1 Reply Latest reply on May 6, 2013 10:16 AM by cgrim

    Foundstone and Windows 2012 Baseline policy

    mvm

      When scanning Windows Server 2012 with Foundstone 7.0 for vulnerability the server is marked as Windows Server 8

       

      And  performing a Baseline scan on a server and going to the Policy configuration, the scan cannot be merge with Windows 2012.

       

      Anyone can help?

       

      Done as per instructions below:

       

      Baseline Scan

      A Baseline scan allows you to establish your Windows or UNIX policy scans based on a computer that meets your company's policy standards. You can setup a Windows or UNIX operating system as your gold standard and use the Baseline Scan template to scan that computer. Once your gold standard has been scanned, you can then have your Global Administrator merge those policy settings into the appropriate operating system Policy Manager.

      Note: Each operating system can handle a policy compliance in a unique manner, so you must scan a gold standard computer for each different operating system on your network (e.g. one gold standard for Windows 2003, one for Windows XP, etc.).

       

      To scan a Baseline

      Create a scan using the Baseline Policy Scan template. The following are quick steps to setup your baseline scan, for more details about setting up a scan, see Working with Scans. You can create individual scans for each operating system on your network, or create one baseline scan and add each gold standard host to the scan. You can also create multiple baseline scans to select in the Policy Manager (for example: different hosts require different credentials, but these credentials cannot be included in the same scan).

      1. Select SCAN > NEW SCAN
      2. Select Use a Vulnerability Manager template
      3. Select Baseline Policy Scan Under Compliance Templates
      4. Click Next

        The Targets tab displays

      5. Enter a name for this scan
      6. Enter gold standard host(s) to scan
      7. Click Next
      8. Modify your settings

        Enter the credentials for the host(s) being scanned.

        You cannot modify the Vuln Selection settings.

      9. Click Next

        The Schedule tab displays

      10. Schedule a start time for your baseline scan
      11. Click OK

       

      Windows XP must allow local users to authenticate as themselves for the scan to function properly. By default, this is set to Guest only. This setting does not allow the Foundstone Scripting Language to function properly.

      1. Administrative Tools > Local Security Policy
      2. Go to Security Settings > Local Policies > Security Options
      3. Double-click Network Access: Sharing and security model for local accounts Guest only is the default setting
      4. Select Classic - Local users authenticate as themselves
      5. Click OK

       

      Windows Vista must allow the Administrator account, disable remote UAC, and enable the remote registry service. These settings do not allow the Foundstone Scripting Language to function properly.

      To enable the Admin account:

      To disable remote UAC:

      • Create the following registry key/value:

        HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system

        LocalAccountTokenFilterPolicy = DWORD:1

      To enable remote registry services:

      • Administrative Tools > Services
      • Start the Remote Registry service

      To merge your Baseline settings

      After running a baseline scan, you can merge the gold standard settings into the Vulnerability Manager Policy Manager to modify the settings to your company's policy compliance standards. Once you have completed and saved your baseline into your policy settings, future policy compliance scans will use your baseline settings.

      Note: Registry Keys, File Permissions, and Services are not part of the Baseline Scan template. These policy compliance items must be set manually.

      1. Login to the enterprise manager as the Global Administrator
      2. Select MANAGE > POLICY

        The Policy Manager page displays

      3. Select the Windows or UNIX tab
      4. Select an operating system from the Group list

        The Select a baseline scan list becomes available if you scanned a host running the selected operating system.

      5. Click Merge

        All modified settings are highlighted with red, bold italic text.

      6. Click Save