-------------- Original message ---------------------- From: "Mehul" <[EMAIL PROTECTED]> > > > Hello Mehul, thank you for the information, can you please > > send me the link to the document that contains the statement > > that Deny logon through Terminal Services should "only" be > > denied to the Guests group. > > John, > > The settings are listed in an excel sheet which can be downloaded from > here http://fdcc.nist.gov/FDCC-SCAP-Content-Test-v1-0-1.xls or the .inf > file included with the GPO's > (http://fdcc.nist.gov/FDCC-Q3-2007-Final-GPO-20070730.zip). > Although I dont think there is harm in having additional members on Deny > user right settings. I think this is best handled by editing the .audit file > on your side. > > So for e.g in your case, you may want to edit the .audit file as follows.
Thanks Mehul that exactly what I did this morning, I was hoping that there was a fix for the .audit file like Threat Guard did with Secutor Prime. Take Care and Have Fun --John > <item> > name: "Deny log on through Terminal Services" > value: "Guests" | ""renamed_guest" > </item> > > > > > Secutor Prime also reported the same problem, once Threat > > Guard was aware of the issue Secutor Prime was corrected so > > that it did not fail a check because additional user account > > were restricted using the various deny user rights in group policy. > > As I said earlier, our next version of compliance checks will be much > more flexible in handling such type of operations. But for now, this > should be handled by editing the .audit file. > > > The FDCC Q3 2007 XP Group Policy requires a password length > > of 12 , if the organization requires a password length of 24 > > that check would fail. Secutor Prime use to fail this > > check until it was correct so that the check passes if its > > 12 or greater. > > I made some changes to .audit file so that system settings (passwd length, > passwd age etc...) will be much more tolerant > if the settings are stricter than the FDCC recommended settings. It should > be up on the portal in couple of hours. > > Thanks > > - Mehul > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
