SCCM Compliance Rule For Checking CredSSP Envryption Oracle Remediation Status

Here is my powershell detection script for checking machines with CredSSP Envryption Oracle Remediation Status with SCCM Compliance Rule:

# Check CredSSP Envryption Oracle Remediation Status
# Rui Qiu
# 8/21/2018
# ver1.4

$osversion = Get-WmiObject -Class Win32_OperatingSystem | Select BuildNumber -ExpandProperty BuildNumber
$matches = “KB4103718”, “KB4103712”, “KB4103730”, “KB4103726”, “KB4103725”, “KB4103715”, “KB4103723”, “KB4103731”, “KB4103727”
$fix = Get-Hotfix | select HotFixId -ExpandProperty HotFixId
$Compliance = “No”

if ($osversion -eq “17134”) {
$Compliance = “Yes”
$Compliance
Break }

foreach ($match in $matches) {
if ($fix -contains $match) {
$Compliance = “Yes”}
}

$Compliance

Leave a Comment