Rob van der Woude's Scripting Pages
Powered by GeSHi

Source code for secstat2.vbs

(view source code of secstat2.vbs as plain text) 

  1. Option Explicit
  2.  
  3. Dim arrOSVer
  4. Dim blnDomainMember, blnWFwEnabled, blnWUAUServ, blnWUOK
  5. Dim dtmLastCheck
  6. Dim intLC, intLD, intLI, intMonth, intToday, lngProductState
  7. Dim colItems, objFSO, objItem, objReg, objWMIService, wshShell
  8. Dim strComputer, strLastBoot, strLastCheck, strLastDownload
  9. Dim strLastInstall, strLB, strMsg, strProductName, strProductPath
  10. Dim strRegKey, strProductVersion, strTmpMsg, strWUMsg
  11.  
  12. Const HKLM = &H80000002
  13.  
  14. blnWUOK  = True
  15.  
  16. With WScript.Arguments
  17. 	If .Named.Count > 0 Then
  18. 		If .Named.Exists( "?" ) And .Named.Count = 1 Then
  19. 			Syntax ""
  20. 		Else
  21. 			Syntax "Invalid command line switches"
  22. 		End If
  23. 	End If
  24. 	If .Unnamed.Count > 1 Then
  25. 		Syntax "Invalid number of command line arguments"
  26. 	End If
  27. 	If .Unnamed.Count = 1 Then
  28. 		strComputer = UCase( .Unnamed(0) )
  29. 	Else
  30. 		strComputer = "."
  31. 	End If
  32. End With
  33.  
  34. Set objFSO   = CreateObject( "Scripting.FileSystemObject" )
  35. Set wshShell = CreateObject( "WScript.Shell" )
  36.  
  37.  
  38. ' First check the OS version: Vista (6.0) is the minimum required
  39. Set objWMIService = GetObject( "winmgmts://" & strComputer & "/root/cimv2" )
  40. Set colItems      = objWMIService.ExecQuery( "Select * from Win32_OperatingSystem", , 48 )
  41. For Each objItem in colItems
  42. 	' Read and store date and time of last boot
  43. 	strLB = Left( objItem.LastBootUpTime, 14 )
  44. 	strLastBoot = Left( strLB, 4 )    & "-" & Mid( strLB, 5, 2 )  & "-" _
  45. 	            & Mid( strLB, 7, 2 )  & " " & Mid( strLB, 9, 2 )  & ":" _
  46. 	            & Mid( strLB, 11, 2 ) & ":" & Mid( strLB, 13, 2 )
  47. 	' Read and check Windows version
  48. 	arrOSVer = Split( objItem.Version, "." )
  49. 	If arrOSVer(0) < 5 Then
  50. 		Syntax "This script requires Windows Vista or later." & vbCrLf _
  51. 		     & vbtab & "OS version detected: " & objItem.Caption & " SP " _
  52. 		     & objItem.ServicePackMajorVersion & "." _
  53. 		     & objItem.ServicePackMinorVersion & "."
  54. 	End If
  55. 	If arrOSVer(0) < 6 Then
  56. 		Syntax "SecStat2.vbs requires Windows Vista or later." & vbCrLf _
  57. 		     & vbtab & "OS version detected: " & objItem.Caption & " SP " _
  58. 		     & objItem.ServicePackMajorVersion & "." _
  59. 		     & objItem.ServicePackMinorVersion & vbCrLf _
  60. 		     & vbTab & "For Windows XP SP2 or SP3 use SecStat.vbs instead of SecStat2.vbs"
  61. 	End If
  62. Next
  63.  
  64. ' Check if the computer is a domain member
  65. Set colItems = objWMIService.ExecQuery( "Select * from Win32_ComputerSystem" )
  66. For Each objItem in colItems
  67. 	blnDomainMember = CBool( objItem.PartOfDomain )
  68. Next
  69.  
  70. ' Check if Windows Update service is running
  71. Set colItems = objWMIService.ExecQuery( "Select * From Win32_Service Where Name='wuauserv'", , 48 )
  72. For Each objItem in colItems
  73. 	blnWUAUServ = ( objItem.State = "Running" )
  74. Next
  75.  
  76. ' Custom error handling is required, since many properties to be queried may be invalid for the installed security products
  77. On Error Resume Next
  78.  
