Windows Admin Users Compliance Status
0 Votes |
Versioning - This is the latest version.
1 | Windows Admin Users Compliance Status | 9/15/2018 9:15:36 PM |
2 | Windows Admin Users Compliance Status | 9/17/2018 9:29:14 PM |
Description
Note:
1. If the task "Deploy ComplianceWhitelist File" has not yet been run, the Status may show "No Compliance Whitelist on Endpoint"
2. The file ComplianceWhitelist.txt should be created on the BES Server prior to running the above task
3. If the names of the files in the "Deploy Compliance Whitelist File" task and the "Enforce Compliance" Fixlet have been changed, those changes should also be made in this analysis otherwise the analysis may show a status of "No Whitelist File on Endpoint"
Properties Description:
Status |
Unauthorized Admins |
Name/PWD Age of Admins |
Whitelist files Match |
Compliant: All users in the Administrators group are in the ComplianceWhitelist.txt file Not-Compliant: There are users in the local Administrators group that are NOT in the ComplianceWhitelist.txt file. |
If the status shows Not-Compliant this field will show which users are in the endpoint's local Administrators group that are NOT in the ComplianceWhitelist.txt file. |
Displays the members of local Administrators group as well as the age of the passwords for each of those users. This can be useful in determining if any admin-user is violating corporate password policy and creating a potential vulnerability. |
Compares the hash of the ComplianceWhitelist.txt file on that endpoint with the hash of the backup file created by the 'Deploy Whitelist' task. If there is a mismatch then it is likely someone has modified the primary Whitelist file to fool the policy |
Primary File hash |
Backup File hash |
Primary File Date |
Backup File Date |
The sha1 hash of the primary ‘whitelist’ file. A difference between this and the hash on other clients or this client’s backup file likely indicates that someone has made unauthorized changes to this file. |
The sha1 hash of the backup ‘whitelist’ file. If someone makes unauthorized changes to the primary whitelist file there will likely be a difference between the hashes of the primary and the backup files. |
The modification date of the primary whitelist file. If the file has a different date than the ‘official’ whitelist file, it will allow an operator to detect that the file on this computer may not be the same as the 'official' version. |
The modification date of the backup whitelist file. If the file has a different date than the ‘official’ whitelist file or the primary whitelist file, it will allow an operator to detect that the file(s) on this computer may not be the same as the 'official' version. |
Property Details
2998597 | |
Beta - Preliminary testing ready for more | |
Windows Admin Users Compliance Status | |
BESC | |
Manage Local Windows Administrators | |
mxc0bbn on 9/17/2018 9:29:14 PM | |
mxc0bbn on 9/17/2018 9:29:14 PM | |
4961 Views / 37 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Properties
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
Relevance
Sharing
Social Media: |