From 30abc2b2a13f3c946324136ac566e9280fe014e7 Mon Sep 17 00:00:00 2001
From: strawgate <williamseaston@gmail.com>
Date: Fri, 22 Apr 2016 21:22:16 -0500
Subject: [PATCH] Adding additional Inventory content

---
 Analyses/Fonts - Windows.bes                  | 17 +++++++++
 Analyses/Group Policy - Audit - Windows.bes   | 32 +++++++++++++++++
 .../Hibernation - Configuration - Windows.bes | 20 +++++++++++
 .../Operating System - Audit - Windows.bes    | 36 +++++++++++++++++++
 .../Pagefile - Configuration - Windows.bes    | 19 ++++++++++
 Analyses/System - OS - Windows.bes            | 33 +++++++++++++++++
 ...nvoke - Group Policy Refresh - Windows.bes | 35 ++++++++++++++++++
 ...Pagefile has non-default configuration.bes | 22 ++++++++++++
 8 files changed, 214 insertions(+)
 create mode 100644 Analyses/Fonts - Windows.bes
 create mode 100644 Analyses/Group Policy - Audit - Windows.bes
 create mode 100644 Analyses/Hibernation - Configuration - Windows.bes
 create mode 100644 Analyses/Operating System - Audit - Windows.bes
 create mode 100644 Analyses/Pagefile - Configuration - Windows.bes
 create mode 100644 Analyses/System - OS - Windows.bes
 create mode 100644 Fixlets/Invoke - Group Policy Refresh - Windows.bes
 create mode 100644 Fixlets/Warning - Pagefile has non-default configuration.bes

diff --git a/Analyses/Fonts - Windows.bes b/Analyses/Fonts - Windows.bes
new file mode 100644
index 0000000..85683f2
--- /dev/null
+++ b/Analyses/Fonts - Windows.bes	
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Fonts - Windows</Title>
+		<Description>Reports on the installed fonts on the system</Description>
+		<Relevance>true</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-21</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 03:14:07 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Fonts - Installed - Windows" ID="1">names of files of folder "C:\Windows\Fonts"</Property>
+	</Analysis>
+</BES>
+
diff --git a/Analyses/Group Policy - Audit - Windows.bes b/Analyses/Group Policy - Audit - Windows.bes
new file mode 100644
index 0000000..2afbd6e
--- /dev/null
+++ b/Analyses/Group Policy - Audit - Windows.bes	
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Group Policy - Audit - Windows</Title>
+		<Description><![CDATA[<P>Provides the following pieces of&nbsp;information regarding Group Policy:</P>
+<OL>
+<LI>Average network wait on startup 
+<LI>Applied Group Policies 
+<LI>Enforced Group Policies 
+<LI>The Active Directory site the computer currently falls into 
+<LI>Assigned Software Installations in Group Policy 
+<LI>The currently connected domain controller 
+<LI>If the computer is on a slow link</LI></OL>
+<P>The applied group policies and enforced group policies properties show the name of the group policy object, at what level the policy is linked (Site, Domain, OU) and at what OU in active directory the policy is linked at.</P>]]></Description>
+		<Relevance>true</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-21</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 19:45:27 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Group Policy - Average Network Wait - Windows" ID="1">value "AvgWaitTimeoutAtStartup" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry as integer</Property>
+		<Property Name="Group Policy - Applied Policies - Windows" ID="2">(value "DisplayName" of it, (if (it = 0) then "Unknown" else (if (it = 1) then "Local Group Policy" else (if (it = 2) then "Site Linked" else (if (it = 3) then "Domain Linked" else ("OU Linked"))))) of (value "GPOLink" of it as integer), value "Link" of it) of keys of keys of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry</Property>
+		<Property Name="Group Policy - Enforced Policies - Windows" ID="3">(value "DisplayName" of it, (if (it = 0) then "Unknown" else (if (it = 1) then "Local Group Policy" else (if (it = 2) then "Site Linked" else (if (it = 3) then "Domain Linked" else ("OU Linked"))))) of (value "GPOLink" of it as integer), value "Link" of it) of keys whose (bit 1 of (value "Options" of it as integer as bit set) = true) of keys of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\history" of native registry</Property>
+		<Property Name="Group Policy - Site - Windows" ID="4">value "Site-Name" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\State\Machine" of native registry</Property>
+		<Property Name="Group Policy - Assigned Software Installation - Windows" ID="5">(value "GPO Name" of it, value "Deployment Name" of it, value "GPO ID" of it) of keys of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\Appmgmt" of native registry</Property>
