This repository has been archived by the owner on May 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
report-example-original.html
170 lines (164 loc) · 65.7 KB
/
report-example-original.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
@charset UTF-8;
html body { font-family: Verdana, Geneva, sans-serif; font-size: 12px; height: 100%; margin: 0; overflow: auto; }
#header { background: #0066a1; color: #ffffff; width: 100% }
#headerTop { padding: 10px; }
.logo1 { float: left; font-size: 25px; font-weight: bold; padding: 0 7px 0 0; }
.logo2 { float: left; font-size: 25px; }
.logo3 { float: right; font-size: 12px; text-align: right; }
.headerRow1 { background: #66a3c7; height: 5px; }
.headerRow2 { background: #000000; height: 5px; }
.serverRow { background: #000000; color: #ffffff; font-size: 32px; padding: 10px; text-align: center; text-transform: uppercase; }
.summary { width: 100%; }
.summaryName { float: left; text-align: center; padding: 6px 0; width: 16.66%; }
.summaryCount { text-align: center; font-size: 45px; }
.p { background: #b3ffbe!important; }
.w { background: #ffdc89!important; }
.f { background: #ff9787!important; }
.m { background: #66a3c7!important; }
.n { background: #c8c8c8!important; }
.e { background: #c80000!important; color: #ffffff!important; }
.x { background: #ffffff!important; }
.s { background: #c8c8c8!important; }
.note { text-decoration: none; }
.note div.help { display: none; }
.note:hover { cursor: help; position: relative; }
.note:hover div.help { background: #ffffdd; border: #000000 3px solid; display: block; left: 10px; margin: 10px; padding: 15px; position: fixed; text-align: left; text-decoration: none; top: 10px; width: 600px; z-index: 100; }
.note li { display: table-row-group; list-style: none; }
.note li span { display: table-cell; vertical-align: top; padding: 3px 0; }
.note li span:first-child { text-align: right; min-width: 120px; max-width: 120px; font-weight: bold; padding-right: 7px; }
.note li span:last-child { padding-left: 7px; border-left: 1px solid #000000; }
.sectionRow { background: #0066a1; color: #ffffff; font-size: 13px; padding: 1px 15px!important; font-weight: bold; height: 25px!important; }
table tr:hover td.sectionRow { background: #0066a1; }
table { background: #eaebec; border: #cccccc 1px solid; border-collapse: collapse; margin: 0; width: 100%; }
table th { background: #ededed; border-top: 1px solid #fafafa; border-bottom: 1px solid #e0e0e0; border-left: 1px solid #e0e0e0; height: 45px; min-width: 55px; padding: 0px 15px; text-transform: capitalize; }
table tr { text-align: center; padding-left: 15px; }
table td { background: #fafafa; border-top: 1px solid #ffffff; border-bottom: 1px solid #e0e0e0; border-left: 1px solid #e0e0e0; height: 55px; min-width: 55px; padding: 0px 10px; }
table td:first-child { min-width: 175px; width: 175px; text-align: left; }
table tr:last-child td { border-bottom: 0; }
table tr:hover td { background: #f2f2f2; }
</style>
</head><body>
<div id="header">
<div id="headerTop">
<div class="logo1">ACME</div>
<div class="logo2">QA Results</div>
<div class="logo3">Script Version <b>v3.17.0717</b> (default-settings.ini)
<br/>Generated by <b>domain\username</b> on <b>2017/07/17 17:25</b></div>
<div style="clear:both;"></div>
</div>
<div style="clear:both;"></div>
</div>
<div class="headerRow1"></div>
<div class="serverRow">servernane</div>
<div class="summary">
<div class="summaryName p"><b>Passed</b><br><span class="summaryCount">31</span></div>
<div class="summaryName w"><b>Warning</b><br><span class="summaryCount">4</span></div>
<div class="summaryName f"><b>Failed</b><br><span class="summaryCount">33</span></div>
<div class="summaryName m"><b>Manual</b><br><span class="summaryCount">1</span></div>
<div class="summaryName n"><b>N/A</b><br><span class="summaryCount">23</span></div>
<div class="summaryName x"><b>Error</b><br><span class="summaryCount">1</span></div>
</div>
<div style="clear:both;"></div>
<div class="headerRow2"></div>
<table>
<colgroup><col/><col/><col/><col/><col/></colgroup>
<tr><th>Name</th><th>Check</th><th>Result</th><th>Message</th><th>Data</th></tr>
