fix: update Task Scheduler operational status reporting

2025-12-06 09:12:46 +01:00 · 2025-10-05 16:04:28 +09:00
parent 5865ac6a1d
commit 8b82ff216b
1 changed files with 8 additions and 4 deletions
--- a/WELA.ps1
+++ b/WELA.ps1
@@ -1339,12 +1339,13 @@ function GuideYamatoSecurity
    $eids     = @()
    $channels = @("Microsoft-Windows-TaskScheduler/Operational")
    $enabled  = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
+    $current  = if ($enabled) { "Enabled" } else { "Disabled" }
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
    $auditResult += [WELA]::New(
            "TaskScheduler Operational",
            "",
-            "Enabled",
+            $current,
            [array]$rules,
            "Enabled",
            "Enabled",
@@ -2537,12 +2538,13 @@ function GuideASD {
    $eids     = @()
    $channels = @("Microsoft-Windows-TaskScheduler/Operational")
    $enabled  = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
+    $current  = if ($enabled) { "Enabled" } else { "Disabled" }
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
    $auditResult += [WELA]::New(
            "TaskScheduler Operational",
            "",
-            "Enabled",
+            $current,
            [array]$rules,
            "Enabled",
            "",
@@ -3735,12 +3737,13 @@ function GuideMSC {
    $eids     = @()
    $channels = @("Microsoft-Windows-TaskScheduler/Operational")
    $enabled  = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
+    $current  = if ($enabled) { "Enabled" } else { "Disabled" }
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
    $auditResult += [WELA]::New(
            "TaskScheduler Operational",
            "",
-            "Enabled",
+            $current,
            [array]$rules,
            "Enabled",
            "",
@@ -4930,12 +4933,13 @@ function GuideMSS {
    $eids     = @()
    $channels = @("Microsoft-Windows-TaskScheduler/Operational")
    $enabled  = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
+    $current  = if ($enabled) { "Enabled" } else { "Disabled" }
    $rules    = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
    $rules    | ForEach-Object { $_.applicable = $enabled }
    $auditResult += [WELA]::New(
            "TaskScheduler Operational",
            "",
-            "Enabled",
+            $current,
            [array]$rules,
            "Enabled",
            "",