| Web Table 1: Security Configuration Tests |
| Test |
Description |
| Administrators |
Lists the computer's local administrator accounts |
| Auditing |
Displays the local computer's auditing settings |
| Autologon |
Displays whether Autologon is enabled |
| Domain Controller Test |
Checks to determine whether IIS is running on a domain controller (DC) |
| Exchange Server Security Updates
|
Checks for missing Exchange Server security updates |
| File System |
Checks the type of file system (e.g., NTFS) |
| Guest Account |
Checks to determine whether the Guest account is enabled |
| IE Zones |
Lists IE security zones for each user |
| IIS Admin Virtual Directory |
Looks for the IISADMPWD virtual directory |
| IIS Lockdown Tool |
Checks to determine whether IIS Lockdown has been installed |
| IIS Logging Enabled |
Makes logging recommendations for HTTP and FTP sites |
| IIS Security Updates |
Checks for missing IIS security updates |
| Local Account Password Test |
Checks for blank or weak local account passwords |
| Macro Security |
Lists Office macro settings by user |
| Msadc and Scripts Virtual Directories |
Looks for MSADC and Scripts virtual
directories |
| Outlook Zones |
Lists Outlook security zones for each user |
| Parent Paths |
Lists whether parent paths exist in Web sites or virtual directories |
| Password Expiration |
Lists accounts that have nonexpiring passwords that NoExpireOk.txt doesn't include |
| Restrict Anonymous |
Lists the registry setting that prohibits anonymous users from enumerating user accounts |
| Sample Applications |
Lists installed IIS sample applications (e.g., Default Web Site, IISHelp) |
| Services |
Lists possible unnecessary services (e.g., FTP, SMTP, Telnet, WWW) that could compromise security |
| Shares |
Enumerates and lists shares, and share and file ACLs |
| SQL Server Security Updates |
Checks for missing SQL Server security updates |
| SQL: CmdExec role |
Checks to determine whether CmdExec is restricted to SysAdmin |
| SQL: Domain Controller Test |
Checks to determine whether SQL Server is running on a DC |
| SQL: Exposed SQL Password |
Checks whether the systems administrator (SA) password is exposed in a text file (e.g., setup.iss or sqlstp.log) |
| SQL: Folder Permissions |
Checks file permissions on SQL Server installation folders |
| SQL: Guest Account |
Lists databases that have enabled guest accounts |
| SQL: Registry Permissions |
Checks who has permissions to the SQL Server registry keys |
| SQL: Service Accounts |
Checks the membership of SQL Server accounts and SQL Server agent accounts |
| SQL: SQL Account Password Test |
Checks for blank or simple passwords for local SQL accounts |
| SQL: SQL Server Security Mode |
Checks to determine whether SQL Server is running in Windows Only or Mixed mode |
| SQL: SysAdmin Role Members |
Lists members of the SysAdmin role |
| SQL: SysAdmins |
Lists the number of SysAdmins |
| Windows Media Player Security Updates |
Checks for missing WMP security updates |
| Windows Security Updates |
Checks for missing Windows security updates |
| Windows Version |
Lists the Windows version |