{"id":263497,"date":"2024-05-30T01:16:35","date_gmt":"2024-05-30T01:16:35","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=263497"},"modified":"2024-05-30T01:16:35","modified_gmt":"2024-05-30T01:16:35","slug":"audit-autorunsc-execution-automatique-powershell-2","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/audit-autorunsc-execution-automatique-powershell-2\/","title":{"rendered":"Comment ma\u00eetriser la s\u00e9curit\u00e9 des d\u00e9marrages : guide de script PowerShell pour l&rsquo;audit Autorunsc"},"content":{"rendered":"<h2>Points \u00e0 retenir<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Audit complet<\/strong>: Le script fournit un audit complet des \u00e9l\u00e9ments de d\u00e9marrage, am\u00e9liorant ainsi la s\u00e9curit\u00e9 et les performances du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Automatisation et efficacit\u00e9<\/strong>: Automatise le processus de t\u00e9l\u00e9chargement et d&rsquo;ex\u00e9cution d&rsquo;Autorunsc, ce qui permet de gagner du temps par rapport aux m\u00e9thodes manuelles.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Param\u00e8tres personnalisables<\/strong>: Permet de cibler des entr\u00e9es d&rsquo;ex\u00e9cution automatique sp\u00e9cifiques telles que des services, des t\u00e2ches planifi\u00e9es ou des applications de d\u00e9marrage.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Facilit\u00e9 d&rsquo;\u00e9tablissement des rapports<\/strong>: Les r\u00e9sultats sont enregistr\u00e9s dans un journal d&rsquo;activit\u00e9 et, en option, dans des champs personnalis\u00e9s pour faciliter la documentation et l&rsquo;examen.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>N\u00e9cessit\u00e9 d&rsquo;avoir des droits d&rsquo;administrateur<\/strong>: Des privil\u00e8ges d&rsquo;administrateur sont n\u00e9cessaires pour b\u00e9n\u00e9ficier de toutes les fonctionnalit\u00e9s, en particulier pour \u00e9crire dans les champs personnalis\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Compatibilit\u00e9<\/strong> : Con\u00e7u pour Windows 10 et Server 2012, il garantit une large applicabilit\u00e9 dans les environnements informatiques modernes.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><strong>Identification des logiciels malveillants<\/strong>: Aide \u00e0 identifier les entr\u00e9es d&rsquo;ex\u00e9cution automatique suspectes, ce qui constitue une \u00e9tape cruciale dans la d\u00e9tection et la pr\u00e9vention des logiciels malveillants.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><strong>Audits r\u00e9guliers<\/strong>: Il est conseill\u00e9 d&rsquo;utiliser r\u00e9guli\u00e8rement le script pour maintenir l&rsquo;int\u00e9grit\u00e9 et la s\u00e9curit\u00e9 du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\"><strong>Analyse minutieuse des r\u00e9sultats<\/strong>: N\u00e9cessit\u00e9 d&rsquo;examiner attentivement les r\u00e9sultats des audits afin d&rsquo;\u00e9viter les faux positifs et de garantir la fiabilit\u00e9 du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"10\" data-aria-level=\"1\"><strong>Int\u00e9gration avec les outils de gestion informatique<\/strong>: Met en \u00e9vidence la fa\u00e7on dont l&rsquo;int\u00e9gration avec des outils tels que NinjaOne peut am\u00e9liorer la gestion informatique et les strat\u00e9gies de s\u00e9curit\u00e9.<\/li>\n<\/ul>\n<p>Comprendre les subtilit\u00e9s des syst\u00e8mes informatiques, en particulier dans le domaine de la s\u00e9curit\u00e9 et de la gestion des d\u00e9marrages, est essentiel pour les professionnels de l&rsquo;informatique et les <a href=\"https:\/\/www.ninjaone.com\/fr\/quest-ce-quun-msp\">fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a>. L&rsquo;audit et la gestion efficaces des entr\u00e9es d&rsquo;ex\u00e9cution automatique sont essentiels au maintien de l&rsquo;int\u00e9grit\u00e9 et de la s\u00e9curit\u00e9 du syst\u00e8me. Cet article traite d&rsquo;un script PowerShell qui exploite Autorunsc, un outil de Sysinternals, pour r\u00e9aliser des audits de d\u00e9marrage complets.<\/p>\n<h2>Contexte<\/h2>\n<p>Le script en question est con\u00e7u pour ex\u00e9cuter Autorunsc avec divers param\u00e8tres d\u00e9finis par l&rsquo;utilisateur, en affichant les r\u00e9sultats dans un journal d&rsquo;activit\u00e9 et \u00e9ventuellement dans un champ personnalis\u00e9. Autorunsc est un outil renomm\u00e9 de Sysinternals, d\u00e9velopp\u00e9 par Mark Russinovich. Il fournit un aper\u00e7u d\u00e9taill\u00e9 de tous les programmes et scripts configur\u00e9s pour \u00eatre ex\u00e9cut\u00e9s lors du d\u00e9marrage du syst\u00e8me ou de la connexion de l&rsquo;utilisateur.<\/p>\n<p>Pour les professionnels de l&rsquo;informatique et les entreprises MSP, ce script est un atout puissant, qui leur permet d&rsquo;identifier rapidement les \u00e9l\u00e9ments de d\u00e9marrage potentiellement malveillants ou inutiles, afin d&rsquo;am\u00e9liorer les performances et la s\u00e9curit\u00e9 du syst\u00e8me.<\/p>\n<h2>Le script :<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 4\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Runs Autorunsc with your selected options and outputs the results to the activity log and optionally a WYSIWYG custom field. Please note that there is a limit to the number of results that can be set in Custom Fields or viewed in the Activity Log.\r\n.DESCRIPTION\r\n    Runs Autorunsc with your selected options and outputs the results to the activity log and optionally a WYSIWYG custom field. Please note that there is a limit to the number of results that can be set in Custom Fields or viewed in the Activity Log.\r\n.EXAMPLE\r\n    (No Parameters)\r\n    URL Given, Downloading the file...\r\n    Download Attempt 1\r\n    HKCU:\\SOFTWARE\\Sysinternals\\AutoRuns\\EulaAccepted changed from 1 to 1\r\n\r\n    Sysinternals Autoruns v14.10 - Autostart program viewer\r\n    Copyright (C) 2002-2023 Mark Russinovich\r\n    Sysinternals - www.sysinternals.com\r\n\r\n    WARNING: Script must be elevated in order to write to custom field.\r\n    \r\n    Entry          : C:\\Windows\\system32\\userinit.exe\r\n    Entry Location : HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit\r\n    Image Path     : c:\\windows\\system32\\userinit.exe\r\n    Signer         : (Verified) Microsoft Windows\r\n    MD5            : 9C4C281156040CF01EA35D759092F540\r\n\r\n    Entry          : cmd.exe\r\n    Entry Location : HKLM\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\AlternateShell\r\n    Image Path     : c:\\windows\\system32\\cmd.exe\r\n    Signer         : (Verified) Microsoft Windows\r\n    MD5            : 8A2122E8162DBEF04694B9C3E0B6CDEE\r\n\r\nPARAMETER: -CustomField \"ReplaceWithAMultilineCustomField\"\r\n    The name of the multiline custom field you would like to save the results to.\r\n\r\nPARAMETER: -Startup\r\n    Applications or scripts configured to run automatically after a user logs into their account. This is the default option for Autoruns. \r\n    E.g. Applications in the 'Startup' folder.\r\n\r\nPARAMETER: -Boot\r\n    Programs or commands that are set to execute during the system's boot-up sequence before a user logs in.\r\n\r\nPARAMETER: -WinLogon\r\n    Items that are configured to run during the Windows logon process. Often these items are critical to the logon UI.\r\n\r\nPARAMETER: -AppInit\r\n    DLLs that are automatically loaded by every process that calls the User32.dll file (anything with a GUI).\r\n\r\nPARAMETER: -Explorer\r\n    Plugins or extensions that integrate into the Windows Explorer shell.\r\n\r\nPARAMETER: -Sidebar\r\n    Mini applications or gadgets that load into the desktop sidebar in earlier versions of Windows (introduced in Windows Vista).\r\n\r\nPARAMETER: -ImageHijacks\r\n    Registry modifications that redirect the execution of specific executable files to a different program.\r\n\r\nPARAMETER: -IEAddons\r\n    Browser extensions or toolbars that Internet Explorer will load automatically when it starts.\r\n\r\nPARAMETER: -KnownDLLs\r\n    Crucial system DLLs that Windows will load into memory at startup.\r\n\r\nPARAMETER: -WMIentries\r\n    Entries related to WMI scripts or providers that are set to execute automatically.