Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Audit and snapshot rules
- Configuring the application configuration rule
- Configuring the COM+ rule
- Configuring the custom scripts rule
- Configuring the discovered software rule
- Configuring the file rule
- Configuring the hardware rule
- Configuring the IIS metabase rule
- Configuring the IIS rule
- Configuring the IIS 7.0 rule
- Configuring the local security settings rule
- Configuring the registered software rule
- Configuring the Windows .NET framework configurations rule
- Configuring the Windows registry rule
- Configuring the Windows services rule
- Configuring the Windows/UNIX users and groups rule
Configuring the Windows registry rule
Windows Registry rules are comparison-based rules that enable you to select a Windows Registry key or folder from the source of the audit or snapshot specification, and then compare them with the target servers. The audit compares the selected registry folders and keys, and then determines whether these keys and folders exist on the target servers. You cannot set a target or remediation value in the rule.
Windows Registry object
The Windows Registry object allows you to capture registry keys, registry values, and subkeys. A registry key is a directory that contains registry values, where registry valuesare similar to files within a directory. A subkey is similar to a subdirectory. The SA Client supports the following Windows Registry keys: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_LOCAL_MACHINE, and HKEY_USERS.
Valid control characters audited and captured for the contents of the key entry (Data) include: #x9, #xA, [#xD, #x20-#xD7FF], [#xE000-#xFFFD], and [#x10000-#x10FFFF]. Invalid control characters cannot be stored by the SA Client and will be converted to XML entities that will display as &#;. For example, if the data value is 00 00 (in bytes), � will display in the audit or snapshot specification results.
Access Control Levels
You can also choose to compare Access Control Levels (ACLs) for a Windows Registry rule. If you are checking ACLs for a Windows Registry rule where the user and group ACL does not exist, after the audit is run and after remediation, if a user and group does not exist on the target, a temporary user and group will be created using an unknown name. The next time you run the audit it shows up as unknown, which is not the name of the source user. See Audit results for more information.
To configure Windows Registry audit rules:
- Create a new audit. See Creating an audit for ways to create an audit.
(Optional) If you want to create this rule for a snapshot specification, see Creating a snapshot specification . - Select an Audit Source: Server, Snapshot, Snapshot Specification, or No Source.
Some audit rules, such as Application Configuration and Windows User’s and Groups, must have a source. - In the Audit window, from the Views pane, select Rules > Windows Registry.
- In the content pane of the Audit window, expand the top level node in the Available for Audit section and select a Windows Registry folder or key to create a rule for.
- Click the right arrow button to move the Windows Registry folder or key into the Selected for Audit section. All items that you select will be used to audit or snapshot the target server.
- For each registry entry key rule you create, you can set the following options to include when the audit checks the target:
- Also Compare Contents of Sub-Keys—Evaluate all subkeys that belong to the selected registry key.
- Also Compare ACLs—Compare ACLs of the selected registry key.
- Use case-insensitive compare for Key Values—Do not show Key Value differences in the audit result if the names use a different case.
- To finish configuring the audit, set the target servers, the schedule, and the notification for the audit.
- From the File menu, select Save to save your audit.
(Optional) You can also save the Audit as a policy. See Saving an audit or a snapshot specification as an audit policy. - To run the audit, from the Actions menu, select Run Audit. See Running an audit .
Note In the Audit Policy window, if you select a server to view its registry information, and then want to check the registry information for another server, you must close the Audit Policy window, then reopen it to refresh the registry-contents field.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: