Option Explicit Dim arrOSVer Dim blnDomainMember, blnWFwEnabled, blnWUAUServ, blnWUOK Dim dtmLastCheck Dim intLC, intLD, intLI, intMonth, intToday, lngProductState Dim colItems, objFSO, objItem, objReg, objWMIService, wshShell Dim strComputer, strLastBoot, strLastCheck, strLastDownload Dim strLastInstall, strLB, strMsg, strProductName, strProductPath Dim strRegKey, strProductVersion, strTmpMsg, strWUMsg Const HKLM = &H80000002 blnWUOK = True With WScript.Arguments If .Named.Count > 0 Then If .Named.Exists( "?" ) And .Named.Count = 1 Then Syntax "" Else Syntax "Invalid command line switches" End If End If If .Unnamed.Count > 1 Then Syntax "Invalid number of command line arguments" End If If .Unnamed.Count = 1 Then strComputer = UCase( .Unnamed(0) ) Else strComputer = "." End If End With Set objFSO = CreateObject( "Scripting.FileSystemObject" ) Set wshShell = CreateObject( "WScript.Shell" ) ' First check the OS version: Vista (6.0) is the minimum required Set objWMIService = GetObject( "winmgmts://" & strComputer & "/root/cimv2" ) Set colItems = objWMIService.ExecQuery( "Select * from Win32_OperatingSystem", , 48 ) For Each objItem in colItems ' Read and store date and time of last boot strLB = Left( objItem.LastBootUpTime, 14 ) strLastBoot = Left( strLB, 4 ) & "-" & Mid( strLB, 5, 2 ) & "-" _ & Mid( strLB, 7, 2 ) & " " & Mid( strLB, 9, 2 ) & ":" _ & Mid( strLB, 11, 2 ) & ":" & Mid( strLB, 13, 2 ) ' Read and check Windows version arrOSVer = Split( objItem.Version, "." ) If arrOSVer(0) < 5 Then Syntax "This script requires Windows Vista or later." & vbCrLf _ & vbtab & "OS version detected: " & objItem.Caption & " SP " _ & objItem.ServicePackMajorVersion & "." _ & objItem.ServicePackMinorVersion & "." End If If arrOSVer(0) < 6 Then Syntax "SecStat2.vbs requires Windows Vista or later." & vbCrLf _ & vbtab & "OS version detected: " & objItem.Caption & " SP " _ & objItem.ServicePackMajorVersion & "." _ & objItem.ServicePackMinorVersion & vbCrLf _ & vbTab & "For Windows XP SP2 or SP3 use SecStat.vbs instead of SecStat2.vbs" End If Next ' Check if the computer is a domain member Set colItems = objWMIService.ExecQuery( "Select * from Win32_ComputerSystem" ) For Each objItem in colItems blnDomainMember = CBool( objItem.PartOfDomain ) Next ' Check if Windows Update service is running Set colItems = objWMIService.ExecQuery( "Select * From Win32_Service Where Name='wuauserv'", , 48 ) For Each objItem in colItems blnWUAUServ = ( objItem.State = "Running" ) Next ' Custom error handling is required, since many properties to be queried may be invalid for the installed security products On Error Resume Next ' Connect to the local or remote SecurityCenter through WMI Set objWMIService = GetObject( "winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/SecurityCenter2" ) If Err Then If strComputer = "." Then Syntax "Could not connect to SecurityCenter2" Else Syntax "Could not connect to SecurityCenter2 on " & strComputer End If End If ' Query the installed AntiVirus product strMsg = vbCrLf & "AntiVirus:" & vbCrLf If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "==========" Set colItems = objWMIService.ExecQuery( "SELECT * FROM AntiVirusProduct" ) If Err Then strMsg = strMsg & vbCrLf & "No AntiVirus product detected by WMI" ElseIf colItems.Count = 0 Then strMsg = strMsg & vbCrLf & "No AntiVirus product detected by WMI" End If For Each objItem in colItems With objItem strProductName = .displayName strProductPath = wshShell.ExpandEnvironmentStrings( .pathToSignedProductExe ) strProductVersion = objFSO.GetFileVersion( strProductPath ) lngProductState = CLng( .productState ) strMsg = strMsg & vbCrLf & strProductName & ", Version " & strProductVersion strTmpMsg = "Warning: unable to