You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

Windows Compliance

Verify Trust Root Certificate Authorities installed or remove certificates, hosts file, SMB configuration, NTLM level on any device and Windows Security Center status.

Description

Retrieve an unique fingerprint from installed Trust Root Certificate Authorities, HOSTS file, Samba configuration and LAN Manager Authentication level to ensure if devices are in accordance with company policy, current status of Windows Security Center components. Delete unwanted certificates from Trust Root Certificate Authorities.

Script Disable SMB1

  • Version 1.0.1.0 – Fixed error when getting unexpected SMB status from the system
  • Version 1.0.0.0 – Initial release

Script Description

ADVANCED SCRIPT
Disables SMB1 network protocol and prints script execution result in ‘Execution status details’ field. The script is designed for Windows 10 and 7.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

ID Label Description
1 Campaign Id UID of the Disable SMB1 campaign. It informs user that their device should be manually rebooted to apply system changes

Outputs

None.

Further Information

Before disabling SMB1 network protocol, confirm that devices in your network are not actively using it. Device reboot is required to disable SMB1 protocol. The script informs user, using campaign, that the device should be manually rebooted.

Script Get SMB1 Status

  • Version 1.0.0.0 – Initial release

Script Description

Obtains SMB1 network protocol status and prints it in ‘Execution status details’ field. The script is designed for Windows 10 and 7.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

None.

Further Information

Before disabling SMB1 network protocol, confirm that devices in your network are not actively using it. SMB1 network protocol is enabled on all Windows 7 editions and Windows 10 releases before 1709. SMB1 protocol can be disabled by GPO setting or Nexthink Act script ‘Disable-SMB1’.

Script Get Windows Security Center Health Status

  • Version 1.0.0.0 – Initial release

Script Description

Returns information about health status of Windows Security Center components, that includes Firewall, AutoUpdate,
AntiVirus, AntiSpyware, InternetSettings, UserAccountControl and Windows Security Center monitoring service. Possible values are:
* Good – Does not require attention,
* Poor – Device could be at risk,
* NotMonitored – Not monitored by Windows Security Center,
* Snooze – Indicates Windows Security Center is not actively protecting device.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

ID Label Type Description
1 Anti Spyware Status String The aggregation of all anti-spyware products for target device
2 Anti Virus Status String The aggregation of all antivirus products for target device
3 Auto Update Status String The automatic update settings for target device
4 Firewall Status String The aggregation of all firewalls for target device
5 Internet Settings Status String The settings that restrict the access of web sites in each of the Internet zones for target device
6 User Account Control Status String The User Account Control settings for target device
7 Security Center Service Status String The running state of the Windows Security Center service on target device

Script Get NTLM Authentication Level

  • Version 1.0.0.0 – Initial release

Script Description

Retrieves the NTLM authentication level to verify if devices are using NTLMv2 authentication.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

None.

Further Information

The Network security: NTLM authentication level setting determines which challenge/response authentication protocol is used for network logons.
Check the possible list of security levels and their behavior here.

Script HOSTS file integrity check

  • Version 1.0.0.0 – Initial release

Script Description

Returns the hash of the HOSTS file, as well as a list containing all entries.
Useful for retrieving a unique fingerprint from all devices to ensure that the HOSTS file is in accordance with company policy.
A Finder investigation should be used to compare the retrieved fingerprints against that of a known, trusted device.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

ID Label Type Description
1 Hosts File Entries Hash String Hash of the HOSTS file
2 Hosts File Entries StringList List of entries of the HOSTS file

Script Trusted Root Certification Authorities certificate store integrity check

  • Version 2.0.0.0 – Included new output fields with the list of thumbprints
  • Version 1.0.0.0 – Initial release

Script Description

Returns the hash of the Trusted Root Certification Authorities certificate store, as well as a list containing all their thumbprints.
Useful for retrieving a unique fingerprint from all devices to ensure that the installed Trust Root Certificate Authorities are in accordance with company policy.
A Finder investigation should be used to compare the retrieved fingerprints against that of a known, trusted device.

Execution context and suggested scheduling

Run the script as interactive user. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

None.

Outputs

ID Label Type Description
1 Root CAs Hash String Hash of the Trusted Root Certification Authorities certificate store
2 Root CAs Thumbprints StringList List of thumbprints for the Trusted Root Certification Authorities
3 Other Root CAs Thumbprints StringList Continuation list of thumbprints (used only if character count exceeded 1020)

Script Remove Certificates

  • Version 1.0.0.0 – Initial release

Script Description

Deletes a specific certificate based on a thumbprint provided by the user in order to avoid badly deployed certificates.

Execution context and suggested scheduling

Run the script as local system. The script should be executed manually.

A timeout of 120 seconds is recommended.

Parameters

ID Label Description
1 Thumbprint Thumbprint

Outputs

None.

Further Information

DISCLAIMER – The removal of certain key CAs could potentially harm your machine. Use with caution.

Content

Campaigns
Remote Actions

Required Modules

Nexthink Act
Nexthink Engage

Platforms

Windows

Compatibility

V6.14 and later
Thank you!