I'm trying to write some compliance rules to check Permission DACL in a windows registry.
I want to know if there is any chance of checking the "Apply To" setting of a registry key.
If I go to the live browse of a machine BSA, select a registry key and click in properties, I can see the ACL's for the registry key, and has several columns:
I know how to control most of these, but I can't find any way to implement a check in the Compluance Rule editor to check if the "Apply To" Column has the value "This key and subkeys, Subkeys only, or This key only".
Anybody knows how this could be implemented?