+		<Property Name="Group Policy - Connected Domain Controller - Windows" ID="6">value "DCName" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\History" of native registry</Property>
+		<Property Name="Group Policy - On Slow Link - Windows" ID="7">if (value "IsSlowLink" of key "HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\group policy\History" of native registry as integer = 0) then false else true</Property>
+	</Analysis>
+</BES>
+
diff --git a/Analyses/Hibernation - Configuration - Windows.bes b/Analyses/Hibernation - Configuration - Windows.bes
new file mode 100644
index 0000000..0f0b973
--- /dev/null
+++ b/Analyses/Hibernation - Configuration - Windows.bes	
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Hibernation - Configuration - Windows</Title>
+		<Description>Hibernation Configuration for Windows </Description>
+		<Relevance>windows of operating system</Relevance>
+		<Relevance>not in proxy agent context</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-21</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 19:37:30 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Hibernation - State - Windows" ID="1">if (value "HibernateEnabled" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power" of native registry as string = "1") then "Enabled" else "Disabled"</Property>
+		<Property Name="Hibernation - hiberfil.sys Size (GB) - Windows" ID="2"><![CDATA[(size of file (name of drive of windows folder & "\hiberfil.sys") / 1024 /* KB */ / 1024 /* MB */ / 1024 /* GB */) | 0]]></Property>
+		<Property Name="Hibernation - hiberfil.sys Size (B) - Windows" ID="4"><![CDATA[size of file (name of drive of windows folder & "\hiberfil.sys") | 0]]></Property>
+	</Analysis>
+</BES>
+
diff --git a/Analyses/Operating System - Audit - Windows.bes b/Analyses/Operating System - Audit - Windows.bes
new file mode 100644
index 0000000..6c8ec33
--- /dev/null
+++ b/Analyses/Operating System - Audit - Windows.bes	
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Operating System - Audit - Windows</Title>
+		<Description><![CDATA[<P>Provides information regarding the installed Windows Operating System.</P>
+<P>Credit, compliments, and kudos to jgstew for the source of this analysis: <A href="https://bigfix.me/analysis/details/2994800">https://bigfix.me/analysis/details/2994800</A></P>]]></Description>
+		<Relevance>(if (name of operating system starts with "Win") then platform id of operating system != 3 else true) AND (if exists property "in proxy agent context" then (not in proxy agent context) else true) AND (if exists property "android" of type "operating system" then (not android of operating system) else true)</Relevance>
+		<Relevance>name of operating system as lowercase starts with "win"</Relevance>
+		<Relevance><![CDATA[version of client >= "5.0"]]></Relevance>
+		<Relevance>TRUE</Relevance>
+		<Category></Category>
+		<MIMEField>
+			<Name>x-fixlet-first-propagation</Name>
+			<Value>Thu, 23 Jan 2014 23:04:56 +0000</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 20:44:46 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="OS - Full Name - Windows" ID="1" EvaluationPeriod="P1D"><![CDATA[if (exists wmi AND (not (name of operating system = "WinME" ))) then (string value of selects "caption from win32_operatingsystem" of wmi & " " & csd version of operating system) else ( "Windows " & (following text of first "Win" of (name of operating system as string)) & (if (name of operating system = "WinNT" ) then ((if (exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" whose (exists value "ProductType" of it AND (value "ProductType" of it as string as lowercase = "servernt" OR value "ProductType" of it as string as lowercase = "lanmannt" )) of registry) then (if (exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" whose (exists value "ProductSuite" of it AND value "ProductSuite" of it as string as lowercase contains "terminal" ) of registry) then " Terminal Server" else " Server" ) else " Workstation" ) & " " & csd version of operating system) else (if (name of operating system = "Win98" ) then (if (csd version of operating system as string contains "A" ) then " Second Edition" else "" ) else (if (name of operating system = "Win95" ) then (if (csd version of operating system as string contains "C" OR csd version of operating system as string contains "B" ) then " OSR2" else "" ) else " " & csd version of operating system ))))]]></Property>
