Date: 07/23/2009 Time: 13:05:57 Server: server Version: Security Health Check v1.3.3 [2008-Sep-17] Report Type: Manually Selected Routine(s) INFO: file \\server\C$\WINDOWS\..\sdwork\issimgui.log was not found --- ITSecPolicy Chapter 2.1.3 Section 6 Activity Auditing - Audit Policy - Event Settings --- FAIL! Restart and Shutdown audit policy set for success. Should be failure FAIL! Logon and Logoff set for success. Should be success & failure FAIL! File and Object Access set for none. Should be failure FAIL! Use of User Rights set for none. Should be success & failure Process Tracking set for none FAIL! Security and Policy Changes set for success. Should be success & failure FAIL! User and Group Management set for success. Should be success & failure FAIL! Directory Service Access set for success. Should be failure --- ITSecPolicy Chapter 2.1.3 Section 2.1 Authentication - Reusable Passwords --- --- ITSecPolicy Chapter 2.1.3 Section 2.1 Authentication - Reusable Passwords - Password Expiration --- FAIL! rqm account: 'password never expires' is set, belongs to 'interactive login' rights group(s): Administrators, belongs to administrative group(s): Administrators --- ITSecPolicy Chapter 2.1.3 Section 5.1 Service Integrity & Availability - Operating System Resources --- \\server\C$\WINDOWS\ CREATOR OWNER GENERIC_ALL File Auditing for BUILTIN\Administrators is set to SUCCESS - OBJECT_INHERIT_ACE Owner is BUILTIN\Administrators Auditing & permissions correct on \ \\server\C$\WINDOWS\repair\ NT AUTHORITY\Authenticated Users READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_EXECUTE FILE_READ_ATTRIBUTES FAIL! Improper permissions on \repair\ for Authenticated Users (READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_EXECUTE FILE_READ_ATTRIBUTES). Permissions should be maximum of () NT AUTHORITY\Authenticated Users GENERIC_EXECUTE GENERIC_READ FAIL! Improper permissions on \repair\ for Authenticated Users (GENERIC_EXECUTE GENERIC_READ). Permissions should be maximum of () NT AUTHORITY\Authenticated Users READ_CONTROL SYNCHRONIZE FILE_EXECUTE FILE_READ_ATTRIBUTES FAIL! Improper permissions on \security\ for Authenticated Users (READ_CONTROL SYNCHRONIZE FILE_EXECUTE FILE_READ_ATTRIBUTES). Permissions should be maximum of () NT AUTHORITY\Authenticated Users GENERIC_EXECUTE FAIL! Improper permissions on \security\ for Authenticated Users (GENERIC_EXECUTE). Permissions should be maximum of () NT AUTHORITY\Authenticated Users READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_EXECUTE FILE_READ_ATTRIBUTES FAIL! Improper permissions on \system32\config\ for Authenticated Users (READ_CONTROL FILE_READ_EA FILE_EXECUTE FILE_READ_ATTRIBUTES). Permissions should be maximum of (SYNCHRONIZE) NT AUTHORITY\Authenticated Users GENERIC_EXECUTE GENERIC_READ FAIL! Improper permissions on \system32\config\ for Authenticated Users (GENERIC_EXECUTE GENERIC_READ). Permissions should be maximum of (SYNCHRONIZE) Business Use Notice check is set for non-USA in 2c4nt.conf Legal notice text is set to: Employer's internal systems must only be used for conducting Employer's business or for purposes authorized by Employer's management Business Use Notice meets wording requirement(s) --- ITSecPolicy Chapter 2.1.3 Section 6 Activity Auditing - Audit Policy - Security Log Retention --- Application Event Log \\server\C$\WINDOWS\system32\config\AppEvent.Evt is 21376 KB (8% full) Maximum size is 256000 KB Wrapping: Overwrite events as needed FAIL! Eventlog must be set to retain 90 days of events or greater Security Event Log \\server\C$\WINDOWS\System32\config\SecEvent.Evt is 256000 KB (100% full) FAIL! Security is 256000 KB. 100% of capacity. Threshold is set to 95% Maximum size is 256000 KB Wrapping: Overwrite events as needed FAIL! Eventlog must be set to retain 90 days of events or greater System Event Log \\server\C$\WINDOWS\system32\config\SysEvent.Evt is 7296 KB (2% full) Maximum size is 256000 KB Wrapping: Overwrite events as needed FAIL! Eventlog must be set to retain 90 days of events or greater