Workstation

Prerequisites

Local administrator and basic user account
PowerShell we need to be enabled on windows builds
Port 445 will need to be enabled for authentication scan

Ensure that you make the followihng registry edit in order to be able to perform the remote authenticated nussus scan:

regedit (run as admin) > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System. Right click > New > DWORD (32-bit) Value. LocalAccountTokenFilterPolicy > Right click > Modify > Value data: 1

Also enable/start the 'remote registry' service in services.msc

Checklist

Catagory

Checks

Result

Useful commands

Unquoted service paths

cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Search the running processes

Tasklist | findstr <query>

Check if LAPS is installed (PowerShell)

Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll'
Get-ChildItem 'C:\Program Files (x86)\LAPS\CSE\Admpwd.dll'

Vulnerability and patching checks

A new version of the Windows Update offline scan file, Wsusscn2.cab, is available for advanced users

Using Microsoft Baseline Security Analyzer (MBA)

https://docs.microsoft.com/en-us/previous-versions/cc184924(v=msdn.10)?redirectedfrom=MSDN

https://files02.tchspt.com/temp/MBSASetup-x64-EN.msi

Benching

NCSC (https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/)
Compare the output
- Resultant Set of Policy
- Gpresult /H buldreview.html
CIS
- Level 1
- Run in Nessus

Download for the file tests

76KB

Build-review.zip