+		<Property Name="OS - Version Number - Windows" ID="2" EvaluationPeriod="P1D"><![CDATA[(major version of it as string & "." & minor version of it as string & "." & (build number high of it + build number low of it) as string ) of operating system]]></Property>
+		<Property Name="OS - Type - Windows" ID="3" EvaluationPeriod="P1D"><![CDATA[if (name of operating system as lowercase starts with "win") then (if (name of operating system = "Win95" OR name of operating system = "Win98" or name of operating system = "WinME") then "Workstation" else (if (value "ProductType" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" of registry = "WinNT") then "Workstation" else "Server")) else "Unknown - " & name of operating system]]></Property>
+		<Property Name="OS - Product ID - Windows" ID="4" EvaluationPeriod="P1D">(if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductId" of it) of native registry AND NOT (name of operating system = "WinNT")) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of native registry as string) else (if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" whose (exists value "ProductId" of it) of native registry) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as string) else "Unknown"))</Property>
+		<Property Name="OS - Product Key - Windows" ID="5" EvaluationPeriod="P1D">if (name of operating system = "Win95" AND exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductId" of it) of registry) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of registry as string) else (if ((name of operating system = "Win98" OR name of operating system = "WinME") AND exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductKey" of it) of registry) then (value "ProductKey" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of registry as string) else ("Unknown"))</Property>
+		<Property Name="OS - Installation Date - Windows" ID="6" EvaluationPeriod="P1D"><![CDATA[if (exists wmi AND exists selects "InstallDate from win32_operatingsystem" of wmi AND not ((string value of selects "InstallDate from win32_operatingsystem" of wmi) = "")) then ((first 4 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi))) & "-" & (first 2 of (last 4 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi)))) & "-" & (last 2 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi)))) else ("N/A")]]></Property>
+		<Property Name="OS - Uptime - Windows" ID="7" EvaluationPeriod="P1D"><![CDATA[(if it = 1 then it as string & " day" else it as string & " days") of ((uptime of operating system) / day)]]></Property>
+		<Property Name="OS - Language - Windows" ID="8" EvaluationPeriod="P1D"><![CDATA[language of version block of file "kernel32.dll" of system folder & (if (exists key "HKLM\System\CurrentControlSet\Control\Nls\MUILanguages" of registry AND exists value of key "HKLM\System\CurrentControlSet\Control\Nls\MUILanguages" of registry) then " | MUI Installed" else "")]]></Property>
+		<Property Name="OS - System Language - Windows" ID="9" EvaluationPeriod="P1D">system language</Property>
+		<Property Name="OS - User Language - Windows" ID="10" EvaluationPeriod="P1D">user language</Property>
+		<Property Name="OS - Architecture - Windows" ID="11">if (x64 of operating system) then "64-bit" else if (not x64 of operating system) then "32-bit" else "Undefined"</Property>
+		<Property Name="OS - Uptime - Windows" ID="12">uptime of operating system</Property>
+		<Property Name="OS - Installed Roles and Features - Windows" ID="13" EvaluationPeriod="P1D">(if (exists true whose (if true then (exists select object "* from Win32_ServerFeature" of wmi) else false)) then (string values of (selects "Name from Win32_ServerFeature" of wmi)) else "None")</Property>
+	</Analysis>
+</BES>
+
diff --git a/Analyses/Pagefile - Configuration - Windows.bes b/Analyses/Pagefile - Configuration - Windows.bes
new file mode 100644
index 0000000..5421a2c
--- /dev/null
+++ b/Analyses/Pagefile - Configuration - Windows.bes	
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Pagefile - Configuration - Windows</Title>
+		<Description>Covers Pagefile configuration for Windows </Description>
+		<Relevance>windows of operating system</Relevance>
+		<Relevance>not in proxy agent context</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-21</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 02:58:45 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Pagefile - Location and Size - Windows" ID="1">(preceding text of first " " of it | it, preceding text of first " " of following text of first " " of it | "Default", following text of first " " of following text of first " " of it | "Default") of (substrings separated by "%00" whose (it != "") of (value "PagingFiles" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" of native registry as string))</Property>
