private static List <Gpo> GetAllRsopGpos(JObject rsop) { var jsonGpos = rsop["Rsop"]["ComputerResults"]["GPO"]; var gpos = new List <Gpo>(); var serializerSettings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }; try { gpos = JsonConvert.DeserializeObject <List <Gpo> >(jsonGpos.ToString(), serializerSettings); } catch { var setting = new Gpo(); var undefinedGpo = setting.NotIdentified(); gpos.Add(undefinedGpo); } return(gpos); }
private Task StartRunner(BlockingCollection <Wrapper <SearchResultEntry> > processQueue, BlockingCollection <Wrapper <JsonBase> > output) { return(Task.Factory.StartNew(() => { foreach (var wrapper in processQueue.GetConsumingEnumerable()) { var entry = wrapper.Item; var resolved = entry.ResolveAdEntry(); if (resolved == null) { Interlocked.Increment(ref _currentCount); wrapper.Item = null; continue; } var sid = entry.GetSid(); var domain = Utils.ConvertDnToDomain(entry.DistinguishedName).ToUpper(); var domainSid = _utils.GetDomainSid(domain); if (resolved.ObjectType == "user") { var obj = new User { Name = resolved.BloodHoundDisplay }; obj.Properties.Add("domain", domain); obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", false); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "group") { var obj = new Group { Name = resolved.BloodHoundDisplay }; if (sid.EndsWith("-512") || sid.EndsWith("-516") || sid.EndsWith("-519") || sid.EndsWith("-520") || sid.Equals("S-1-5-32-544") || sid.Equals("S-1-5-32-550") || sid.Equals("S-1-5-32-549") || sid.Equals("S-1-5-32-551") || sid.Equals("S-1-5-32-548")) { obj.Properties.Add("highvalue", true); } else { obj.Properties.Add("highvalue", false); } obj.Properties.Add("domain", domain); obj.Properties.Add("objectsid", sid); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "computer") { var obj = new Computer { Name = resolved.BloodHoundDisplay, LocalAdmins = new LocalMember[] {}, RemoteDesktopUsers = new LocalMember[] {} }; obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", false); obj.Properties.Add("domain", domain); if (Utils.IsMethodSet(ResolvedCollectionMethod.Group)) { if (entry.DistinguishedName.ToLower().Contains("domain controllers")) { _entDcs.Enqueue(new GroupMember { MemberName = resolved.BloodHoundDisplay, MemberType = "computer" }); } } ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); if (!_utils.PingHost(resolved.BloodHoundDisplay)) { Interlocked.Increment(ref _noPing); } else { var timeout = false; try { obj.LocalAdmins = LocalGroupHelpers .GetGroupMembers(resolved, LocalGroupHelpers.LocalGroupRids.Administrators) .ToArray(); } catch (TimeoutException) { timeout = true; } try { obj.RemoteDesktopUsers = LocalGroupHelpers.GetGroupMembers(resolved, LocalGroupHelpers.LocalGroupRids.RemoteDesktopUsers).ToArray(); } catch (TimeoutException) { timeout = true; } try { obj.DcomUsers = LocalGroupHelpers.GetGroupMembers(resolved, LocalGroupHelpers.LocalGroupRids.DcomUsers).ToArray(); } catch (TimeoutException) { timeout = true; } try { foreach (var s in SessionHelpers.GetNetSessions(resolved, domain)) { output.Add(new Wrapper <JsonBase> { Item = s }); } } catch (TimeoutException) { timeout = true; } try { foreach (var s in SessionHelpers.DoLoggedOnCollection(resolved, domain)) { output.Add(new Wrapper <JsonBase> { Item = s }); } } catch (TimeoutException) { timeout = true; } if (timeout) { Interlocked.Increment(ref _timeouts); } } if (!