go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/testutils/testdata/windows.json (about) 1 { 2 "assets": [ 3 { 4 "asset": { 5 "id": "windows-server", 6 "platformIDs": [ 7 "windows" 8 ], 9 "name": "windows", 10 "arch": "x86_64", 11 "title": "Windows Server", 12 "family": [ 13 "windows", 14 "os" 15 ], 16 "build": "rolling", 17 "version": "2022" 18 }, 19 "connections": [ 20 { 21 "url": "local://", 22 "provider": "os", 23 "connector": "local", 24 "version": "" 25 } 26 ], 27 "resources": [ 28 { 29 "Resource": "command", 30 "ID": "auditpol /get /category:* /r", 31 "Fields": { 32 "exitcode": { 33 "type": "\u0005", 34 "value": 0 35 }, 36 "stdout": { 37 "type": "\u0007", 38 "value": "Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting\r\r\nWIN-E692AR0A0UB,System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030},Success and Failure,\r\r\nWIN-E692AR0A0UB,System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Other System Events,{0CCE9214-69AE-11D9-BED3-505054503030},Success and Failure,\r\r\nWIN-E692AR0A0UB,System,Security State Change,{0CCE9210-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Logon,{0CCE9215-69AE-11D9-BED3-505054503030},Success and Failure,\r\r\nWIN-E692AR0A0UB,System,Logoff,{0CCE9216-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Account Lockout,{0CCE9217-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,IPsec Main Mode,{0CCE9218-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,IPsec Quick Mode,{0CCE9219-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Special Logon,{0CCE921B-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Other Logon/Logoff Events,{0CCE921C-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Network Policy Server,{0CCE9243-69AE-11D9-BED3-505054503030},Success and Failure,\r\r\nWIN-E692AR0A0UB,System,User / Device Claims,{0CCE9247-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Group Membership,{0CCE9249-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,File System,{0CCE921D-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Registry,{0CCE921E-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Kernel Object,{0CCE921F-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,SAM,{0CCE9220-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Certification Services,{0CCE9221-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Application Generated,{0CCE9222-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,File Share,{0CCE9224-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Filtering Platform Packet Drop,{0CCE9225-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Filtering Platform Connection,{0CCE9226-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Other Object Access Events,{0CCE9227-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Detailed File Share,{0CCE9244-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Removable Storage,{0CCE9245-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Central Policy Staging,{0CCE9246-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Non Sensitive Privilege Use,{0CCE9229-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Other Privilege Use Events,{0CCE922A-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Sensitive Privilege Use,{0CCE9228-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Process Creation,{0CCE922B-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Process Termination,{0CCE922C-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,DPAPI Activity,{0CCE922D-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,RPC Events,{0CCE922E-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Plug and Play Events,{0CCE9248-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Token Right Adjusted Events,{0CCE924A-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Audit Policy Change,{0CCE922F-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Authentication Policy Change,{0CCE9230-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Authorization Policy Change,{0CCE9231-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,MPSSVC Rule-Level Policy Change,{0CCE9232-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Filtering Platform Policy Change,{0CCE9233-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Other Policy Change