\r\n\r\nPARAMETER: -WinSockProtocols\r\n    Modules or services meant to load up with the Windows network stack.\r\n\r\nPARAMETER: -Codecs\r\n    Software components meant to be used for encoding or decoding digital media streams (often set to run at system startup).\r\n\r\nPARAMETER: -PrinterMonitor\r\n    DLL's associated with printer drivers.\r\n\r\nPARAMETER: -LSAProviders\r\n    Plugins that integrate with the Local Security Authority subsystem.\r\n\r\nPARAMETER: -Services\r\n    Windows Services set to start Automatically.\r\n\r\nPARAMETER: -ScheduledTasks\r\n    These are tasks set in Task Scheduler to do something automatically at a specified interval.\r\n\r\nPARAMETER: -HideMicrosoftEntries\r\n    Hides Signed Microsoft Entries from the results.\r\n\r\nPARAMETER: -DestinationFolder\r\n    By default this script downloads autorunsc to the temp folder.\r\n\r\nPARAMETER: -DownloadUrl\r\n    URL to download Autoruns from.\r\n\r\nPARAMETER: -SkipSleep\r\n    Skips sleeping prior to downloading autorunsc.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Server 2012\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$CustomField,\r\n    [Parameter()]\r\n    [Switch]$Startup = [System.Convert]::ToBoolean($env:checkLogonStartupEntries),\r\n    [Parameter()]\r\n    [Switch]$Boot = [System.Convert]::ToBoolean($env:checkBootEntries),\r\n    [Parameter()]\r\n    [Switch]$WinLogon = [System.Convert]::ToBoolean($env:checkWinlogonEntries),\r\n    [Parameter()]\r\n    [Switch]$AppInit = [System.Convert]::ToBoolean($env:checkAppinitEntries),\r\n    [Parameter()]\r\n    [Switch]$Explorer = [System.Convert]::ToBoolean($env:checkExplorerAddons),\r\n    [Parameter()]\r\n    [Switch]$Sidebar = [System.Convert]::ToBoolean($env:checkSidebarGadgets),\r\n    [Parameter()]\r\n    [Switch]$ImageHijacks = [System.Convert]::ToBoolean($env:checkImageHijacks),\r\n    [Parameter()]\r\n    [Switch]$IEAddons = [System.Convert]::ToBoolean($env:checkInternetExplorerAddons),\r\n    [Parameter()]\r\n    [Switch]$KnownDLLs = [System.Convert]::ToBoolean($env:checkKnownDlls),\r\n    [Parameter()]\r\n    [Switch]$WMIentries = [System.Convert]::ToBoolean($env:checkWmiEntries),\r\n    [Parameter()]\r\n    [Switch]$WinSockProtocols = [System.Convert]::ToBoolean($env:checkWinsockProtocol),\r\n    [Parameter()]\r\n    [Switch]$Codecs = [System.Convert]::ToBoolean($env:checkCodecs),\r\n    [Parameter()]\r\n    [Switch]$PrinterMonitor = [System.Convert]::ToBoolean($env:checkPrinterMonitorDlls),\r\n    [Parameter()]\r\n    [Switch]$LSAProviders = [System.Convert]::ToBoolean($env:checkLsaSecurityProviders),\r\n    [Parameter()]\r\n    [Switch]$Services = [System.Convert]::ToBoolean($env:checkAutostartServices),\r\n    [Parameter()]\r\n    [Switch]$ScheduledTasks = [System.Convert]::ToBoolean($env:checkScheduledTasks),\r\n    [Parameter()]\r\n    [Switch]$HideMicrosoftEntries = [System.Convert]::ToBoolean($env:hideMicrosoftEntries),\r\n    [Parameter()]\r\n    [String]$DestinationFolder = \"$env:Temp\",\r\n    [Parameter()]\r\n    [String]$DownloadUrl = \"https:\/\/download.sysinternals.com\/files\/Autoruns.zip\",\r\n    [Parameter()]\r\n    [Switch]$SkipSleep = [System.Convert]::ToBoolean($env:skipSleep)\r\n)\r\n\r\nbegin {\r\n\r\n    # If Script Forms are used replace the parameters\r\n    if ($env:destinationFolder -and $env:DestinationFolder -notlike \"null\") { $DestinationFolder = $env:destinationFolder }\r\n    if ($env:downloadUrl -and $env:downloadUrl -notlike \"null\") { $DownloadUrl = $env:downloadUrl }\r\n    if ($env:customFieldName -and $env:customFieldName -notlike \"null\") { $CustomField = $env:customFieldName }\r\n\r\n    if ($PSVersionTable.PSVersion.Major -lt 5) {\r\n        function Expand-Archive {\r\n            [CmdletBinding()]\r\n            param(\r\n                [Parameter()]\r\n                [String]$Path,\r\n                [Parameter()]\r\n                [String]$DestinationPath,\r\n                [Parameter()]\r\n                [Switch]$Force\r\n            )\r\n            begin {\r\n                Add-Type -assembly \"System.IO.Compression.FileSystem\"\r\n            }\r\n            process {\r\n                if ($Force -and (Test-Path $DestinationPath)) {\r\n                    $ZipFile = [System.IO.Compression.ZipFile]::OpenRead($Path)\r\n\r\n                    $ZipFile.Entries | ForEach-Object {\r\n                        $Destination = [System.IO.Path]::Combine($DestinationPath, $_.FullName)\r\n                        $DestinationDir = [System.IO.Path]::GetDirectoryName($Destination)\r\n                        if (-not (Test-Path $DestinationDir)) {\r\n                            New-Item -ItemType Directory -Path $DestinationDir -Force\r\n                        }\r\n                        [System.IO.Compression.ZipFileExtensions]::ExtractToFile($_, $Destination, $True)\r\n                    }\r\n                    $ZipFile.Dispose()\r\n                }\r\n                else {\r\n                    [System.IO.Compression.ZipFile]::ExtractToDirectory($Path, $DestinationPath)\r\n                }\r\n            }\r\n        }\r\n    }\r\n\r\n    # Handy download function\r\n    function Invoke-Download {\r\n        param(\r\n            [Parameter()]\r\n            [String]$URL,\r\n            [Parameter()]\r\n            [String]$Path,\r\n            [Parameter()]\r\n            [Switch]$SkipSleep\r\n        )\r\n\r\n        Write-Host \"URL Given, Downloading the file...\"\r\n\r\n        $SupportedTLSversions = [enum]::GetValues('Net.SecurityProtocolType')\r\n        if ( ($SupportedTLSversions -contains 'Tls13') -and ($SupportedTLSversions -contains 'Tls12') ) {\r\n            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol::Tls13 -bor [System.Net.SecurityProtocolType]::Tls12\r\n        }\r\n        elseif ( $SupportedTLSversions -contains 'Tls12' ) {\r\n            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12\r\n        }\r\n        else {\r\n            # Not everything requires TLS 1.2, but we'll try anyways.\r\n            Write-Warning \"TLS 1.2 and or TLS 1.3 isn't supported on this system. This download may fail!\"\r\n            if ($PSVersionTable.PSVersion.Major -lt 3) {\r\n                Write-Warning \"PowerShell 2 \/ .NET 2.0 doesn't support TLS 1.2.\"\r\n            }\r\n        }\r\n\r\n        $i = 1\r\n        While ($i -lt 4) {\r\n            if (-not ($SkipSleep)) {\r\n                $SleepTime = Get-Random -Minimum 3 -Maximum 60\r\n                Start-Sleep -Seconds $SleepTime\r\n            }\r\n\r\n            Write-Host \"Download Attempt $i\"\r\n\r\n            try {\r\n                $WebClient = New-Object System.Net.WebClient\r\n                $WebClient.DownloadFile($URL, $Path)\r\n            }\r\n            catch {\r\n                Write-Warning \"An error has occurred while downloading!\"\r\n            }\r\n\r\n            $File = Test-Path -Path $Path -ErrorAction SilentlyContinue\r\n            if ($File) {\r\n                $i = 4\r\n            }\r\n            else {\r\n                $i++\r\n            }\r\n        }\r\n\r\n        if (-not $File) { \r\n            Write-Error -Message \"File failed to download!\" -Category DeviceError -Exception (New-Object System.Exception)\r\n            Exit 1 \r\n        }\r\n    }\r\n\r\n    # Need to set Regkey to accept EULA\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error -Message \"[Error] Unable to Set registry key for $Name please see below error!\" -Category DeviceError -Exception (New-Object System.Exception)\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path\\$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error -Message \"[Error] Unable to Set registry key for $Name please see below error!