To audit security settings, the following settings are required.
Settings of Windows update program to be audited
Settings of anti-virus software or encryption software to be audited
Settings of prohibition software to be audited
Settings of security auditing items
Set the windows update program to be audited
The auditing of Application Status of Windows Update Program is to check the security patch to be selected as the auditing target in software dictionary.
Select the security patch to be audited in Distribution > Security Patches Distribution of the main menu. For selection of security patch, refer to "6.2.4 Select Security Patches".
Set the antivirus software or encryption software to be audited
Refer to "2.2.1 Select Software from Support Center Definition" for details on auditing software defined by the support center.
Refer to "2.2.2 Create User Definition" for details on auditing user-defined software.
Set the prohibition software to be audited
The auditing of "Prohibition Software" is to check the prohibition software selected as auditing target in software dictionary.
When defining "Prohibition Software" and the prohibition software is detected at client, that software can be deleted automatically.
The definition of prohibition software is performed according to the following procedure.
Log in to the main menu, and click Environment Setup.
The Environment Setup window will be displayed.
Click Software Auditing.
The following window will be displayed.
Click the Add Prohibited Software button.
The following window will be displayed.
Define the following information.
Software information
Item | Description |
|---|---|
Name | Specify the software name to be audited with multi-byte or single-byte characters using up to 128 fullwidth characters or 256 halfwidth characters. This item cannot be omitted. |
Notes | Enter the remarks. Enter within 128 multi-byte characters or 256 single-byte characters. The characters that can be specified are alphanumeric characters, hiragana, katakana and the following single-byte symbols. - @ . ( ) [ ] { } < > : ; |
Search condition
Specify the search condition of this software.
Search condition includes file search and hash search. The software will be detected if one of the conditions is satisfied.
File Search
When searching prohibition software according to file name, select File with search conditions matched.
Item | Description |
|---|---|
File Name | Specify the file name to be searched as software that is prohibited being used using up to 129 fullwidth characters or 259 halfwidth characters. It cannot be omitted. The following symbols cannot be specified: : \ * " < > | ? / |
Hash search
When you wish to search for prohibition software according to hash information, select Enable Hash search.
Hash information is for registering result file output by command to server. The registration of hash information cannot be omitted. For details of command, refer to "dtpfinfo.exe (get details of executable file)" of Reference Manual.
Hash information cannot be deleted after it has been registered. When hash search is not needed, cancel the selection of Enable Hash Search.
For adding target file that is defined as prohibition software, it is recommended to back up the file/folder of hash information created previously.
Click the OK button.
The following window will be displayed.
Select the check box in front of the name of software to be audited.
Click the Apply button and save the selected status.
Set auditing items
Set the security setting items to be audited in Environment Setup > Policy Groups of the main menu.
For details, refer to "4.2.2.1 Set the Auditing Items of Security Settings".
Set the auditing items of security settings.
The procedure is as follows.
In addition, the setting of auditing items is also effective for command mode CT. When it is set to display the window, the Diagnosis result window of operation settings will be displayed.
Log in to the main menu, and click Environment Setup.
The Environment Setup window will be displayed.
Click Policy Groups.
The following window will be displayed.
Click the Customize various policies button.
The following window will be displayed.
Click the Security policy tab.
The following window will be displayed.
Select one of the following setting patterns based on purpose and click the link of policy name.
Recommended value has been set in each policy. Customization can be performed according to the setting.
Purpose | Auditing Contents |
|---|---|
Security of PC | It is the security auditing settings for business PC (desktop PC, notebook PC) used by general employees. Set to audit for all security auditing items. |
Security of Server | It is the security auditing settings for server PC. Set to audit for auditing items apart from security patches. |
Perform the operation settings of the Diagnosis result window of operation settings.
Click the Operation Settings tab, and the following window will be displayed.
Set the following items.
