-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGet-InsecureServiceBinaryPath.ps1
More file actions
29 lines (21 loc) · 1.02 KB
/
Get-InsecureServiceBinaryPath.ps1
File metadata and controls
29 lines (21 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
##########################################################################
#.SYNOPSIS
# Get services with non-standard paths to their binaries.
#
#.DESCRIPTION
# Service binaries should be installed under C:\Windows or C:\Program*
# in order to inherit the better NTFS permissions of those folders.
# This command lists the service binaries which are installed elsewhere.
# Hopefully this command will display nothing on the audited computer.
#
#.PARAMETER ComputerName
# Name of the remote computer. Defaults to localhost.
#
##########################################################################
Param ($ComputerName = '.')
$Query = 'SELECT Name,DisplayName,PathName FROM Win32_Service'
Get-CimInstance -Query $Query -ComputerName $ComputerName |
Where { ($_.PathName -NotMatch '^\"*[A-Z]\:\\Windows\\.+') -and
($_.PathName -NotMatch '^\"*[A-Z]\:\\Program Files\\.+') -and
($_.PathName -NotMatch '^\"*[A-Z]\:\\Program Files \(x86\)\\.+') } |
Select-Object Name,DisplayName,PathName