Workstation

Prerequisites

• Local administrator and basic user account

• PowerShell we need to be enabled on windows builds

• Port 445 will need to be enabled for authentication scan

Ensure that you make the followihng registry edit in order to be able to perform the remote authenticated nussus scan:

regedit (run as admin) > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System. Right click > New > DWORD (32-bit) Value. LocalAccountTokenFilterPolicy > Right click > Modify > Value data: 1

Also enable/start the 'remote registry' service in services.msc

Checklist

Catagory	Checks	Result

Useful commands

Unquoted service paths

cmd /c wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

Search the running processes

Tasklist | findstr <query>

Check if LAPS is installed (PowerShell)

Get-ChildItem 'C:\Program Files\LAPS\CSE\Admpwd.dll'
Get-ChildItem 'C:\Program Files (x86)\LAPS\CSE\Admpwd.dll'

Vulnerability and patching checks

A new version of the Windows Update offline scan file, Wsusscn2.cab, is available for advanced users

Using Microsoft Baseline Security Analyzer (MBA)

https://docs.microsoft.com/en-us/previous-versions/cc184924(v=msdn.10)?redirectedfrom=MSDN

https://files02.tchspt.com/temp/MBSASetup-x64-EN.msi

Benching

• NCSC (https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/)

• Compare the output

  • Resultant Set of Policy

  • Gpresult /H buldreview.html

• CIS

  • Level 1

  • Run in Nessus

Download for the file tests

76KB

Build-review.zip

archive