Notification

Icon
Error

Cisco Duo and associated registry keys - Report of Windows assets with Duo installed

Posted: Tuesday, March 30, 2021 1:07:58 AM(UTC)
dhoward

dhoward

Member Original PosterPosts: 11
0
Like
Hoping that someone else has already tackled this. I'd like a report of all Windows devices with Duo installed ("Duo Authentication for Windows Logon"). The report should show the following registry values for each asset with the program installed. All are in HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv

  • AutoPush
  • ElevationOfflineEnable
  • ElevationOfflineEnrollment
  • ElevationProtectionMode
  • EnableSmartCards
  • FailOpen
  • OfflineAvailable
  • RdpOnly
  • UsernameFormatForService
  • WrapSmartCards


Any gestures in the right direction would be appreciated!
Andy.S
#1Andy.S Member Posts: 76  
posted: 3/31/2021 12:55:55 PM(UTC)
Hi, Not sure if I have got this correct as I dont have the keys you have listed or CISCO installed, but I'm assuming your after a report which confirms whether or not the registry keys you listed are installed , if this is correct this should get you started , so if you have the registry key in your scan criteria then this has the first 2 keys setup you just need to repeat the process and create all the keys you require by adding the additional sub queries.....

Code:
Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  Case
    When AutoPush.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As AutoPush,
  Case
    When ElavationOFF.Valuename Is Not Null Then 'Installed'
    Else '?'
  End As ElevationOfflineEnable,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.IPAddress,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tsysOS.OSname
From tblAssets
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Left Join (Select Top 1000000 tblRegistry.AssetID,
        tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'AutoPush') AutoPush On AutoPush.AssetID =
    tblAssets.AssetID
  Left Join (Select tblRegistry.Regkey,
        tblRegistry.Valuename,
        tblRegistry.AssetID,
        tblRegistry.Value
      From tblRegistry
      Where tblRegistry.Regkey Like '%SOFTWARE\Duo Security\DuoCredProv' And
        tblRegistry.Valuename = 'ElevationOfflineEnable') ElavationOFF
    On ElavationOFF.AssetID = tblAssets.AssetID
Order By tblAssets.Domain,
  tblAssets.AssetName
dhoward
#2dhoward Member Original PosterPosts: 11  
posted: 4/15/2021 12:30:14 AM(UTC)
Thanks! I'm actually looking for the values contained within those registry keys, not just whether or not they exist. Whether the program was installed or not would have been determined by something similar to this:

Code:
Select Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetID In (Select Top 1000000 tblSoftware.AssetID
      From tblSoftware Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
          tblSoftware.softID
      Where tblSoftwareUni.softwareName Like '%Duo Authentication for Windows Logon%') And
  tblAssetCustom.State = 1
Order By tblAssets.Domain,
  tblAssets.AssetName


Then, from these assets, obtain the contents of the registry values listed in the OP. For example AutoPush should either be a 0 or a 1, the Elevation* values should contain a 0, 1, or 2, etc.

Active Discussions

Lansweeper Creating a count
by  Brianne   Go to last post Go to first unread
Last post: Yesterday at 6:12:49 PM(UTC)
Lansweeper Some reports shows dublicated assets
by  Andy.S  
Go to last post Go to first unread
Last post: Yesterday at 9:46:37 AM(UTC)
Lansweeper Adding "multi-part" Conditions to Reports
by  Brandon   Go to last post Go to first unread
Last post: 5/13/2021 1:52:17 PM(UTC)
Report Center Microsoft Outlook email bug EX255650
by  Esben.D  
Go to last post Go to first unread
Last post: 5/12/2021 2:30:16 PM(UTC)
Lansweeper Patch Tuesday May 2021
by  Esben.D   Go to last post Go to first unread
Last post: 5/11/2021 8:13:06 PM(UTC)
Lansweeper Report showing only Wi-Fi Devices and MAC addresses
by  Andy.S  
Go to last post Go to first unread
Last post: 5/11/2021 2:23:24 PM(UTC)
Lansweeper Modifying Purchase Date / Yearly Refresh Report
by  Cripple.Zero  
Go to last post Go to first unread
Last post: 5/7/2021 7:06:47 PM(UTC)