public static string[] GetRegSubkeys(string hive, string path)
{
// returns an array of the subkeys names under the specified path in the specified hive (HKLM/HKCU/HKU)
try
{
Microsoft.Win32.RegistryKey myKey = null;
if (hive == "HKLM")
{
myKey = Registry.LocalMachine.OpenSubKey(path);
}
else if (hive == "HKU")
{
myKey = Registry.Users.OpenSubKey(path);
}
else
{
myKey = Registry.CurrentUser.OpenSubKey(path);
}
String[] subkeyNames = myKey.GetSubKeyNames();
return(myKey.GetSubKeyNames());
}
catch (Exception)
{
PrintUtils.Debug(String.Format(@"Registry {0}\{1} was not found", hive, path));
return(new string[0]);
}
}
public static Dictionary <string, string> GetLockoutPolicy()
{
Dictionary <string, string> results = new Dictionary <string, string>();
try
{
USER_MODALS_INFO_3 objUserModalsInfo3 = new USER_MODALS_INFO_3();
IntPtr bufPtr;
uint lngReturn = NetUserModalsGet(@"\\" + Environment.MachineName, 3, out bufPtr);
if (lngReturn == 0)
{
objUserModalsInfo3 = (USER_MODALS_INFO_3)Marshal.PtrToStructure(bufPtr, typeof(USER_MODALS_INFO_3));
}
results.Add("Lockout duration", String.Format("{0}", objUserModalsInfo3.usrmod3_lockout_duration));
results.Add("Lockout Obversation Window", String.Format("{0}", objUserModalsInfo3.usrmod3_lockout_observation_window));
results.Add("Lockout Threshold", String.Format("{0}", objUserModalsInfo3.usrmod3_lockout_threshold));
//NetApiBufferFree(bufPtr);
bufPtr = IntPtr.Zero;
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
}
return(results);
}
public static Dictionary <string, string> GetPasswordComplexityPolicy()
{
/*
* public uint usrmod0_min_passwd_len;
* public uint usrmod0_max_passwd_age;
* public uint usrmod0_min_passwd_age;
* public uint usrmod0_force_logoff;
* public uint usrmod0_password_hist_len;
*/
Dictionary <string, string> results = new Dictionary <string, string>();
try
{
USER_MODALS_INFO_0 objUserModalsInfo0 = new USER_MODALS_INFO_0();
IntPtr bufPtr;
uint lngReturn = NetUserModalsGet(@"\\" + Environment.MachineName, 0, out bufPtr);
if (lngReturn == 0)
{
objUserModalsInfo0 = (USER_MODALS_INFO_0)Marshal.PtrToStructure(bufPtr, typeof(USER_MODALS_INFO_0));
}
results.Add("Minimum Password Length", objUserModalsInfo0.usrmod0_min_passwd_len.ToString());
results.Add("Max Password Age", objUserModalsInfo0.usrmod0_max_passwd_age.ToString());
results.Add("Min Password Age", objUserModalsInfo0.usrmod0_min_passwd_age.ToString());
results.Add("Force Logoff", objUserModalsInfo0.usrmod0_force_logoff.ToString());
results.Add("Password History Length", objUserModalsInfo0.usrmod0_password_hist_len.ToString());
//NetApiBufferFree(bufPtr);
bufPtr = IntPtr.Zero;
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
}
return(results);
}
public static bool IsDomainJoined()
{
// returns Compuer Domain if the system is inside an AD (an nothing if it is not)
try
{
Win32.NetJoinStatus status = Win32.NetJoinStatus.NetSetupUnknownStatus;
IntPtr pDomain = IntPtr.Zero;
int result = Win32.NetGetJoinInformation(null, out pDomain, out status);
if (pDomain != IntPtr.Zero)
{
Win32.NetApiBufferFree(pDomain);
}
if (result == Win32.ErrorSuccess)
{
// If in domain, return domain name, if not, return empty
if (status == Win32.NetJoinStatus.NetSetupDomainName)
{
return(true);
}
return(false);
}
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
IsDomainJoinedWmi();
}
return(false);
}
public static Dictionary <string, bool> GetBITSConfigInfo()
{
Dictionary <string, bool> info = new Dictionary <string, bool>();
var regKeys = GetBITSJobLifetime();
info["Job Inactivity Timeout < 90 days"] = false;
info["Max Download Time < 54000 seconds"] = false;
if (string.IsNullOrEmpty(regKeys["JobInactivityTimeout"]))
{
info["Job Inactivity Timeout < 90 days"] = false;
}
else
{
try
{
int timeout = int.Parse(regKeys["JobInactivityTimeout"]);
if (timeout < 90)
{
info["Job Inactivity Timeout < 90 days"] = true;
}
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
}
}
if (regKeys["MaxDownloadTime"] == null)
{
info["Max Download Time < 54000 seconds"] = false;
}
else
{
try
{
int timeout = int.Parse(regKeys["MaxDownloadTime"]);
if (timeout < 54000)
{
info["Max Download Time < 54000 seconds"] = true;
}
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
}
}
return(info);
}
public static bool IsDomainJoinedWmi()
{
try
{
ManagementObject ComputerSystem;
using (ComputerSystem = new ManagementObject(String.Format("Win32_ComputerSystem.Name='{0}'", Environment.MachineName)))
{
ComputerSystem.Get();
object Result = ComputerSystem["PartOfDomain"];
return(Result != null && (bool)Result);
}
}
catch (Exception ex)
{
PrintUtils.Debug(ex.StackTrace);
}
//By default local
return(false);
}
public static bool CheckForRestrictions(string ExecPath, string UserName)
{
if (String.IsNullOrEmpty(ExecPath))
{
throw new ArgumentNullException();
}
if (String.IsNullOrEmpty(UserName))
{
throw new ArgumentNullException();
}
if (!File.Exists(ExecPath))
{
PrintUtils.Debug($"File '{ExecPath}' was not found");
return(true);
}
// Check 1: AppLocker
if (SystemUtils.IsAppLockerEnabled())
{
if (!SystemUtils.IsAppLockerRunning())
{
throw new Exception("AppLocker SVC is not running");
}
if (CheckApplockerPolicyforDenied(ExecPath, UserName))
{
return(true);
}
}
// Check 2: SRP
// TODO
// Check 3: WDAG
// TODO
return(false);
}