Result Issue
Score
No critical security updates are missing. Windows Security Updates
No critical security updates are missing. IIS Security Updates
Instance (default): No critical security updates are missing.
SQL Server/MSDE Security Updates
No critical security updates are missing. MDAC Security Updates
No critical security updates are missing. MSXML Security Updates
No Microsoft Office products are installed. Office Security Updates
Windows Scan Results
Table 2: Vulnerabilities
Result Issue
Score
Automatic Updates are managed through Group Policy on this computer. Automatic Updates
More than 2 Administrators were found on this computer. Administrators
Note: This warning can be ignored given that the Cisco ICM application
requires the addition of certain groups to the Local Administrators group, therefore triggering this event. It is recommended that you review the Result Details and remove any known unnecessary accounts.
Some user accounts (1 of 7) have non-expiring passwords. Password Expiration
Note: When the server is properly configured to require expiring passwords,
this warning will typically find the Guest account to have a non-expiring password even though the account is disabled. This warning can be ignored. Windows Firewall is enabled and has exceptions configured. Windows Firewall is enabled on all network connections.
Windows Firewall
Some user accounts (1 of 7) have blank or simple passwords, or could not Local Account Password Test
Chapter 11: Microsoft Baseline Security Analyzer (MBSA) Security Update Scan Results
Result Issue
Score
All hard drives (1) are using the NTFS file system. File System
Autologon is not configured on this computer. Autologon
The Guest account is disabled on this computer. Guest Account
Computer is properly restricting anonymous access. Restrict Anonymous
Table 3: Additional System Information
Result Issue
Score
Logon Success and Logon Failure auditing are both enabled. Auditing
Some potentially unnecessary services are installed. Services
2 share(s) are present on your computer. Shares
Computer is running Windows 2000 or greater. Windows Version
Internet Information Services (IIS) Scan Results
Table 4: Vulnerabilities
Result Issue
Score
The IIS Lockdown tool was developed for IIS 4.0, 5.0, and 5.1, and is not needed for new Windows Server 2003 installations running IIS 6.0.
IIS Lockdown Tool
IIS sample applications are not installed. Sample Applications
IISADMPWD virtual directory is not present. IISAdmin Virtual Directory
Parent paths are not enabled. Parent Paths
The MSADC and Scripts virtual directories are not present. MSADC and Scripts Virtual Directories
Table 5: Additional System Information
Result Issue
Score
IIS is not running on a domain controller. Domain Controller Test
All web and FTP sites are using the recommended logging options.
IIS Logging Enabled
SQL Server Scan Results
Instance (default)
Table 6: Vulnerabilities
Result Issue
Score
BUILTIN\Administrators group is part of sysadmin role. Sysadmin role members
Note: This is acceptable because the Cisco ICM application adds
certain groups to the local Administrators account on the server which require dbo access to the database.
No more than 2 members of sysadmin role are present. Sysadmins
SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.
Service Accounts
The 'sa' password and SQL service account password are not exposed in text files.
Exposed SQL Server/MSDE Password
SQL Server and/or MSDE is not running on a domain controller. Domain Controller Test
SQL Server and/or MSDE authentication mode is set to Windows Only.
SQL Server/MSDE Security Mode
The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.
Registry Permissions
CmdExec is restricted to sysadmin only. CmdExec role
Permissions on the SQL Server and/or MSDE installation folders are set properly.
Folder Permissions
Chapter 11: Microsoft Baseline Security Analyzer (MBSA) SQL Server Scan Results
Result Issue
Score
The Guest account is not enabled in any of the databases. Guest Account
The check was skipped because SQL Server and/or MSDE is operating in Windows Only authentication mode.
SQL Server/MSDE Account Password Test
Desktop Application Scan Results
Table 7: Vulnerabilities
Result Issue
Score
Internet Explorer zones have secure settings for all users. IE Zones
The use of Internet Explorer is restricted for administrators on this server.
IE Enhanced Security Configuration for Administrators
The use of Internet Explorer is restricted for non-administrators on this server.
IE Enhanced Security Configuration for Non-Administrators
No Microsoft Office products are installed Macro Security
Chapter 11: Microsoft Baseline Security Analyzer (MBSA) Desktop Application Scan Results
Auditing
You can set auditing policies to track significant events, such as account logon attempts. Local policies should also always be set.
Note: Domain auditing policies always overwrite local auditing policies. The two sets of policies
should be identical where possible.
To set local auditing policies, select Start > Programs > Administrative Tools > Local Security
Policies.
Note: Automated Security Hardening on Windows 2003 (as described in Chapter 4) configures
the ICM/IPCC server with the recommended auditing settings. See Local Policies - Audit Policy (page 57)
This chapter contains the following topics: • How to View Auditing Policies, page 121 • Security Log, page 122
• Real-Time Alerts, page 122
• SQL Server Auditing Policies, page 122 • Active Directory Auditing Policies, page 123
How to View Auditing Policies
Step 1 Select Start > Programs > Administrative Tools > Local Security Policies. the Local Security Settings window opens.
Step 2 In the tree in the left pane, select and expand Local Policies. Step 3 In the tree under Local Policies, select Audit Policy.
Step 4 View or change the auditing policies by double-clicking the policy name.