\" -Category DeviceError -Exception (New-Object System.Exception)\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path\\$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n    }\r\n\r\n    function Set-NinjaProperty {\r\n        [CmdletBinding()]\r\n        Param(\r\n            [Parameter(Mandatory = $True)]\r\n            [String]$Name,\r\n            [Parameter()]\r\n            [String]$Type,\r\n            [Parameter(Mandatory = $True, ValueFromPipeline = $True)]\r\n            $Value,\r\n            [Parameter()]\r\n            [String]$DocumentName\r\n        )\r\n\r\n        $Characters = $Value | Measure-Object -Character | Select-Object -ExpandProperty Characters\r\n        if($Characters -ge 10000){\r\n            throw [System.ArgumentOutOfRangeException]::New(\"Character limit exceeded, value is greater than 10,000 characters.\")\r\n        }\r\n    \r\n        # If we're requested to set the field value for a Ninja document we'll specify it here.\r\n        $DocumentationParams = @{}\r\n        if ($DocumentName) { $DocumentationParams[\"DocumentName\"] = $DocumentName }\r\n    \r\n        # This is a list of valid fields that can be set. If no type is given, it will be assumed that the input doesn't need to be changed.\r\n        $ValidFields = \"Attachment\", \"Checkbox\", \"Date\", \"Date or Date Time\", \"Decimal\", \"Dropdown\", \"Email\", \"Integer\", \"IP Address\", \"MultiLine\", \"MultiSelect\", \"Phone\", \"Secure\", \"Text\", \"Time\", \"URL\", \"WYSIWYG\"\r\n        if ($Type -and $ValidFields -notcontains $Type) { Write-Warning \"$Type is an invalid type! Please check here for valid types. https:\/\/ninjarmm.zendesk.com\/hc\/en-us\/articles\/16973443979789-Command-Line-Interface-CLI-Supported-Fields-and-Functionality\" }\r\n    \r\n        # The field below requires additional information to be set\r\n        $NeedsOptions = \"Dropdown\"\r\n        if ($DocumentName) {\r\n            if ($NeedsOptions -contains $Type) {\r\n                # We'll redirect the error output to the success stream to make it easier to error out if nothing was found or something else went wrong.\r\n                $NinjaPropertyOptions = Ninja-Property-Docs-Options -AttributeName $Name @DocumentationParams 2&gt;&amp;1\r\n            }\r\n        }\r\n        else {\r\n            if ($NeedsOptions -contains $Type) {\r\n                $NinjaPropertyOptions = Ninja-Property-Options -Name $Name 2&gt;&amp;1\r\n            }\r\n        }\r\n    \r\n        # If an error is received it will have an exception property, the function will exit with that error information.\r\n        if ($NinjaPropertyOptions.Exception) { throw $NinjaPropertyOptions }\r\n    \r\n        # The below type's require values not typically given in order to be set. The below code will convert whatever we're given into a format ninjarmm-cli supports.\r\n        switch ($Type) {\r\n            \"Checkbox\" {\r\n                # While it's highly likely we were given a value like \"True\" or a boolean datatype it's better to be safe than sorry.\r\n                $NinjaValue = [System.Convert]::ToBoolean($Value)\r\n            }\r\n            \"Date or Date Time\" {\r\n                # Ninjarmm-cli expects the GUID of the option to be selected. Therefore, the given value will be matched with a GUID.\r\n                $Date = (Get-Date $Value).ToUniversalTime()\r\n                $TimeSpan = New-TimeSpan (Get-Date \"1970-01-01 00:00:00\") $Date\r\n                $NinjaValue = $TimeSpan.TotalSeconds\r\n            }\r\n            \"Dropdown\" {\r\n                # Ninjarmm-cli is expecting the guid of the option we're trying to select. So we'll match up the value we were given with a guid.\r\n                $Options = $NinjaPropertyOptions -replace '=', ',' | ConvertFrom-Csv -Header \"GUID\", \"Name\"\r\n                $Selection = $Options | Where-Object { $_.Name -eq $Value } | Select-Object -ExpandProperty GUID\r\n    \r\n                if (-not $Selection) {\r\n                    throw [System.ArgumentOutOfRangeException]::New(\"Value is not present in dropdown\")\r\n                }\r\n    \r\n                $NinjaValue = $Selection\r\n            }\r\n            default {\r\n                # All the other types shouldn't require additional work on the input.\r\n                $NinjaValue = $Value\r\n            }\r\n        }\r\n    \r\n        # We'll need to set the field differently depending on if its a field in a Ninja Document or not.