Validation Scripts

Real-time alerts, dashboards & structured search analysis

Image Description

Establish best practices across your infrastructure

Free 30-day evaluation

SVG

Flexible Dashboards

Help you keep an eye on important metrics to ensure you stay up to date.

SVG

Reporting

Includes ready-to-run reports that can be scheduled, emailed or run on-demand.

SVG

Full SIEM

EventSentry includes log, FIM, AD & network traffic monitoring - in one single product.

SVG

Security

Alert on suspicious processes, malicious network activity, port scans and more.

SVG

Validation

Validate security settings across your entire Windows network against required and recommended settings.

SVG

Health / Inventory

EventSentry also offers a complete software, hardware inventory along with health monitoring.

"In a day and age where everything has a maintenance agreement, this is one of the few that stand out as being genuinely worthwhile. The technician support is fantastic, the updates are regular and timely, and the product works like it is supposed to." >> READ MORE  

Jamie H. (Director of IS&T, HIPAA Security Officer, PrimeWest Health)

"EventSentry’s multifaceted feature set has helped NMFTA predict and avoid Windows Server® crashes, Microsoft® SQL Server® failures, configuration problems in its VMware® environment, and malicious attacks against workstations and servers." >> READ MORE  

Urban Jonson (CTO of NMFTA)

Perpetual License

You own the license

No Data Limit

Avoid unexpected costs

No Sensor Limit

Full visibility of your network

Your metrics at a glance

Built-in dashboards:

  • Active Directory Changes
  • Network Traffic / Bandwidth
  • Heartbeat / Availability
  • Server Health
  • Performance

Easily create your own dashboards

Normalized Security Events

EventSentry translates complex security events into easy to understand, actionable reports.

Logon Failures

Affordable Event Log Monitoring Software

  • 1

    Start an evaluation

    FREE fully functional for 30-days

  • 2

    Install EventSentry

    Quick installation / Monitor in minutes

  • 3

    Monitor your infrastructure

    Peace of mind included

Complete list of Validation Scripts

Accounts: Block Microsoft accounts
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Local Administrator account should be disabled
Accounts: Local Guest account should be disabled
Accounts: Rename Local Administrator and Guest Accounts
Accounts: Users must be prompted to authenticate when the system wakes from sleep (on battery)
Accounts: Users must be prompted to authenticate when the system wakes from sleep (plugged in)
Attack Surface: Disable LLMNR
Attack Surface: Disable WinRM (Windows Remote Management)
Auditing: Policy subcategories should be enabled
Auditing: Removable Storage
Autoplay: Autoplay Must be turned off for non-volume devices
Autoplay: should be disabled for all drives
Autorun: behavior must be configured to prevent Autorun commands
Compliance: BitLocker should be configured in FIPS mode
Compliance: BitLocker should use AES 256 encryption
Data Execution Prevention (DEP) must be configured to at least OptOut
Directory Size: WinSxs\Temp\PendingDeletes
Domain Controller: Health - DCDiag - Errors
Domain Controller: Health - DCDiag - Warnings and Errors
Domain Controller: IPv6 Should be enabled
Domain Controller: Must require LDAP access signing
Domain Controller: Permissions on the Active Directory data files must only allow System and Administrators access
Domain Controller: SYSVOL directory must have proper access control permissions
Domain Member: Must be running Credential Guard on domain-joined members
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible) must be configured to Enabled
Domain Member: LDAP client signing requirements
Domain Member: Maximum age for machine account passwords must be configured to 30 days or less
Domain Member: Windows Server must limit the caching of logon credentials to four or less
Exchange Server: Build Version Check (Exchange Updated)
FIPS 140: Security Requirements for Cryptographic Modules
General: AntiVirus Status
General: Windows Activation Status
General: Windows firewall status
Internet Explorer: Check digital signature of executables
Internet Explorer: Software must be disallowed to run or install with invalid signatures
Internet Information System (IIS) or its subcomponents must not be installed on a workstation
Local volumes must be formatted with NTFS
Logon: Enable Display Last Logon Info
Logon: Network selection UI must not be displayed
Logon: Require CTRL+ALT+DEL for interactive logons
Microsoft Edge: SmartScreen filter must be enabled
Microsoft Edge: Users must not be allowed to ignore SmartScreen filter warnings for unverified files
Microsoft Office: Application Guard for Office should be enabled
Microsoft Office: Check Activation Status
Network Access: Disable SMBv1
Network Access: Do not allow anonymous enumeration of SAM accounts and shares
Network Access: LAN Manager authentication level must be configured to send NTLMv2 response only and refuse LM and NTLM
Network Access: Must restrict remote calls to the Security Account Manager [SAM] to Administrators on domain-joined member servers and standalone systems
Network Access: Restrict anonymous access to Named Pipes and Shares
Network Access: Unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers
Network: Simple TCP/IP Services must not be installed on the system
Passwords: Enforce history
Passwords: Maximum Age
Passwords: Minimum length
Passwords: Minimum Password Age
Passwords: Storing LAN Manager hash
PowerShell: Logging should be enabled
PowerShell: Mitigating risks with Constrained Language mode
PowerShell: v2 should not be installed / enabled
Prevent users from making changes to exploit protection
Printing: Prevent users from installing printer drivers
Privacy: The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft
Privacy: Windows location services should be disabled
Privacy: Windows Telemetry Should Be Disabled
Remote Desktop Services: Idle session time limit
Remote Desktop Services: Must always prompt a client for passwords upon connection
Remote Desktop Services: Must prevent drive redirection
Remote Desktop Services: Set time limit for disconnected sessions
Remote Management: Windows Remote Management (WinRM) client must not use Basic authentication
Services: List services containing a space in service path not enclosed in quotes
Shutdown: Clear virtual memory pagefile
Solicited Remote Assistance must not be allowed
Threat Intel: Log4j Remote Code Execution - CVE-2021-44228/CVE-2021-45046
Threat Intel: PetitPotam Certificate Enrollment Web Service on Domain Controller
Threat Intel: PetitPotam NTLM Relay Attack: Disable NTLM Incoming Traffic on DCs
TLS/SSL Insecure Ciphers (SCHANNEL)
Tracking: The location feature must be turned off
Tracking: Windows Telemetry must not be set to Full
Virtualization: Hyper-V: Virtual Disks Folder Free Space Under 2GB
Virtualization: VirtualBox Tools Installed
Virtualization: VMWare Tools Installed
Windows Installer: Disable "Always install with elevated privileges" option
Windows Installer: Must prevent users from changing installation options
Windows OS: Build Version Check (End Of Life)
Windows OS: Build Version Check (OS Updated)
Windows OS: Must not have the Telnet Client Installed
Windows OS: Secure Boot must be enabled

We now include 89 validation scripts out of the box!