Events,{0CCE9234-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Computer Account Management,{0CCE9236-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Security Group Management,{0CCE9237-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Distribution Group Management,{0CCE9238-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Application Group Management,{0CCE9239-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Other Account Management Events,{0CCE923A-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Directory Service Access,{0CCE923B-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Directory Service Changes,{0CCE923C-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Directory Service Replication,{0CCE923D-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Detailed Directory Service Replication,{0CCE923E-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Kerberos Service Ticket Operations,{0CCE9240-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Other Account Logon Events,{0CCE9241-69AE-11D9-BED3-505054503030},No Auditing,\r\r\nWIN-E692AR0A0UB,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},Success,\r\r\nWIN-E692AR0A0UB,System,Credential Validation,{0CCE923F-69AE-11D9-BED3-505054503030},Success,\r\r\n" 39 } 40 } 41 }, 42 { 43 "Resource": "command", 44 "ID": "powershell.exe -NoProfile -EncodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsACgAkAHAAYQB0AGgAIAA9ACAAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAFMAeQBzAHQAZQBtACcACgAkAGMAaABpAGwAZAByAGUAbgAgAD0AIABHAGUAdAAtAEMAaABpAGwAZABJAHQAZQBtACAALQBQAGEAdABoACAAKAAnAFIAZQBnAGkAcwB0AHIAeQA6ADoAJwAgACsAIAAkAHAAYQB0AGgAKQAgAC0AcgBlAGMAIAAtAGUAYQAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUACgAKACQAcAByAG8AcABlAHIAdABpAGUAcwAgAD0AIABAACgAKQAKACQAYwBoAGkAbABkAHIAZQBuACAAfAAgAEYAbwByAEUAYQBjAGgALQBPAGIAagBlAGMAdAAgAHsACgAgACAAJABlAG4AdAByAHkAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAHAAcwBvAGIAagBlAGMAdAAgAC0AUAByAG8AcABlAHIAdAB5ACAAQAB7AAoAIAAgACAAIAAiAG4AYQBtAGUAIgAgAD0AIAAkAF8ALgBQAFMAQwBoAGkAbABkAE4AYQBtAGUACgAgACAAIAAgACIAcABhAHQAaAAiACAAPQAgACQAXwAuAE4AYQBtAGUACgAgACAAIAAgACIAcAByAG8AcABlAHIAdABpAGUAcwAiACAAPQAgACQAXwAuAFAAcgBvAHAAZQByAHQAeQAKACAAIAAgACAAIgBjAGgAaQBsAGQAcgBlAG4AIgAgAD0AIAAkAF8ALgBTAHUAYgBLAGUAeQBDAG8AdQBuAHQACgAgACAAfQAKACAAIAAkAHAAcgBvAHAAZQByAHQAaQBlAHMAIAArAD0AIAAkAGUAbgB0AHIAeQAKAH0ACgBDAG8AbgB2AGUAcgB0AFQAbwAtAEoAcwBvAG4AIAAtAGMAbwBtAHAAcgBlAHMAcwAgACQAcAByAG8AcABlAHIAdABpAGUAcwAKAA==", 45 "Fields": { 46 "exitcode": { 47 "type": "\u0005", 48 "value": 0 49 }, 50 "stdout": { 51 "type": "\u0007", 52 "value": "[{\"path\":\"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\Audit\",\"name\":\"Audit\",\"properties\":[],\"children\":0},{\"path\":\"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\UIPI\",\"name\":\"UIPI\",\"properties\":[],\"children\":1},{\"path\":\"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\UIPI\\\\Clipboard\",\"name\":\"Clipboard\",\"properties\":[],\"children\":1},{\"path\":\"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\UIPI\\\\Clipboard\\\\ExceptionFormats\",\"name\":\"ExceptionFormats\",\"properties\":[\"CF_BITMAP\",\"CF_DIB\",\"CF_DIBV5\",\"CF_OEMTEXT\",\"CF_PALETTE\",\"CF_TEXT\",\"CF_UNICODETEXT\"],\"children\":0}]\r\n" 53 } 54 } 55 }, 56 { 57 "Resource": "command", 58 "ID": "powershell.exe -NoProfile -EncodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsACgAkAHAAYQB0AGgAIAA9ACAAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAFAAbwBsAGkAYwBpAGUAcwBcAFMAeQBzAHQAZQBtACcACgAkAHIAZQBnACAAPQAgAEcAZQB0AC0ASQB0AGUAbQAgACgAJwBSAGUAZwBpAHMAdAByAHkAOgA6ACcAIAArACAAJABwAGEAdABoACkACgBpAGYAIAAoACQAcgBlAGcAIAAtAGUAcQAgACQAbgB1AGwAbAApACAAewAKACAAIABXAHIAaQB0AGUALQBFAHIAcgBvAHIAIAAiAEMAbwB1AGwAZAAgAG4AbwB0ACAAZgBpAG4AZAAgAHIAZQBnAGkAcwB0AHIAeQAgAGsAZQB5ACIACgAgACAAZQB4AGkAdAAgADEACgB9AAoAJABwAHIAbwBwAGUAcgB0AGkAZQBzACAAPQAgAEAAKAApAAoAJAByAGUAZwAuAFAAcgBvAHAAZQByAHQAeQAgAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7AAoAIAAgACAAIAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAIAA9ACAAJABfAAoAIAAgACAAIABpAGYAIAAoACIAKABkAGUAZgBhAHUAbAB0ACkAIgAuAEUAcQB1AGEAbABzACgAJABfACkAKQAgAHsAIAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAIAA9ACAAJwAnACAAfQAKAAkAJABkAGEAdABhACAAPQAgACQAKