1 Reply Latest reply on Aug 29, 2013 11:17 AM by Joe Piotrowski

    Configuring User Account Control Windows security settings

    Naren S

      Hi,

       

      I am trying to build a component template to report compliance on the below User Account Control Windows security settings,

      User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

      User Account Control: Detect application installations and prompt for elevation

      User Account Control: Only elevate UIAccess applications that are installed in secure locations

       

      When i view the security settings from live browse view of the servers, I am able to see the actual security settings configured on the server in the bladelogic console.

       

      But, If I add these security settings as template part, and configure the compliance rules to audit these settings, the compliance scan result reports non-compliance for these rules with the server value as "0". But the target servers are actually configured with the policies.

       

      For instance, server has been configured with the value "elevate without prompting" for the policy "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode", but the compliance result shows non-compliance for this rule reporting "0" as the actual server policy value.

       

      Screenshot attached to explain this better.

       

      Any help is highly appreciated.

       

      Thanks...

        • 1. Re: Configuring User Account Control Windows security settings
          Joe Piotrowski

          I have found that in Windows they convert some text strings into numbers. There is usually a corresponding registry key and value tied to those security settings. So you need to change your compliance to check for a number value, rather than a string of text.

           

          For example rather than Enabled and Disabled the system is actually checking for a 0 or 1. With multiple string options there might be multiple integers 0,1,2,3... So you have to match your rule logic accordingly.

          1 of 1 people found this helpful