Re: MS Security Configuration Tool Set (SCTS)
From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/23/02
- Next message: Karl Levinson [x y] MVP: "Re: brasil.pif"
- Previous message: Bill Sanderson: "Re: brasil.pif"
- In reply to: Phil: "Re: MS Security Configuration Tool Set (SCTS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <levinson_k@excite.com> Date: Wed, 23 Oct 2002 09:16:17 -0400
Well, those are the only options I'm aware of.
I guess you're right... using the Security Configuration MMC this morning
creates a lengthy, line by line text log file [at least 50KB to 300KB] that
mentioned what settings in the new template database differs from the
installed policy, but then if you want more information, I had to drill down
in the GUI to look at that particular setting and either click on View
Security or Edit Security to see the current setting and the proposed new
setting.
It looks like if and when the policy template is actually applied, you may
see additional details in the scepol.log file about the new settings, if a
little cryptic.
"Phil" <philowneous@nospamhotmail.com> wrote in message
news:1rgbru4rvg2cporlbc8164afc0nmrullaf@4ax.com...
> Tried that... been there...
>
> The tools can also reconfigure based upon approved changes and/or
> create new templates.
>
> The log file goes into %systemroot%\security\logs by default. The
> only way to view the output of scedit is to examine the log created.
> Even with verbose option set the log did not expand on how the service
> current installed/running was "mismatched" from the template.
>
> Regards,
> Phil
>
>
>
> On Tue, 22 Oct 2002 17:07:57 -0400, "Karl Levinson [x y] MVP"
> <levinson_k@excite.com> wrote:
>
> >I think these tools will only let you compare a template with the
currently
> >installed security settings on the machine.
> >
> >Like you, I also find the GUI somewhat confusing. During the compare,
the
> >results are also written to a temporary log file. I think the location
of
> >this log file can be changed, especially if you use the SECEDIT command
> >instead of the GUI to do the compare. I think by default the log file is
> >written to your temp folder in C:\documents and settings\youruserid\local
> >settings\temp\ I think the name of the log file might also flash
on
> >the screen during the compare. Find the file and open it up in Notepad
to
> >see a long but searchable text report on any differences found.
> >
> >These templates are plain text files, so you could use the MS Word
Compare
> >Documents feature or the FC command to compare them, such as:
> >
> >FC template1.inf template2.inf >> c:\results.txt
> >
> >
> >
> >
> >"Phil" <philowneous@nospamhotmail.com> wrote in message
> >news:9mdbrukao65njbit62vilm4dis16nrc71a@4ax.com...
> >> I am using the SCTS MMC snap in to analyze and harden the
> >> configuration of a Win2K IIS server as a bastion host on a DMZ.
> >>
> >> After performing an analysis using a customized hisecweb.inf the
> >> result shows a status of "Investigate" Permissions on a number of
> >> System Services (Alerter, Messenger), etc.
> >>
> >> Although these services are disabled, I am unable to identify any
> >> permission differences from the template to the running copy as
> >> compared by the analysis. I have gone into the Advanced dialog and
> >> View/Edit details.
> >>
> >> I have read two white papers on the tool... and can't figure out how I
> >> can determine the mismatch that is being reported. I tried running
> >> scedit in verbose mode, but it did not provide any additional
> >> pointers.
> >>
> >> If I can determine the mismatch is not a concern, then I would like to
> >> modify the template so the analysis runs clean.
> >>
> >> 1. ) Where is the mismatch?
> >> 2.) How can I tune the template to have a different baseline?
> >>
> >> HELP!
> >
>
- Next message: Karl Levinson [x y] MVP: "Re: brasil.pif"
- Previous message: Bill Sanderson: "Re: brasil.pif"
- In reply to: Phil: "Re: MS Security Configuration Tool Set (SCTS)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