  79. ' Connect to the local or remote SecurityCenter through WMI
  80. Set objWMIService = GetObject( "winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/SecurityCenter2" )
  81. If Err Then
  82. 	If strComputer = "." Then
  83. 		Syntax "Could not connect to SecurityCenter2"
  84. 	Else
  85. 		Syntax "Could not connect to SecurityCenter2 on " & strComputer
  86. 	End If
  87. End If
  88.  
  89. ' Query the installed AntiVirus product
  90. strMsg = vbCrLf & "AntiVirus:" & vbCrLf
  91. If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "=========="
  92.  
  93. Set colItems = objWMIService.ExecQuery( "SELECT * FROM AntiVirusProduct" )
  94. If Err Then
  95. 	strMsg = strMsg & vbCrLf & "No AntiVirus product detected by WMI"
  96. ElseIf colItems.Count = 0 Then
  97. 	strMsg = strMsg & vbCrLf & "No AntiVirus product detected by WMI"
  98. End If
  99.  
  100. For Each objItem in colItems
  101. 	With objItem
  102. 		strProductName    = .displayName
  103. 		strProductPath    = wshShell.ExpandEnvironmentStrings( .pathToSignedProductExe )
  104. 		strProductVersion = objFSO.GetFileVersion( strProductPath )
  105. 		lngProductState   = CLng( .productState )
  106. 		strMsg            = strMsg & vbCrLf & strProductName & ",  Version " & strProductVersion
  107. 		strTmpMsg         = "Warning: unable to determine on-access scanning status!"
  108. 		If ( lngProductState And &H001000& ) = &H001000& Then
  109. 			strTmpMsg = "On-access scanning is enabled"
  110. 		Else
  111. 			strTmpMsg = "Warning: on-access scanning is disabled!"
  112. 		End If
  113. 		strMsg    = strMsg & vbCrLf & strTmpMsg
  114. 		strTmpMsg = "Warning: unable to determine whether virus definitions are up-to-date or not!"
  115. 		If ( lngProductState And &H000010& ) = 0 Then
  116. 			strTmpMsg = "Virus definitions are up-to-date"
  117. 		Else
  118. 			strTmpMsg = "Warning: virus definitions are NOT up-to-date!"
  119. 		End If
  120. 		strMsg = strMsg & vbCrLf & strTmpMsg
  121. 	End With
  122. 	strMsg = strMsg & vbCrLf
  123. Next
  124.  
  125. ' Query the installed AntiSpyware product
  126. strMsg = strMsg & vbCrLf & "AntiSpyware:" & vbCrLf
  127. If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "============"
  128.  
  129. Set colItems = objWMIService.ExecQuery( "SELECT * FROM AntiSpywareProduct" )
  130. If Err Then
  131. 	strMsg = strMsg & vbCrLf & "No AntiSpyware product detected by WMI"
  132. ElseIf colItems.Count = 0 Then
  133. 	strMsg = strMsg & vbCrLf & "No AntiSpyware product detected by WMI"
  134. End If
  135.  
  136. For Each objItem in colItems
  137. 	With objItem
  138. 		strProductName    = .displayName
  139. 		strProductPath    = wshShell.ExpandEnvironmentStrings( .pathToSignedProductExe )
  140. 		strProductVersion = objFSO.GetFileVersion( strProductPath )
  141. 		lngProductState   = CLng( .productState )
  142. 		strMsg            = strMsg & vbCrLf & strProductName & ",  Version " & strProductVersion
  143. 		strTmpMsg         = "Warning: unable to determine on-access scanning status!"
  144. 		If ( lngProductState And &H001000& ) = &H001000& Then
  145. 			strTmpMsg = "On-access scanning is enabled"
  146. 		Else
  147. 			strTmpMsg = "Warning: on-access scanning is disabled!"
  148. 		End If
  149. 		strMsg    = strMsg & vbCrLf & strTmpMsg
  150. 		strTmpMsg = "Warning: unable to determine whether malware definitions are up-to-date or not!"
  151. 		If ( lngProductState And &H000010& ) = 0 Then
  152. 			strTmpMsg = "Malware definitions are up-to-date"
  153. 		Else
  154. 			strTmpMsg = "Warning: malware definitions are NOT up-to-date!"
