Security Audit Report

2»

Comments

  • ryan
    ryan Member
    edited June 2019

    @Heiko Soest -


    I would verify what the second step is in that procedure but this may just be that you did not create the custom fields mentioned in the description of this listing.

  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    edited June 2019

    Hi Heiko,

    Ryan is on the right track. You need to create the custom field exactly as in the PDF in the zip. Another problem I've seen is that the mapping of the custom field in the code of the script comes out blank. I am not sure why that happens in a some cases. 

    Be sure that each time you see the command updateSystemInfo that it points to a custom field. The first set of quotes should not be empty. It always needs to point to a custom field. 

    Example:

    image

    Let me know how it goes. If you are experiencing this then I am sure others are as well. 

    Thanks!

    Sidney


  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    edited June 2019

    Hi Heiko,

    Lets try that again... the formatting was off with the screenshot and some text was lost.

    Ryan is on the right track. You need to
    create the custom field exactly as in the PDF in the zip. Another problem I've
    seen is that the mapping of the custom field in the code of the script comes
    out blank. I am not sure why that happens in a some cases. 

    Be sure that each time you see the command updateSystemInfo that it points to a
    custom field. The first set of quotes should not be empty. It always needs to
    point to a custom field. 





    Example:

    image

    Let me know how it goes. If you are
    experiencing this then I am sure others are as well. 

    Thanks!





    Sidney

  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    edited June 2019

    I also recently encountered another problem. This script may not be accurate on all machines if they don't have the Bitlocker PowerShell commands. Usually on Home versions of Windows 10 and Windows 7. I am updating the script to detect if the commands are there and then proceed. This was recently brought to my attention from a customer.

    Try running the PowerShell commands directly on the machine (or through Live Connect) to see if that is the problem. It shouldnt create an error just misreport the status of Bitlocker. 

  • Will
    Will Member
    edited August 2019

    Issues I've found:

    Guest Account Status Check

    On Windows 10 machines this will always return 'enabled', gueststatus.txt is empty. 
    I've tried to run it as a .cmd but with no results.


    It's a very useful tool, well done.



  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    edited August 2019

    Hi Will,

    Thanks for bringing that to my attention, apologies. I will add some error checking to it. Unfortunately, this is my own project and I have limited testing ability and no QA. I will fix this on the next version plus I am adding a couple more tests such as checking if Network Level Authentication is disabled, trying to figure out how to detect is Smart Screen is enabled, and detecting UAC level.

    Any ideas would be helpful. 

    Thanks!


  • Will
    Will Member
    edited August 2019

    Hi Sidney,

    The problem I've mentioned was due to different language, when running 'net user guest |finstr /C:"active" the output was in English "Active   yes" but when running the procedure as system the output was ín Dutch "Actief  Yes" and was not filtered out to 'gueststatus.txt'.

    The 'problem' was just on our site.


  • Nigel Burt
    Nigel Burt Member
    edited September 2019

    Hi Sidney,

    I have run the import of the .XML file in the import centre (we are running on premise 9.5.0.22)

    The messages said both the agent procedures and report import completed.  I am looking for the Agent Procedures under Schedule/Create and cannot find them anywhere.  Should they be under Private, Shared or System?  Do they make their own folder?

  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    edited September 2019

    Hi Nigel,

    The Agent Procedures should appear under the Shared folders in a folder called Security Audit Report v_2 that gets created. Try checking again after you login again to VSA. I'm curious the folders didn't refresh. I am looking for an environment to import to see if there is an issue. The reports should be in the same place in Info Center.

    Let me know what you find please.

    Thanks,

    Sidney

  • Nigel Burt
    Nigel Burt Member
    edited September 2019

    Hi Sidney,

    The Report shows up in the correct place under reports in the Info centre, but the Security Audit Report folder does not get created in our Shared Scripts.  I will try creating that folder and then rerunning the import to see what happens.

    Thanks for your help

    Nigel

  • Nigel Burt
    Nigel Burt Member
    edited September 2019

    No luck unfortunately.  Tried a few combinations of the folder name and manually adding share permission for Master users etc.  Still no sign of the Agent procedures showing up.

    One point is that I did accidentally try to import the procedures once before I had added in all of the required Custom Fields.  Not sure if that would cause the import to fail on subsequent attempts after all the Custom Fields were set up.

  • Grady Parker
    Grady Parker Member
    edited July 2020

    Hello

    i was able to get the set installed no problems i was bale to assign the policy to my test machine. the question i have is how do you view the report? i go into the reports section of VSA i see the 2 reports but nothing listed.


  • DmitrijKondrasov
    DmitrijKondrasov Member, Managed Service Provider
    edited April 2021

    Report stopped working:



    There was an error generating your report. Please refer to item 304612600200163 for additional diagnostic information. There was an error during the render phase of the report generation. There was an error generating the document Security Audit Report 2.0 There was an error generating the document Security Audit Report 2.0 An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ProcessingAbortedException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot read the next data row for the dataset dsb8bff11856224d5689ccc57f541388c8. ---> System.Exception: For more information about this error navigate to the report server on the local server machine, or enable remote errors An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ProcessingAbortedException: An error has occurred during report processing. ---> Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot read the next data row for the dataset dsb8bff11856224d5689ccc57f541388c8. ---> System.Exception: For more information about this error navigate to the report server on the local server machine, or enable remote errors

  • Nathan Clark
    Nathan Clark Member CHOCOLATE MILK

    When I try to import the XML file I receive the following error.

    • File was not uploaded due to incorrectly formatted XML. Please export the content to a new XML file and try again.


  • Gene Berkinsky
    Gene Berkinsky Member CHOCOLATE MILK

    Sidney,

    Where can I find the latest version of the your Security Audit Report and is there a trick to importing with all the new security or has that been resolved. I am looking to see which machines are in legacy mode as well as which UEFI machines don't have Secure Boot enabled.

    Thanks,

    Gene

  • wlambert
    wlambert Member, Managed Service Provider CHOCOLATE MILK

    Hello Sidney,

    I set this up on our system. I created the custom fields, imported the xml, and created and scheduled policies. When scheduling policies, I put in the time (10:00 AM), save it, and it immediately resorts to 6:00 PM. If I set the schedule to use agent time, it bumps it up to 2:00 PM. Changing the time settings in the System module has no effect. This is he only Agent Procedure doing this. Do you have any idea what could be the problem?

    Thanks,

    --Hank

  • wlambert
    wlambert Member, Managed Service Provider CHOCOLATE MILK

    Hello Sidney,

    I set this up on our system. I created the custom fields, imported the xml, and created and scheduled policies. When scheduling policies, I put in the time (10:00 AM), save it, and it immediately resorts to 6:00 PM. If I set the schedule to use agent time, it bumps it up to 2:00 PM. Changing the time settings in the System module has no effect. This is he only Agent Procedure doing this. Do you have any idea what could be the problem?

    Thanks,

    --Hank

  • Sidney Sahdala
    Sidney Sahdala Member, Kaseya Certified, Kaseyan, Kaseya Staff

    KASEYAN

    Hi Heiko,

    That line has a PowerShell command, can you copy the command ((Get-WindowsFeature -Name BitLocker).InstallState) and go to that server and run it in PowerShell with elevated privileges please? See if you are getting an error. That line test to see if the BitLocker Feature is installed. It sounds like it is failing, and it could be that the OS is too old. Which version of the OS is it?

    Thanks,

    Sidney

Categories

Join The Community

Weekly Leaderboard