129 lines
4.9 KiB
Plaintext
129 lines
4.9 KiB
Plaintext
|
Option Explicit
|
||
|
|
on error resume next
|
||
|
|
Dim objShell, key, ipsecName, objADsDomain, strADsPath, objADs, objADs2, ScriptHost, objRegister, strComputer, ArgObj, wbemComputerSystem, wbemObjectSet, wbemObject, Domain, ds_policy_path
|
||
|
|
|
||
|
|
const ERROR_NOREGKEY = -2147024894
|
||
|
|
const DOMAIN_IPSEC_VERSION_OBJECT_DN = "CN=ipsecFilter{aa3d274e-da18-45c9-907d-9f6ba31ae361},CN=IP Security,CN=System,"
|
||
|
|
const LOCAL_IPSEC_VERSION_KEY = "SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Cache\ipsecFilter{aa3d274e-da18-45c9-907d-9f6ba31ae361}"
|
||
|
|
const DS_IPSEC_PATH_KEY = "SOFTWARE\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy"
|
||
|
|
|
||
|
|
Const HKEY_LOCAL_MACHINE = &H80000002
|
||
|
|
|
||
|
|
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
' Make sure we're running from cscript instead of wscript
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
ScriptHost = WScript.FullName
|
||
|
|
ScriptHost = Right(ScriptHost, Len(ScriptHost) - InStrRev(ScriptHost, "\"))
|
||
|
|
|
||
|
|
If (UCase(ScriptHost) = "WSCRIPT.EXE") Then
|
||
|
|
WScript.Echo "This script does not work with WScript."
|
||
|
|
WScript.Echo "To run this script using CScript, type: ""CScript.exe " & WScript.ScriptName & " [target]"""
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
|
||
|
|
''''''''''''''''''''''''''''''''
|
||
|
|
' Get the computer name to check
|
||
|
|
''''''''''''''''''''''''''''''''
|
||
|
|
Set ArgObj = WScript.Arguments
|
||
|
|
If ArgObj.Count > 1 Then
|
||
|
|
WScript.Echo "To run this script using CScript, type: ""CScript.exe " & WScript.ScriptName & " [target]"""
|
||
|
|
wscript.quit
|
||
|
|
WScript.Quit
|
||
|
|
End If
|
||
|
|
|
||
|
|
if ArgObj.Count = 1 Then
|
||
|
|
strComputer = ArgObj.Item(0)
|
||
|
|
else
|
||
|
|
strComputer = "localhost"
|
||
|
|
End If
|
||
|
|
|
||
|
|
|
||
|
|
''''''''''''''''''''''''''''''''
|
||
|
|
' Get the domain of the computer
|
||
|
|
''''''''''''''''''''''''''''''''
|
||
|
|
Set wbemComputerSystem = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer)
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
Set wbemObjectSet = wbemComputerSystem.InstancesOf("Win32_ComputerSystem")
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
For Each wbemObject In wbemObjectSet
|
||
|
|
domain = wbemObject.Domain
|
||
|
|
Next
|
||
|
|
|
||
|
|
|
||
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
' Get the version information from the computer's registry
|
||
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
Set objRegister = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
objRegister.GetStringValue HKEY_LOCAL_MACHINE, LOCAL_IPSEC_VERSION_KEY, "ipsecName", ipsecName
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
' wscript.echo strComputer & ": Local version: " & ipsecName
|
||
|
|
|
||
|
|
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
' Get the version information from the Active Directory
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
Set objADsDomain = GetObject("LDAP://" & domain)
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
strADsPath = "LDAP://" & domain & "/" & DOMAIN_IPSEC_VERSION_OBJECT_DN & objADsDomain.distinguishedName
|
||
|
|
Set objADs = GetObject(strADsPath)
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
' wscript.echo strComputer & ": Domain version: " & objADs.ipsecName
|
||
|
|
|
||
|
|
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
' Get the policy name from the Active Directory
|
||
|
|
'''''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
Set objRegister = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
objRegister.GetStringValue HKEY_LOCAL_MACHINE, DS_IPSEC_PATH_KEY, "DSIPSECPolicyPath", ds_policy_path
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
|
||
|
|
strADsPath = "LDAP://" & domain & "/" & MID(ds_policy_path, 8)
|
||
|
|
Set objADs2 = GetObject(strADsPath)
|
||
|
|
if Err.Number <> 0 then
|
||
|
|
wscript.echo strComputer & ": Error # " & CStr(Err.Number) & " " & Err.Description
|
||
|
|
wscript.quit
|
||
|
|
end if
|
||
|
|
wscript.echo strComputer & ": " & objADs2.ipsecName
|
||
|
|
|
||
|
|
|
||
|
|
''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
' Compare local vs Active Directory versions
|
||
|
|
''''''''''''''''''''''''''''''''''''''''''''
|
||
|
|
if ipsecName = objADs.ipsecName then
|
||
|
|
wscript.echo strComputer & ": IPsec policy is up-to-date."
|
||
|
|
else
|
||
|
|
wscript.echo strComputer & ": IPsec policy is not up-to-date."
|
||
|
|
end if
|