<SecScan ID="0" DisplayName="test\DC2" Machine="DC2" Date="2017-04-13 12:05:27" LDate="13.04.2017 12:05" Domain="test" IP="192.168.1.242" Grade="1" HotfixDataVersion="2017-04-10T21:31:59Z" MbsaToolVersion="2.3.2211.0" IsWorkgroup="False" SUSServer="" HFFlags="4" SecurityUpdatesScanDone="True" WUSSource="" IsCSAMode="false">
<IPList><IP addr="-1022950926" /></IPList>
<AdditCabs><Cab Prop="" /></AdditCabs>
<Check ID="104" Grade="6" Type="1" Cat="1" Rank="1" Name="Local Account Password Test" URL1="Help/Check5315.html" URL2="Help/Check5315fix.html" >
<Advice>Password checks are not performed on a domain controller.</Advice>
</Check>
<Check ID="10500" Grade="1" Type="5" Cat="1" Rank="1" Name="Security Updates" >
<Advice>Cannot load security CAB file.</Advice>
</Check>
<Check ID="10101" Grade="4" Type="1" Cat="2" Rank="15" Name="Windows Version" URL1="Help/Check53117.html" >
<Advice>Computer is running Microsoft Windows 8.1.</Advice>
</Check>
<Check ID="102" Grade="5" Type="1" Cat="1" Rank="3" Name="File System" URL1="Help/Check5313.html" URL2="Help/Check5313fix.html" >
<Advice>All hard drives (1) are using the NTFS file system.</Advice>
<Detail>
<Head>
<Col>Drive Letter</Col>
<Col>File System</Col>
</Head>
<Row Grade="5">
<Col>C:</Col>
<Col>NTFS</Col>
</Row>
</Detail>
</Check>
<Check ID="106" Grade="3" Type="1" Cat="1" Rank="8" Name="Password Expiration" URL1="Help/Check5317.html" URL2="Help/Check5317fix.html" >
<Advice>Some user accounts (34 of 262) have non-expiring passwords. </Advice>
<Detail text="Accounts with a green check have passwords that do not expire but were specified in NoExpireOk.txt">
<Head>
<Col>User</Col>
</Head>
<Row Grade="3">
<Col>AdmOraMon</Col>
</Row>
<Row Grade="3">
<Col>Barsov-AS</Col>
</Row>
<Row Grade="3">
<Col>CCB</Col>
</Row>
<Row Grade="3">
<Col>Guest</Col>
</Row>
<Row Grade="3">
<Col>Ivanov-AS</Col>
</Row>
<Row Grade="3">
<Col>testDLP</Col>
</Row>
<Row Grade="3">
<Col>OPER1</Col>
</Row>
<Row Grade="3">
<Col>OPER2</Col>
</Row>
<Row Grade="3">
<Col>AlterAgentSrv</Col>
</Row>
<Row Grade="3">
<Col>AlterAgentSrvTest</Col>
</Row>
<Row Grade="3">
<Col>SB</Col>
</Row>
<Row Grade="3">
<Col>SBEA</Col>
</Row>
<Row Grade="3">
<Col>SBEU</Col>
</Row>
<Row Grade="3">
<Col>SYSOPMCI</Col>
</Row>
<Row Grade="3">
<Col>SrvtAgentOnline</Col>
</Row>
<Row Grade="3">
<Col>SysOp</Col>
</Row>
<Row Grade="3">
<Col>admback</Col>
</Row>
<Row Grade="3">
<Col>admbackag</Col>
</Row>
<Row Grade="3">
<Col>altst</Col>
</Row>
<Row Grade="3">
<Col>bellcow</Col>
</Row>
<Row Grade="3">
<Col>bellfish</Col>
</Row>
<Row Grade="3">
<Col>ckfr</Col>
</Row>
<Row Grade="3">
<Col>kav</Col>
</Row>
<Row Grade="3">
<Col>kAdmin</Col>
</Row>
<Row Grade="3">
<Col>kControl</Col>
</Row>
<Row Grade="3">
<Col>kInter</Col>
</Row>
<Row Grade="3">
<Col>kMonitor</Col>
</Row>
<Row Grade="3">
<Col>kOper</Col>
</Row>
<Row Grade="3">
<Col>kTrans</Col>
</Row>
<Row Grade="3">
<Col>kTransport</Col>
</Row>
<Row Grade="3">
<Col>qurto</Col>
</Row>
<Row Grade="3">
<Col>scom</Col>
</Row>
<Row Grade="3">
<Col>scom_sql</Col>
</Row>
<Row Grade="3">
<Col>useruit</Col>
</Row>
<Row Grade="5">
<Col>SUPPORT_388945a0</Col>
</Row>
</Detail>
</Check>
<Check ID="107" Grade="5" Type="1" Cat="1" Rank="5" Name="Guest Account" URL1="Help/Check5318.html" URL2="Help/Check5318fix.html" >
<Advice>The Guest account is disabled on this computer.</Advice>
</Check>
<Check ID="110" Grade="5" Type="1" Cat="1" Rank="4" Name="Autologon" URL1="Help/Check5319.html" URL2="Help/Check5319fix.html" >
<Advice>Autologon is not configured on this computer.</Advice>
</Check>
<Check ID="117" Grade="5" Type="1" Cat="1" Rank="6" Name="Restrict Anonymous" URL1="Help/Check53110.html" URL2="Help/Check53110fix.html" >
<Advice>Computer is properly restricting anonymous access.</Advice>
</Check>
<Check ID="118" Grade="5" Type="4" Cat="1" Rank="10" Name="IE Zones" URL1="Help/Check53111.html" URL2="Help/Check53111fix.html" >
<Advice>Internet Explorer zones have secure settings for all users.</Advice>
</Check>
<Check ID="119" Grade="4" Type="1" Cat="2" Rank="12" Name="Auditing" URL1="Help/Check53114.html" URL2="Help/Check53114fix.html" >
