Security Center
Antivirus status
Script Type: VBScript
Designed for Windows workstations, the "Antivirus status Script" queries the Windows Security Center to discover the status of Antivirus products registered against the Center, reporting on all discovered products and their individual states. The script fails when the product definition updates are reported as out-of-date.
The script can also monitor whether any third-party Antivirus products registered with the Windows Security Center are enabled or disabled, failing where they are reported as disabled.
| Script Parameters |
Description |
|---|---|
|
Script Timeout Range |
Range: 1 - 3600 seconds (default 120 seconds) |
|
Option |
Ensure all installed products report up-to-date and enabled |
BitLocker Monitoring Plus Recovery Key Information
This script will pull BitLocker Feature Status and Code, list the drives with BitLocker turned on or off, System Drive Status, System Drive Recovery Key, and the status and code for any other drives that have BitLocker turned on.
No Input Paramenters.
Monitor Bitlocker
Script Type: PowerShell
Monitors the status of Bitlocker Disk encryption.
| Script Parameters | Description |
|---|---|
| List of Drives | Drives to be monitored as Selected (Primary) Drives. Separate with a "," (comma) (C:,D:) |
| If Bitlocker is not available in OS (Windows Home) |
Pass/Failure option: Set as yes to Fail if Bitlocker not available Set as no to Pass if Bitlocker not available |
| Fail if ANY drive doesn't have Bitlocker on |
Pass/Failure option: Set as yes to Fail if Bitlocker not enabled on any drive Set as no to Pass if Bitlocker not enabled on any drive |
| Script Timeout | Range: 1 - 3600 seconds (default 120 seconds) |
Output
| Description | Example | Check Variable |
|---|---|---|
| Bitlocker Feature Status | Turned On | Turned Off |
| Bitlocker Feature Status Code | 1 | Normal 1 - 1 |
| Failed 2 - 2 | ||
| Warning 3 - 3 | ||
| Selected Drives List With Bitlocker Turned On (Fully Encrypted | C: is FullyEncrypted | Threshold Off |
| Selected Drives List With Bitlocker Turned Off | No Selected Drives have Bitlocker Off | Threshold Off |
| Selected Drives Status Code | 1 | 1=All drives encrypted |
| 2=Bitlocker available but off on at least 1 drive | ||
| 3=Bitlocker not available on device) | ||
| Other Drives List With Bitlocker Turned On (Fully Encrypted) | No Other Drives have Bitlocker On | Threshold Off |
| Other Drives List With Bitlocker Turned Off | No Other Drives have Bitlocker Off | Threshold Off |
| Other Drives Status Code | 1 | 1=All drives encrypted |
| 2=Bitlocker available but off on at least 1 drive | ||
| 3=Bitlocker not available on device |
Retrieve BitLocker Keys
Script Type: PowerShell
This script will pull TPM ID and PCR Validation Profile information, as well as, the Numerical Password and Recovery Key for BitLocker.
No Input Paramenters.
Windows Firewall status
Script Type: VBScript
Monitors Windows Security Center to determine whether the Windows Firewall is enabled of disabled, failing where it is disabled.
In addition to the Windows Firewall, script can monitor whether any third-party Firewall registered with the Windows Security Center are enabled or disabled, failing where they are reported as disabled.
This functionality is available when selecting the option to: "Ensure all installed products are enabled".
Script Parameters |
Description |
|---|---|
|
Script Timeout Range |
Range: 1 - 3600 seconds (default 120 seconds) |
|
Option |
Ensure all installed products are enabled |
Windows Update
Script Type: VBScript
Ensures Windows Update is turned on and generates a failure when reported as off.
Script Parameters |
Description |
|---|---|
|
Script Timeout Range |
Range: 1 - 3600 seconds (default 120 seconds) |