Configurations of devices running Windows operating systems

You can get configurations for devices of the Windows operating system type that are running operating systems supported by Kaspersky Endpoint Agent for Kaspersky Industrial CyberSecurity for Networks integration scenarios.

For the Windows operating system type of devices, you can specify the following configuration types for receiving data:

• Users.
• Groups.
• Applications.
• Patches.
• Services.
• Drivers.
• Scheduled tasks.
• Network shared resources.
• IP-to-network name consistency.
• IP-to-NetBIOS name consistency.
• Startup items.
• Password policies.
• Audit policies.
• Advanced audit policies.
• ARP table items.
• Routing table.

Retrievable data on users

If the Users configuration type is specified for the configuration control job, the user account data on a device is read when the device is scanned. The application lets you receive the following data on each user account:

• Username in domain\username format.
• Unique ID of the user.
• Full name of the user (for example, John Smith).
• Indication of whether the user account is active.
• Indication of whether the user account is blocked.
• Indication of whether the user account password may expire.
• Indication of whether the password has expired.
• Indication of whether the user can change their password.
• List of groups that include the user.

Retrievable data on groups

If the Groups configuration type is specified for the configuration control job, the group account data on a device is read when the device is scanned. The application lets you receive the following data on each group account:

• Group name in the format domain\group name.
• Unique ID of the group.
• List of users included in the group. Each item in the list contains the following data:
  • Unique ID of the group member.
  • Name of the group member.

Retrievable data on applications

If the Applications configuration type is specified for the configuration control job, the data on installed applications on a device is read when the device is scanned. The application lets you receive the following data on each application:

• Application name.
• Application vendor.
• Size of the application in bytes.
• Application version.
• Date and time when the application was installed.

Retrievable data on patches

If the Patches configuration type is specified for the configuration control job, the data on installed patches for applications on a device is read when the device is scanned. The application lets you receive the following data on each patch:

• Patch name.
• Application vendor.
• Application for which the patch is installed.
• Patch version.

Retrievable data on services

If the Services configuration type is specified for the configuration control job, the data on registered services on a device is read when the device is scanned. The application lets you receive the following data on each service:

• Service name.
• Full name of the service.
• Startup type.
• Start command.
• Names of dependent services.

Retrievable data on drivers

If the Drivers configuration type is specified for the configuration control job, the data on installed drivers on a device is read when the device is scanned. The application lets you receive the following data on each driver:

• Driver name.
• Full name of the driver.
• Startup type.
• Path to the driver file.
• Names of dependent drivers.

Retrievable data on scheduled tasks

If the Scheduled tasks configuration type is specified for the configuration control job, the data on registered tasks in the Task Scheduler on a device is read when the device is scanned. The application lets you receive the following data on each task:

• Task name.
• Task status.
• Description.
• Creator.
• Commands executed when the task is started (actions related to running the executable code).

Retrievable data on shared network resources

If the Network shared resources configuration type is specified for the configuration control job, the data on created shared network resources on a device is read when the device is scanned. The application lets you receive the following data on each shared network resource:

• Network name of the shared resource.
• Local path to the network resource.
• Description.
• Type of network resource.
• Maximum number of connections.

Retrievable data from the IP-to-network name mapping table

If the IP-to-network name consistency configuration type is specified for the configuration control job, the data on items in the IP-to-network name mapping table (\etc\hosts) on a device is read when the device is scanned. The application lets you receive the following data on each table item:

• IP address.
• Network name.

Retrievable data from the IP-to-NetBIOS name mapping table

If the IP-to-NetBIOS name consistency configuration type is specified for the configuration control job, the data on items in the IP-to-NetBIOS name mapping table (\etc\lmhosts) on a device is read when the device is scanned. The application lets you receive the following data on each table item:

• IP address.
• Network name.
• Indication of whether the entry is loaded into the name cache.
• Specific domain of the entry.
• Lmhosts include files.

Retrievable data on startup items

If the Startup items configuration type is specified for the configuration control job, the data on operating system startup items on a device is read when the device is scanned. The application lets you receive the following data on each startup item:

• Information about the startup point (for example, the path in the system registry).
• Executable command or file (COM object).

Retrievable data on password policies

If the Password policies configuration type is specified for the configuration control job, a device's password policy data is read when the device is scanned. The application lets you receive the following data on each password policy:

• Maximum password age.
• Minimum password age.
• Minimum password length.
• Number of old passwords stored in history.
• Indication of whether the password must meet password complexity requirements.
• Indication of whether password encryption is reversible.

Retrievable data on audit policies

If the Audit policies configuration type is specified for the configuration control job, a device's audit policy data is read when the device is scanned. The application lets you receive the following data on each audit policy:

• Level of the account logon audit.
• Level of the account management audit.
• Audit level for access to objects in Active Directory Domain Services.
• Level of the logon audit.
• Audit level for access to objects that are not in Active Directory Domain Services.
• Audit level for policy change.
• Audit level for privilege use.
• Audit level for detailed tracking.
• Audit level for system events.

Retrievable data on advanced audit policies

If the Advanced audit policies configuration type is specified for the configuration control job, the device's advanced audit policy data is read when the device is scanned. The application lets you receive the following data on each advanced audit policy:

• Basic policy used to conduct the advanced audit.
• Subcategory of the basic policy.
• Audit level.

Retrievable data on ARP table items

If the ARP table items configuration type is specified for the configuration control job, the data on ARP table items on a device is read when the device is scanned. The application lets you receive the following data on each table item:

• IP address.
• Hardware address.
• Name of the network interface or adapter.
• Hardware address type.
• Entry type.

Retrievable data on the routing table

If the Routing table configuration type is specified for the configuration control job, the data on routing table items on a device is read when the device is scanned. The application lets you receive the following data on each table item:

• Interface name or IP address.
• Destination subnet.
• Destination subnet mask.
• Gateway (address of the next router in the remote network).
• Protocol.

Page top