_options.SessionLoopRunning) { output.Add(new Wrapper <JsonBase> { Item = obj }); } } else if (resolved.ObjectType == "domain") { var obj = new Domain { Name = resolved.BloodHoundDisplay }; obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", true); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); ContainerHelpers.ResolveContainer(entry, resolved, ref obj); TrustHelpers.DoTrustEnumeration(resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "gpo") { var obj = new Gpo { Name = resolved.BloodHoundDisplay, Guid = entry.GetProp("name").Replace("{", "").Replace("}", "") }; obj.Properties.Add("highvalue", false); AclHelpers.GetObjectAces(entry, resolved, ref obj); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); foreach (var a in LocalGroupHelpers.GetGpoMembers(entry, domain)) { output.Add(new Wrapper <JsonBase> { Item = a }); } output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "ou") { var obj = new Ou { Guid = new Guid(entry.GetPropBytes("objectguid")).ToString().ToUpper() }; obj.Properties.Add("name", resolved.BloodHoundDisplay); obj.Properties.Add("highvalue", false); ContainerHelpers.ResolveContainer(entry, resolved, ref obj); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } Interlocked.Increment(ref _currentCount); wrapper.Item = null; } }, TaskCreationOptions.LongRunning)); }
internal void StartStealthEnumeration() { var output = new BlockingCollection <Wrapper <JsonBase> >(); var writer = StartOutputWriter(output); foreach (var domainName in _utils.GetDomainList()) { Extensions.SetPrimaryDomain(domainName); _currentCount = 0; _timeouts = 0; _noPing = 0; _watch = Stopwatch.StartNew(); Console.WriteLine($"Starting Stealth Enumeration for {domainName}"); _statusTimer.Start(); var domainSid = _utils.GetDomainSid(domainName); var res = _options.ResolvedCollMethods; var data = LdapFilter.BuildLdapData(res, _options.ExcludeDC, _options.LdapFilter); ContainerHelpers.BuildGpoCache(domainName); foreach (var entry in _utils.DoSearch(data.Filter, SearchScope.Subtree, data.Properties, domainName)) { var resolved = entry.ResolveAdEntry(); _currentCount++; if (resolved == null) { continue; } Console.WriteLine(resolved.BloodHoundDisplay); Console.WriteLine(resolved.ObjectType); var domain = Utils.ConvertDnToDomain(entry.DistinguishedName); var sid = entry.GetSid(); if (resolved.ObjectType == "user") { var obj = new User { Name = resolved.BloodHoundDisplay }; obj.Properties.Add("domain", domain); obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", false); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "group") { var obj = new Group { Name = resolved.BloodHoundDisplay }; obj.Properties.Add("domain", domain); obj.Properties.Add("objectsid", sid); if (sid.EndsWith("-512") || sid.EndsWith("-516") || sid.EndsWith("-519") || sid.EndsWith("-520") || sid.Equals("S-1-5-32-544") || sid.Equals("S-1-5-32-550") || sid.Equals("S-1-5-32-549") || sid.Equals("S-1-5-32-551") || sid.Equals("S-1-5-32-548")) { obj.Properties.Add("highvalue", true); } else { obj.Properties.Add("highvalue", false); } ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "computer") { var obj = new Computer { Name = resolved.BloodHoundDisplay, }; obj.Properties.Add("domain", domain); obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", false); if (entry.DistinguishedName.ToLower().Contains("domain controllers")) { _entDcs.Enqueue(new GroupMember { MemberType = "computer", MemberName = resolved.BloodHoundDisplay }); } ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "domain") { var obj = new Domain { Name = resolved.BloodHoundDisplay, }; obj.Properties.Add("objectsid", sid); obj.Properties.Add("highvalue", true); ObjectPropertyHelpers.GetProps(entry, resolved, ref obj); AclHelpers.GetObjectAces(entry, resolved, ref obj); ContainerHelpers.ResolveContainer(entry, resolved, ref obj); TrustHelpers.DoTrustEnumeration(resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "gpo") { var obj = new Gpo { Name = resolved.BloodHoundDisplay, Guid = entry.GetProp("name").Replace("{", "").Replace("}", "") }; obj.Properties.Add("highvalue", false); AclHelpers.GetObjectAces(entry, resolved, ref obj); foreach (var a in LocalGroupHelpers.GetGpoMembers(entry, domain)) { output.Add(new Wrapper <JsonBase> { Item = a }); } output.Add(new Wrapper <JsonBase> { Item = obj }); } else if (resolved.ObjectType == "ou") { var obj = new Ou { Guid = new Guid(entry.GetPropBytes("objectguid")).ToString().ToUpper() }; obj.Properties.Add("name", resolved.BloodHoundDisplay); obj.Properties.Add("highvalue", false); ContainerHelpers.ResolveContainer(entry, resolved, ref obj); output.Add(new Wrapper <JsonBase> { Item = obj }); } } if (Utils.IsMethodSet(ResolvedCollectionMethod.Session)) { Console.WriteLine("Doing stealth session enumeration"); foreach (var target in SessionHelpers.CollectStealthTargets(domainName)) { if (!