The Snapshot/Audit Options section of the Server Objects panel lets you specify information associated with a server object that should be compared during an audit.
For many server objects included in the audit, you can use the Snapshot/Audit Options section to specify object attributes you want to compare. Some attributes only apply to certain platforms, and those platforms are listed within parentheses in the Name column. A non-editable check mark in the Audit column shows attributes that are always compared during an audit. You can choose other attributes that you optionally want to compare.The following table describes user-selectable attributes for built-in server objects. This table describes some of the more important attributes as well as attributes with names that may not completely describe a function. Many additional attributes can be selected besides the attributes listed below.
Compare the status of user accounts.
Compare the owner of a file or registry key.
Compare access control entries in the System Access Control List (SACL) for a file or registry key. SACL entries are used to audit actions so they are recorded in a security log. Each access control entry specifies what circumstances trigger an audit, identifies a group or user to monitor, and lists operations to audit.
Calculate a unique key (an MD5 checksum) based on all the data in a file and use that key to compare entire files and detect changes that occur anywhere in a file. Computing full checksums requires significant processing.
Compare users' language of choice.
Compare file content when performing an audit based on a snapshot of file content.
After performing the audit, you see the contents of the file when you compare the contents of the file between the master and the target, as described in Viewing differences between text files.
Effective Setting as String Value
Compare the effective value of security settings.
Compare users' full names.
Compare the groups belonging to a Local Group.
Compare a file's group ID.
Home Directory Drive
Compare the home directories of user accounts.
Compare the home paths of user accounts.
Inherit Auditing ACL
Compare whether an object inherits access control entries in the System Access Control List (SACL) from its parent object.
Inherit Permission ACL
Compare whether an object inherits access control entries in the Discretionary Access Control List (DACL) from its parent object.
Calculate a unique key based on the first 512 bytes of a file (a light MD5 checksum) and then use the light checksum to compare header information in files without expending the processing necessary for calculating full checksums. Light checksums are useful for binary files; they are not recommended for text files.
Local Setting as String Value
Compare the value of security settings defined for each server.
Compare the login script for user accounts.
Compare users' logon server.
Compare the maximum size of event logs.
Compare the groups to which users belong.
Compare access control entries in the Discretionary Access Control List (DACL) for a file or registry key. Each DACL access control entry specifies whether access is granted, identifies a group or user granted or denied access, and lists actions permitted or denied.
Compare the permissions assigned to files.
Compare the privilege level for user accounts.
Compare user profile paths.
Compare the amount of time event logs are kept.
Compare the sizes of files.
User Expire Date
Compare the dates when user accounts expire.
Compare the users belonging to a Local Group.
Compare a file's user ID.
Compare file version information for DLL, EXE, and other types of files.