\r\n        if ($DocumentName) {\r\n            $CustomField = Ninja-Property-Docs-Set -AttributeName $Name -AttributeValue $NinjaValue @DocumentationParams 2&gt;&amp;1\r\n        }\r\n        else {\r\n            $CustomField = Ninja-Property-Set -Name $Name -Value $NinjaValue 2&gt;&amp;1\r\n        }\r\n    \r\n        if ($CustomField.Exception) {\r\n            throw $CustomField\r\n        }\r\n    }\r\n\r\n    # Test for elevation\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    $ExitCode = 0\r\n}\r\nprocess {\r\n\r\n    # Take the script parameters and translate them into Autoruns options.\r\n    if ($Startup) { $AutorunOptions = \"l\" }\r\n    if ($Boot) { $AutorunOptions = \"$($AutorunOptions)b\" }\r\n    if ($Winlogon) { $AutorunOptions = \"$($AutorunOptions)w\" }\r\n    if ($AppInit) { $AutorunOptions = \"$($AutorunOptions)d\" }\r\n    if ($Explorer) { $AutorunOptions = \"$($AutorunOptions)e\" }\r\n    if ($Sidebar) { $AutorunOptions = \"$($AutorunOptions)g\" }\r\n    if ($ImageHijacks) { $AutorunOptions = \"$($AutorunOptions)h\" }\r\n    if ($IEAddons) { $AutorunOptions = \"$($AutorunOptions)i\" }\r\n    if ($KnownDLLs) { $AutorunOptions = \"$($AutorunOptions)k\" }\r\n    if ($WMIentries) { $AutorunOptions = \"$($AutorunOptions)m\" }\r\n    if ($WinSockProtocols) { $AutorunOptions = \"$($AutorunOptions)n\" }\r\n    if ($Codecs) { $AutorunOptions = \"$($AutorunOptions)o\" }\r\n    if ($PrinterMonitor) { $AutorunOptions = \"$($AutorunOptions)p\" }\r\n    if ($LSAProviders) { $AutorunOptions = \"$($AutorunOptions)r\" }\r\n    if ($Services) { $AutorunOptions = \"$($AutorunOptions)s\" }\r\n    if ($ScheduledTasks) { $AutorunOptions = \"$($AutorunOptions)t\" }\r\n\r\n    if (-not $AutorunOptions){\r\n        Write-Error -Message \"No Autoruns options selected. Please at least select one option to search for autostart entries.\" -Category InvalidArgument -Exception (New-Object System.ArgumentNullException)\r\n        exit 1\r\n    }\r\n\r\n    # Download the file and unzip its contents\r\n    $DownloadArguments = @{\r\n        URL  = $DownloadUrl\r\n        Path = \"$DestinationFolder\\Autoruns.zip\"\r\n    }\r\n    if ($SkipSleep) { $DownloadArguments[\"SkipSleep\"] = $true }\r\n\r\n    # Download and unzip\r\n    Invoke-Download @DownloadArguments\r\n    Expand-Archive -Path \"$DestinationFolder\\Autoruns.zip\" -DestinationPath \"$DestinationFolder\\Autoruns\" -Force\r\n\r\n    if (-not (Test-Path \"$DestinationFolder\\Autoruns\\autorunsc64.exe\" -ErrorAction SilentlyContinue)) {\r\n        Write-Error -Message \"Failed to unzip Autoruns\" -Category DeviceError -Exception (New-Object System.Exception)\r\n        exit 1\r\n    }\r\n\r\n    # Now that we have the options create an argument list using those options\r\n    $ArgumentList = New-Object System.Collections.Generic.List[string]\r\n    $ArgumentList.Add(\"-a $AutorunOptions\")\r\n    $ArgumentList.Add(\"-h\")\r\n    $ArgumentList.Add(\"-c\")\r\n    $ArgumentList.Add(\"-s\")\r\n    if ($HideMicrosoftEntries) { $ArgumentList.Add(\"-m\") }\r\n\r\n    # Accept EULA\r\n    Set-RegKey -Path \"HKCU:\\SOFTWARE\\Sysinternals\\AutoRuns\" -Name \"EulaAccepted\" -Value 1\r\n\r\n    # Run autoruns and store the results as a csv and then import the results into powershell\r\n    Start-Process \"$DestinationFolder\\Autoruns\\autorunsc64.exe\" -ArgumentList $ArgumentList -NoNewWindow -RedirectStandardOutput \"$DestinationFolder\\Autoruns\\autorunsc.csv\" -Wait\r\n    $AutorunResults = Import-Csv \"$DestinationFolder\\Autoruns\\autorunsc.csv\" | Where-Object { $_.Entry } | Sort-Object Entry | Select-Object Entry, \"Entry Location\", \"Image Path\", Signer, MD5\r\n\r\n    if (-not ($AutorunResults)) {\r\n        Write-Error -Message \"No startup entries found. Is Autorunsc being blocked?\" -Category InvalidResult -Exception (New-Object System.ApplicationException)\r\n        $ExitCode = 1\r\n    }\r\n\r\n    # Set the custom field with the Autoruns results.