kafkaesqu3 · June 1, 2018 22:57
diff --git a/CmdlineProcessArgCheck.vbs b/CmdlineProcessArgCheck.vbs
 Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE 
 strComputer = "." 
 strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" 
 Set objLocator = CreateObject("WbemScripting.SWbemLocator")
 Set objReg = objLocator.ConnectServer(strComputer, "root\cimv2").Get("StdRegProv")

 objReg.EnumKey HKLM, strKey, arrSubKeys
 objReg.GetDWORDValue HKLM, strkey, "ProcessCreationIncludeCmdLine_Enabled", isenabled

 If IsNull(isenabled) Then
 	retval = "Not Enabled"
 Else
 	If isenabled > 0 Then
 		retval = "Enabled!"
 	Else
 		retval = "Not Enabled"
 	End If
 End If

 wscript.echo retval
	Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
	strComputer = "."
	strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
	Set objLocator = CreateObject("WbemScripting.SWbemLocator")
	Set objReg = objLocator.ConnectServer(strComputer, "root\cimv2").Get("StdRegProv")

	objReg.EnumKey HKLM, strKey, arrSubKeys
	objReg.GetDWORDValue HKLM, strkey, "ProcessCreationIncludeCmdLine_Enabled", isenabled

	If IsNull(isenabled) Then
	retval = "Not Enabled"
	Else
	If isenabled > 0 Then
	retval = "Enabled!"
	Else
	retval = "Not Enabled"
	End If
	End If

	wscript.echo retval