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAKAAnAFIAZQBnAGkAcwB0AHIAeQA6ADoAJwAgACsAIAAkAHAAYQB0AGgAKQApAC4AJABfADsACgAJACQAawBpAG4AZAAgAD0AIAAkAHIAZQBnAC4ARwBlAHQAVgBhAGwAdQBlAEsAaQBuAGQAKAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAKQA7AAoACQBpAGYAIAAoACQAawBpAG4AZAAgAC0AZQBxACAANwApACAAewAKACAAIAAgACAAIAAgACQAZABhAHQAYQAgAD0AIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACgAJwBSAGUAZwBpAHMAdAByAHkAOgA6ACcAIAArACAAJABwAGEAdABoACkAKQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAALQBFAHgAcABhAG4AZABQAHIAbwBwAGUAcgB0AHkAIAAkAF8ACgAJAH0ACgAgACAAIAAgACQAZQBuAHQAcgB5ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABwAHMAbwBiAGoAZQBjAHQAIAAtAFAAcgBvAHAAZQByAHQAeQAgAEAAewAKACAAIAAgACAAIAAgACIAawBlAHkAIgAgAD0AIAAkAF8ACgAgACAAIAAgACAAIAAiAHYAYQBsAHUAZQAiACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABwAHMAbwBiAGoAZQBjAHQAIAAtAFAAcgBvAHAAZQByAHQAeQAgAEAAewAKACAAIAAgACAAIAAgACAAIAAiAGQAYQB0AGEAIgAgAD0AIAAkAGQAYQB0AGEAOwAKACAAIAAgACAAIAAgACAAIAAiAGsAaQBuAGQAIgAgAD0AIAAkAGsAaQBuAGQAOwAKACAAIAAgACAAIAAgAH0ACgAgACAAIAAgAH0ACgAgACAAIAAgACQAcAByAG8AcABlAHIAdABpAGUAcwAgACsAPQAgACQAZQBuAHQAcgB5AAoAfQAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0ARABlAHAAdABoACAAMwAgAC0AQwBvAG0AcAByAGUAcwBzACAAJABwAHIAbwBwAGUAcgB0AGkAZQBzAAoA", 59 "Fields": { 60 "exitcode": { 61 "type": "\u0005", 62 "value": 0 63 }, 64 "stdout": { 65 "type": "\u0007", 66 "value": "[{\"key\":\"ConsentPromptBehaviorAdmin\",\"value\":{\"kind\":4,\"data\":5}},{\"key\":\"ConsentPromptBehaviorUser\",\"value\":{\"kind\":4,\"data\":3}},{\"key\":\"DelayedDesktopSwitchTimeout\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"DisableAutomaticRestartSignOn\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"DSCAutomationHostEnabled\",\"value\":{\"kind\":4,\"data\":2}},{\"key\":\"EnableCursorSuppression\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"EnableFullTrustStartupTasks\",\"value\":{\"kind\":4,\"data\":2}},{\"key\":\"EnableInstallerDetection\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"EnableLUA\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"EnableSecureUIAPaths\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"EnableUIADesktopToggle\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"EnableUwpStartupTasks\",\"value\":{\"kind\":4,\"data\":2}},{\"key\":\"EnableVirtualization\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"PromptOnSecureDesktop\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"SupportFullTrustStartupTasks\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"SupportUwpStartupTasks\",\"value\":{\"kind\":4,\"data\":1}},{\"key\":\"ValidateAdminCodeSignatures\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"disablecad\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"dontdisplaylastusername\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"legalnoticecaption\",\"value\":{\"kind\":1,\"data\":\"\"}},{\"key\":\"legalnoticetext\",\"value\":{\"kind\":1,\"data\":\"\\u0000\"}},{\"key\":\"scforceoption\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"shutdownwithoutlogon\",\"value\":{\"kind\":4,\"data\":0}},{\"key\":\"undockwithoutlogon\",\"value\":{\"kind\":4,\"data\":1}}]\r\n" 67 } 68 } 69 }, 70 { 71 "Resource": "command", 72 "ID": "powershell.exe -NoProfile -EncodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsACgAkAHAAYQB0AGgAIAA9ACAAJwBIAEsARQBZAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBcAFMAbwBmAHQAdwBhAHIAZQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAFAAZQByAHMAbwBuAGEAbABpAHoAYQB0AGkAbwBuACcACgAkAHIAZQBnACAAPQAgAEcAZQB0AC0ASQB0AGUAbQAgACgAJwBSAGUAZwBpAHMAdAByAHkAOgA6ACcAIAArACAAJABwAGEAdABoACkACgBpAGYAIAAoACQAcgBlAGcAIAAtAGUAcQAgACQAbgB1AGwAbAApACAAewAKACAAIABXAHIAaQB0AGUALQBFAHIAcgBvAHIAIAAiAEMAbwB1AGwAZAAgAG4AbwB0ACAAZgBpAG4AZAAgAHIAZQBnAGkAcwB0AHIAeQAgAGsAZQB5ACIACgAgACAAZQB4AGkAdAAgADEACgB9AAoAJABwAHIAbwBwAGUAcgB0AGkAZQBzACAAPQAgAEAAKAApAAoAJAByAGUAZwAuAFAAcgBvAHAAZQByAHQAeQAgAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7AAoAIAAgACAAIAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAIAA9ACAAJABfAAoAIAAgACAAIABpAGYAIAAoACIAKABkAGUAZgBhAHUAbAB0ACkAIgAuAEUAcQB1AGEAbABzACgAJABfACkAKQAgAHsAIAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAIAA9ACAAJwAnACAAfQAKAAkAJABkAGEAdABhACAAPQAgACQAKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAAKAAnAFIAZQBnAGkAcwB0AHIAeQA6ADoAJwAgACsAIAAkAHAAYQB0AGgAKQApAC4AJABfADsACgAJACQAawBpAG4AZAAgAD0AIAAkAHIAZQBnAC4ARwBlAHQAVgBhAGwAdQBlAEsAaQBuAGQAKAAkAGYAZQB0AGMAaABLAGUAeQBWAGEAbAB1AGUAKQA7AAoACQBpAGYAIAAoACQAawBpAG4AZAAgAC0AZQBxACAANwApACAAewAKACAAIAAgACAAIAAgACQAZABhAHQAYQAgAD0AIAAkACgARwBlAHQALQBJAHQAZQBtAFAAcgBvAHAAZQByAHQAeQAgACgAJwBSAGUAZwBpAHMAdAByAHkAOgA6ACcAIAArACAAJABwAGEAdABoACkAKQAgAHwAIABTAGUAbABlAGMAdAAtAE8AYgBqAGUAYwB0ACAALQBFAHgAcABhAG4AZABQAHIAbwBwAGUAcgB0AHkAIAAkAF8ACgAJAH0ACgAgACAAIAAgACQAZQBuAHQAcgB5ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABwAHMAbwBiAGoAZQBjAHQAIAAtAFAAcgBvAHAAZQByAHQAeQAgAEAAewAKACAAIAAgACAAIAAgACIAawBlAHkAIgAgAD0AIAAkAF8ACgAgACAAIAAgACAAIAAiAHYAYQBsAHUAZQAiACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABwAHMAbwBiAGoAZQBjAHQAIAAtAFAAcgBvAHAAZQByAHQAeQAgAEAAewAKACAAIAAgACAAIAAgACAAIAAiAGQAYQB0AGEAIgAgAD0AIAAkAGQAYQB0AGEAOwAKACAAIAAgACAAIAAgACAAIAAiAGsAaQBuAGQAIgAgAD0AIAAkAGsAaQBuAGQAOwAKACAAIAAgACAAIAAgAH0ACgAgACAAIAAgAH0ACgAgACAAIAAgACQAcAByAG8AcABlAHIAdABpAGUAcwAgACsAPQAgACQAZQBuAHQAcgB5AAoAfQAKAEMAbwBuAHYAZQByAHQAVABvAC0ASgBzAG8AbgAgAC0ARABlAHAAdABoACAAMwAgAC0AQwBvAG0AcAByAGUAcwBzACAAJABwAHIAbwBwAGUAcgB0AGkAZQBzAAoA", 73 "Fields": { 74 "exitcode": { 75 "type": "\u0005", 76 "value": 1 77 }, 78 "stderr": { 79 "type": "\u0007", 80 "value": "#\u003c CLIXML\r\n\u003cObjs Version=\"1.1.0.1\" xmlns=\"http://schemas.microsoft.com/powershell/2004/04\"\u003e\u003cS S=\"Error\"\u003eGet-Item : Cannot find path 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization' because it does _x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003enot exist._x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003eAt line:3 char:8_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e+ $reg = Get-Item ('Registry::' + $path)_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e + CategoryInfo : ObjectNotFound: (HKEY_LOCAL_MACH...Personalization:String) [Get-Item], ItemNotFoundExcep _x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e tion_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e _x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e$ProgressPreference='SilentlyContinue';_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e$path = 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Personalization'_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e$reg = Get-Item ('Registry::' + $path)_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003eif ($reg -eq $null) {_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e Write-Error \"Could not find registry key\"_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e exit 1_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e}_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e$properties = @()_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e$reg.Property | ForEach-Object {_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e $fetchKeyValue = $__x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e if (\"(default)\".Equals($_)) { $fetchKeyValue = '' }_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e $entry = New-Object psobject -Property @{_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e \"key\" = $__x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e \"value\" = New-Object psobject -Property @{_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e \"data\" = $(Get-ItemProperty ('Registry::' + $path)).$_;_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e \"kind\" = $reg.GetValueKind($fetchKeyValue);_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e }_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e }_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e $properties += $entry_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e}_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003eConvertTo-Json -Compress $properties_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e : Could not find registry key_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException_x000D__x000A_\u003c/S\u003e\u003cS S=\"Error\"\u003e _x000D__x000A_\u003c/S\u003e\u003c/Objs\u003e" 81 }, 82 "stdout": { 83 "type": "\u0007", 84 "value": "" 85 } 86 } 87 }, 88 { 89 "Resource": "command", 90 "ID": "powershell.exe -NoProfile -EncodedCommand JABQAHIAbwBnAHIAZQBzAHMAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACcAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAnADsACgBzAGUAYwBlAGQAaQB0ACAALwBlAHgAcABvAHIAdAAgAC8AYwBmAGcAIABvAHUAdAAuAGMAZgBnACAAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJAByAGEAdwAgAD0AIABHAGUAdAAtAEMAbwBuAHQAZQBuAHQAIABvAHUAdAAuAGMAZgBnAAoAUgBlAG0AbwB2AGUALQBJAHQAZQBtACAALgBcAG8AdQB0AC4AYwBmAGcAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAkAHIAYQB3AAoA", 91 "Fields": { 92 "exitcode": { 93 "type": "\u0005", 94 "value": 0 95 }, 96 "stdout": { 97 "type": "\u0007", 98 "value": "[Unicode]\r\nUnicode=yes\r\n[System Access]\r\nMinimumPasswordAge = 0\r\nMaximumPasswordAge = 42\r\nMinimumPasswordLength = 0\r\nPasswordComplexity = 1\r\nPasswordHistorySize = 0\r\nLockoutBadCount = 0\r\nRequireLogonToChangePassword = 0\r\nForceLogoffWhenHourExpire = 0\r\nNewAdministratorName = \"Administrator\"\r\nNewGuestName = \"Guest\"\r\nClearTextPassword = 0\r\nLSAAnonymousNameLookup = 0\r\nEnableAdminAccount = 1\r\nEnableGuestAccount = 0\r\n[Event Audit]\r\nAuditSystemEvents = 0\r\nAuditLogonEvents = 0\r\nAuditObjectAccess = 0\r\nAuditPrivilegeUse = 0\r\nAuditPolicyChange = 0\r\nAuditAccountManage = 0\r\nAuditProcessTracking = 0\r\nAuditDSAccess = 0\r\nAuditAccountLogon = 0\r\n[Registry Values]\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Setup\\RecoveryConsole\\SecurityLevel=4,0\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Setup\\RecoveryConsole\\SetCommand=4,0\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\CachedLogonsCount=1,\"10\"\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ForceUnlockLogon=4,0\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\PasswordExpiryWarning=4,5\r\nMACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ScRemoveOption=1,\"0\"\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorAdmin=4,5\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ConsentPromptBehaviorUser=4,3\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableCAD=4,0\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DontDisplayLastUserName=4,0\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableInstallerDetection=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableSecureUIAPaths=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableUIADesktopToggle=4,0\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableVirtualization=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeCaption=1,\"\"\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeText=7,\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\PromptOnSecureDesktop=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ScForceOption=4,0\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ShutdownWithoutLogon=4,0\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\UndockWithoutLogon=4,1\r\nMACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\ValidateAdminCodeSignatures=4,0\r\nMACHINE\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers\\AuthenticodeEnabled=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\AuditBaseObjects=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\CrashOnAuditFail=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\DisableDomainCreds=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\EveryoneIncludesAnonymous=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy\\Enabled=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\ForceGuest=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FullPrivilegeAuditing=3,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\LimitBlankPasswordUse=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\NTLMMinClientSec=4,536870912\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\NTLMMinServerSec=4,536870912\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\NoLMHash=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\RestrictAnonymous=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Lsa\\RestrictAnonymousSAM=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\Print\\Providers\\LanMan Print Services\\Servers\\AddPrinterDrivers=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedExactPaths\\Machine=7,System\\CurrentControlSet\\Control\\ProductOptions,System\\CurrentControlSet\\Control\\Server