<tr><td class="sectionRow" colspan="5">Accounts</td></tr><tr><td>Local Users</td><td>c-acc-01</td><td class="f note"><div class="help"><li><span>Accounts<br/>01</span><span>Check all local users to ensure that no non-standard accounts exist. Unless the server is not in a domain, there should be no additional user accounts.Example standard accounts include "ASPNET", "__VMware"</span></li><br/><li><span>Pass</span><span>No additional local accounts exist<br/></span></li><li><span>Fail</span><span>One or more local accounts exist<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more local accounts exist</td><td>Administrator,<br/>Wibble,<br/></td></tr>
<tr><td>Local Account Names</td><td>c-acc-02</td><td class="f note"><div class="help"><li><span>Accounts<br/>02</span><span>Checks to see if the default local "Administrator" and "Guest" accounts have been renamed.</span></li><br/><li><span>Pass</span><span>All local accounts have been renamed<br/></span></li><li><span>Fail</span><span>A local account was found that needs to be renamed<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>A local account was found that needs to be renamed</td><td>Administrator,<br/>Guest1,<br/></td></tr>
<tr><td>Local Admins</td><td>c-acc-03</td><td class="f note"><div class="help"><li><span>Accounts<br/>03</span><span>Check the local administrators group to ensure no non-standard accounts exist.If there is a specific application requirement for local administration access then these need to be well documented.</span></li><br/><li><span>Pass</span><span>No local administrators found<br/></span></li><li><span>Warning</span><span>This is a workgroup server, is this correct.?<br/></span></li><li><span>Fail</span><span>One or more local administrator accounts exist<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more local administrator accounts exist</td><td>Administrator,<br/>ClientSrv-L-ClientSrv,<br/>AVSrv-G-VPS-Team,<br/>SCCM-L-SCCM-Admins,<br/>ClientSrv-G-ClientSrv-G-CSIRT,<br/>ClientSrv-L-AGC-00GB-Admins,<br/></td></tr>
<tr><td class="e">Local Groups</td><td class="e">c-acc-04</td><td class="e">Fail</td><td class="e">One or more local groups exist</td><td class="e">Error Message<br/></td></tr>
<tr><td>Service Logon Accounts</td><td>c-acc-05</td><td class="p note"><div class="help"><li><span>Accounts<br/>05</span><span>Checks all services to ensure no user accounts are assigned.If specific application service accounts are required then they should be domain level accounts (not local) and restricted from interactice access by policy.</span></li><br/><li><span>Pass</span><span>No services found running under a local accounts<br/></span></li><li><span>Fail</span><span>One or more services was found to be running under local accounts<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>No services found running under a local accounts</td><td></td></tr>
<tr><td>Guest Account</td><td>c-acc-06</td><td class="p note"><div class="help"><li><span>Accounts<br/>06</span><span>Checks to make sure that the guest user account has been disabled. The guest account is located via the well known SID.</span></li><br/><li><span>Pass</span><span>Guest account is disabled<br/></span></li><li><span>Fail</span><span>Guest account has not been disabled<br/></span></li><li><span>N/A</span><span>Guest account does not exist<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Guest account is disabled</td><td></td></tr>
<tr><td>Built-In Group Members (1 of 3)</td><td>c-acc-07</td><td class="f note"><div class="help"><li><span>Accounts<br/>07</span><span>Checks the builtin group memberships to make sure specific users or groups are members. If there is only one entry in "GroupMembers", then "AllMustExist" will be set to "TRUE".<br/>This is check 1 of 3 that can be used to check different groups.</span></li><br/><li><span>Pass</span><span>No additional users exist<br/>Additional users exist<br/></span></li><li><span>Warning</span><span>Invalid group name<br/></span></li><li><span>Fail</span><span>Additional users exist<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Additional users exist</td><td>Remote Desktop Users,<br/>In Group: ClientSrv-G-AGC-00-Remote-User,<br/>In Check: Domain Admins</td></tr>