+		<Property Name="Pagefile - Clear on Shutdown - Windows" ID="2">if (value "ClearPageFileAtShutdown" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" of native registry as string = "0") then "Disabled" else "Enabled"</Property>
+	</Analysis>
+</BES>
+
diff --git a/Analyses/System - OS - Windows.bes b/Analyses/System - OS - Windows.bes
new file mode 100644
index 0000000..29c7136
--- /dev/null
+++ b/Analyses/System - OS - Windows.bes	
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>System - OS - Windows</Title>
+		<Description></Description>
+		<Relevance>(if (name of operating system starts with "Win") then platform id of operating system != 3 else true) AND (if exists property "in proxy agent context" then (not in proxy agent context) else true) AND (if exists property "android" of type "operating system" then (not android of operating system) else true)</Relevance>
+		<Relevance>name of operating system as lowercase starts with "win"</Relevance>
+		<Relevance><![CDATA[version of client >= "5.0"]]></Relevance>
+		<Relevance>TRUE</Relevance>
+		<Category></Category>
+		<MIMEField>
+			<Name>x-fixlet-first-propagation</Name>
+			<Value>Thu, 23 Jan 2014 23:04:56 +0000</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Mon, 18 Apr 2016 16:01:03 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="OS - Full Name - Windows" ID="1" EvaluationPeriod="P1D"><![CDATA[if (exists wmi AND (not (name of operating system = "WinME" ))) then (string value of selects "caption from win32_operatingsystem" of wmi & " " & csd version of operating system) else ( "Windows " & (following text of first "Win" of (name of operating system as string)) & (if (name of operating system = "WinNT" ) then ((if (exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" whose (exists value "ProductType" of it AND (value "ProductType" of it as string as lowercase = "servernt" OR value "ProductType" of it as string as lowercase = "lanmannt" )) of registry) then (if (exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" whose (exists value "ProductSuite" of it AND value "ProductSuite" of it as string as lowercase contains "terminal" ) of registry) then " Terminal Server" else " Server" ) else " Workstation" ) & " " & csd version of operating system) else (if (name of operating system = "Win98" ) then (if (csd version of operating system as string contains "A" ) then " Second Edition" else "" ) else (if (name of operating system = "Win95" ) then (if (csd version of operating system as string contains "C" OR csd version of operating system as string contains "B" ) then " OSR2" else "" ) else " " & csd version of operating system ))))]]></Property>
+		<Property Name="OS - Version Number - Windows" ID="2" EvaluationPeriod="P1D"><![CDATA[(major version of it as string & "." & minor version of it as string & "." & (build number high of it + build number low of it) as string ) of operating system]]></Property>
+		<Property Name="OS - Type - Windows" ID="3" EvaluationPeriod="P1D"><![CDATA[if (name of operating system as lowercase starts with "win") then (if (name of operating system = "Win95" OR name of operating system = "Win98" or name of operating system = "WinME") then "Workstation" else (if (value "ProductType" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions" of registry = "WinNT") then "Workstation" else "Server")) else "Unknown - " & name of operating system]]></Property>
+		<Property Name="OS - Product ID - Windows" ID="4" EvaluationPeriod="P1D">(if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductId" of it) of native registry AND NOT (name of operating system = "WinNT")) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of native registry as string) else (if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" whose (exists value "ProductId" of it) of native registry) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as string) else "Unknown"))</Property>
+		<Property Name="OS - Product Key - Windows" ID="5" EvaluationPeriod="P1D">if (name of operating system = "Win95" AND exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductId" of it) of registry) then (value "ProductId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of registry as string) else (if ((name of operating system = "Win98" OR name of operating system = "WinME") AND exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" whose (exists value "ProductKey" of it) of registry) then (value "ProductKey" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" of registry as string) else ("Unknown"))</Property>
