I want to create a tool that will extract different information from a Windows 2008 Server (i.e. R2) Enterprise etc, and Windows 7 Machine for auditing purposes.
This tool will be copied on the machine and run locally using Full Administrative Privileges.
When executing this tool, it will begin generating different reports from the auditing machine such as:
- Permisions from a predefined set of folders and files that I will give at a later stage
- Audit Policy
- Advanced Audit Policy
- Password Policy
- Kerberos Policy
- Domain & Local Users (in a list with details such as: last logon date, last password change, groups belongs to, Name, Description, SID, etc)
- Domain & Local Groups (list with all groups, group type, and group members)
- Security Options
- User Rights
- Running Services
- some Local Computer and Local User Policies
- Resultant set of Policy
- The values from some set and predefined Registry Keys.
At the first step, files will be extracted and imported to a folder (that will take the name of the machine and the Audit Date)
At a second stage, values from these files to be compared with a predefined value and provide a report with all exceptions noted. (This second phase is optional)
More information will be provided at later stage
refer to attachement