Configure a Windows Directory Search Control
Configure a Windows Directory Search control to find files and directories that match certain parameters (i.e. name, permissions, etc). Share with us where to search and what you are looking for, and a list of matches is provided.
|
Help me with the settings |
||||||||||||
Identify this controlThe statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You need to decide which category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement |
||||||||||||
What are the Scan Parameters?These are the search parameters you want to use. Tell us where to start our search (the base directory) and what you want to match. You can search for files and/or directories. You want to set search limits - the max search time and the max number of results to return. The search stops as soon as one of these limits is reached. |
||||||||||||
Tell me about Users and PermissionsYou can search for files/directories based on user access to the files. For example, maybe you want to find all folders that well-known groups can access, or perhaps you want to find files readable by a user who has left the company. In the Users section, create a list of principals (groups/users) and then select permissions in the Permissions section. Tell me more about adding principalsYour list may include a mix of well-known users/groups and specific users. To add well-known users/groups, simply start typing in the Search field and then add the matches that we find. To add specific users, enter the user in the Search field and click Enter. Use any of these formats: user, domain\user, user@FQDN, SID user (S-1-x-x-x-x-x-x...). Tell me about Any vs. All optionsAfter selecting permissions, choose "All" to only return files that match all of the permissions. Choose Any to return files that match at least one of the permissions. |
||||||||||||
Tell me about Control TechnologiesYour control may apply to many technologies. Select each technology you are interested in and provide a rationale statement and expected value. If you plan to enter the same settings for each technology you only need to do it once. Make your selections in the "Default Values" section first and then select the check box for each technology you want. you can view that the settings get copied automatically to each technology that you select. Make these settings: Rationale - Enter a rationale statement describing how the control should be implemented for each technology. Cardinality - Select a cardinality for the control. Tell me about these cardinalitiesA list of strings in the scan results (X) is compared to a list of strings defined for the control (Y). The control values include the default value (a string) and a cardinality. The possible cardinalities are described below.
Operator - The operator can be a "regular expression list" or a "string list". the operator is used to compare the scan results to the default value. Default Value. Enter the expected value for each technology as a list of regular expressions or strings. The list of strings returned in the scan results will be compared to the list of strings defined for the control. Learn more You can lock the Cardinality, Operator or Default Value if you do not want users to be able to change these values in the Policy Editor. |
||||||||||||
Tell me about referencesAdd up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://. For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports. |
Ready to scan?
You must select these settings in the option profile you apply to your scan: Enable Dissolvable Agent and Enable Windows Directory Search. When editing your profile, you can view these settings under Dissolvable Agent (in the Scans section).