I'm receiving this vulnerability on a lot of my systems, and I don't really understand it. The recommendation says:
"If the policy defined in WindowsPolicy.fasl3.inc does not match the corporate policy for the environment in which the system operates it can be overridden by redefining the AuditProcessTracking array in myWindowsPolicy.fasl3.inc."
Where is this WindowsPolicy.fasl3.inc file?
Check this post:
Let me know if you have any other questions.
But not every server in an environment of several hundred servers is going to have the same policies, so wouldn't this check false all of the time? Are most users defining this policy for small groups and then auditing those groups against the policy?
I can't imagine large enterprises having the same policy for all servers.
Very good points. The ability to have multiple policy's is a Product Enhancement Request (PER) I know has been made before. I'm unsure of the plans to add it. However if you add your 2cents by submitting a PER yourself it might give it a better chance of happening.
To submit a PER go here:
As far as how other customers are doing this, I would have to let them weigh in to be sure, but I think they modify the policy as needed.
I hope that helps!