Using WMI for Security Build Reviews

Jun 1st, 2010

Comments: 0
Category: Uncategorized

Using WMI for Security Build Reviews

I’ve been spending some time looking at whether it’s possible to use WMI to automate build security reviews on windows systems. Build reviews should be a relatively mechanistic area of security (check settings on a system against a company or industry list of “good” values), and a ripe area for automation.
So it would seem that WMI is the obvious choice from a windows perspective, and it is, but only for some settings.
WMI has the advantage of being available on all modern windows desktop and server OSs, usually being enabled and being accessible over standard windows ports. You don’t need to install any software on the target system, and it’s easy to ensure that what you’re doing won’t have any impact on the target.
So far, so good. Unfortunately it turns out that certain areas of the configuration of windows aren’t exposed via WMI APIs, and this includes a lot of local security policy settings, making a pure WMI solution a bit tricky.
that said I’ve found a number of classes that contain useful information which are easily queried.

Add a comment

Your email address will not be shared or published. Required fields are marked *