Hello
I want to get policy and filter account name in relevance language
thank you
I think we looked into this in the past and was unable to do it directly through relevance. Instead, we had to run an action, pipe the results into a text file or reg key, and then read the reg key.
If anyone has a better approach I’d be all ears, but we ended up using secedit
waithidden cmd.exe /c SecEdit /export /cfg {(pathname of windows folder & “\Temp\Logs\cfg.ini”)}
You can get a lot, but not all, of the Local Security Policy information using the rsop computer wmi inspector.
Here’s “Access this computer from the network”: string values of properties "AccountList" of select objects "* from RSOP_UserPrivilegeRight where UserRight = 'SeNetworkLogonRight'" of rsop computer wmi
Here’s “Deny access to this computer from the network”: string values of properties "AccountList" of select objects "* from RSOP_UserPrivilegeRight where UserRight = 'SeDenyNetworkLogonRight'" of rsop computer wmi
2 Likes
If you’re licensed for BigFix Compliance, most or all of these are available in the CIS Checklist, USGCB Checklist, or DISA STIG Checklist sites as well. There are non-rsop ways to retrieve the values but I probably can’t post the checklist content since it’s IBM licensed content.
I think I have some custom checks that I’ll try to dig up and post though.
1 Like