+		<Property Name="OS - Installation Date - Windows" ID="6" EvaluationPeriod="P1D"><![CDATA[if (exists wmi AND exists selects "InstallDate from win32_operatingsystem" of wmi AND not ((string value of selects "InstallDate from win32_operatingsystem" of wmi) = "")) then ((first 4 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi))) & "-" & (first 2 of (last 4 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi)))) & "-" & (last 2 of (first 8 of string value of (selects "InstallDate from Win32_OperatingSystem" of wmi)))) else ("N/A")]]></Property>
+		<Property Name="OS - Uptime - Windows" ID="7" EvaluationPeriod="P1D"><![CDATA[(if it = 1 then it as string & " day" else it as string & " days") of ((uptime of operating system) / day)]]></Property>
+		<Property Name="OS - Language - Windows" ID="8" EvaluationPeriod="P1D"><![CDATA[language of version block of file "kernel32.dll" of system folder & (if (exists key "HKLM\System\CurrentControlSet\Control\Nls\MUILanguages" of registry AND exists value of key "HKLM\System\CurrentControlSet\Control\Nls\MUILanguages" of registry) then " | MUI Installed" else "")]]></Property>
+		<Property Name="OS - System Language - Windows" ID="9" EvaluationPeriod="P1D">system language</Property>
+		<Property Name="OS - User Language - Windows" ID="10" EvaluationPeriod="P1D">user language</Property>
+		<Property Name="OS - Architecture - Windows" ID="11">if (x64 of operating system) then "64-bit" else if (not x64 of operating system) then "32-bit" else "Undefined"</Property>
+	</Analysis>
+</BES>
+
diff --git a/Fixlets/Invoke - Group Policy Refresh - Windows.bes b/Fixlets/Invoke - Group Policy Refresh - Windows.bes
new file mode 100644
index 0000000..af52bc2
--- /dev/null
+++ b/Fixlets/Invoke - Group Policy Refresh - Windows.bes	
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Fixlet>
+		<Title>Invoke - Group Policy Refresh - Windows</Title>
+		<Description><![CDATA[<P>This will invoke a group policy refresh on the target endpoint.</P>
+<P><FONT color=#ff0000><STRONG>NOTE: </STRONG></FONT><FONT color=#000000>Performing a group policy refresh may cause a explorer to flash during a user session and it may drop a connected user's remote desktop session.</FONT></P>]]></Description>
+		<Relevance><![CDATA[windows of operating system and version of operating system > "5.1"]]></Relevance>
+		<Relevance>exists file "gpupdate.exe" of system folder</Relevance>
+		<Category></Category>
+		<Source>Internal</Source>
+		<SourceID></SourceID>
+		<SourceReleaseDate>2016-04-22</SourceReleaseDate>
+		<SourceSeverity></SourceSeverity>
+		<CVENames></CVENames>
+		<SANSID></SANSID>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 19:40:58 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<DefaultAction ID="Action1">
+			<Description>
+				<PreLink>Click </PreLink>
+				<Link>here</Link>
+				<PostLink> to deploy this action.</PostLink>
+			</Description>
+			<ActionScript MIMEType="application/x-Fixlet-Windows-Shell">// Enter your action script here
+
+wait gpupdate /target:computer /force
+wait gpupdate /target:user /force</ActionScript>
+			<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
+		</DefaultAction>
+	</Fixlet>
+</BES>
+
diff --git a/Fixlets/Warning - Pagefile has non-default configuration.bes b/Fixlets/Warning - Pagefile has non-default configuration.bes
new file mode 100644
index 0000000..17bef99
--- /dev/null
+++ b/Fixlets/Warning - Pagefile has non-default configuration.bes	
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Fixlet>
+		<Title>Warning - Pagefile has non-default configuration</Title>
+		<Description><![CDATA[<P>The system pagefile has a non-default configuration.</P>
+<P>This is normally done as a troubleshooting step but is often not undone after troubleshooting.</P>]]></Description>
+		<Relevance>(value "PagingFiles" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" of native registry as string) != "?:\pagefile.sys%00%00"</Relevance>
+		<Category></Category>
+		<Source>Internal</Source>
+		<SourceID></SourceID>
+		<SourceReleaseDate>2016-04-21</SourceReleaseDate>
+		<SourceSeverity></SourceSeverity>
+		<CVENames></CVENames>
+		<SANSID></SANSID>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Fri, 22 Apr 2016 03:04:35 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+	</Fixlet>
+</BES>
+