Jump to content

Protecting UACD ! -Some Insight


Recommended Posts

2Nois3: Simple :) The function you are looking for is called Trim:

Option Explicit
On Error Resume Next

Dim objWMIService, objShell
Dim strBoard, arrayBoards, strInstallPath
Dim strTypPocitaca

Set objWMIService = GetObject("winmgmts:root\cimv2")
Set arrayBoards = objWMIService.InstancesOf("Win32_BaseBoard", 48)
Set objShell = Wscript.CreateObject("Wscript.shell")

strInstallPath = Left(WScript.ScriptFullName,Len(Wscript.ScriptFullName) - Len(WScript.ScriptName + "n")) & "\"

for each strBoard in arrayBoards
Wscript.Echo Trim(LCase(strBoard.SerialNumber))
next

Set objWMIService = Nothing
Set arrayBoards = Nothing
Set objShell = Nothing

Wscript.Quit(0)

2Moonlight: Please try that two commands I posted... I need to know result to implement it...

Link to comment
Share on other sites


P.S.: You posted result before I wrote my last comment, sorry. However it looks like we will need to base it on ReleaseDate. Maybe we could combine these information, e.g. computer will be identified by baseboard manufacturer AND bios release date.

2ALL: Please try this command:

Wmic baseboard get ReleaseDate

, I need to know how is this acting on different motherboards... Thx

Link to comment
Share on other sites

@Martin...

wmic bios get releasedate provided:

*-*-*-*-*--*

ReleaseDate

20030710000000.000000+000

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Yeah, we can count on BIOS release date information, but you can understand it is 99% security. however, what about including MoBo serial number alongside Computername? what's your take?

---MOON

Link to comment
Share on other sites

The problem is simple - noname baseboards dont include this information :( Just have a look at output you send me - only usable information is ReleaseDate. We could also try to have a look at class computersystem. Try

wmic computersystem list full

, I am interested in value Model...

Link to comment
Share on other sites

2Nois: Thx for informations, looks like release date is always included... Interesting is Product - maybe we could base this on motherboard type + bios relase date.

BTW I am using Product to automatically install chipset drivers. If you are interested, I could post my script

Link to comment
Share on other sites

last of your command returned as you wished:

SupportContactDescription={"System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LT

D.","MainBoard Type: MSI KM4M Series MS-6734(v1.0)M-ATX","System Model: KM400-82

35","BIOS: Phoenix-Awardr BIOS v6.00PG"}

Now, what next My SYSTEM COMMANDER....

Link to comment
Share on other sites

First I want to be sure what you guys are requesting...

So lets summarize...

ProtectUA.vbs will check for

a.) ReleaseDate in BIOS

b.) Product in Baseboard

This will work on normal users... Now we must find a way to restrict access to ProtectUA - so people wont be able to just remove it from cmdlines.txt...

Any ideas?

For example I was thinking about this: all files for runonce etc. will be saved in encrypted archive. ProtectUA.vbs will automatically expand this archive if it will decide that the user is authenticated. What do you think about it?

Link to comment
Share on other sites

Great idea Martin, encrypted archive is the solution. but, how do you pass the authentication success/failure to the rest of the script in cmdlines.txt? are you thinking to encrypt runoncex.cmd? it remains within $OEM$ folder? is there be any problem when xp copies files & folders inside $OEM$ in 16-bit copy mode?

-It's MOON

Link to comment
Share on other sites

Well, the idea is quite simple - you will have all files applied AFTER cmdlines.txt stored in encrypted archive.

ProtectUA.vbs will run, check if computer is on allowed list.

If it wont be there, it will delete ntldr + restart.

If it will be on allowed list, it will decompress the archive and continue with installation.

So - because ProtectUA will be encrypted (.vbe) people wont be able to modify allowed hosts list. And they wont be able to remove ProtectUA.vbs from cmdlines.txt, because installation wont continue without decrypted archive (which will be unlocked from ProtectUA).

Hope so I explained what I mean...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...