Applications,Software\\Microsoft\\Windows NT\\CurrentVersion\r\nMACHINE\\System\\CurrentControlSet\\Control\\SecurePipeServers\\Winreg\\AllowedPaths\\Machine=7,System\\CurrentControlSet\\Control\\Print\\Printers,System\\CurrentControlSet\\Services\\Eventlog,Software\\Microsoft\\OLAP Server,Software\\Microsoft\\Windows NT\\CurrentVersion\\Print,Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows,System\\CurrentControlSet\\Control\\ContentIndex,System\\CurrentControlSet\\Control\\Terminal Server,System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig,System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration,Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib,System\\CurrentControlSet\\Services\\SysmonLog\r\nMACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Kernel\\ObCaseInsensitive=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Memory Management\\ClearPageFileAtShutdown=4,0\r\nMACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\ProtectionMode=4,1\r\nMACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\SubSystems\\optional=7,\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\AutoDisconnect=4,15\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\EnableForcedLogOff=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\EnableSecuritySignature=4,0\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\NullSessionPipes=7,\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\RequireSecuritySignature=4,0\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanManServer\\Parameters\\RestrictNullSessAccess=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\EnablePlainTextPassword=4,0\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\EnableSecuritySignature=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\\RequireSecuritySignature=4,0\r\nMACHINE\\System\\CurrentControlSet\\Services\\LDAP\\LDAPClientIntegrity=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\DisablePasswordChange=4,0\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\MaximumPasswordAge=4,30\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RequireSignOrSeal=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\RequireStrongKey=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\SealSecureChannel=4,1\r\nMACHINE\\System\\CurrentControlSet\\Services\\Netlogon\\Parameters\\SignSecureChannel=4,1\r\n[Privilege Rights]\r\nSeNetworkLogonRight = *S-1-1-0,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551\r\nSeBackupPrivilege = *S-1-5-32-544,*S-1-5-32-551\r\nSeChangeNotifyPrivilege = *S-1-1-0,*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551\r\nSeSystemtimePrivilege = *S-1-5-19,*S-1-5-32-544\r\nSeCreatePagefilePrivilege = *S-1-5-32-544\r\nSeDebugPrivilege = *S-1-5-32-544\r\nSeRemoteShutdownPrivilege = *S-1-5-32-544\r\nSeAuditPrivilege = *S-1-5-19,*S-1-5-20\r\nSeIncreaseQuotaPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544\r\nSeIncreaseBasePriorityPrivilege = *S-1-5-32-544,*S-1-5-90-0\r\nSeLoadDriverPrivilege = *S-1-5-32-544\r\nSeBatchLogonRight = *S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559\r\nSeServiceLogonRight = *S-1-5-80-0\r\nSeInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551\r\nSeSecurityPrivilege = *S-1-5-32-544\r\nSeSystemEnvironmentPrivilege = *S-1-5-32-544\r\nSeProfileSingleProcessPrivilege = *S-1-5-32-544\r\nSeSystemProfilePrivilege = *S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420\r\nSeAssignPrimaryTokenPrivilege = *S-1-5-19,*S-1-5-20\r\nSeRestorePrivilege = *S-1-5-32-544,*S-1-5-32-551\r\nSeShutdownPrivilege = *S-1-5-32-544,*S-1-5-32-551\r\nSeTakeOwnershipPrivilege = *S-1-5-32-544\r\nSeUndockPrivilege = *S-1-5-32-544\r\nSeManageVolumePrivilege = *S-1-5-32-544\r\nSeRemoteInteractiveLogonRight = *S-1-5-32-544,*S-1-5-32-555\r\nSeImpersonatePrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6\r\nSeCreateGlobalPrivilege = *S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6\r\nSeIncreaseWorkingSetPrivilege = *S-1-5-32-545\r\nSeTimeZonePrivilege = *S-1-5-19,*S-1-5-32-544\r\nSeCreateSymbolicLinkPrivilege = *S-1-5-32-544\r\nSeDelegateSessionUserImpersonatePrivilege = *S-1-5-32-544\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n" 99 } 100 } 101 } 102 ] 103 } 104 ] 105 }