Audit Options

The Snapshot/Audit Options section of the Server Objects panel lets you specify information associated with a server object that should be compared during an audit.

For many server objects included in the audit, you can use the Snapshot/Audit Options section to specify object attributes you want to compare. Some attributes only apply to certain platforms, and those platforms are listed within parentheses in the Name column. A non-editable check mark in the Audit column shows attributes that are always compared during an audit. You can choose other attributes that you optionally want to compare.

The following table describes user-selectable attributes for built-in server objects. This table describes some of the more important attributes as well as attributes with names that may not completely describe a function. Many additional attributes can be selected besides the attributes listed below.

Attribute name

Description

Account Disabled

Compare the status of user accounts.

ACL Owner

Compare the owner of a file or registry key.

Auditing ACL

Compare access control entries in the System Access Control List (SACL) for a file or registry key. SACL entries are used to audit actions so they are recorded in a security log. Each access control entry specifies what circumstances trigger an audit, identifies a group or user to monitor, and lists operations to audit.

Checksum

Calculate a unique key (an MD5 checksum) based on all the data in a file and use that key to compare entire files and detect changes that occur anywhere in a file. Computing full checksums requires significant processing.

Code Page

Compare users' language of choice.

Contents

Compare file content when performing an audit based on a snapshot of file content.

After performing the audit, you see the contents of the file when you compare the contents of the file between the master and the target, as described in Viewing differences between text files.

Effective Setting as String Value

Compare the effective value of security settings.

Full Name

Compare users' full names.

Group members

Compare the groups belonging to a Local Group.

Group owner

Compare a file's group ID.

Home Directory Drive

Compare the home directories of user accounts.

Home Path

Compare the home paths of user accounts.

Inherit Auditing ACL

Compare whether an object inherits access control entries in the System Access Control List (SACL) from its parent object.

Inherit Permission ACL

Compare whether an object inherits access control entries in the Discretionary Access Control List (DACL) from its parent object.

Light Checksum

Calculate a unique key based on the first 512 bytes of a file (a light MD5 checksum) and then use the light checksum to compare header information in files without expending the processing necessary for calculating full checksums. Light checksums are useful for binary files; they are not recommended for text files.

Local Setting as String Value

Compare the value of security settings defined for each server.

Login Script

Compare the login script for user accounts.

Logon Server

Compare users' logon server.

Max Size

Compare the maximum size of event logs.

Member of

Compare the groups to which users belong.

Permission ACL

Compare access control entries in the Discretionary Access Control List (DACL) for a file or registry key. Each DACL access control entry specifies whether access is granted, identifies a group or user granted or denied access, and lists actions permitted or denied.

Permissions

Compare the permissions assigned to files.

Privilege Level

Compare the privilege level for user accounts.

Profile Path

Compare user profile paths.

Retention

Compare the amount of time event logs are kept.

Size

Compare the sizes of files.

User Expire Date

Compare the dates when user accounts expire.

User members

Compare the users belonging to a Local Group.

User owner

Compare a file's user ID.

Version

Compare file version information for DLL, EXE, and other types of files.

Was this page helpful? Yes No Submitting... Thank you

Comments