Item | Description | Initial Value | |
|---|---|---|---|
Automatic Processing of PC | Set whether Systemwalker Desktop Patrol will modify settings automatically for failed items. | No | |
Display the Diagnosis Result of Operation Settings (Note) | Set whether to display the Diagnosis result window of operation settings. When it is selected, the following items can be set. | Selected | |
Display Window Automatically | Select the timing to automatically display the diagnosis result window from the following.
| Not Display | |
| |||
Correction of Diagnosis Result | When using the function that corrects the diagnosis result of auditing items that cannot be processed automatically to OK, specify whether it is required to enter a password. Specify single-byte alphanumeric characters and symbols with no more than 1~32 characters for password. | Not selected | |
When failed items exist in the diagnosis | If failed items exist, select it when the user cannot close the Diagnosis result window of operation settings. | Not selected | |
Items Displayed When Starting | When the audit window is started, select it to display all items constantly. | Not selected | |
Note)
The setting that is different from the power saving policy and security policy can be performed in this item.
The operation of performing different settings for each policy is as follows.
Setting Item | Power Saving Policy | Security Policy | Action | |
|---|---|---|---|---|
Display the Diagnosis Result of Operation Settings | - | Selected/Not selected | Selected/Not selected | Display the selected tab. When none of them is selected, the window will not be displayed. |
Display Window Automatically | Not Display | Not Display | Window will not be displayed automatically. | |
Not Display | Display During Logon | Window will be displayed automatically at logon. | ||
Not Display | Display During Logon and Specified Time | Window will be displayed automatically at logon and at specified time. | ||
Display During Logon | Not Display | Window will be displayed automatically at logon. | ||
Display During Logon | Display During Logon | Window will be displayed automatically at logon. | ||
Display During Logon | Display During Logon and Specified Time | Window will be displayed automatically at logon and at specified time. | ||
Display During Logon and Specified Time | Not Display | Window will be displayed automatically at logon and at specified time. | ||
Display During Logon and Specified Time | Display During Logon | Window will be displayed automatically at logon and at specified time. | ||
Display During Logon and Specified Time | Display During Logon and Specified Time | Window will be displayed automatically at logon and at specified time.(*1) | ||
Perform Inventory collection when displaying | Selected/Not selected | Selected/Not selected | After it is selected, inventory collection can be performed at the timing specified in Automatic Display of Window. Operation can be set according to each policy. | |
Correction of Diagnosis Result | - | Selected/Not selected | This item can only be set in security policy. | |
When failed items exist in the diagnosis | Selected/Not selected | Selected/Not selected | When failed items exist in the selected tab, it will be unable to close the window. | |
Items Displayed When Starting | Selected/Not selected | Selected/Not selected | The narrowing function of the selected tab will be disabled. | |
*1) In power saving policy and security policy, when the time that is different from the specified one is set, the window will be displayed automatically in the following three timings.
At logon
Specified time set in power saving policy
Specified time set in security policy
Set the item of system security auditing.
Click the System Security Auditing Settings tab. The following window will be displayed.
Set the following auditing items.
Hardware
Item | Details | Description | Value Set at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
BIOS/Hard Disk Password | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Startup Password | Audit whether the startup password of BIOS has been set. (Administrator password). Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Setup Password | Audit whether the setting password of BIOS has been set. (User password). Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Hard Disk Password | Audit whether the hard disk password has been set. Select from the following.
| Unable to process automatically | Auditing | Auditing | |
OS
Item | Details | Description | Value Set at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
Operation System | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Support Status | Audit whether the operating system being used is the supporting OS (SP Included). Select from the following items.
| Unable to process automatically | Auditing | Auditing | |
Windows Update Program | Installation Status | Audit whether all security patches have been installed. Select from the following.
| Install security patches when it is set to audit | Auditing | Not Auditing |
Logon Status | Settings of Automatic Logon | Audit whether automatic logon is disabled. Select from the following.
| Set to disabled | Auditing | Auditing |
Whether to display the Welcome Screen | Audit whether the Welcome screen is not displayed. Select from the following.
