#Requires -RunAsAdministrator <# .SYNOPSIS Verifies that SolidWorks privacy lockdown is properly configured. .DESCRIPTION Checks all components of the privacy lockdown: - Hosts file entries - Disabled services - Firewall rules - Registry settings - Licensing server connectivity .NOTES Author: Atomaste Solution Requires: Administrator privileges #> param( [switch]$Detailed # Show detailed information for each check ) $script:passed = 0 $script:failed = 0 $script:warnings = 0 function Write-Check { param( [string]$Name, [string]$Status, # PASS, FAIL, WARN [string]$Message ) $icon = switch ($Status) { "PASS" { "[OK]"; $color = "Green"; $script:passed++ } "FAIL" { "[!!]"; $color = "Red"; $script:failed++ } "WARN" { "[??]"; $color = "Yellow"; $script:warnings++ } default { "[--]"; $color = "Gray" } } Write-Host " $icon " -ForegroundColor $color -NoNewline Write-Host "$Name" -ForegroundColor White -NoNewline if ($Message) { Write-Host " - $Message" -ForegroundColor Gray } else { Write-Host "" } } function Test-HostsFile { Write-Host "`n=== HOSTS FILE CHECK ===" -ForegroundColor Cyan $hostsPath = "C:\Windows\System32\drivers\etc\hosts" $content = Get-Content $hostsPath -Raw -ErrorAction SilentlyContinue $markerStart = "# === SOLIDWORKS TELEMETRY BLOCK START ===" if ($content -match [regex]::Escape($markerStart)) { Write-Check -Name "Telemetry block installed" -Status "PASS" } else { Write-Check -Name "Telemetry block installed" -Status "FAIL" -Message "Block not found in hosts file" } # Check specific domains $telemetryDomains = @( "telemetry.solidworks.com", "analytics.3ds.com", "collect.3ds.com", "update.solidworks.com" ) foreach ($domain in $telemetryDomains) { if ($content -match "127\.0\.0\.1\s+$([regex]::Escape($domain))") { if ($Detailed) { Write-Check -Name " $domain" -Status "PASS" -Message "Blocked" } } else { Write-Check -Name " $domain" -Status "WARN" -Message "Not blocked" } } } function Test-LicensingConnectivity { Write-Host "`n=== LICENSING SERVER CHECK ===" -ForegroundColor Cyan $licensingDomains = @( "activation.solidworks.com", "license.solidworks.com", "licensing.solidworks.com" ) foreach ($domain in $licensingDomains) { try { $dns = Resolve-DnsName -Name $domain -Type A -ErrorAction Stop -DnsOnly if ($dns) { Write-Check -Name "$domain" -Status "PASS" -Message "Reachable ($($dns[0].IPAddress))" } } catch { Write-Check -Name "$domain" -Status "FAIL" -Message "Cannot resolve DNS" } } } function Test-Services { Write-Host "`n=== SERVICES CHECK ===" -ForegroundColor Cyan $services = Get-Service -DisplayName "*SOLIDWORKS*" -ErrorAction SilentlyContinue if (-not $services -or $services.Count -eq 0) { Write-Check -Name "SolidWorks services" -Status "PASS" -Message "No services found/installed" return } foreach ($svc in $services) { $isUpdateService = $svc.DisplayName -match "update|download|background" if ($isUpdateService) { if ($svc.StartType -eq "Disabled") { Write-Check -Name $svc.DisplayName -Status "PASS" -Message "Disabled" } else { Write-Check -Name $svc.DisplayName -Status "WARN" -Message "Should be disabled ($($svc.StartType))" } } else { if ($Detailed) { Write-Check -Name $svc.DisplayName -Status "PASS" -Message "$($svc.StartType) (kept)" } } } } function Test-FirewallRules { Write-Host "`n=== FIREWALL RULES CHECK ===" -ForegroundColor Cyan $rulePrefix = "SolidWorks Privacy - " $rules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue if (-not $rules) { Write-Check -Name "Firewall rules" -Status "WARN" -Message "No SolidWorks firewall rules found" return } $blockRules = $rules | Where-Object { $_.Action -eq "Block" } $allowRules = $rules | Where-Object { $_.Action -eq "Allow" } Write-Check -Name "Block rules configured" -Status "PASS" -Message "$($blockRules.Count) rule(s)" Write-Check -Name "Allow rules configured" -Status "PASS" -Message "$($allowRules.Count) rule(s)" if ($Detailed) { foreach ($rule in $rules) { $status = if ($rule.Enabled -eq "True") { "Active" } else { "Disabled" } Write-Check -Name " $($rule.DisplayName -replace $rulePrefix, '')" -Status "PASS" -Message "$($rule.Action) - $status" } } } function Test-Registry { Write-Host "`n=== REGISTRY CHECK ===" -ForegroundColor Cyan $regChecks = @( @{ Name = "Customer Experience Program" Path = "HKCU:\Software\SolidWorks\SOLIDWORKS *\Performance" ValueName = "CustomerExperienceImprovementProgram" ExpectedPattern = "OptInStatus" DisabledValue = 0 } ) # Find actual SolidWorks version paths $swBasePath = "HKCU:\Software\SolidWorks" if (-not (Test-Path $swBasePath)) { Write-Check -Name "SolidWorks registry" -Status "WARN" -Message "Not found (SW may not be installed/run yet)" return } $swVersions = Get-ChildItem -Path $swBasePath -ErrorAction SilentlyContinue | Where-Object { $_.PSChildName -like "SOLIDWORKS *" } if (-not $swVersions) { Write-Check -Name "SolidWorks versions" -Status "WARN" -Message "No version keys found" return } foreach ($version in $swVersions) { Write-Host "`n $($version.PSChildName):" -ForegroundColor White # Check Performance subkey $perfPath = Join-Path $version.PSPath "Performance" if (Test-Path $perfPath) { $props = Get-ItemProperty -Path $perfPath -ErrorAction SilentlyContinue if ($props.PSObject.Properties.Name -contains "OptInStatus") { if ($props.OptInStatus -eq 0) { Write-Check -Name " CEIP OptInStatus" -Status "PASS" -Message "Disabled" } else { Write-Check -Name " CEIP OptInStatus" -Status "FAIL" -Message "Enabled ($($props.OptInStatus))" } } else { Write-Check -Name " CEIP OptInStatus" -Status "WARN" -Message "Not set" } } # Check General subkey $generalPath = Join-Path $version.PSPath "General" if (Test-Path $generalPath) { $props = Get-ItemProperty -Path $generalPath -ErrorAction SilentlyContinue if ($props.PSObject.Properties.Name -contains "Auto Check for Updates") { if ($props."Auto Check for Updates" -eq 0) { Write-Check -Name " Auto Updates" -Status "PASS" -Message "Disabled" } else { Write-Check -Name " Auto Updates" -Status "FAIL" -Message "Enabled" } } } } } function Test-TelemetryConnectivity { Write-Host "`n=== TELEMETRY BLOCK VERIFICATION ===" -ForegroundColor Cyan $telemetryDomains = @( "telemetry.solidworks.com", "analytics.3ds.com" ) foreach ($domain in $telemetryDomains) { try { $result = Resolve-DnsName -Name $domain -Type A -ErrorAction Stop -DnsOnly $ip = $result[0].IPAddress if ($ip -eq "127.0.0.1") { Write-Check -Name "$domain" -Status "PASS" -Message "Blocked (resolves to 127.0.0.1)" } else { Write-Check -Name "$domain" -Status "FAIL" -Message "NOT blocked (resolves to $ip)" } } catch { Write-Check -Name "$domain" -Status "WARN" -Message "Cannot resolve (may be blocked at DNS level)" } } } function Show-Summary { Write-Host "`n========================================" -ForegroundColor Cyan Write-Host " VERIFICATION SUMMARY" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "" Write-Host " Passed: " -NoNewline; Write-Host "$script:passed" -ForegroundColor Green Write-Host " Failed: " -NoNewline; Write-Host "$script:failed" -ForegroundColor Red Write-Host " Warnings: " -NoNewline; Write-Host "$script:warnings" -ForegroundColor Yellow Write-Host "" if ($script:failed -eq 0) { Write-Host " [SUCCESS] Privacy lockdown is properly configured!" -ForegroundColor Green } elseif ($script:failed -le 2) { Write-Host " [PARTIAL] Most protections are in place, minor issues found." -ForegroundColor Yellow } else { Write-Host " [INCOMPLETE] Privacy lockdown needs attention." -ForegroundColor Red } } # Main execution Write-Host "========================================" -ForegroundColor Cyan Write-Host " SolidWorks Privacy Lockdown Verifier" -ForegroundColor Cyan Write-Host " Atomaste Solution" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "`nRunning verification checks..." -ForegroundColor White Test-HostsFile Test-LicensingConnectivity Test-Services Test-FirewallRules Test-Registry Test-TelemetryConnectivity Show-Summary Write-Host "`n[TIP] Use -Detailed for more information on each check" -ForegroundColor Gray Write-Host "[DONE] Verification completed." -ForegroundColor Green