All users are warned that they are entering a Government information system, and areAll workstations, servers, applications, networking gear, and other hosts must have a specific banner. (I'm aware of exceptions, but I'm discussing that first-line of defense to an asset, the warning banner.) Gold Disk, in its latest incarnation does not appear to actively check for the banner; in the tests that I have run, it marks the check as NR and must be manually reviewed. Doing this for a machine or two is not bad. However, many times I am working an enterprise system where there man be many servers and hundreds of workstations. To solve that issue I wrap up many tools (including Gold Disk and Oval) in a a script in order to deploy the script and collect the results automagically. Usually, I'll set up a share on a server where all servers and workstations can automatically dump their results.
provided with appropriate privacy and security notices to include statements informing
them that they are subject to monitoring, recording and auditing.
So, there is the question of how to look at all of those warning banners. Or, at least, how to look at a representational sample. There are many references on how to set a warning banner on a local host. The text you want to display as a banner gets added to the following key:
hklm\software\microsoft\windows nt\current version\winlogon and the key is LegalNoticeText
However, in these enterprise systems and enclaves, the warning banner is almost always pushed down to the workstation by Group Policy. That key is: hklm\software\microsoft\Windows\CurrentVersion\Policies\system and the key is LegalNoticeText.
To script this out, I do:
objShell.Run "cmd /c reg query ""hklm\software\microsoft\Windows\CurrentVersion\Policies\system"" /v LegalNoticeText >" legalnotice.txt
Now, I have a copy of the warning banner which I can inspect for compliance later on.
No comments:
Post a Comment