| Set to not displayed | Auditing | Auditing | |
Whether to display the Last User Name | Audit whether the last logon user is not displayed on the logon window. Select from the following.
| Set to not displayed | Auditing | Auditing | |
Windows Account | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Guest Security | Audit whether the Guest account is disabled and whether a proper password has been set if it is enabled. (Note 1) Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Windows Security Information | Settings of Windows Update (Automatic Update) | Audit whether the setting of Windows Update is automatic update. (Note 2) Select from the following.
| Set to automatic update | Not Auditing | Not Auditing |
Settings of User Account Control (UAC) | Audit whether UAC (User Account Control) is enabled or not. Select from the following.
| Set to enabled | Auditing | Auditing | |
Shared Folder | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Setup Status | Audit to ensure the shared folder with redundant authority is not set for all users (Everyone account). Select from the following.
| Unable to process automatically | It is OK when read only | It is OK when read only | |
Screen saver | Password Protection on Wakeup | Audit whether it is required to enter a password when restoring from standby. Select from the following.
| Set to enabled | Auditing | Auditing |
Password Policy | Set Complicated Password Required | Audit whether Password should satisfy required complexity is enabled in Password Policy of Windows group policy. (Note 3) Select from the following.
| Set to enabled | Not Auditing | Not Auditing |
Note 1) In Guest Security, audit whether a simple password is used through trying to enter the logon password.
Therefore, according to the system settings, the failed change of password for the user to be audited will be recorded in the event log. In addition, when performing the Lockout setting of account in the group policy of Windows, make sure the execute one of the following processing. When this processing is not executed, the Guest account will be locked out due to the auditing function.
- The lockout of account over 5 times has been set in the group policy of Windows.
- Set not to audit password of Guest account using the CustomPolicy.exe command.
Note 2) In Windows Update (automatic update settings), if the following items have been enabled for the Windows group policy, the settings will be audited as OK:
Enabled: 2 - Notify for download and notify for install
Enabled: 3 - Auto download and notify for install
Enabled: 4 - Auto download and schedule the install
Enabled: 5 - Allow local admin to choose setting
If Disabled is set for the Windows group policy, the setting will be audited as failed.
Note 3) When Set Complicated Password Required is set as auditing item, auditing and processing will be performed for the group policy of Windows.
Even if the password currently used cannot meet the requirement of complexity, if it has been defined in the group policy of Windows, it is still OK. After processing has been executed and the password has been modified to the one that does not meet the requirement of complexity, Windows will require the password to meet complexity requirement.
In addition, in the following edition of Windows, since group policy function is not provided, even if it is set to Auditing, auditing and processing will not be performed.
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows 7 Home Premium
- Windows 8 (except for Windows 8 Pro and Windows 8 Enterprise)
- Windows 10 Home
Software
Item | Details | Description | Value Set at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
Firewall | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Setup Status | Audit whether the setting of firewall is enabled. Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Encrypted Software | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Installation Status | Audit whether the encryption software has been installed. Select from the following.
When Auditing is selected, check the name of encryption software to be audited. (Note 1) | Unable to process automatically | Auditing | Auditing | |
Anti-Virus Software | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Installation Status | Audit whether anti-virus software has been installed. Select from the following.
When Auditing is selected, check the name of anti-virus software to be audited.(Note 2) | Unable to process automatically | Auditing | Auditing | |
Virus Definition Status | Audit whether the virus pattern is appropriate in security. Specify the number of generations allowed for virus pattern. Select from the following.
* The selectable range is within 1~10 generations. | Unable to process automatically | OK within 10 generations | OK within 10 generations | |
Real-time Scan Status | Audit whether the real-time scan has been set. Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Scheduled Scan Status | Audit the scheduled scan has been set and has been executed in a week. Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Scan Scope | Audit whether all files are taken as scan target. Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Prohibited Software | Installation Status | Audit whether the prohibition software has been installed. Select from the following.
When Auditing is selected, check the name of prohibition software to be audited. (Note 3) | Delete the prohibition software | Auditing | Auditing |
Note 1) Select in advance the encryption software to be audited. In the Environment Setup > Auditing Software window:
- Set the software as a target for auditing.
