Audit Policies

(imported topic written by mmurty)

Any information on writing fixlets on setting account & audit policies like password length and account lockout duration.

(imported comment written by BenKus)

Hi mmurty,

You should talk to your sales representative about licensing the

Security Policy Manager

Fixlet site. It contains Analyses and properties for all sorts of account/audit policies and security settings. For instance:

http://support.bigfix.com/images/pictures/auditpolicies-screenshot.jpg

Also see http://forum.bigfix.com/viewtopic.php?id=48

Ben

(imported comment written by mmurty)

i already have that. But i want to write a fixlet to set these values. Any suggestions

(imported comment written by jessewk)

You can get a lot of clues by looking at the relevance for each of the analysis properties. You’ll find the relevance on the details tab of the analysis. For example, here’s the relevance for the minimum password length:

if
(
(
it = “Win2000"
OR
it = “WinXP"
OR
it = “Win2003"
OR
it = “WinXP-2003”
)
of name of operating system
AND
(
exists lasts 2 of firsts 162 of
(
values “F” of keys “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string
)
)
)
then
(
(
hexadecimal integer
(
last 2 of first 162 of
(
value “F” of key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string
)
)
as string
)
& " characters”
)
else
”<N/A>”

You can see it is essentially looking for the 2 characters at position 161 and 162 of the value “F” of the key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account”.

To change this, you’ll want to create an action that changes those 2 characters of the registry key to the hexadecimal minimum password length you’d like to enforce. So say you want to enforce a 10 character minimum, you’d write an action like this (10 in hex is 0A):

regset "

HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account

" “F”="{preceding text of last 2 of first 162 of value “F” of key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string & “0A” & following text of position 162 of value “F” of key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string}"

note, I haven’t tested this…

(imported comment written by BenKus)

Hi mmurty,

I think your best bet would be to find a tool that sets these settings… I couldn’t find one with a quick search, but I imagine there is some sort of freely available command line tool that changes these settings.

Ben

(imported comment written by SmearODeer91)

Madhu,

The other option is to create reg file with your edit and then create push to of the registry setting. I would have recommended Group policy but it not an option for your enviroment. If you look at some of the security templates that are setup for you PSP Enviroment you will find it is part of the security baseline there.

Bob

(imported comment written by nrupaks91)

Hi jessewk,

I have tried – regset "

HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account

" “F”="{preceding text of last 2 of first 162 of value “F” of key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string & “0A” & following text of position 162 of value “F” of key “HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account” of registry as string}" – but it failed.

let me know if you have been successful with this.

Thanks,

NruapkS

(imported comment written by BenKus)

Hi NruapkS,

I think you might want to take a look at our SCM content, which can allow you to look up and change these security configuration settings.

Ben