recmd_kroll.reb

Author: "Andrew Rathbun"
Description: "Kroll RECmd Batch File"
Id: ecc582d5-a1b1-4256-ae64-ca2263b8f971
Keys: 
  - 
    Category: "System Info"
    Comment: "Displays the username of the last user logged in to this system"
    Description: WinLogon
    HiveType: SOFTWARE
    KeyPath: "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"
    Recursive: false
    ValueName: LastUsedUsername
  - 
    Category: "System Info"
    Comment: "Displays the SID of the user who is set to auto login to Windows"
    Description: WinLogon
    HiveType: SOFTWARE
    KeyPath: "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"
    Recursive: false
    ValueName: AutoLogonSID
  - 
    Category: "System Info"
    Comment: "Displays whether the system will automatically login a user as Admin, 0 = Disabled, 1 = Enabled"
    Description: WinLogon
    HiveType: SOFTWARE
    KeyPath: "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"
    Recursive: false
    ValueName: AutoAdminLogon
  - 
    Category: "System Info"
    Comment: "Displays the default username the system will log in as"
    Description: WinLogon
    HiveType: SOFTWARE
    KeyPath: "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"
    Recursive: false
    ValueName: DefaultUserName
  - 
    Category: "System Info"
    Comment: "Displays the password to be used for the account specified in DefaultUserName"
    Description: WinLogon
    HiveType: SOFTWARE
    KeyPath: "Microsoft\\Windows NT\\CurrentVersion\\WinLogon"
    Recursive: false
    ValueName: DefaultPassword
  - 
    Category: "System Info"
    Comment: "Displays the last logged on SAM user"
    Description: LogonUI
    HiveType: SOFTWARE
    KeyPath: Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Recursive: false
    ValueName: LastLoggedOnUser
  - 
    Category: "System Info"
    Comment: "Displays the last logged on user"
    Description: LogonUI
    HiveType: SOFTWARE
    KeyPath: Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Recursive: false
    ValueName: LastLoggedOnSAMUser
  - 
    Category: "System Info"
    Comment: "Displays the last logged on user's display name"
    Description: LogonUI
    HiveType: SOFTWARE
    KeyPath: Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Recursive: false
    ValueName: LastLoggedOnDisplayName
  - 
    Category: "System Info"
    Comment: "Displays the selected user's SID"
    Description: LogonUI
    HiveType: SOFTWARE
    KeyPath: Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Recursive: false
    ValueName: SelectedUserSID
  - 
    Category: "System Info"
    Comment: "Displays the last logged on user's SID"
    Description: LogonUI
    HiveType: SOFTWARE
    KeyPath: Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Recursive: false
    ValueName: LastLoggedOnUserSID
  - 
    Category: "System Info"
    Comment: "Identifies the system volume where Windows booted from"
    Description: "Windows Boot Volume"
    HiveType: SYSTEM
    KeyPath: Setup
    Recursive: false
    ValueName: SystemPartition
  - 
    Category: "System Info"
    Comment: "Displays value for the current ControlSet"
    Description: "ControlSet Configuration"
    HiveType: SYSTEM
    KeyPath: Select
    Recursive: false
    ValueName: Current
  - 
    Category: "System Info"
    Comment: "Displays value for the default ControlSet"
    Description: "ControlSet Configuration"
    HiveType: SYSTEM
    KeyPath: Select
    Recursive: false
    ValueName: Default
  - 
    Category: "System Info"
    Comment: "Displays value for the ControlSet that was unable to boot Windows successfully"
    Description: "ControlSet Configuration"
    HiveType: SYSTEM
    KeyPath: Select
    Recursive: false
    ValueName: Failed
Version: 1.19