  155. 		End If
  156. 		strMsg = strMsg & vbCrLf & strTmpMsg
  157. 	End With
  158. 	strMsg = strMsg & vbCrLf
  159. Next
  160.  
  161. ' Query the installed Firewall product
  162. strMsg = strMsg & vbCrLf & "Firewall:" & vbCrLf
  163. If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "========="
  164.  
  165. Set colItems = objWMIService.ExecQuery( "SELECT * FROM FirewallProduct" )
  166. If Err Then
  167. 	strMsg = strMsg & vbCrLf & "No third party firewall detected by WMI"
  168. ElseIf colItems.Count = 0 Then
  169. 	strMsg = strMsg & vbCrLf & "No third party firewall detected by WMI"
  170. End If
  171.  
  172. For Each objItem in colItems
  173. 	With objItem
  174. 		strProductName    = .displayName
  175. 		strProductVersion = objFSO.GetFileVersion( .pathToSignedProductExe )
  176. 		lngProductState   = CLng( .productState )
  177. 		strMsg            = strMsg & vbCrLf & strProductName & ",  Version " & strProductVersion
  178. 		strTmpMsg         = "Warning: unable to determine whether third party firewall is enabled or not!"
  179. 		If ( lngProductState And &H010000& ) = &H001000& Then
  180. 			strTmpMsg = "Third party firewall is enabled"
  181. 		Else
  182. 			strTmpMsg = "Warning: third party firewall is disabled!"
  183. 		End If
  184. 		strMsg = strMsg & vbCrLf & strTmpMsg
  185. 	End With
  186. 	strMsg = strMsg & vbCrLf
  187. Next
  188.  
  189. strRegKey = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\"
  190. If blnDomainMember Then
  191. 	strRegKey = strregkey & "DomainProfile"
  192. Else
  193. 	strRegKey = strregkey & "StandardProfile"
  194. End If
  195. strRegKey     = strregkey & "\EnableFirewall"
  196. blnWFwEnabled = ( wshShell.RegRead( strRegKey ) = 1 )
  197. If Err Then
  198. 	strTmpMsg = "Warning: unable to determine whether Windows Firewall is enabled or not!"
  199. Else
  200. 	If blnWFwEnabled Then
  201. 		strTmpMsg = "Windows Firewall is enabled"
  202. 	Else
  203. 		strTmpMsg = "Warning: Windows Firewall is disabled!"
  204. 	End If
  205. End If
  206. strMsg = strMsg & vbCrLf & strTmpMsg
  207.  
  208. strMsg = strMsg & vbCrLf & vbCrLf & "Windows Update:" & vbCrLf
  209. If InStr( UCase( WScript.FullName ), "\CSCRIPT.EXE" ) Then strMsg = strMsg & "==============="
  210.  
  211. ' Check if the Windows Update service is running
  212. If blnWUAUServ Then
  213. 	strMsg = strMsg & vbCrLf & "Windows Update Service is active"
  214. Else
  215. 	strMsg = strMsg & vbCrLf & "Warning: Windows Update Service NOT active!"
  216. 	blnWUOK = False
  217. End If
  218.  
  219. ' Windows Update results are read from the registry
  220. Set objReg = GetObject( "winmgmts:{impersonationLevel=impersonate}!//" & strComputer & "/root/default:StdRegProv" )
  221.  
  222. strRegKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\"
  223.  
  224. ' Read the time and date of the last successful download
  225. objReg.GetStringValue HKLM, strRegKey & "Download", "LastSuccessTime", strLastDownload
  226. strWUMsg = vbCrLf & "Last Download : " & strLastDownload
  227. ' Convert the time and date string to a long integer
  228. intLD = Left( strLastDownload, 10 )
  229. intLD = Replace( IntLD, " ", "" )
  230. intLD = Replace( intLD, "-", "" )
  231. intLD = Replace( intLD, ":", "" )
  232. intLD = CLng( intLD )
  233.  
  234. ' Read the time and date of the last successful install
  235. objReg.GetStringValue HKLM, strRegKey & "Install",  "LastSuccessTime", strLastInstall
  236. strWUMsg = strWUMsg & vbCrLf & "Last Install  : " & strLastInstall
  237. ' Convert the time and date string to a long integer
  238. intLI = Left( strLastInstall, 10 )
  239. intLI = Replace( intLI,  " ", "" )
  240. intLI = Replace( intLI, "-", "" )
  241. intLI = Replace( intLI, ":", "" )
  242. intLI = CLng( intLI )
  243.  
