Workstation

Prerequisites

Local administrator and basic user account
PowerShell we need to be enabled on windows builds
Port 445 will need to be enabled for authentication scan

Ensure that you make the followihng registry edit in order to be able to perform the remote authenticated nussus scan:

regedit (run as admin) > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System. Right click > New > DWORD (32-bit) Value. LocalAccountTokenFilterPolicy > Right click > Modify > Value data: 1

Also enable/start the 'remote registry' service in services.msc

Checklist

Catagory

Checks

Result

Useful commands

Unquoted service paths

cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Search the running processes

Tasklist | findstr <query>

Check if LAPS is installed (PowerShell)

Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll'
Get-ChildItem 'C:\Program Files (x86)\LAPS\CSE\Admpwd.dll'

Vulnerability and patching checks

A new version of the Windows Update offline scan file, Wsusscn2.cab, is available for advanced users - Microsoft Supportsupport.microsoft.com

Using Microsoft Baseline Security Analyzer (MBA)

https://docs.microsoft.com/en-us/previous-versions/cc184924(v=msdn.10)?redirectedfrom=MSDN

Software Downloads: Free Programs, Utilities and Apps | TechSpotTechSpot

Benching

NCSC (https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/)
Compare the output
- Resultant Set of Policy
- Gpresult /H buldreview.html
CIS
- Level 1
- Run in Nessus

Download for the file tests

76KB

Build-review.zip

hashtagPrerequisites

hashtagChecklist

hashtagUseful commands

hashtagUnquoted service paths

hashtagSearch the running processes

hashtagCheck if LAPS is installed (PowerShell)

hashtagVulnerability and patching checks

hashtagUsing Microsoft Baseline Security Analyzer (MBA)

hashtagBenching

hashtagDownload for the file tests