Quick Start Guide

My Random Thoughts edited this page Feb 20, 2018 · 3 revisions

Getting Started

There are three stages required to get you up and running. The first one is the quickest and will generate a HTML report of its findings. This report will have quite a number of failures in most environments. Don’t worry; stage two will help you fix these failures - either as a scan configuration change or to highlight areas in the environment that may need some work.

Stage 1 - Generating the initial report

  1. Download the latest QA package from GitHub and extract them to a folder on your machine.

  2. Open a PowerShell window and change to the folder where you extracted the QA script files.

  3. Type the following: .\Compiler.ps1 to compile the checks into a single script file to run.

  4. You should now have a file called QA_v4.yy.mmdd.ps1. This will be named with today’s date.

  5. Copy this single script to a server you want to get the initial report from.

  6. On this server, open an elevated PowerShell window and change to the script folder.

  7. Execute the script: .\QA_v4.yy.mmdd.ps1 -ComputerName localhost

    See this page for a full list of Command Line Arguments

  8. Wait for the scan to complete. A progress bar shows the current status.

  9. Once complete, a HTML report will be generated and saved in the default location of C:\QA\Reports. The report name will be the name of the server and the date and time the scan took place.

This report will list quite a number of failures, don’t worry, we are going to configure the scripts for your specific environment next.

Stage 2 - Configuring the scripts

Now that you have your report, you can use it to see what needs fixing in your environment and what needs tweaking in the configuration of the scripts. For example, the very first check makes sure that no additional user accounts exist on a server. Almost all environments will have a custom AD group added in order to manage the server remotely. This AD group can be ignored as you know that it should be there. These are the types of tweaks that the script needs to know about and can be ignored for future checks.

QA Settings Configuration Tool

We will be using the QA Settings Configuration Tool (QASCT) to complete this stage. See the end of this document for another way of making minor changes to your configuration.

QASCT - Introduction

  1. From a standard PowerShell window, run the tool by typing .\QA-Settings-Configuration-Tool.ps1, alternatively right-click the file and choose Run with PowerShell if that option is available.

  2. After a few seconds the following window will appear:

Note: If you want to use this tool in a different language, choose one from the drop-down list at the top-right of the window. More languages are coming - can you help with translations?

  1. Read the welcome text, and then click the Set Check Location button.

  2. From the window that appears, select the folder where you extracted the files in step 2 above. The tool will try to open the current folder automatically.

  3. Since this is a new “installation”, there will only be one base settings file: default-settings. If you want to modify an existing configuration, select it here.

  4. If more than one language exists, and you want to use a different one, select it from the second box.

  5. Click Import Settings when you are ready.  

QASCT - Select required checks

  1. Using your HTML report from step 9 above, carefully choose which checks you believe are relevant to your environment. For example, in the Compliance section (now renamed to Tooling) there is more than one anti-virus check, only one should be active anything else will fail as not being installed.

  1. Once you have selected all the checks you want to use, click Set Values > to move onto the next page.

QASCT - QA check values

This page is a little more complicated and will take some time to complete. It may also involve input from other teams within your organisation. You can come back to configuration as many times as needed, so there is no need to make all the changes in one go.

Take each section at a time and using your HTML report, change the current default values to ones that match the particular environment you are configuring for.

Using the account example from above, your HTML report may have failed the first check (ACC-01) saying that one or more extra user accounts exist. If you know that all of these accounts are acceptable for your environment and can be ignored, follow the steps below. These steps can be used for any check that you want to modify...   19. Select the correct section page from the second row of tabs.

  1. Locate the correct check from the group headers (not all checks will have an entry).

  2. Double-click each of the entries in that group to edit its value. For the above example (ACC-01), the IgnoreTheseUsers option is opened and shows a pre-filled list of users that can be ignored. Add each of your known user or groups accounts to this list. Click Add if you need more rows

  3. Click OK when you have finished

  4. Repeat steps 19 - 22 for each check in each section.

  5. Once you have finished, click Complete > to move onto the next page  

QASCT - Generate QA script

Now that you have completed all the changes required, the last page is shown. This allows you to give your configuration a name. This will help identification if you have several of them.

  1. Enter a short 12-character name for this configuration file. It should be meaningful to you. It could represent a particular customer name (ACME) or environment (DEV, TEST, LIVE)

  1. Also enter a name to show at the top of the HTML report. The default is set to “Acme”.

  2. Click Save Settings to save your configuration script. The default name is made up from the two entries above. The file needs to be saved in the settings folder.

  3. Click Generate QA Script to compile all your selected checks and environment specific configuration into a single customised script. The script will be located in the root QA folder and be called QA_{shortname}_v4.yy.mmdd.ps1 where yy.mmdd represents the current date.

  4. Click Exit, and then Yes to close the tool.

Stage 3 - Run the report again

Now that you have a customised script, repeat the whole process starting from step 5. This will generate a new report that should hopefully be close to a finished configuration. Check to see if any more tweaks can be made to either the configuration or your environment.

From your completed configuration and compiled QA script, you can now scan a few more servers and check the results.

Alternative Configuration Editing Method

If you only want to make a minor change to a configuration file, the QA Settings Configuration Tool may be a little overkill. In this case, simply open the file using your favourite text editor. The file is a plain text file set out like a standard INI file (https://en.wikipedia.org/wiki/INI_file)

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.