Symantec Security Expressions Server manual Deleting Policies

Page 39

Audit-On-Connect

6.Check the Policy is kept up to date with Policy File Library box if you want to regularly update the SIF files in this policy using the policy file library available on line.

This option is available only if the server can access a Policy File Library.

7.If you want the policy to be available to use in audits, check the Make this policy active box.

Clear the check box to make the policy unavailable to use in audits without deleting the policy.

8.If you want to policy to be available to use in self-service audits, check the Available for use in self-service audits box.

9.For Audit-On-Connect include the Link Type, Device Type, Posture Condition, Pass Results Valid For and Fail Results Valid For settings.

10.Set Windows Group Access. Enter Windows groups, separated by a comma, that can use this policy, remediate audit results generated using this policy, and view audit results for it. This establishes which users can access this policy and its audit results due to their role. If a Windows User Group isn't on the local computer, you'll need to enter the group in domain\groupname format.

In the Use Policy field, enter the Windows groups who should be able to modify the policy.

In the Remediate field, enter the Windows groups who should be able to remediate audit results generated using this policy.

In the View Audit Results field, enter the Windows groups who should be able to view results from audits using the policy.

To grant all users access, type Everyone. To restrict all users, type None.

11.Click Update to revise the Policy settings in the database.

Any Audit-on-Connect or Audit-on-Schedule audits that are already based on this policy use the new policy settings the next time they run.

Deleting Policies

Click the Delete hyperlink for the policy that you want to remove. When you delete a policy, you remove it from the database. A warning appears to remind you that you are about to delete a record from the database. Cancel the action or delete the record.

Configuring with Run-Time Policy Variables

Some policy files, such as the NSA Guidelines for Windows XP and Windows 2000, contain a special rule named .CONFIGURE. The .CONFIGURE rule allows you to configure your policy files and set global parameters for policy files at run time.

Certain information is unique and distinct between systems or groups of systems. A run-time policy variable allows administrators to use a single policy file but allows identification of unique rules that requires variable information. When a policy file uses a variable, your organization can use one policy file for multiple conditions where variables differ between departments or Machine Lists. For example, a variable might rename administrator accounts, change the members of an administrator account, or define the groups to which certain policies apply.

To understand the run-time policy variable, note the following settings in the NSA Guidelines for Windows XP and Windows 2000:

31

Image 39
Contents SecurityExpressions Server User Guide Page Table Of Contents Page Table Of Contents Page Vii Page Contacting Us Page Contacting Technical Support Technical SupportPage SecurityExpressions Console Other ProductsPage About SecurityExpressions Audit & Compliance Server OverviewPage How to Audit your Local Computer Self-Service AuditWhat is Self-Service Auditing? Self-Service Audit AgreementDisplays on the page. No detailed audit results appear Pages with Role Settings Configure ServersAbout Server Configuration Local Server SettingsSetup Viewing Audit ResultsDatabase Connection Windows 2000 Servers Secure ConnectionClick OK on the Default Web Site Properties window Credential Store UserCreating Credential Stores Site Preferences Enable Web ServicesSecurityExpressions Console Credential Stores Software RegistrationAccess Item Rights Global Machine List Access User RolesPolicy File Library Library SynchronizationCheck the Synchronize with a policy file library box How System Scores are Calculated About Policy FilesAgent & Service Configuration Default method for remote execution on WindowsTarget Options SSH Agent Authentication Database Cleanup Add Task Update TaskCancel PoliciesAgent Downloads Site PreferencesClick Use the Following Agreement Allow Remediation Page Policies Table What is Audit-on-Connect?Audit-On-Connect PoliciesPage Adding Policies Editing Policies Deleting Policies Configuring with Run-Time Policy VariablesPage Scopes ScopesAdd a New Scope Page Edit a Scope Scopes Table Supported Operators Deleting ScopesDNS Domain Name Scopes Expression ScopesSupported Functions Org Unit ScopesDetection Method Scopes Notifications Editing Notifications Creating New Command NotificationsCreating New Email Notifications Click Add NewClick Add New Creating New Command Notifications Notification Variables Deleting NotificationsAdding Exceptions ExceptionsExceptions Exceptions Table Column DescriptionConnection Monitors Specify Password and Encrypted PasswordConnection Monitors Deleting ExceptionsConfiguring Connection Monitors RemoveEnabling Connection Monitors IP Range Section Connection Monitor Configuration FileOptions DefaultProcessing the Configuration File Configuration File SyntaxActive Directory Active Directory Connection Monitor only Slow Links NetworkInitial Token Trace Route InformationNetwork Admissions Control Unmanaged SystemsRedirection Web HealthyQuarantined/Unknown Reaudit if quarantinedAudit on Connect Tracing Redirection Web Page BehaviorAudit on Connect Tracing Page Page Audit-On-Schedule What is Audit-on-Schedule?Page Adding Policies Editing Policies Deleting Policies Page Notifications Click Add New Click Add New Deleting Notifications My Machine Lists My Machine ListsEditing Machine Lists Adding Machine ListsScheduled Tasks Scheduled TasksDeleting Machine Lists Editing Global Machine ListsAdding Scheduled Tasks Basic SettingsSchedule Settings Hosts Not Connected Settings Credentials Settings Other Options SettingsEditing Scheduled Tasks Windows Group AccessSchedule Settings Notifications Other Options Settings Deleting Scheduled Tasks Page Adding a New Audit-On-Connect Report Profile View Audit-On-Connect ActivityBrowse Audit-On-Connect Activity Audit-On-Connect Activity Table Column DescriptionDeleting Report Profiles Editing Report ProfilesAudit-On-Connect Exceptions Report Audit-On-Connect Error Log ReportPage View Audit Results Browse Audit ResultsAdding a New Audit Results Report Profile Page Deleting Audit Report Results Profiles Scheduled Audits Log ReportAdding Custom Reports to the Server Application Editing Audit Report Results ProfilesPage Glossary Page Index ConfigureIP address 33, 44, 45 Rule weights