KeyEx Class Discovery

Security.Protocol.KeyEx.Class.Discovery (Discovery)

Discover all Key Exchange Algorithms in the registry.
Element properties:

Target	Microsoft.Windows.OperatingSystem
Enabled	True
Frequency	43200
Remotable	False
Object Discovery Details:

Discovered Classes and their attribuets:
Security.Protocol.KeyEx.Class DifHel ECDH PKCS KeyPath ObjectStatus AssetStatus Notes DisplayName
Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.TimedPowerShell.DiscoveryProvider	Default
Source Code:

<Discovery ID="Security.Protocol.KeyEx.Class.Discovery" Enabled="true" Target="Windows!Microsoft.Windows.OperatingSystem" ConfirmDelivery="false" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Security.Protocol.KeyEx.Class">

      <Property TypeID="Security.Protocol.KeyEx.Class" PropertyID="DifHel"/>

      <Property TypeID="Security.Protocol.KeyEx.Class" PropertyID="ECDH"/>

      <Property TypeID="Security.Protocol.KeyEx.Class" PropertyID="PKCS"/>

      <Property TypeID="Security.Protocol.Class" PropertyID="KeyPath"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="ObjectStatus"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="AssetStatus"/>

      <Property TypeID="System!System.ConfigItem" PropertyID="Notes"/>

      <Property TypeID="System!System.Entity" PropertyID="DisplayName"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.TimedPowerShell.DiscoveryProvider">

    <IntervalSeconds>43200</IntervalSeconds>

    <SyncTime/>

    <ScriptName>Security.Protocol.KeyEx.Class.Discovery.ps1</ScriptName>

    <ScriptBody><Script>#=================================================================================



						#  Author: Sean Christie

						#  v1.0

						#=================================================================================

						param($SourceId,$ManagedEntityId,$ComputerName)





						$ScriptName = "Security.Protocol.KeyEx.Class.Discovery.ps1"

						$EventID = "1135"



						$StartTime = Get-Date

						$whoami = whoami

						$momapi = New-Object -comObject MOM.ScriptAPI

						$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script is starting. `n Running as ($whoami).")





						$DiscoveryData = $momapi.CreateDiscoveryData(0, $SourceId, $ManagedEntityId)







						# Begin MAIN script section

						#=================================================================================

						$DifHel = "Enabled By Default"

						$PKCS = "Enabled By Default"

						$ECDH = "Enabled By Default"

						$keypath = $computername+":HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\"







						$Kxas = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms



						if($Kxas -ne $Null)

						{

						foreach($KXA in $Kxas)

						{





						$type = ($KXA.PSPath | Get-ItemProperty).PSChildName

						$value = ($KXA.PsPath | Get-ItemProperty).Enabled





						if($value -eq "4294967295")

						{



						if($type -eq "Diffie-Hellman"){$DifHel = "Enabled"}

						if($type -eq "PKCS"){$PKCS = "Enabled"}

						if($type -eq "ECDH"){$ECDH = "Enabled"}









						}

						if($value -eq "0")

						{

						if($type -eq "Diffie-Hellman"){$DifHel = "Disabled"}

						if($type -eq "PKCS"){$PKCS = "Disabled"}

						if($type -eq "ECDH"){$ECDH = "Disabled"}





						}





						}

						



						}



						$instance = $DiscoveryData.CreateClassInstance("$MPElement[Name='Security.Protocol.KeyEx.Class']$")

						$instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $ComputerName)

						$instance.AddProperty("$MPElement[Name='Security.Protocol.KeyEx.Class']/DifHel$", $DifHel)

						$instance.AddProperty("$MPElement[Name='Security.Protocol.KeyEx.Class']/PKCS$", $PKCS)

						$instance.AddProperty("$MPElement[Name='Security.Protocol.KeyEx.Class']/ECDH$", $ECDH)

						$instance.AddProperty("$MPElement[Name='Security.Protocol.Class']/KeyPath$", $KeyPath)

						$instance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $ComputerName)

						$DiscoveryData.AddInstance($instance)











				



						$DiscoveryData

						#=================================================================================

						# End MAIN script section





						# End of script section

						#=================================================================================

						#Log an event for script ending and total execution time.

						$EndTime = Get-Date

						$ScriptTime = ($EndTime - $StartTime).TotalSeconds

						$momapi.LogScriptEvent($ScriptName,$EventID,0,"`n Script Completed. `n Script Runtime: ($ScriptTime) seconds.")

						#=================================================================================

						# End of script

</Script></ScriptBody>

    <Parameters>

      <Parameter>

        <Name>sourceId</Name>

        <Value>$MPElement$</Value>

      </Parameter>

      <Parameter>

        <Name>managedEntityId</Name>

        <Value>$Target/Id$</Value>

      </Parameter>

      <Parameter>

        <Name>computerName</Name>

        <Value>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

      </Parameter>

    </Parameters>

    <TimeoutSeconds>120</TimeoutSeconds>

    <StrictErrorHandling>false</StrictErrorHandling>

  </DataSource>

</Discovery>