Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 12:24 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: Proxy settings report
PostPosted: Fri Oct 23, 2009 5:31 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I cant see any way to report on the IE proxy settings used by each machine, has anybody set up something similar to save me re-inventing the wheel?

So far I have...

[code]
On Error Resume Next

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20

arrComputers = Array(".")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================================="
WScript.Echo "Proxy Settings for Computer: " & strComputer
WScript.Echo "=========================================="

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2\Applications\MicrosoftIE")
Set colItems = objWMIService.ExecQuery("SELECT * FROM MicrosoftIE_LanSettings", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)

For Each objItem In colItems
WScript.Echo "AutoConfigProxy: " & objItem.AutoConfigProxy
WScript.Echo "AutoConfigURL: " & objItem.AutoConfigURL
WScript.Echo "AutoProxyDetectMode: " & objItem.AutoProxyDetectMode
WScript.Echo "Caption: " & objItem.Caption
WScript.Echo "Description: " & objItem.Description
WScript.Echo "Proxy: " & objItem.Proxy
WScript.Echo "ProxyOverride: " & objItem.ProxyOverride
WScript.Echo "ProxyServer: " & objItem.ProxyServer
WScript.Echo "SettingID: " & objItem.SettingID
WScript.Echo
Next
Next
[/code]

Ultimately I want to be able to have an RSS feed or report of those smart alec individuals who have switched off or changed their proxy settings.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 23, 2009 8:20 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
I think those settings are related to the user executing the script: they should be same info stored in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 24, 2009 2:56 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Good call...

OK What I have now is... .

[code]
''''''''''''''''''''''''''''''''
' Windows Proxy Settings '
''''''''''''''''''''''''''''''''

comment = "Windows Proxy Settings"
Echo(comment)

User_Agent = ""
IE5_UA_Backup_Flag = ""
NoNetAutodial= ""
MigrateProxy= ""
ProxyEnable= ""
ProxyServer= ""
ProxyOverride= ""
EmailName= ""
AutoConfigProxy= ""
MimeExclusionListForCache= ""
WarnOnPost= ""
UseSchannelDirectly= ""
EnableHttp1_1= ""
EnableNegotiate= ""
PrivacyAdvanced= ""
UrlEncoding= ""
SecureProtocols= ""
PrivDiscUiShown= ""
ZonesSecurityUpgrade= ""
DisableCachingOfSSLPages= ""
WarnonZoneCrossing= ""
GlobalUserOffline= ""
EnableAutodial= ""
keyvalue=""
subkey=""

On Error Resume Next
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"
oReg.EnumValues HKEY_CURRENT_USER,strKeyPath,arrSubKeys

' For Each subkey In arrSubKeys
' Echo(subkey)
' oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,subkey,keyvalue
' Echo(keyvalue)
' next

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(0),User_Agent

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(1),IE5_UA_Backup_Flag

oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(2),thisNoNetAutodial
Select Case Clean(thisNoNetAutodial)
Case "0" NoNetAutodial = "False"
Case "1" NoNetAutodial = "True"
Case Else NoNetAutodial = "False"
End Select

oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(3),thisMigrateProxy
Select Case Clean(thisMigrateProxy)
Case "0" MigrateProxy = "False"
Case "1" MigrateProxy = "True"
Case Else MigrateProxy = "False"
End Select

oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(4),thisProxyEnable
Select Case Clean(thisProxyEnable)
Case "0" ProxyEnable = "False"
Case "1" ProxyEnable = "True"
Case Else ProxyEnable = "False"
End Select

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(5),ProxyServer

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(6),ProxyOverride

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(7),EmailName

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(8),AutoConfigProxy

oReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(9),MimeExclusionListForCache

'oReg.GetBinaryValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(10),WarnOnPost

'oReg.GetBinaryValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(11),UseSchannelDirectly

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(12),EnableHttp1_1

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(13),EnableNegotiate

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(14),PrivacyAdvanced

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(15),UrlEncoding

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(16),SecureProtocols

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(17),PrivDiscUiShown

'oReg.GetBinaryValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(18),ZonesSecurityUpgrade

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(19),DisableCachingOfSSLPages

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(21),GlobalUserOffline

'oReg.GetDWORDValue HKEY_CURRENT_USER,strKeyPath,arrSubKeys(22),EnableAutodial




form_input = "proxy_settings^^^" & AutoConfigProxy & "^^^" _
& User_Agent & "^^^" _
& IE5_UA_Backup_Flag & "^^^" _
& NoNetAutodial & "^^^" _
& MigrateProxy & "^^^" _
& ProxyEnable & "^^^" _
& ProxyServer & "^^^" _
& ProxyOverride & "^^^" _
& EmailName & "^^^" _
& AutoConfigProxy & "^^^" _
& AutoConfigProxy & "^^^" _
& WarnOnPost & "^^^" _
& UseSchannelDirectly & "^^^" _
& EnableHttp1_1 & "^^^" _
& EnableNegotiate & "^^^" _
& PrivacyAdvanced & "^^^" _
& UrlEncoding & "^^^" _
& SecureProtocols & "^^^" _
& PrivDiscUiShown & "^^^" _
& ZonesSecurityUpgrade & "^^^" _
& DisableCachingOfSSLPages & "^^^" _
& WarnonZoneCrossing & "^^^" _
& GlobalUserOffline & "^^^" _
& EnableAutodial & "^^^"




entry form_input,comment,objTextFile,oAdd,oComment
Echo (form_input)

User_Agent = ""
IE5_UA_Backup_Flag = ""
NoNetAutodial= ""
MigrateProxy= ""
ProxyEnable= ""
ProxyServer= ""
ProxyOverride= ""
EmailName= ""
AutoConfigProxy= ""
MimeExclusionListForCache= ""
WarnOnPost= ""
UseSchannelDirectly= ""
EnableHttp1_1= ""
EnableNegotiate= ""
PrivacyAdvanced= ""
UrlEncoding= ""
SecureProtocols= ""
PrivDiscUiShown= ""
ZonesSecurityUpgrade= ""
DisableCachingOfSSLPages= ""
WarnonZoneCrossing= ""
GlobalUserOffline= ""
EnableAutodial= ""
keyvalue=""
subkey=""


[/code]

Not sure if I need all of the available options, but the idea is starting to take shape.


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 24, 2009 6:08 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Aren't proxy setting per user per machine ?
If so, would you not need to capture the proxy settings for each user on a given machine ?

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 24, 2009 8:24 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="Mark"]Aren't proxy setting per user per machine ?
If so, would you not need to capture the proxy settings for each user on a given machine ?


This is the case, however the majority of machines (at least in my case) are used by single individuals, thus I am only trying to capture current user settings, I could I suppose capture all profiles, but for my purposes, only the current user is of interest. If you feel we should check all profiles, this is certainly a relatively simple change, but possibly not worth the extra effort.

My reason for checking these settings is to see if the current user has changed them (switched of or modified the proxy so they can see sites that company policy blocks). Hence I am only interested in the current user. Since I audit several times a day, I will spot this change fairly easily, even if they switch things back at the end of their shift.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group