_utils.PingHost(target.BloodHoundDisplay)) { _noPing++; continue; } try { foreach (var session in SessionHelpers.GetNetSessions(target, domainName)) { output.Add(new Wrapper <JsonBase> { Item = session }); } } catch (TimeoutException) { _timeouts++; } } } if (_entDcs.Count > 0) { var dObj = _utils.GetForest(domainName); var d = dObj == null ? domainName : dObj.RootDomain.Name; var n = $"ENTERPRISE DOMAIN CONTROLLERS@{d}"; var obj = new Group { Name = n, Members = _entDcs.ToArray() }; obj.Properties.Add("domain", d); obj.Properties.Add("objectsid", "S-1-5-9"); obj.Properties.Add("highvalue", true); output.Add(new Wrapper <JsonBase> { Item = obj }); } PrintStatus(); _statusTimer.Stop(); Console.WriteLine($"Finished stealth enumeration for {domainName} in {_watch.Elapsed}"); Console.WriteLine($"{_noPing} hosts failed ping. {_timeouts} hosts timedout."); } output.CompleteAdding(); Utils.Verbose("Waiting for writer thread to finish"); writer.Wait(); }
public static void GetObjectAces(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo obj) { if (!Utils.IsMethodSet(ResolvedCollectionMethod.ACL)) { return; } var aces = new List <ACL>(); var ntSecurityDescriptor = entry.GetPropBytes("ntsecuritydescriptor"); //If the ntsecuritydescriptor is null, no point in continuing //I'm still not entirely sure what causes this, but it can happen if (ntSecurityDescriptor == null) { return; } var domainName = Utils.ConvertDnToDomain(entry.DistinguishedName); var newDescriptor = new ActiveDirectorySecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(ntSecurityDescriptor); var owner = GetAclOwner(newDescriptor, domainName); if (owner != null) { aces.Add(new ACL { AceType = "", RightName = "Owner", PrincipalName = owner.PrincipalName, PrincipalType = owner.ObjectType }); } foreach (ActiveDirectoryAccessRule ace in newDescriptor.GetAccessRules(true, true, typeof(SecurityIdentifier))) { //Ignore null aces if (ace == null) { continue; } //Ignore Deny aces if (!ace.AccessControlType.Equals(AccessControlType.Allow)) { continue; } //Resolve the principal in the ACE var principal = GetAcePrincipal(ace, domainName); //If its null, we don't care so move on if (principal == null) { continue; } //Check if our ACE applies through inheritance rules if (!CheckAceInheritanceRules(ace, resolved.ObjectType)) { continue; } //Interesting GPO ACEs - GenericAll, WriteDacl, WriteOwner var rights = ace.ActiveDirectoryRights; var objectAceType = ace.ObjectType.ToString(); if (rights.HasFlag(ActiveDirectoryRights.GenericAll)) { if (objectAceType == AllGuid || objectAceType == "") { aces.Add(new ACL { AceType = "", RightName = "GenericAll", PrincipalName = principal.PrincipalName, PrincipalType = principal.ObjectType }); } //GenericAll includes every other flag, so continue here so we don't duplicate privs continue; } if (rights.HasFlag(ActiveDirectoryRights.WriteDacl)) { aces.Add(new ACL { AceType = "", RightName = "WriteDacl", PrincipalName = principal.PrincipalName, PrincipalType = principal.ObjectType }); } if (rights.HasFlag(ActiveDirectoryRights.WriteOwner)) { aces.Add(new ACL { AceType = "", RightName = "WriteOwner", PrincipalName = principal.PrincipalName, PrincipalType = principal.ObjectType }); } } obj.Aces = aces.Distinct().ToArray(); }
internal static void GetProps(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo obj) { if (!Utils.IsMethodSet(ResolvedCollectionMethod.ObjectProps)) { return; } obj.Properties.Add("description", entry.GetProp("description")); obj.Properties.Add("gpcpath", entry.GetProp("gpcfilesyspath")); }
