HKCU remote test results

General support questions for the Secutor Prime product.
chris
Posts: 1
Joined: Wed Jun 11, 2008 5:33 pm

HKCU remote test results

Postby chris » Wed Jun 18, 2008 11:41 am

When running remote tests, the tests looking in HKEY Current User registry hive on the remote computers are failing and reporting the registry settings do not exist. When run locally these tests pass.

I found this in the documentation:
NOTE: Two password policies "Passwords Must Meet Complexity Requirements" and "Store Passwords Using Reversible Encryption" cannot be remotely assessed.

Is it also true that HKEY Current User tests cannot be remotely assessed?

Thanks in advance for any insight!

Randy
Site Admin
Posts: 28
Joined: Sat Feb 24, 2007 9:48 am

Postby Randy » Fri Jun 20, 2008 6:32 am

Chris,

We have been working with NIST (and NIST with Microsoft) to determine the best way to evaluate the HKCU settings. I believe the current content requires a local administrator to be interactively logged into the target computer even when doing a remote agentless assessment (to create the HKCU keys).

The bottom line is that NIST is trying to determine a reliable and consistent (from a technical implementation standpoint) way to enumerate those values. The cheesy workaround above may help you until this issue is resolved.
-- Randy
ThreatGuard, Inc.

csizemore
Posts: 2
Joined: Tue Jul 01, 2008 11:56 am

Postby csizemore » Tue Jul 01, 2008 5:20 pm

I have actuqally experienced the same issue. And I also found that if you run the product on the machine locally, the keys are found. I use this as my baseline scan, since I am applying these settings via GPOs. So when I scan remotely, I exspect to find X number of failures.

Thanks for the product, we have found great success with this product in producing our FDCC complaince.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 1 guest