\r\n    if ($CustomField) {\r\n        if ($PSVersionTable.PSVersion.Major -lt 3) {\r\n            Write-Warning \"Ninjarmm-cli does not support setting custom fields using PowerShell 2.0\"\r\n            $ExitCode = 1\r\n        }\r\n        \r\n        if ( -not (Test-IsElevated)) {\r\n            Write-Warning \"Script must be elevated in order to write to custom field.\"\r\n            $ExitCode = 1\r\n        }\r\n\r\n        try {\r\n            Write-Host \"Attempting to set Custom Field '$CustomField'.\"\r\n            $htmlTable = $AutorunResults | ConvertTo-HTML -Fragment\r\n            Set-NinjaProperty -Name $CustomField -Value $htmlTable\r\n            Write-Host \"Successfully set Custom Field '$CustomField'!\"\r\n        }\r\n        catch {\r\n            $_\r\n            $ExitCode = 1\r\n        }\r\n    }\r\n\r\n    # Clean up our leftover files.\r\n    Remove-Item \"$DestinationFolder\\Autoruns\" -Recurse -Force\r\n    Remove-Item \"$DestinationFolder\\Autoruns.zip\" -Force\r\n\r\n    # Output results into activity log. Using Format-List due to size of table.\r\n    $AutorunResults | Sort-Object Entry | Format-List\r\n\r\n    exit $ExitCode\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p style=\"text-align: center;\">Acc\u00e9dez \u00e0 plus de 700\u00a0scripts dans le Dojo NinjaOne<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.ninjaone.com\/fr\/phase-de-test-gratuit\/\">Obtenir l&rsquo;acc\u00e8s<\/a><\/p>\n<\/div>\n<h2>Description d\u00e9taill\u00e9e<\/h2>\n<p>Le script commence par d\u00e9finir des param\u00e8tres qui permettent aux utilisateurs de sp\u00e9cifier diff\u00e9rents types d&rsquo;entr\u00e9es d&rsquo;ex\u00e9cution automatique \u00e0 auditer, tels que les applications de d\u00e9marrage, les ex\u00e9cutables d&rsquo;amor\u00e7age et les t\u00e2ches planifi\u00e9es. Il t\u00e9l\u00e9charge l&rsquo;outil Autorunsc, l&rsquo;ex\u00e9cute avec les param\u00e8tres choisis et collecte les r\u00e9sultats.<\/p>\n<p><em>Les \u00e9tapes cl\u00e9s du script :<\/em><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Initialisation des param\u00e8tres :<\/strong> Les utilisateurs peuvent s\u00e9lectionner le type d&rsquo;entr\u00e9es d&rsquo;ex\u00e9cution automatique qu&rsquo;ils souhaitent auditer, comme les \u00e9l\u00e9ments de d\u00e9marrage, les t\u00e2ches planifi\u00e9es ou les services.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>T\u00e9l\u00e9chargement d&rsquo;Autorunsc :<\/strong> Le script t\u00e9l\u00e9charge automatiquement Autorunsc de Sysinternals.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Ex\u00e9cution et traitement des r\u00e9sultats :<\/strong> Autorunsc est ex\u00e9cut\u00e9 avec les param\u00e8tres sp\u00e9cifi\u00e9s et les r\u00e9sultats sont format\u00e9s dans un format lisible.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>\u00c9criture dans<\/strong> un champ personnalis\u00e9: optionnellement, les r\u00e9sultats peuvent \u00eatre \u00e9crits dans un champ personnalis\u00e9, \u00e0 condition que le script soit ex\u00e9cut\u00e9 avec des privil\u00e8ges \u00e9lev\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Nettoyage :<\/strong> apr\u00e8s l&rsquo;ex\u00e9cution, le script efface les fichiers t\u00e9l\u00e9charg\u00e9s et g\u00e9n\u00e9r\u00e9s temporairement.<\/li>\n<\/ul>\n<h2>Cas d&rsquo;utilisation potentiels<\/h2>\n<p>Imaginez un professionnel de l&rsquo;informatique qui soup\u00e7onne l&rsquo;existence d&rsquo;un logiciel non autoris\u00e9 ou nuisible s&rsquo;ex\u00e9cutant au d\u00e9marrage dans les syst\u00e8mes de son entreprise. En ex\u00e9cutant ce script, il peut rapidement v\u00e9rifier tous les \u00e9l\u00e9ments de d\u00e9marrage et identifier toute application ind\u00e9sirable ou suspecte, am\u00e9liorant ainsi la s\u00e9curit\u00e9 et les performances du syst\u00e8me.<\/p>\n<h2>Comparaisons<\/h2>\n<p>Les m\u00e9thodes traditionnelles d&rsquo;audit des \u00e9l\u00e9ments de d\u00e9marrage impliquent souvent de v\u00e9rifier manuellement divers emplacements du syst\u00e8me ou d&rsquo;utiliser des outils distincts pour les diff\u00e9rents types de d\u00e9marrage. Ce script simplifie et consolide le processus, en utilisant un seul outil (Autorunsc) pour v\u00e9rifier une gamme compl\u00e8te d&rsquo;entr\u00e9es d&rsquo;ex\u00e9cution automatique. Par rapport aux m\u00e9thodes manuelles, ce script permet de gagner du temps et r\u00e9duit la probabilit\u00e9 d&rsquo;oublier des \u00e9l\u00e9ments essentiels.