What @AlanM is recommending is to configure the Fixlet Debugger to use the local BESClient process to perform the query. To do this, look under Debug menu --> Evaluate Using --> select Local Client Evaluator.
The phrases take longer to evaluate, but because the local client on your PC actually performs the Evaluation, it’s a more realistic representation of the results for certain types of queries.
I’m not sure what you are asking me for. The relevance clause, as given by @AlanM, will return a value when evaluated by your system(s). I can only tell you what my development system returns for the same clause …
IF (SACL of Security Descriptor of Folder “C:\Windows\System32\drivers” as string) = “S:AI” THEN true ELSE false
Download a copy of the FixletDebugger that has the same version as the IEM Client you are running, configure it to use your local IEM Client for the Evaluation and evaluate Alan’s clause and see what you get as a return value.
If you require assistance creating custom content, I believe IBM Professional Services can be contracted to perform that type of work for you. I don’t work for IBM, I’m a Customer who uses IEM for my job, and I’m willing to share what I know in exchange for hopefully learning.something new myself.
What you need is the security descriptor of the folder, specifically the dacl of the security descriptor (the sacl mentioned above is for the “auditing entry” whereas you’re concerned about access permissions). If you’re confident you want those exact permissions for that folder on all your servers, then you can use this relevance:
(dacl of security descriptor of folder (expand environment string of “%25SystemRoot%25\System32\drivers”) as string != “D:PAR(A;OICI;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;BU)”) | true
Note: This relevance defaults to ‘true’ if any errors are encountered. It can be modified to provide specific error messages instead to suit your needs.
I am using secedit command to validate the current setting. for %SystemRoot%\System32, I am not getting any mismatch for the permission setting. but your relevance give true. Note I have removed | true part from your relevance.
If you need a custom Fixlet/Task to fulfill your exact needs, then I would second Tim Rice’s statement about engaging IBM Professional Services. They do provide custom content authoring, and contracts to support your own efforts at authoring content.
This forum is mostly users helping each other. Josh posted a great place to start. If the relevance he posted isn’t returning the true/false that you expect, then it’s really incumbent upon you to try to understand why that is occurring.
The first place to start would be to take apart Josh’s relevance. If the dacl doesn’t match what you expect (true/false), then find out what the dacl actually is, by removing the boolean comparison and just displaying the string result:
q: dacl of security descriptor of folder (expand environment string of “%25SystemRoot%25\System32\drivers”) as string
A: D:PAI(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;0x1301bf;;;SY)(A;OICIIO;GA;;;SY)(A;;0x1301bf;;;BA)(A;OICIIO;GA;;;BA)(A;;0x1200a9;;;BU)(A;OICIIO;GXGR;;;BU)(A;OICIIO;GA;;;CO)(A;;0x1200a9;;;AC)(A;OICIIO;GXGR;;;AC)