  244. ' Insert the line with the last reboot date and time
  245. strWUMsg = strWUMsg & vbCrLf & "Last Reboot   : " & strLastBoot
  246.  
  247. ' Read the time and date of the last successful check for new updates
  248. objReg.GetStringValue HKLM, strRegKey & "Detect",   "LastSuccessTime", strLastCheck
  249. strWUMsg = strWUMsg & vbCrLf & "Last Check    : " & strLastCheck
  250. ' Convert the time and date string to a long integer
  251. intLC = Left( strLastCheck, 10 )
  252. dtmLastCheck = CDate( intLC )
  253. On Error Goto 0
  254.  
  255. ' WU check includes the following requirements:
  256. ' * Automatic Updates service must be running
  257. ' * last successful download must be BEFORE last successful install
  258. ' * last reboot must be AFTER last successful install
  259. ' * last check must be no more than 7 days ago
  260. ' If any of these tests fails, all intermediate results will be displayed,
  261. ' if all tests are passed, a brief summary will be displayed
  262. If intLD > intLI Then
  263. 	strWUMsg = strWUMsg & vbCrLf & "Warning: last install was unsuccessful!"
  264. 	blnWUOK  = False
  265. End If
  266.  
  267. If DateDiff( "d", dtmLastCheck, Now ) > 7 Then
  268. 	strWUMsg = strWUMsg & vbCrLf & "Warning: the last check was " & DateDiff( "d", dtmLastCheck, Now ) & " days ago!"
  269. 	blnWUOK  = False
  270. End If
  271.  
  272. If CLng( Left( strLB, 8 ) ) < intLI Then
  273. 	strWUMsg = strWUMsg & vbCrLf & "Warning: a reboot is required!"
  274. 	blnWUOK  = False
  275. End If
  276.  
  277. ' Forget the intermediate results if everything turns out OK
  278. If blnWUOK Then strWUMsg = vbCrLf & "Windows Update reports: everything OK"
  279.  
  280. WScript.Echo strMsg & strWUMsg
  281.  
  282. Set objFSO        = Nothing
  283. Set objReg        = Nothing
  284. Set colItems      = Nothing
  285. Set objWMIService = Nothing
  286. Set wshShell      = Nothing
  287.  
  288.  
  289. Sub Syntax( myMsg )
  290. 	If myMsg <> "" Then
  291. 		strMsg = vbcrlf & "Error:" & vbTab & myMsg & vbCrLf
  292. 	Else
  293. 		strMsg = ""
  294. 	End If
  295. 	strMsg = strMsg & vbCrLf _
  296. 	       & "SecStat2.vbs,  Version 1.01 for Windows Vista and later" _
  297. 	       & vbCrLf _
  298. 	       & "Display a SecurityCenter2 and Windows Update status overview for any computer" _
  299. 	       & vbCrLf & vbCrLf _
  300. 	       & "Usage:  " & vbTab & "SECSTAT.VBS" & vbTab & "[ computer ]" _
  301. 	       & vbCrLf & vbCrLf _
  302. 	       & "Where:  " & vbTab & """computer""" & vbTab & "is an optional remote computer name" _
  303. 	       & vbCrLf _
  304. 	       & "        " & vbTab & vbTab & vbTab & "(default is the local computer)" _
  305. 	       & vbCrLf & vbCrLf _
  306. 	       & "Credits:" & vbTab & "Inspired by a blog entry on neophob.com:" _
  307. 	       & vbCrLf _
  308. 	       & "        " & vbTab & "http://neophob.com/2010/03/#post-154" _
  309. 	       & vbCrLf & vbCrLf _
  310. 	       & "Use WBEMTEST.EXE (or WMIGEN.HTA) to find all properties for specific products." _
  311. 	       & vbCrLf & vbCrLf _
  312. 	       & "Written by Rob van der Woude" _
  313. 	       & vbCrLf _
  314. 	       & "http://www.robvanderwoude.com"
  315. 	WScript.Echo strMsg
  316. 	WScript.Quit 1
  317. End Sub
  318.  

page last modified: 2025-10-11; loaded in 0.0125 seconds