Audit Job results

Audit results compare the master (which can be a server, snapshot, or component) to other hosts, including hosts in other snapshots. For more information, see the following sections:

Displaying audit results

After running an Audit Job, you can display results in a tab in the content editor. The tab contains a hierarchical tree that shows results for each run of the job. Each run displays results for each server where the job ran and the types of server objects included in the audit. You can also view Audit Job results when you browse a server and select the Audit Results tab for that server.

You can view audit results in the following ways:

• Viewing audit results by object
• Viewing audit results by server
• Viewing differences between text files

Understanding the layout of audit results

The left side of the audit results tab displays a hierarchical listing of the contents of the audit. You can select nodes labeled Object View and Server View to view audit results from different perspectives.

If you expand the:

• Object View — The left pane shows a list of server object types included in the audit. Those shown in bold have one or more inconsistent servers. Select a server object type, and the right pane shows which servers are consistent or inconsistent with the master server.
• Server View — The left pane shows a hierarchical list of server and server objects included in the audit. Listings in bold indicate the presence of an inconsistency. Select a server object and the right pane shows side-by-side panels displaying the following:
  • Objects on the master server that are not present on the target server.
  • Objects on the target server that are not present on the master server.
  • Objects that appear on both the master and target servers but have different characteristics, such as file sizes or dates of creation.

The area below the side-by-side panels provides detailed information about the differences for a selected object. If you are auditing ACLs for registry entries or you are auditing servers using the Windows NT File System (NTFS) and you choose to audit ACLs for files, the pane at the bottom right provides detailed ACL information.

Using audit results

Using audit results you can do any of the following:

• Synchronize a server so its configuration matches the master server. (See Using audit results to synchronize servers.)
  This procedure uses audit results to create a BLPackage and a Deploy Job to deploy the BLPackage to the server being audited. The BLPackage includes an XML instruction file specifying which server objects need to be added, replaced, or deleted on the target server so its configuration matches the master. The BLPackage also includes all server objects needed for the deployment. The Deploy Job contains instructions for deploying the BLPackage to the target server.
• Package audit results. (See Packaging audit results.)
  The BLPackage that this procedure generates includes an XML instruction file specifying which server objects need to be added, replaced, or deleted on the target server. The BLPackage also includes all necessary server objects.
• Group servers with configurations that do you match the master. (See Grouping noncompliant servers.)
• Export some or all of the results of the audit. (See Exporting results of an audit or snapshot.)

Caveats about audit results

Be aware of the following:

• When auditing Windows Security Settings, BMC Server Automation displays the policy names used by Windows 2003 and 2008 SP2. Several policy names differ in Windows 2008 R2 from the equivalent policy names in Windows 2003 and Windows 2008 SP2. For such policies, the older names are displayed. The following table lists such differences in policy names.

  Section	Windows 2003 or 2008 Setting	Windows 2008 R2 Setting
  User Rights Assignment	Allow log on through Terminal Services	Allow log on through Remote Desktop Services
  User Rights Assignment	Deny log on through Terminal Services	Deny log on through Remote Desktop Services
  Security Options	Network access: Do not allow storage of credentials or .NET Passports for network authentication	Network access: Do not allow storage of passwords and credentials for network authentication

• To ensure that servers have consistent patch configurations, BMC recommends you use the system's built-in patch analysis capabilities (see Patch management). If you choose to run an Audit Job on Windows hotfixes, be aware of the following:
  • Audit results of Windows hotfixes can be misleading if you are auditing dissimilar servers, such as servers running different operating systems or servers configured with different software applications. For example, if an application such as SQL Server is installed on the master but not on the target, the master server shows the presence of patches for SQL Server that are not present on the target server.
  • If a service pack is missing from a target server's recommended patch configuration, audit results show a missing service pack for that target server even though the master server might also be missing the same service pack.