Administer > Audit and compliance > Audits, audit policies, and audit results > Audit results > Remediating comparison-based audit results

Remediating comparison-based audit results

Audit results based on a comparison-based audit allow you to view differences between the source server or snapshot and target servers or snapshot. If the audit results fails—that is, it finds differences between the source and the target—you can remediate the differences (for most rule types). You can remediate the rule values of the source objects in the audit and overwrite the values on the target (or add values that exist on the source, but do not exist on the target.)

The Audit Result window shows all the objects defined in the audit in the Views pane. It also shows the audit results that failed, the differences found between the audit and the target servers are highlighted in light blue font.

For example, the following figure shows audit results for a windows file system rule, where the selected file and path exist on both the source (audit rule source server) and the target, but are different, located under the Only Both But Different tab of the Audit Result window.

In the Audit Result window, you can select the Files rule, and from the Actions menu select Remediate.

Audit Result for a Comparison-Based Audit Rule

In this example where file difference were found between the source and the target, you can double-click the rule to view those differences in a separate window. Review the differences information to make sure you want to perform the remediation. Then, you can select Remediate from the Actions menu and remediate the out-of-compliance rule or schedule the audit to run at a later time. When you remediate, the values from the audit (derived from the source) will replaces those on the target server.

When remediating COM+ objects from snapshot or audit results, the SA Client does not check the version of the COM+ object. SA will always remediate the object, whether or not there is any difference between them.