- Click the link of the software name targeted for auditing to display the detailed information, and then set Security Auditing to Auditing as Encrypted Software.
Note 2) Select in advance the antivirus software to be audited. In the Environment Setup > Auditing Software window:
- Set the software as a target for auditing.
- Click the link of the software name targeted for auditing to display the detailed information, and then set Security Auditing to Auditing as Anti-Virus Software.
Note 3) When selecting the prohibition software to audit, it is required to select the prohibition software under Software of Environment Setup > Auditing Software in advance.
Set the item of user security auditing.
Click the User Security Auditing Settings tab, and the following window will be displayed.
Set the following auditing items.
In addition, the so-called "Value at Auto-processing" refers to the value that is automatically assigned by Systemwalker Desktop Keeper when the following settings/operations are performed.
When Yes is selected in Automatic Processing of PC of the Operation Settings tab
When the Process button is pressed in the Diagnosis result of operation settings of CT
OS
Item | Details | Description | Value at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
Screen saver | Whether to Start | Audit whether it has been set to start screen saver. Select from the following.
| Set to start | Auditing | Auditing |
Time Required for Startup(Maximum) | Audit whether the screen saver is started after an appropriate waiting time.
* The selectable range is 1~60 minutes. | Brightness Setting of Display | 10 minutes | 10 minutes | |
Setting of Password Protection | Audit whether the setting of password protection is enabled. Select from the following.
| Set to enabled | Auditing | Auditing | |
Windows Account | Diagnosis result can be modified | Select it when it is expected to set the diagnosis result to correctable. | - | - | - |
Security of Logon Password | Audit whether an appropriate password has been set for the logon user. (Note) Select from the following.
| Unable to process automatically | Auditing | Auditing | |
Note) In Security of Logon Password, audit whether a simple password is used through trying to enter the logon password.
Therefore, according to the system settings, the failed change of password for the user to be audited will be recorded in the event log. In addition, when performing the Lockout setting of account in group policy, make sure the execute one of the following processing. When this processing is not executed, the account will be locked out due to the auditing function.
The lockout of account over 5 times has been set in the group policy.
Set Not Auditing in Security of Logon Password, and set Auditing in Specify Complex Password or Not.
Internet Explorer
Item | Details | Description | Value at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
Setup Status of Internet Zone | Setup Status | Audit whether the security zone of Internet Explorer has been set correctly. Select from the following.
| Brightness Setting of Display | Medium-high or above is OK | Medium-high or above is OK |
Custom Settings | Set the auditing result when the security zone is customized. Select from the following.
| When Failed is selected, set to the value defined in Setup Status | Auditing | Auditing | |
Software
Item | Details | Description | Value at Auto-processing | Initial Value | |
|---|---|---|---|---|---|
Security of PC | Security of Server | ||||
Google Desktop | Settings of Search Across Computers | Audit whether the "Data Search on Multiple Computers" function is disabled. Select from the following.
| Set to disabled | Auditing | Auditing |
To save the settings, click the Apply button.
To save the settings as another setting pattern, click the Save As button.
Point
The file that has been detected as prohibition software and deleted by Systemwalker Desktop Patrol can be restored by the following command.
Display the list of deleted files.
<DTP installation directory>\invcl\bin\prestore.exe -list
No Date Deleted Restored file ---+---------------------+---------------------------- 1 2009/06/18 12:00:00 C:\ BitTorrent \BitTorrent.exe 2 2009/06/18 14:00:00 C:\ eD2k\eD2k.exe
|
Specify the file to be restored from the list and perform restoration.
<DTP installation directory>\invcl\bin\prestore.exe -rest 2
The specified file will be restored.
Note
About auto-processing
In the Active Directory environment, the setting of Windows group policy is effective, so it may not be able to process automatically sometimes. Modify the setting of Windows group policy to not audit for the items set in Windows group policy.
