Close
Close
Close
Close
In this tutorial, you’ll learn how to use a PowerShell script to replace multiple camera device drivers in Milestone XProtect.
Drivers are essential for connecting your XProtect recording server to cameras, enabling important features like video streams, advanced compression options (like Zipstream), and new analytics capabilities. While Milestone periodically updates these drivers (e.g., Axis, Bosch, Hanwha), many systems still run on outdated versions.
Manually updating each camera can be time-consuming, but with this script, you can automate the process, saving hours of manual work.
# Function to configure and check the status of a TLS protocol
function Set-TLSStatus {
param (
[string]$Protocol,
[string]$Type,
[int]$EnableValue = 1
)
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$Protocol\$Type"
if (-not (Test-Path $regPath)) {
New-Item -Path $regPath -Force | Out-Null
}
Set-ItemProperty -Path $regPath -Name "Enabled" -Value $EnableValue -Force
Set-ItemProperty -Path $regPath -Name "DisabledByDefault" -Value 0 -Force
}
# Function to check the status of a TLS protocol
function Get-TLSStatus {
param (
[string]$Protocol,
[string]$Type
)
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$Protocol\$Type"
if (Test-Path $regPath) {
$enabled = Get-ItemProperty -Path $regPath -Name "Enabled" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Enabled -ErrorAction SilentlyContinue
$disabledByDefault = Get-ItemProperty -Path $regPath -Name "DisabledByDefault" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisabledByDefault -ErrorAction SilentlyContinue
if ($enabled -eq 1) {
"$Protocol $Type is Enabled"
} elseif ($disabledByDefault -eq 1) {
"$Protocol $Type is Disabled"
} else {
"$Protocol $Type is Not Configured"
}
} else {
"$Protocol $Type key does not exist"
}
}
# TLS versions to configure and check
$tlsProtocols = @("TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3")
# Configure TLS 1.2 and TLS 1.3
foreach ($protocol in $tlsProtocols) {
if ($protocol -eq "TLS 1.2" -or $protocol -eq "TLS 1.3") {
Set-TLSStatus -Protocol $protocol -Type 'Client' -EnableValue 1
Set-TLSStatus -Protocol $protocol -Type 'Server' -EnableValue 1
} elseif ($protocol -eq "TLS 1.0" -or $protocol -eq "TLS 1.1") {
Set-TLSStatus -Protocol $protocol -Type 'Client' -EnableValue 0
Set-TLSStatus -Protocol $protocol -Type 'Server' -EnableValue 0
}
}
# Check the status for each protocol and type (Client and Server)
foreach ($protocol in $tlsProtocols) {
Write-Output "$(Get-TLSStatus -Protocol $protocol -Type 'Client')"
Write-Output "$(Get-TLSStatus -Protocol $protocol -Type 'Server')"
}
# .NET Framework strong cryptography setting
function Get-DotNetCryptoStatus {
param (
[string]$regPath
)
$strongCrypto = Get-ItemProperty -Path $regPath -Name "SchUseStrongCrypto" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty SchUseStrongCrypto -ErrorAction SilentlyContinue
if ($null -ne $strongCrypto) {
if ($strongCrypto -eq 1) {
".NET Framework Strong Crypto at $regPath is Enabled"
} else {
".NET Framework Strong Crypto at $regPath is Disabled"
}
} else {
".NET Framework Strong Crypto at $regPath is Not Configured"
}
}
# Check .NET Framework strong cryptography settings
$netFrameworkPaths = @(
"HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319",
"HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319"
)
foreach ($path in $netFrameworkPaths) {
Write-Output "$(Get-DotNetCryptoStatus -regPath $path)"
}
Subscribe to get a monthly dose of security & surveillance industry news and insights, Milestone VMS time-saving tricks, tips for hacking your way out of boring work sent directly to your inbox!