We have several Windows 2003 R2 servers showing at least two registry vulnerabilities that are incorrect. The first Q315231, “Automatic Logon Enabled”. We have the key set via GPO to disabled but BES is showing this as requiring resolution. The only difference is that in the fixlet relevance the key is mixed case whereas on the server they are all lower case. Any reason why the default relevancies are not using lowercase() on these comparisons?
The second issue is Q147706 “LM Authentication Enabled”. We have our key set to 4 which is more secure than the value of 2 the fixlet wants to change it to. The fixlet seems to be designed around NT4 and should be checking to see if the value is already higher than what it wants to set everything to. Furthermore, one of the SANS vulnerability checks wants to set the value to 5 so it would override the BES fixlet.
Could you also check what type of value “AutoAdminLogon” is? The relevance is expecting a string (REG_SZ) value and may be generating a false positive if “AutoAdminLogon” is actually a DWORD (REG_DWORD) value. Thank you!
Well, that would be the problem then. We’ll have a new version that supports both string and dword values out shortly. Thank you for the help debugging, and please let us know if you find any other issues with our products.