public static void GetObjectAces(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo g) { if (!Utils.IsMethodSet(ResolvedCollectionMethod.ACL)) { return; } var aces = new List <ACL>(); var ntSecurityDescriptor = entry.GetPropBytes("ntsecuritydescriptor"); //If the ntsecuritydescriptor is null, no point in continuing //I'm still not entirely sure what causes this, but it can happen if (ntSecurityDescriptor == null) { return; } var domainName = Utils.ConvertDnToDomain(entry.DistinguishedName); //Convert the ntsecuritydescriptor bytes to a .net object var descriptor = new RawSecurityDescriptor(ntSecurityDescriptor, 0); //Grab the DACL var rawAcl = descriptor.DiscretionaryAcl; //Grab the Owner var ownerSid = descriptor.Owner.ToString(); //Determine the owner of the object. Start by checking if we've already determined this is null if (!_nullSids.TryGetValue(ownerSid, out _)) { //Check if its a common SID if (!MappedPrincipal.GetCommon(ownerSid, out var owner)) { //Resolve the sid manually if we still dont have it var ownerDomain = _utils.SidToDomainName(ownerSid) ?? domainName; owner = _utils.UnknownSidTypeToDisplay(ownerSid, ownerDomain, Props); } else { owner.PrincipalName = $"{owner.PrincipalName}@{domainName}"; } //Filter out the Local System principal which pretty much every entry has if (owner != null && !owner.PrincipalName.Contains("LOCAL SYSTEM") && !owner.PrincipalName.Contains("CREATOR OWNER")) { aces.Add(new ACL { AceType = "", RightName = "Owner", PrincipalName = owner.PrincipalName, PrincipalType = owner.ObjectType }); } else { //We'll cache SIDs we've failed to resolve previously so we dont keep trying _nullSids.TryAdd(ownerSid, new byte()); } } foreach (var genericAce in rawAcl) { var qAce = genericAce as QualifiedAce; if (qAce == null) { continue; } var objectSid = qAce.SecurityIdentifier.ToString(); if (_nullSids.TryGetValue(objectSid, out _)) { continue; } //Check if its a common sid if (!MappedPrincipal.GetCommon(objectSid, out var mappedPrincipal)) { //If not common, lets resolve it normally var objectDomain = _utils.SidToDomainName(objectSid) ?? domainName; mappedPrincipal = _utils.UnknownSidTypeToDisplay(objectSid, objectDomain, Props); if (mappedPrincipal == null) { _nullSids.TryAdd(objectSid, new byte()); continue; } } else { if (mappedPrincipal.PrincipalName == "ENTERPRISE DOMAIN CONTROLLERS") { var dObj = _utils.GetForest(domainName); var d = dObj == null ? domainName : dObj.RootDomain.Name; mappedPrincipal.PrincipalName = $"{mappedPrincipal.PrincipalName}@{d}".ToUpper(); } else { mappedPrincipal.PrincipalName = $"{mappedPrincipal.PrincipalName}@{domainName}".ToUpper(); } } if (mappedPrincipal.PrincipalName.Contains("LOCAL SYSTEM") || mappedPrincipal.PrincipalName.Contains("CREATOR OWNER")) { continue; } //Convert our right to an ActiveDirectoryRight enum object, and then to a string var adRight = (ActiveDirectoryRights)Enum.ToObject(typeof(ActiveDirectoryRights), qAce.AccessMask); var adRightString = adRight.ToString(); //Get the ACE for our right var ace = qAce as ObjectAce; var guid = ace != null?ace.ObjectAceType.ToString() : ""; var inheritedObjectType = ace != null?ace.InheritedObjectAceType.ToString() : "00000000-0000-0000-0000-000000000000"; var isInherited = inheritedObjectType == "00000000-0000-0000-0000-000000000000" || inheritedObjectType == "f30e3bc2-9ff0-11d1-b603-0000f80367c1"; var flags = ace == null ? AceFlags.None : ace.AceFlags; if ((flags & AceFlags.InheritOnly) != 0) { isInherited = false; } if (!isInherited && (flags & AceFlags.InheritOnly) != AceFlags.InheritOnly && (flags & AceFlags.Inherited) != AceFlags.Inherited) { //If these conditions hold the ACE applies to this object anyway isInherited = true; } if (!isInherited) { continue; } var toContinue = false; //Interesting GPO ACEs - GenericAll, WriteDacl, WriteOwner, GenericWrite toContinue |= (adRightString.Contains("WriteDacl") || adRightString.Contains("WriteOwner")); if (adRightString.Contains("GenericAll")) { toContinue |= ("00000000-0000-0000-0000-000000000000".Equals(guid) || guid.Equals("") || toContinue); } if (!toContinue) { continue; } if (adRightString.Contains("GenericAll")) { aces.Add(new ACL { AceType = "", PrincipalName = mappedPrincipal.PrincipalName, PrincipalType = mappedPrincipal.ObjectType, RightName = "GenericAll" }); } if (adRightString.Contains("WriteOwner")) { aces.Add(new ACL { AceType = "", PrincipalName = mappedPrincipal.PrincipalName, PrincipalType = mappedPrincipal.ObjectType, RightName = "WriteOwner" }); } if (adRightString.Contains("WriteDacl")) { aces.Add(new ACL { AceType = "", PrincipalName = mappedPrincipal.PrincipalName, PrincipalType = mappedPrincipal.ObjectType, RightName = "WriteDacl" }); } } g.Aces = aces.Distinct().ToArray(); }
private void NextButton_Click(object sender, EventArgs e) { if (state == 0) { /*StreamReader sr = new StreamReader(path); * string line = sr.ReadLine(); * string[] parsed = line.Split(new String[] { " = " }, StringSplitOptions.None); * while (line != null) * { * parsed = line.Split(new String[] { " = " },StringSplitOptions.None); * if (parsed.Length > 1) { * Policies.Add(parsed[0], Int32.Parse(parsed[parsed.Length - 1])); * } * * /*parsed = line.Split(new Char[] { ' ', '=', ' ' }); * if (parsed.Length > 1) * { * if (Policies.ContainsKey(parsed[0])) * { * advice.Add(Policies[parsed[0]].DynamicInvoke(Int32.Parse(parsed[parsed.Length-1])) + "\n"); * } * }*/ // line = sr.ReadLine(); // } //label1.Text = advice; var guid = new Guid("31B2F340-016D-11D2-945F-00C04FB984F9"); var domain = new GPDomain(System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName); gpo = domain.GetGpo(guid); var gpoReport = gpo.GenerateReport(ReportType.Xml); //gpb = gpo.Backup(Path.GetTempPath(), null); //path = Path.GetTempPath() + "{" + gpb.Id + "}\\DomainSysvol\\GPO\\Machine\\microsoft\\windows nt\\SecEdit\\GptTmpl.inf"; //StreamReader sr = new StreamReader(path); XmlDocument doc = new XmlDocument(); doc.LoadXml(gpoReport); List <XmlNode> extensionData = new List <XmlNode>(); XmlNode extIter = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData"); while (extIter != null) { if (extIter.Name == "ExtensionData") { extensionData.Add(extIter); } extIter = extIter.NextSibling; } extIter = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData"); while (extIter != null) { if (extIter.Name == "ExtensionData") { extensionData.Add(extIter); } extIter = extIter.NextSibling; } /*XmlNode extensiondata1 = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData"); * MessageBox.Show(extensiondata1.ToString()); * XmlNode extensiondata5 = extensiondata1.NextSibling.NextSibling.NextSibling.NextSibling; * MessageBox.Show(extensiondata5.ToString()); * XmlNode extensiondata6 = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData"); * MessageBox.Show(extensiondata6.ToString()); * MessageBox.Show(extensions.ToString());*/ var i = 2; foreach (XmlNode data in extensionData) { XmlNode extensions = data.FirstChild; if (data == extensionData[0]) { foreach (XmlNode pol in extensions) { if (pol.Name == "q1:Account") { var name = GetChildByName(pol, "q1:Name"); var num = GetChildByName(pol, "q1:SettingNumber"); var tf = GetChildByName(pol, "q1:SettingBoolean"); if (name != null && num != null) { Policies.Add(pol.ChildNodes[0].InnerText, Int32.Parse(pol.ChildNodes[1].InnerText)); } if (name != null && tf != null) { if (tf.InnerText == "true") { Policies.Add(pol.ChildNodes[0].InnerText, 1); } else { Policies.Add(pol.ChildNodes[0].InnerText, 0); } } } } } else { foreach (XmlNode pol in extensions) { if (pol.Name == "q" + i.ToString() + ":Policy") { var name = GetChildByName(pol, "q" + i.ToString() + ":Name"); var state = GetChildByName(pol, "q" + i.ToString() + ":State"); if (name != null && state != null) { if (state.InnerText == "Enabled") { Policies.Add(pol.ChildNodes[0].InnerText, 1); } else if (state.InnerText == "Disabled") { Policies.Add(pol.ChildNodes[0].InnerText, 0); } else { Policies.Add(pol.ChildNodes[0].InnerText, 2); } } } } i++; } } XmlDocument policies = new XmlDocument(); //XmlDocument updater = new XmlDocument(); Assembly assembly = Assembly.GetExecutingAssembly(); var a = assembly.GetManifestResourceNames(); Stream stream = assembly.GetManifestResourceStream("WindowsFormsApp1.PoliciesXML.xml"); //Stream stream1 = assembly.GetManifestResourceStream("WindowsFormsApp1.UpdaterXML.xml"); policies.Load(stream); //updater.Load(stream1); XmlNode p = policies.ChildNodes[1].ChildNodes[0]; //XmlNode u = updater.ChildNodes[1].ChildNodes[0]; while (p != null) { if (p.NodeType.ToString() == "Element") { Pols.Add(new Policy(p)); } p = p.NextSibling; //u = u.NextSibling; } maxPage = Pols.Count; state = 1; GuidanceButton.Visible = true; // UpdateButton.Visible = true; MarkAsDone.Visible = true; NextButton.Text = "Next >>"; } if (state == 1) { if (page == maxPage) { InfoBox.Text = ""; state = 2; PrevButton.Visible = false; GuidanceButton.Visible = false; //UpdateButton.Visible = false; } else { var name = Pols[page].getName(); if (Policies.ContainsKey(name)) { InfoBox.Text = Pols[page].check(Policies[name]).Trim(); } else { InfoBox.Text = Pols[page].useDefault().Trim(); } if (Pols[page].guidance() == "") { GuidanceButton.Visible = false; } else { GuidanceButton.Visible = true; } page += 1; if (page == maxPage) { NextButton.Text = "Finish"; } if (page == 2) { PrevButton.Visible = true; } } } else { this.Close(); } }
private void NextButton_Click(object sender, EventArgs e) { if (state == 0) { //Gets GP XML var guid = new Guid("31B2F340-016D-11D2-945F-00C04FB984F9"); var domain = new GPDomain(System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName); gpo = domain.GetGpo(guid); var gpoReport = gpo.GenerateReport(ReportType.Xml); XmlDocument doc = new XmlDocument(); doc.LoadXml(gpoReport); //Parses GP XML List <XmlNode> extensionData = new List <XmlNode>(); XmlNode extIter = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData"); while (extIter != null) { if (extIter.Name == "ExtensionData") { extensionData.Add(extIter); } extIter = extIter.NextSibling; } extIter = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData"); while (extIter != null) { if (extIter.Name == "ExtensionData") { extensionData.Add(extIter); } extIter = extIter.NextSibling; } var i = 2; foreach (XmlNode data in extensionData) { XmlNode extensions = data.FirstChild; if (data == extensionData[0]) { foreach (XmlNode pol in extensions) { if (pol.Name == "q1:Account") { var name = GetChildByName(pol, "q1:Name"); var num = GetChildByName(pol, "q1:SettingNumber"); var tf = GetChildByName(pol, "q1:SettingBoolean"); if (name != null && num != null) { Policies.Add(pol.ChildNodes[0].InnerText, Int32.Parse(pol.ChildNodes[1].InnerText)); } if (name != null && tf != null) { if (tf.InnerText == "true") { Policies.Add(pol.ChildNodes[0].InnerText, 1); } else { Policies.Add(pol.ChildNodes[0].InnerText, 0); } } } } } else { if (GetChildByName(data, "Name") != null && GetChildByName(data, "Name").InnerText == "Windows Firewall") { //Special case as the firewall is displayed differently foreach (XmlNode pol in extensions) { if (pol.Name == "q" + i + ":DomainProfile") { var lpm = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge"); var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0; Policies.Add("Domain Profile - Apply local firewall rules", lpmState); var efw = GetChildByName(pol, "q" + i + ":EnableFirewall"); var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0; Policies.Add("Domain Profile", efwState); //var ibc = GetChildByName(pol, "q5:DefaultInboundAction"); //var ibcState = (ibc == null) ? 0 : (ibc.InnerText=="true")?1:0; //var obc = GetChildByName(pol, "q5:DefaultOutboundAction"); //var obcState = (obc == null) ? 