Thanks for the inital response. I want to keep the dialog open because of two
reasons. 1st, I was suprised to see no information on this topic when I first
started searching with Google. Hopefully we will help others out too. 2nd,
validating screen saver settings a real security problem. In our environment
and I am sure others there are workstations and kiosks that need not only
network security settings monitored but physical security settings to.
>> -----Original Message-----
> One possible problem:
> It might not show anything if there is no current user logged on anyway.
> Haven't used it, but if you look at regedit, you see CURRENTUSER, but
> you see any other users not currently logged on as separate SIDS's
> there.
>
> Not sure if plugin will return one answer for each possible user, or
> just the current logged on user.
>
> If target system is 2002+ with AD, you might find these in domain
> security policies (which would enforce them anyway, with ability to
> prevent luser from disabling it)
>
> Might be able to use BOUND LDAP queries on AD to find this information.
Thanks for the work around suggestions and potential fixes but I had considered
these before I started. They are not options because some of the devices are
not part of an AD domain. The fun of working in my environment.
I am aware that it if the plugin is working that it may not show any information
for HKEY_CURRENT_USER if no one was logged in. That makes sense and I assume if
no one is logged in then the screen saver time out is not an issue since the
device would require authentication anyways. Its a good thought but its not the
problem.
I can tell using Ethereal that the reqistry query is failing. It took me a while
to understand why Ethereal was decoding the return packet as: WINREG OpenKey
respons, Error: File no found (pathname error).
Here is a portion of my code:
hcu = RegConnectRegistry(hkey:HKEY_CURRENT_USER);
if ( isnull(hcu) )
{
NetUseDel();
exit(0);
}
key = "Control Panel\Desktop";
keyh = RegOpenKey(handle:hcu, key:key, mode:MAXIMUM_ALLOWED);
The confusing part is that RegConnectRegistry(hkey:HKEY_CURRENT_USER) works. In
Ethereal you seen the connection to HKEY_CURRENT_USER as successful. What was
confusing was that RegOpenKey(handle:hcu, key:key, mode:MAXIMUM_ALLOWED) was
failing. I believe this is because it never really attached to
HKEY_CURRENT_USER. Instead it was looking at HKEY_LOCAL_MACHINE.
This is the reason that I started looking at registry_open_hkcu() as an
alternative and my prior post was looking for more information on how to use
it.
>> -----Original Message-----
>> It would be a huge help if anyone knows the complete syntax to use the
>> registry_open_hkcu() function, knows of a plugin that already
>> uses it, or has
>> examples that I can work from.
>
> grep is your friend:
>
> grep registry_open_hkc *.inc
> smb_nt.inc:function registry_open_hkcr(soc, uid, tid, pipe)
>
> find ./ -name '*.nasl' -exec grep -H registry_open_hkcu {} \;
>
> (seems it exists in smb_nt.inc but not in any current plugins)
You really threw me for a loop on this one but make an excellent point.
You greped for hkc and not hkcu. This returned only hkcr which I believe is
HKEY_CLASSES_ROOT. I verified it in my installation too.
So now the big question is: Does this mean that registry_open_hkcu() does not
exist at all?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sun Feb 26 2006 - 07:45:33 PST