<\/p>\n<h2>FAQ<\/h2>\n<p>Q1 : Ce script est-il adapt\u00e9 \u00e0 toutes les versions de Windows ?<br \/>\nA1 : Le script est con\u00e7u pour Windows 10 et Server 2012.<\/p>\n<p>Q2 : Ai-je besoin de droits d&rsquo;administrateur pour ex\u00e9cuter ce script ?<br \/>\nA2 : Oui, des privil\u00e8ges d&rsquo;administrateur sont n\u00e9cessaires pour certaines op\u00e9rations, comme l&rsquo;\u00e9criture dans un champ personnalis\u00e9.<\/p>\n<p>Q3 : Ce script peut-il identifier les logiciels malveillants ?<br \/>\nA3 : Bien qu&rsquo;il puisse identifier des \u00e9l\u00e9ments de d\u00e9marrage non autoris\u00e9s ou inconnus, une analyse plus approfondie est n\u00e9cessaire pour d\u00e9terminer s&rsquo;il s&rsquo;agit de logiciels malveillants.<\/p>\n<h2>Implications<\/h2>\n<p>L&rsquo;utilisation de ce script pour l&rsquo;audit des \u00e9l\u00e9ments de d\u00e9marrage est importante pour la s\u00e9curit\u00e9 informatique. L&rsquo;identification et la gestion de l&rsquo;ex\u00e9cution automatique peuvent <a href=\"https:\/\/www.ninjaone.com\/blog\/5-steps-for-removing-malware-from-your-computer\/\" target=\"_blank\" rel=\"noopener\">emp\u00eacher les logiciels malveillants<\/a> de s&rsquo;ex\u00e9cuter au d\u00e9marrage et am\u00e9liorer les performances du syst\u00e8me. Toutefois, il est essentiel d&rsquo;analyser soigneusement les r\u00e9sultats de l&rsquo;audit afin d&rsquo;\u00e9viter les faux positifs et de s&rsquo;assurer que des logiciels l\u00e9gitimes ne sont pas bloqu\u00e9s par inadvertance.<\/p>\n<h2>Recommandations<\/h2>\n<p>Les bonnes pratiques lors de l&rsquo;utilisation de ce script sont les suivantes :<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\">Audits r\u00e9guliers pour maintenir l&rsquo;int\u00e9grit\u00e9 du syst\u00e8me.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Ex\u00e9cuter le script avec des privil\u00e8ges d&rsquo;administrateur pour une fonctionnalit\u00e9 compl\u00e8te.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\">Analyse minutieuse des r\u00e9sultats de l&rsquo;audit afin d&rsquo;identifier les entr\u00e9es d&rsquo;ex\u00e9cution automatique non autoris\u00e9es ou inutiles et de prendre les mesures qui s&rsquo;imposent.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Dans le cadre d&rsquo;une gestion efficace des syst\u00e8mes informatiques, des outils comme NinjaOne, associ\u00e9s \u00e0 des scripts puissants tels que le script d&rsquo;audit d&rsquo;autorunsc PowerShell, peuvent consid\u00e9rablement am\u00e9liorer la capacit\u00e9 d&rsquo;un professionnel de l&rsquo;informatique \u00e0 maintenir l&rsquo;int\u00e9grit\u00e9 et la s\u00e9curit\u00e9 de son syst\u00e8me. La suite compl\u00e8te de gestion informatique de NinjaOne, int\u00e9gr\u00e9e \u00e0 ces <a href=\"https:\/\/www.ninjaone.com\/fr\/script-hub\" target=\"_blank\" rel=\"noopener\">scripts<\/a>, offre une solution de pointe pour la <a href=\"https:\/\/www.ninjaone.com\/fr\/gestion-informatique-grande-entreprise\/infrastructure\" target=\"_blank\" rel=\"noopener\">surveillance, la gestion et la s\u00e9curisation des infrastructures informatiques<\/a>.<\/p>\n","protected":false},"author":35,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4281],"class_list":["post-263497","script_hub","type-script_hub","status-publish","hentry","script_hub_category-windows","use_cases-configuration-generale"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub\/263497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/comments?post=263497"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/media?parent=263497"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/operating_system?post=263497"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/use_cases?post=263497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}