0 : (obc.InnerText == "true") ? 1 : 0; } else if (pol.Name == "q" + i + ":PrivateProfile") { var lpm = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge"); var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0; Policies.Add("Private Profile - Apply local firewall rules", lpmState); var efw = GetChildByName(pol, "q" + i + ":EnableFirewall"); var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0; Policies.Add("Private Profile", efwState); } else if (pol.Name == "q5:PublicProfile") { var lpm = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge"); var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0; Policies.Add("Public Profile - Apply local firewall rules", lpmState); var efw = GetChildByName(pol, "q" + i + ":EnableFirewall"); var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0; Policies.Add("Public Profile", efwState); } } } else { foreach (XmlNode pol in extensions) { if (pol.Name == "q" + i.ToString() + ":Policy") { //Parses enabled/disabled/not configured to numbers var name = GetChildByName(pol, "q" + i.ToString() + ":Name"); var state = GetChildByName(pol, "q" + i.ToString() + ":State"); if (name != null && state != null) { if (state.InnerText == "Enabled") { Policies.Add(pol.ChildNodes[0].InnerText, 1); } else if (state.InnerText == "Disabled") { Policies.Add(pol.ChildNodes[0].InnerText, 0); } else { Policies.Add(pol.ChildNodes[0].InnerText, 2); } } } } } i++; } } //Parses PoliciesXML to the dictionary to generate the pages XmlDocument policies = new XmlDocument(); Assembly assembly = Assembly.GetExecutingAssembly(); var a = assembly.GetManifestResourceNames(); Stream stream = assembly.GetManifestResourceStream("WindowsFormsApp1.PoliciesXML.xml"); policies.Load(stream); XmlNode p = policies.ChildNodes[1].ChildNodes[0]; while (p != null) { if (p.NodeType.ToString() == "Element") { Pols.Add(new PolicySection(p)); } p = p.NextSibling; } //Configure first page state = 1; GuidanceButton.Visible = true; MarkAsDone.Visible = true; NextButton.Text = "Next >>"; this.Text = Pols[section].name; } //If within pages if (state == 1) { if (!Pols[section].isPolicyAt(page - 1) && page != 0 && section == Pols.Count - 1) { //Exit to finish page InfoBox.Text = ""; state = 2; PrevButton.Visible = false; GuidanceButton.Visible = false; MarkAsDone.Visible = false; NameLabel.Text = ""; NextButton.Text = "Finish"; } else { if (!Pols[section].isPolicyAt(page - 1) && page != 0) { //Change section section += 1; this.Text = Pols[section].name; page = 0; } if (page == 0) { //Display header page for page 0 NameLabel.Text = ""; InfoBox.Text = Pols[section].headerText(Policies); if (Pols[section].isSafe()) { SkipButton.Visible = true; } else { SkipButton.Visible = false; } GuidanceButton.Visible = false; page += 1; MarkAsDone.Visible = false; } else { //Display individual policy page SkipButton.Visible = false; var currentPolicy = Pols[section].policyAt(page - 1); var name = currentPolicy.getName(); NameLabel.Text = name; InfoBox.Height = 329 - NameLabel.Height; //Avoids height overflow on name InfoBox.Top = 18 + NameLabel.Height; if (Policies.ContainsKey(name)) { //Use setting found InfoBox.Text = currentPolicy.check(Policies[name]).Trim(); NameLabel.ForeColor = (currentPolicy.isRecommended(Policies[name])) ? currentPolicy.recColour() : currentPolicy.nonRecColour(); } else { //Otherwise use default InfoBox.Text = currentPolicy.useDefault().Trim(); NameLabel.ForeColor = (currentPolicy.isRecommended(-1)) ? currentPolicy.recColour() : currentPolicy.nonRecColour(); } if (currentPolicy.guidance() == "") { GuidanceButton.Visible = false; } else { GuidanceButton.Visible = true; } page += 1; PrevButton.Visible = true; MarkAsDone.Visible = true; //Very last page show finish instead of next if (!Pols[section].isPolicyAt(page - 1) && section == Pols.Count - 1) { NextButton.Text = "Finish"; MarkAsDone.Visible = false; } } } } else { this.Close(); } }