RE: How to determine if the latest securiy updates are installed (

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

To complete this post, here's my script (perhaps it is useful for someone?!)

'-----------------------------------------------
' RQScript.vbs - Remote Access Quarantine Script
'
' Version 1.0 (2006-03-22)
' Zemp Dominik / zemp.dominik@xxxxxxxxxxxxxxxxxxx
'
' Checks security configuration of the client computer:
'
' - Internet Connection Firewall (ICF) must be enabled on all connections
' - Anti-Virus solution must be installed, the On Access Scanning must be
enabled and the product (signature) must be up to date
' - Windows Update must have been performed within the last 30 days.
'
'-----------------------------------------------
'
' Remote Access Quarantine process:
'
' 1. After the remote access connection is created, quarantine restrictions
apply.
'
' 2. The CM profile calls this script as post-connect action. It passes 4
parameters:
' - DialRasEntry TunnelRasEntry Domain UserName
'
' 3. The script verifies the security configuration of the client computer.
'
' 4a. If the security configuration does NOT comply with the security policy,
' the remote access connection will time-out.
'
' 4b. If the security configuration DOES comply with the security policy,
' the script calls RQC.exe. It passes 6 parameters:
' - DialRasEntry TunnelRasEntry TCP-port(7250) Domain UserName
Script-ID
'
' 5. RQC.exe on the client calls RQS.exe on the RRAS server on port 7250.
' It passes the parameters.
'
' 6. RQS.exe notifies the remote access service to remove the quarantine
restrictions.
'
'--------------------

Option Explicit

Const RQScript_ID = "RQVersion1" 'must match AllowedSet registry
value at server
Const RQScript_Title = "Remote Access Quarantine"
Const RQ_Notifier = "RQC.exe"
Const RQ_TCPport = 7250

Main

Sub Main
'-------
Dim reply, msg

If VerifyClientConfig Then

reply = CallRQNotifier 'remove quarantine restrictions

Select Case reply
Case 0 msg = "You are granted access."
Case 1 msg = "ERROR - cannot contact RQS.exe."
Case 2 msg = "ERROR - unknown script identifier."
Case Else msg = "ERROR - unknown failure."
End Select

Msgbox "Security Check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer" & chr(13) & _
"meets the remote access security policy." & chr(13) & _
"" & chr(13) & _
msg & chr(13) & _
"", vbInformation + vbOKOnly, RQScript_Title

Else
Msgbox "Security Check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer does NOT meet the
remote access security policy:" & chr(13) & _
"" & chr(13) & _
"- Internet Connection Firewall (ICF) must be enabled on all
connections." & chr(13) & _
"- Anti-Virus solution must be installed, the On Access Scanning
must be enabled and the signature must be up to date." & chr(13) & _
"- Windows Update must have been performed within the last 30
days." & chr(13) & _
"" & chr(13) & _
"The connection will be dropped." & chr(13) & _
"", vbExclamation + vbOKOnly, RQScript_Title
End If
End Sub


Function VerifyClientConfig
'--------------------------
' Returns true if client computer configuration passed all checks

Dim secure, status
status = True

'check 1: test if ICF is enabled
secure = Check_IsICFEnabled

If secure = False Then
status = False
End If

'check 2: test if Anti-Virus solution is installed
secure = Check_IsAntiVirusInstalled

If secure = False Then
status = False
End If

'check 3: test if On Access Scanning is enabled
secure = Check_IsOnAccessScanningEnabled

If secure = False Then
status = False
End If

'check 4: test if Anti-Virus signature is up to date
secure = Check_IsSignatureUpToDate

If secure = False Then
status = False
End If

'check 5: test if Windows Update have been performed within the last 30 days
secure = Check_IsWindowsUpdateUpToDate

If secure = False Then
status = False
End If

VerifyClientConfig = status
End Function


Function Check_IsICFEnabled
'--------------------------
' Returns true if all connections are firewalled

Const ProgID_NetConLib = "HNetCfg.HNetShare.1" 'hnetcfg.dll
Const NCM_Tunnel = 5 'Mediatype=VPN

Dim connmgr, connlist, conn, connProps, connConfig, allFw, Err

allFw = True

On Error Resume Next
Set connmgr = CreateObject(ProgID_NetConLib)
Set connlist = connmgr.EnumEveryConnection

If Err = 0 Then
For Each conn In connlist
Set connProps = connmgr.NetConnectionProps(conn)
Set connConfig =
connmgr.INetSharingConfigurationForINetConnection(conn)

allFw = allFw and connConfig.InternetFirewallEnabled
Next
Else
Err.Clear
WScript.Echo "Unable to get the connection properties" & chr(13) & _
" Error Number:" & Err.Number & chr(13) & _
" Source:" & Err.Source & chr(13) & _
" Description:" & Err.Description

End If

Check_IsICFEnabled = allFw
End Function


Function Check_IsAntiVirusInstalled
'----------------------------------
' Returns true if a Anti-Virus solution is installed

Dim oWMI, colItems, Err, installed, objAntiVirusProduct, strComputer

installed = False
strComputer = "."

On Error Resume Next
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComputer & "\root\SecurityCenter")
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

If Err = 0 Then
For Each objAntiVirusProduct In colItems
If objAntiVirusProduct.displayName <> "" Then
installed = True
End If
Next

Else
Err.Clear
WScript.Echo "Unable to connect to SecurityCenter class" & chr(13) & _
" Error Number:" & Err.Number & chr(13) & _
" Source:" & Err.Source & chr(13) & _
" Description:" & Err.Description
End If

Check_IsAntiVirusInstalled = installed
End Function


Function Check_IsOnAccessScanningEnabled
'---------------------------------------
' Returns true if the On Access Scanning is enabled

Dim oWMI, colItems, Err, objAntiVirusProduct, enabled, strComputer

enabled = False
strComputer = "."

