Audit Options
The Snapshot/Audit Options section of the Server Objects panel lets you specify information associated with a server object that should be compared during an audit.
For many server objects included in the audit, you can use the Snapshot/Audit Options section to specify object attributes you want to compare. Some attributes only apply to certain platforms, and those platforms are listed within parentheses in the Name column. A non-editable check mark in the Audit column shows attributes that are always compared during an audit. You can choose other attributes that you optionally want to compare.
The following table describes user-selectable attributes for built-in server objects. This table describes some of the more important attributes as well as attributes with names that may not completely describe a function. Many additional attributes can be selected besides the attributes listed below.Attribute name | Description |
---|---|
Account Disabled | Compare the status of user accounts. |
ACL Owner | Compare the owner of a file or registry key. |
Auditing ACL | Compare access control entries in the System Access Control List (SACL) for a file or registry key. SACL entries are used to audit actions so they are recorded in a security log. Each access control entry specifies what circumstances trigger an audit, identifies a group or user to monitor, and lists operations to audit. |
Checksum | Calculate a unique key (an MD5 checksum) based on all the data in a file and use that key to compare entire files and detect changes that occur anywhere in a file. Computing full checksums requires significant processing. |
Code Page | Compare users' language of choice. |
Contents | Compare file content when performing an audit based on a snapshot of file content. After performing the audit, you see the contents of the file when you compare the contents of the file between the master and the target, as described in Viewing differences between text files. |
Effective Setting as String Value | Compare the effective value of security settings. |
Full Name | Compare users' full names. |
Group members | Compare the groups belonging to a Local Group. |
Group owner | Compare a file's group ID. |
Home Directory Drive | Compare the home directories of user accounts. |
Home Path | Compare the home paths of user accounts. |
Inherit Auditing ACL | Compare whether an object inherits access control entries in the System Access Control List (SACL) from its parent object. |
Inherit Permission ACL | Compare whether an object inherits access control entries in the Discretionary Access Control List (DACL) from its parent object. |
Light Checksum | Calculate a unique key based on the first 512 bytes of a file (a light MD5 checksum) and then use the light checksum to compare header information in files without expending the processing necessary for calculating full checksums. Light checksums are useful for binary files; they are not recommended for text files. |
Local Setting as String Value | Compare the value of security settings defined for each server. |
Login Script | Compare the login script for user accounts. |
Logon Server | Compare users' logon server. |
Max Size | Compare the maximum size of event logs. |
Member of | Compare the groups to which users belong. |
Permission ACL | Compare access control entries in the Discretionary Access Control List (DACL) for a file or registry key. Each DACL access control entry specifies whether access is granted, identifies a group or user granted or denied access, and lists actions permitted or denied. |
Permissions | Compare the permissions assigned to files. |
Privilege Level | Compare the privilege level for user accounts. |
Profile Path | Compare user profile paths. |
Retention | Compare the amount of time event logs are kept. |
Size | Compare the sizes of files. |
User Expire Date | Compare the dates when user accounts expire. |
User members | Compare the users belonging to a Local Group. |
User owner | Compare a file's user ID. |
Version | Compare file version information for DLL, EXE, and other types of files. |
Comments