Security Monitoring with Powershell – Ensuring Windows Firewall Integrity

2019-12-02T14:03:57+00:00December 2nd, 2019|

Though you can get products that replace or enhance the built-in firewall on Windows machines, there are still signficant amounts of agents that rely on the Windows Firewall as the last line of defense between the outside world and one of your workstations. Getting the state of the firewalls is not as easy as you would think as it's [...]

Remote Monitor Series: Security! Finding members of local groups that shouldn’t be there (like Remote Desktop Users)

2021-11-03T21:52:39+00:00December 8th, 2018|

A bit more of a complex monitor today! This monitor allows for the checking of all the members of any local group (domain groups will also work if done on a DC) and allow you to trigger an alert if accounts are found that shouldn't be there. The biggest usage for this in my experience is detecting for users [...]

Remote Monitor Series: Bringing back a list of local accounts on a machine

2018-12-05T22:24:12+00:00December 5th, 2018|

This is a simple one for today - useful for having a monitor to check for accounts that should not be there as local users. "%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -command "& {(Get-WmiObject -Class Win32_UserAccount -Filter \"LocalAccount='True'\" | Select -expandproperty name) -join \",\"}" The result is a comma delimited string of local user accounts

Remote Monitor Series: Finding machines that have over 50GB OST files for Outlook

2021-11-03T21:54:37+00:00November 8th, 2018|

This is a great proactive monitor because in most cases anyone who has over 50GB of OST files normally has an Outlook that runs like a snail or constantly crashes "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -command "& {$ErrorActionPreference = 'SilentlyContinue';$emptyOutput = \"\";$arrayresult=@();$thresholdInGB = \"50\";dir c:\users | foreach -begin {} -process{$size=(dir $_.FullName *.ost -recurse -force -ea silentlycontinue | Measure-Object ‘length’ -sum -Maximum).sum;If (($size/1GB) [...]

Remote Monitor Series: Finding machines where Bitlocker is not protecting drives

2021-11-03T21:56:03+00:00November 8th, 2018|

This is going to be the first in a number of blog posts that will give ideas/starting points for adding more value to your client monitoring. In this series I will not be focusing on how to create these monitors, more the code that can be used. I cover creating remote monitor creation here if you are not sure how to [...]

Remote Monitor – Trigger an alert when a profile goes above a certain size, including setup tips for Remote Monitors!

2021-11-03T21:58:05+00:00July 3rd, 2018|

This is a Remote Monitor that can function in Automate, that will trigger certain keywords that can be detected upon if the profile sizes go above a certain size. I have two monitors here, pick whichever you need depending on your requirements. The first will output all profiles and sizes, the second will only output profiles that are over [...]

Go to Top