<Advice>Logon Success auditing is enabled, however Logon Failure auditing should also be enabled.</Advice>
</Check>
<Check ID="121" Grade="4" Type="1" Cat="2" Rank="14" Name="Shares" URL1="Help/Check53115.html" URL2="Help/Check53115fix.html" >
<Advice>7 share(s) are present on your computer. </Advice>
<Detail text="Access: F - Full, R - Read, W - Write, D - Delete, X - Execute, C - Change">
<Head>
<Col>Share</Col>
<Col>Directory</Col>
<Col>Share ACL</Col>
<Col>Directory ACL</Col>
</Head>
<Row Grade="4">
<Col>ADMIN$</Col>
<Col>C:\Windows</Col>
<Col>Admin Share</Col>
<Col>NT AUTHORITY\Authenticated Users - RX, BUILTIN\Server Operators - RWXD, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F, NT SERVICE\TrustedInstaller - F</Col>
</Row>
<Row Grade="4">
<Col>C$</Col>
<Col>C:\</Col>
<Col>Admin Share</Col>
<Col>NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX</Col>
</Row>
<Row Grade="4">
<Col>NETLOGON</Col>
<Col>C:\Windows\SYSVOL\sysvol\test.local\SCRIPTS</Col>
<Col>Everyone - R, Administrators - F</Col>
<Col>NT AUTHORITY\Authenticated Users - RX, BUILTIN\Server Operators - RX, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F</Col>
</Row>
<Row Grade="4">
<Col>SYSVOL</Col>
<Col>C:\Windows\SYSVOL\sysvol</Col>
<Col>Everyone - R, Administrators - F, NT AUTHORITY\Authenticated Users - F</Col>
<Col>NT AUTHORITY\Authenticated Users - RX, BUILTIN\Server Operators - RX, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F</Col>
</Row>
<Row Grade="4">
<Col>dfs</Col>
<Col>c:\DFSTEST</Col>
<Col>Everyone - R</Col>
<Col>NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX</Col>
</Row>
<Row Grade="4">
<Col>dfs_adm</Col>
<Col>c:\DFSADM</Col>
<Col>Everyone - R</Col>
<Col>NT AUTHORITY\SYSTEM - F, BUILTIN\Administrators - F, BUILTIN\Users - RX</Col>
</Row>
<Row Grade="4">
<Col>print$</Col>
<Col>C:\Windows\system32\spool\drivers</Col>
<Col>Everyone - R, Administrators - F</Col>
<Col>Everyone - RX, BUILTIN\Print Operators - F, NT AUTHORITY\Authenticated Users - RX, BUILTIN\Server Operators - RWXD, BUILTIN\Administrators - F, NT AUTHORITY\SYSTEM - F</Col>
</Row>
</Detail>
</Check>
<Check ID="122" Grade="3" Type="1" Cat="1" Rank="7" Name="Administrators" URL1="Help/Check5316.html" URL2="Help/Check5316fix.html" >
<Advice>More than 2 Administrators were found on this computer.</Advice>
<Detail>
<Head>
<Col>User</Col>
</Head>
<Row Grade="3">
<Col>TEST\Enterprise Admins</Col>
</Row>
<Row Grade="3">
<Col>TEST\LocalAdminsTEST</Col>
</Row>
<Row Grade="3">
<Col>TEST\useruit</Col>
</Row>
</Detail>
</Check>
<Check ID="10124" Grade="6" Type="4" Cat="1" Rank="11" Name="Macro Security" >
<Advice>No supported Microsoft Office products are installed.</Advice>
</Check>
<Check ID="10123" Grade="4" Type="1" Cat="2" Rank="13" Name="Services" URL1="Help/Check53116.html" >
<Advice>No potentially unnecessary services were found.</Advice>
</Check>
<Check ID="10178" Grade="4" Type="1" Cat="1" Rank="9" Name="Windows Firewall" >
<Advice>This check was skipped because it cannot be done remotely.</Advice>
</Check>
<Check ID="179" Grade="2" Type="1" Cat="1" Rank="10" Name="Automatic Updates" URL1="Help/Check53178.html" URL2="Help/Check53178fix.html" >
<Advice>The Automatic Updates system service is not running.</Advice>
</Check>
<Check ID="180" Grade="3" Type="1" Cat="1" Rank="10" Name="Incomplete Updates" URL1="Help/Check5340.html" URL2="Help/Check5340fix.html" >
<Advice>A previous software update installation was not completed. You must restart your computer to finish the installation. If the incomplete installation was a security update, then the computer may be at risk until the computer is restarted.</Advice>
</Check>
<Check ID="10219" Grade="6" Type="2" Cat="4" Rank="0" Name="SQL Server/MSDE Status" >
<Advice>SQL Server and/or MSDE is not installed on this computer.</Advice>
</Check>
<Check ID="10314" Grade="6" Type="3" Cat="4" Rank="1" Name="IIS Status" >
<Advice>IIS is not running on this computer.</Advice>
</Check>
<Composite>41</Composite>
</SecScan>
