curi0usJack/CmdlineProcessArgCheck.vbs

## CmdlineProcessArgCheck.vbs
Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
strComputer = "."
strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objReg = objLocator.ConnectServer(strComputer, "root\cimv2").Get("StdRegProv")

objReg.EnumKey HKLM, strKey, arrSubKeys
objReg.GetDWORDValue HKLM, strkey, "ProcessCreationIncludeCmdLine_Enabled", isenabled

If IsNull(isenabled) Then
	retval = "Not Enabled"
Else
	If isenabled > 0 Then
		retval = "Enabled!"
	Else
		retval = "Not Enabled"
	End If
End If

wscript.echo retval
	Const HKLM = &H80000002 'HKEY_LOCAL_MACHINE
	strComputer = "."
	strKey = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
	Set objLocator = CreateObject("WbemScripting.SWbemLocator")
	Set objReg = objLocator.ConnectServer(strComputer, "root\cimv2").Get("StdRegProv")

	objReg.EnumKey HKLM, strKey, arrSubKeys
	objReg.GetDWORDValue HKLM, strkey, "ProcessCreationIncludeCmdLine_Enabled", isenabled

	If IsNull(isenabled) Then
	retval = "Not Enabled"
	Else
	If isenabled > 0 Then
	retval = "Enabled!"
	Else
	retval = "Not Enabled"
	End If
	End If

	wscript.echo retval