Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.51

Administer > Audit and compliance > Audits, audit policies, and audit results > Audit and remediation rules > Audit and snapshot rules > Configuring the IIS 7.0 rule

Configuring the IIS 7.0 rule

In SA 10.51, you can create audit and snapshot specification rules for Microsoft IIS 7.0 running on Windows Server 2008. You can expand and browse IIS 7.0 Application Pools, Web Sites, and features and add them to your audits or snapshot specifications to determine whether they meet your organization’s compliance standards. After your audit or snapshot has run, you can view the results and remediate any discrepancies found (with some exceptions).

For example, you might want to audit several Windows Server 2008 servers running IIS 7.0 to make sure that Anonymous Authentication is enabled on each server.

To perform this compliance check, select a Windows Server 2008 server that has Anonymous Authentication enabled to be the source server of the audit. Then, configure the audit rule to check that Anonymous Authentication is enabled on all servers targeted by the audit.

When you run the audit (which you can schedule on a recurring basis), the rule will check the target servers and discover if any do not have Anonymous Authentication enabled. If the audit finds any discrepancies, you can remediate those servers to enable their IIS 7.0 Anonymous Authentication.

Note You cannot remediate ISAPI filters for the IIS 7.0 audit rule in this release.

To configure the IIS 7.0 rule:

Create a new audit using one of the methods in Creating an audit . (If you want to create this rule for a snapshot specification, see Creating a snapshot specification .)
Select an Audit Source: Server, Snapshot, Snapshot Specification, or No Source.

Some audit rule types, such as Application Configuration and Windows User’s and Groups, must have a source server on which to base the rule. Some specific rules and criteria, such as checking IIS 7.0 Anonymous Authentication, also require that you select a source server. If you do not select a source server, you will be limited on the specificity of the rule.
In the Audit window, from the Views pane, select Rules > IIS 7.0.
In the content pane of the Audit window, in the Available for Audit section expand one of the IIS 7.0 elements you want to create a rule for, such as Application Pools, Sites, or Features. This may take a few moments to load if this is the first time you are loading one of the elements.
Select an element from the list and then click the right arrow button to move the rule object into the Selected for Audit section, which enables you to create a rule for the element. For example, you could expand the Authentication folder and select Anonymous Authentication, then click the right arrow button to add the selection to your audit.
For each rule, in the lower section of the Audit window, select one of the following rule criteria types:
- Property Values: Values-based check that checks individual properties of the target object. For this type of check, each object requires that you build an expression that defines properties related to the object using the drop down lists at the bottom of the rule window. You can specify a unique operator which, depending on the type of object, can be a String, a Number (integer or float), Boolean (comparing values of ‘true’ and ‘false’), Date (a date compare, not a time of day compare), or an Array.
- Equivalent to source: Comparison check that performs a one to one comparison between the object on the source vs. the target servers. In this type of check, the values of each property selected from both the source and target servers must match exactly for the object to be compliant.
- Remediation of the IIS 7.0 rule is possible only when an audit is setup with the Equivalent to source check.
- Non-existence: A rule that checks for the non-existence of an object to determine if it exists on the target server. If the object exists on the target server, the user or group rule is out of compliance. Note that, at runtime, the source server, if any, is not queried. Also, if a Wildcard rule object is selected, it will only apply to the target server.
For example, if you wanted to check that a target server (or multiple servers) running IIS 7.0 has Anonymous Authentication enabled, in the bottom of the Audit window, you would select:
- Property Values
- Status
- =
- Enabled
This tells the audit to find out if each target server’s IIS 7.0 Anonymous Authentication is enabled.
You can also configure a rule based on a wildcard search by selecting the Wildcard rule object .

When you select this object, in the rule configuration section at the bottom of the window displays a Name field, into which you can type a name (primary key) that will be searched on the target server.

For example, you could enter an asterisk (*), which would match everything on the target. P* would match all objects that begin with a capital P, while *P would match all elements ending with uppercase character 'P'.

After you enter a name or wildcard string, you can configure the rule parameters as you did in step 6.

It is important to notice that when using wildcard, all matching objects are restricted by the rule configuration. This type of audit rule is considered compliant if all found objects match the rule parameters.
To finish configuring the audit, set the target servers, any rule exceptions, the schedule, and the notification for the audit.
To save the audit, from the File menu, select Save.
You can also save the Audit as a policy, which enables other users to access the rule set you create in the audit. See Saving an audit or a snapshot specification as an audit policy.
To run the audit, from the Actions menu, select Run Audit. See Running an audit .

Send Help Center feedback