'On Error Resume Next
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComputer & "\root\SecurityCenter")
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

If Err = 0 Then
For Each objAntiVirusProduct In colItems
If objAntiVirusProduct.onAccessScanningEnabled <> "" Then
enabled = objAntiVirusProduct.onAccessScanningEnabled
End If
Next

Else
Err.Clear
WScript.Echo "Unable to connect to SecurityCenter class" & chr(13) & _
" Error Number:" & Err.Number & chr(13) & _
" Source:" & Err.Source & chr(13) & _
" Description:" & Err.Description
End If

Check_IsOnAccessScanningEnabled = enabled
End Function


Function Check_IsSignatureUpToDate
'---------------------------------
' Returns true if the signature is up to date

Dim oWMI, colItems, Err, objAntiVirusProduct, upToDate, strComputer

upToDate = False
strComputer = "."

On Error Resume Next
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComputer & "\root\SecurityCenter")
Set colItems = oWMI.ExecQuery("Select * from AntiVirusProduct")

If Err = 0 Then
For Each objAntiVirusProduct In colItems
If objAntiVirusProduct.productUptoDate <> "" Then
upToDate = objAntiVirusProduct.productUptoDate
End If
Next

Else
Err.Clear
WScript.Echo "Unable to connect to SecurityCenter class" & chr(13) & _
" Error Number:" & Err.Number & chr(13) & _
" Source:" & Err.Source & chr(13) & _
" Description:" & Err.Description
End If

Check_IsSignatureUpToDate = upToDate
End Function


Function Check_IsWindowsUpdateUpToDate
'-------------------------------------
' Returns true if Windows Update have been performed within the last 30 days

Dim objSession, objSearcher, colHistory, objEntry, Err, upToDate, updateDate

upToDate = False

On Error Resume Next
Set objSession = CreateObject("Microsoft.Update.Session")
Set objSearcher = objSession.CreateUpdateSearcher

Set colHistory = objSearcher.QueryHistory(1, 1)

If Err = 0 Then
For Each objEntry in colHistory
updateDate = objEntry.Date

If DateDiff("d", updateDate, Now) <= 30 Then
upToDate = True
End If
Next

Else
Err.Clear
WScript.Echo "Unable to connect to Microsoft.Update.Session" &
chr(13) & _
" Error Number:" & Err.Number & chr(13) & _
" Source:" & Err.Source & chr(13) & _
" Description:" & Err.Description
End IF

Check_IsWindowsUpdateUpToDate = upToDate
End Function


Function CallRQNotifier
'----------------------
' CallRQNotifier calls RQC.exe to signal security policy compliance
' returns the RQC.exe return code:
' -1=rqc.exe not found / 0=success / 1=rqs.exe not found / 2=unknown
script id

Const runMinimized = 7 'run in minimized window
Const runWaitOnReturn = true 'wait on return

Dim wsh, fso, ScriptPath, reply
Set wsh = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

ScriptPath = fso.GetFile(WScript.ScriptFullname).ParentFolder

' reply = wsh.Run( QQ(scriptpath & "\" & RQ_Notifier) & " " & "/conn" & " " _
' & QQ(GetArg(1)) & " " & QQ(GetArg(2)) & " " & RQ_TCPport &
" " _
' & QQ(GetArg(3)) & " " & QQ(GetArg(4)) & " " &
QQ(RQScript_ID), _
' runMinimized, runWaitOnReturn )

reply = wsh.Run(QQ(scriptpath & "\" & RQ_Notifier) & " /conn " &
QQ(GetArg(2)) & " /user " & QQ(GetArg(4)) & " /port " & RQ_TCPport & " /sig "
& QQ(RQScript_ID), runMinimized, runWaitOnReturn)

CallRQNotifier = reply
End Function


'---------------------
' Library
'---------------------

Function QQ(s)
'------------
' Returns s with double quotes "s"

QQ = chr(34) & s & chr(34)
End Function

Function GetArg(i)
'-----------------
' Returns argument i, or "" if argument i is not present

If WScript.Arguments.Count < i Then
GetArg = ""
Else
GetArg = WScript.Arguments(i-1)
End If
End Function

"Zemp Dominik" wrote:

Hmmmm.... but this method isn't very useful for the ISA VPN quarantine (RQS)?!

Dominik

"Umesh Thakur" wrote:

You do not need to install it on every client. just install it on a PC (your
XP box) and scan any particular computer for updates!

MBSA Allows you to remotely scan selected computer/range of computers for
missing security updates and misconfigurations.

---
Umesh

"Old programmers never die. They just terminate and stay resident."



"Zemp Dominik" wrote:

Hi

Thank you... but, is there no solution without any installation
requirements? I don't wanna install the MBSA on all clients.

Regards
Dominik

"Umesh Thakur" wrote:

MBSA can help you, to find it out:
http://www.microsoft.com/technet/security/tools/mbsa2/default.mspx

You can also download MBSA scripting samples from here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3B64AC19-3C9E-480E-B0B3-6B87F2EE9042

You can also look under "Security Update Detection Solutions" at following
link:
http://www.microsoft.com/technet/security/tools/default.mspx

---
Umesh

"Old programmers never die. They just terminate and stay resident."



"Zemp Dominik" wrote:

Hi

I search (need) a VBScript for the ISA VPN quarantine to determine, if the
latest security updates are installed on the VPN client (only Windows XP SP2).

How can I do this? Can I 'ask' the Security Center to retrieve the status?

Thanks and Regards
Dominik
.

Quantcast