Notification

Icon
Error

Cisco Duo and associated registry keys - Report of Windows assets with Duo installed

Posted: Tuesday, March 30, 2021 1:07:58 AM(UTC)
dhoward

dhoward

Member Original PosterPosts: 11
0
Like
Hoping that someone else has already tackled this. I'd like a report of all Windows devices with Duo installed ("Duo Authentication for Windows Logon"). The report should show the following registry values for each asset with the program installed. All are in HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv

  • AutoPush
  • ElevationOfflineEnable
  • ElevationOfflineEnrollment
  • ElevationProtectionMode
  • EnableSmartCards
  • FailOpen
  • OfflineAvailable
  • RdpOnly
  • UsernameFormatForService
  • WrapSmartCards


Any gestures in the right direction would be appreciated!
Andy.S
#1Andy.S Member Posts: 76  
posted: 3/31/2021 12:55:55 PM(UTC)
Hi, Not sure if I have got this correct as I dont have the keys you have listed or CISCO installed, but I'm assuming your after a report which confirms whether or not the registry keys you listed are installed , if this is correct this should get you started , so if you have the registry key in your scan criteria then this has the first 2 keys setup you just need to repeat the process and create all the keys you require by adding the additional sub queries.....

Code:
Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  Case
    When AutoPush.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As AutoPush,
  Case
    When ElavationOFF.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As ElevationOfflineEnable,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tsysOS.OSname
From tblAssets
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join (Select Top 1000000 tblRegistry.AssetID,
        tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'AutoPush') AutoPush On AutoPush.AssetID =
    tblAssets.AssetID
  Left Join (Select tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.AssetID,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'ElevationOfflineEnable') ElavationOFF
    On ElavationOFF.AssetID = tblAssets.AssetID
Order By tblAssets.Domain,
  tblAssets.AssetName
dhoward
#2dhoward Member Original PosterPosts: 11  
posted: 4/15/2021 12:30:14 AM(UTC)
Thanks! I'm actually looking for the values contained within those registry keys, not just whether or not they exist. Whether the program was installed or not would have been determined by something similar to this:

Code:
Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetID In (Select Top 1000000 tblSoftware.AssetID
      From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
          tblSoftware.softID
      Where tblSoftwareUni.softwareName Like '%Duo Authentication for Windows Logon%') And
  tblAssetCustom.State = 1
Order By tblAssets.Domain,
  tblAssets.AssetName


Then, from these assets, obtain the contents of the registry values listed in the OP. For example AutoPush should either be a 0 or a 1, the Elevation* values should contain a 0, 1, or 2, etc.

Active Discussions

Lansweeper Using tblO365User report for devices Out of warranty
by  QueryLSTech   Go to last post Go to first unread
Last post: Yesterday at 5:15:37 PM(UTC)
Lansweeper Duplicate assets, random monitor unique keys
by  kloosterd  
Go to last post Go to first unread
Last post: Yesterday at 1:00:34 PM(UTC)
Lansweeper Scanning - nothing appears in the queue
by  LS IT Admins   Go to last post Go to first unread
Last post: Yesterday at 11:08:22 AM(UTC)
Lansweeper Broken scanning of AD
by  LS IT Admins  
Go to last post Go to first unread
Last post: Yesterday at 10:59:35 AM(UTC)
Lansweeper New ticket auto-assignment & default state
by  Brandon   Go to last post Go to first unread
Last post: 5/13/2021 5:21:31 PM(UTC)
Lansweeper Automatic Follow-Up for Tickets
by  Francis Lee Mondia - Endace  
Go to last post Go to first unread
Last post: 5/12/2021 11:06:51 PM(UTC)
Lansweeper Can't see devices on Lansweeper
by  vqT4cDoP9iXyMZwoDUWU   Go to last post Go to first unread
Last post: 5/12/2021 8:33:21 PM(UTC)
Lansweeper LAPS managed password
by  SystemAdmin  
Go to last post Go to first unread
Last post: 5/12/2021 6:08:42 PM(UTC)