Folder Redirection Audit - Windows
Log In or Register to download the BES file, and more.

0 Votes

Description


Property Details

ID2998509
StatusAlpha - Code that was just developed
TitleFolder Redirection Audit - Windows
DomainBESC
Added by on 1/6/2017 5:12:52 PM
Last Modified by on 1/6/2017 5:12:52 PM
Counters 1788 Views / 24 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

number of redirected folders - WMI
Period 6 hours
 
  * Results in a true/false
Show indented relevance
number of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis
Parent Folder Name of Redirected Folders ( typically the username )
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values whose("My Documents" != it AND "Documents" != it AND "AppData" != it AND "%25USERNAME%25" != it AND "Windows" != it AND "" != it) of (it as trimmed string) of following texts of lasts "\" of ( if (exists it whose("\" = it) of characters (length of it - 1) of it) then ( preceding texts of lasts "\" of it) else it ) of unique values of (it as trimmed string) of (preceding text of last "\" of it | it) of string values of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis
Parent Folder PathName of Redirected Folders - WMI
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values of (it as trimmed string) of (preceding text of last "\" of it | it) of string values of selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis

Relevance

isWindows (Relevance 1172)
Used in 1117 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 1 analsis   * Results in a true/false
Show indented relevance
( exists values whose(it as string starts with "\\") of (keys "Shell Folders" of it; keys "User Shell Folders" of it) of keys "Software\Microsoft\Windows\CurrentVersion\Explorer" of keys of keys "HKEY_USERS" of (x64 registries;x32 registries) ) OR ( exists selects "resultantPath FROM RSOP_FolderRedirectionPolicySetting WHERE resultantPath != '$not configured$'" of (wmis it) of ("ROOT\RSOP\User\" & it) of (concatenations "_" of substrings separated by "-" of it) of string values of selects "SID FROM Win32_UserProfile" of wmis )

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
See this related relevance challenge: https://forum.bigfix.com/t/challenge-2-provide-equivalent-relevance-using-different-inspector/19744