determine on-access scanning status!" If ( lngProductState And &H001000& ) = &H001000& Then strTmpMsg = "On-access scanning is enabled" Else strTmpMsg = "Warning: on-access scanning is disabled!" End If strMsg = strMsg & vbCrLf & strTmpMsg strTmpMsg = "Warning: unable to determine whether virus definitions are up-to-date or not!" If ( lngProductState And &H000010& ) = 0 Then strTmpMsg = "Virus definitions are up-to-date" Else strTmpMsg = "Warning: virus definitions are NOT up-to-date!" End If strMsg = strMsg & vbCrLf & strTmpMsg End With strMsg = strMsg & vbCrLf Next ' Query the installed AntiSpyware product strMsg = strMsg & vbCrLf & "AntiSpyware:" & vbCrLf If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "============" Set colItems = objWMIService.ExecQuery( "SELECT * FROM AntiSpywareProduct" ) If Err Then strMsg = strMsg & vbCrLf & "No AntiSpyware product detected by WMI" ElseIf colItems.Count = 0 Then strMsg = strMsg & vbCrLf & "No AntiSpyware product detected by WMI" End If For Each objItem in colItems With objItem strProductName = .displayName strProductPath = wshShell.ExpandEnvironmentStrings( .pathToSignedProductExe ) strProductVersion = objFSO.GetFileVersion( strProductPath ) lngProductState = CLng( .productState ) strMsg = strMsg & vbCrLf & strProductName & ", Version " & strProductVersion strTmpMsg = "Warning: unable to determine on-access scanning status!" If ( lngProductState And &H001000& ) = &H001000& Then strTmpMsg = "On-access scanning is enabled" Else strTmpMsg = "Warning: on-access scanning is disabled!" End If strMsg = strMsg & vbCrLf & strTmpMsg strTmpMsg = "Warning: unable to determine whether malware definitions are up-to-date or not!" If ( lngProductState And &H000010& ) = 0 Then strTmpMsg = "Malware definitions are up-to-date" Else strTmpMsg = "Warning: malware definitions are NOT up-to-date!" End If strMsg = strMsg & vbCrLf & strTmpMsg End With strMsg = strMsg & vbCrLf Next ' Query the installed Firewall product strMsg = strMsg & vbCrLf & "Firewall:" & vbCrLf If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "=========" Set colItems = objWMIService.ExecQuery( "SELECT * FROM FirewallProduct" ) If Err Then strMsg = strMsg & vbCrLf & "No third party firewall detected by WMI" ElseIf colItems.Count = 0 Then strMsg = strMsg & vbCrLf & "No third party firewall detected by WMI" End If For Each objItem in colItems With objItem strProductName = .displayName strProductVersion = objFSO.GetFileVersion( .pathToSignedProductExe ) lngProductState = CLng( .productState ) strMsg = strMsg & vbCrLf & strProductName & ", Version " & strProductVersion strTmpMsg = "Warning: unable to determine whether third party firewall is enabled or not!" If ( lngProductState And &H010000& ) = &H001000& Then strTmpMsg = "Third party firewall is enabled" Else strTmpMsg = "Warning: third party firewall is disabled!" End If strMsg = strMsg & vbCrLf & strTmpMsg End With strMsg = strMsg & vbCrLf Next strRegKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\" If blnDomainMember Then strRegKey = strregkey & "DomainProfile" Else strRegKey = strregkey & "StandardProfile" End If strRegKey = strregkey & "\EnableFirewall" blnWFwEnabled = ( wshShell.RegRead( strRegKey ) = 1 ) If Err Then strTmpMsg = "Warning: unable to determine whether Windows Firewall is enabled or not!" Else If blnWFwEnabled Then strTmpMsg = "Windows Firewall is enabled" Else strTmpMsg = "Warning: Windows Firewall is disabled!" End If End If strMsg = strMsg & vbCrLf & strTmpMsg strMsg = strMsg & vbCrLf & vbCrLf & "Windows Update:" & vbCrLf If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "===============" ' Check if the Windows Update service is running If blnWUAUServ Then strMsg = strMsg & vbCrLf & "Windows Update Service is active" Else strMsg = strMsg & vbCrLf & "Warning: Windows Update Service NOT active!" blnWUOK = False End If ' Windows Update results are read from the registry Set objReg = GetObject( "winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/default:StdRegProv" ) strRegKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\" ' Read the time and date of the last successful download objReg.GetStringValue HKLM, strRegKey & "Download", "LastSuccessTime", strLastDownload strWUMsg = vbCrLf & "Last Download : " & strLastDownload ' Convert the time and date string to a long integer intLD = Left( strLastDownload, 10 ) intLD = Replace( IntLD, " ", "" ) intLD = Replace( intLD, "-", "" ) intLD = Replace( intLD, ":", "" ) intLD = CLng( intLD ) ' Read the time and date of the last successful install objReg.GetStringValue HKLM, strRegKey & "Install", "LastSuccessTime", strLastInstall strWUMsg = strWUMsg & vbCrLf & "Last Install : " & strLastInstall ' Convert the time and date string to a long integer intLI = Left( strLastInstall, 10 ) intLI = Replace( intLI, " ", "" ) intLI = Replace( intLI, "-", "" ) intLI = Replace( intLI, ":", "" ) intLI = CLng( intLI ) ' Insert the line with the last reboot date and time strWUMsg = strWUMsg & vbCrLf & "Last Reboot : " & strLastBoot ' Read the time and date of the last successful check for new updates objReg.GetStringValue HKLM, strRegKey & "Detect", "LastSuccessTime", strLastCheck strWUMsg = strWUMsg & vbCrLf & "Last Check : " & strLastCheck ' Convert the time and date string to a long integer intLC = Left( strLastCheck, 10 ) dtmLastCheck = CDate( intLC ) On Error Goto 0 ' WU check includes the following requirements: ' * Automatic Updates service must be running ' * last successful download must be BEFORE last successful install ' * last reboot must be AFTER last successful install ' * last check must be no more than 7 days ago ' If any of these tests fails, all intermediate results will be displayed, ' if all tests are passed, a brief summary will be displayed If intLD > intLI Then strWUMsg = strWUMsg & vbCrLf & "Warning: last install was unsuccessful!" blnWUOK = False End If If DateDiff( "d", dtmLastCheck, Now ) > 7 Then strWUMsg = strWUMsg & vbCrLf & "Warning: the last check was " & DateDiff( "d", dtmLastCheck, Now ) & " days ago!" blnWUOK = False End If If CLng( Left( strLB, 8 ) ) < intLI Then strWUMsg = strWUMsg & vbCrLf & "Warning: a reboot is required!" blnWUOK = False End If ' Forget the intermediate results if everything turns out OK If blnWUOK Then strWUMsg = vbCrLf & "Windows Update reports: everything OK" WScript.Echo strMsg & strWUMsg Set objFSO = Nothing Set objReg = Nothing Set colItems = Nothing Set objWMIService = Nothing Set wshShell = Nothing Sub Syntax( myMsg ) If myMsg <> "" Then strMsg = vbcrlf & "Error:" & vbTab & myMsg & vbCrLf Else strMsg = "" End If strMsg = strMsg & vbCrLf _ & "SecStat2.vbs, Version 1.01 for Windows Vista and later" _ & vbCrLf _ & "Display a SecurityCenter2 and Windows Update status overview for any computer" _ & vbCrLf & vbCrLf _ & "Usage: " & vbTab & "SECSTAT.VBS" & vbTab & "[ computer ]" _ & vbCrLf & vbCrLf _ & "Where: " & vbTab & """computer""" & vbTab & "is an optional remote computer name" _ & vbCrLf _ & " " & vbTab & vbTab & vbTab & "(default is the local computer)" _ & vbCrLf & vbCrLf _ & "Credits:" & vbTab & "Inspired by a blog entry on neophob.com:" _ & vbCrLf _ & " " & vbTab & "http://neophob.com/2010/03/#post-154" _ & vbCrLf & vbCrLf _ & "Use WBEMTEST.EXE (or WMIGEN.HTA) to find all properties for specific products." _ & vbCrLf & vbCrLf _ & "Written by Rob van der Woude" _ & vbCrLf _ & "http://www.robvanderwoude.com" WScript.Echo strMsg WScript.Quit 1 End Sub