<tr><td class="sectionRow" colspan="5">Compliance</td></tr><tr><td>McAfee AV Installed</td><td>c-com-01</td><td class="p note"><div class="help"><li><span>Compliance<br/>01</span><span>Check that McAfee anti-virus is installed and virus definitions are up to date.</span></li><br/><li><span>Pass</span><span>McAfee product found, DATs are OK<br/></span></li><li><span>Fail</span><span>McAfee product not found, install required<br/>DATs are not up-to-date<br/>No DAT version found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>McAfee product found, DATs are OK</td><td>Version 8.8.09000, DATs 1 day(s) old</td></tr>
<tr><td>Monitoring Installed</td><td>c-com-02</td><td class="f note"><div class="help"><li><span>Compliance<br/>02</span><span>Check relevant monitoring tool agent is installed and that the correct port is open to the management server.</span></li><br/><li><span>Pass</span><span>{product} found, Port {port} open to {server}<br/></span></li><li><span>Fail</span><span>Monitoring software not found, install required<br/>{product} found, agent not configured with port and/or servername<br/>{product} found, port {port} not open to {server}<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Monitoring software not found, install required</td><td></td></tr>
<tr><td>SCCM Installed</td><td>c-com-03</td><td class="p note"><div class="help"><li><span>Compliance<br/>03</span><span>Check relevant SCCM agent process is running, and that the correct port is open to the management server.</span></li><br/><li><span>Pass</span><span>SCCM agent found, port {port} open to {server}<br/></span></li><li><span>Fail</span><span>SCCM agent found, agent not configured with port and/or servername<br/>SCCM agent found, port {port} not open to {server}<br/>SCCM agent not found, install required<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>SCCM agent found</td><td>Port 443 open to servername.domain.lan</td></tr>
<tr><td>NetBackup Agent Installed</td><td>c-com-04</td><td class="f note"><div class="help"><li><span>Compliance<br/>04</span><span>Check NetBackup agent is installed and that the correct port is open to the management server.Only applies to physical servers, or virtual servers with a list of known software installed.</span></li><br/><li><span>Pass</span><span>{product} found, Port 1556 open to {server}<br/></span></li><li><span>Fail</span><span>{product} not found<br/>Port 1556 not open to {server}<br/>Backup agent software not found, but this server has {role} installed which requires it<br/>Backup agent software not found, but this server is a domain controller which requires it<br/></span></li><li><span>Manual</span><span>Is this server backed up via VADP.? Manually check vCenter annotations, and look for "NetBackup.<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Symantec NetBackup not found</td><td></td></tr>
<tr><td>Patching Compliant</td><td>c-com-05</td><td class="p note"><div class="help"><li><span>Compliance<br/>05</span><span>Check server is compliant with patch policy (must be patched to latest released patch level for this customer).Check date of last patch and return WARNING if not within specified number of days, and FAIL if not within number of days *2.</span></li><br/><li><span>Pass</span><span>Windows patches applied<br/></span></li><li><span>Warning</span><span>Server not patched within the last {num} days<br/>Operating system not supported by check<br/></span></li><li><span>Fail</span><span>Server not patched within the last {num} days<br/>No last patch date - server has never been updated<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Windows patches applied</td><td>Last patched: 15/07/2017 15:19:36 (2 days ago)</td></tr>
<tr><td>WSUS Server Setting</td><td>c-com-06</td><td class="p note"><div class="help"><li><span>Compliance<br/>06</span><span>Check that a WSUS server has been specified and that the correct port is open to the management server.</span></li><br/><li><span>Pass</span><span>WSUS server configured, port {port} open to {server}<br/></span></li><li><span>Fail</span><span>WSUS server configured, port {port} not open to {server}<br/>WSUS server has not been configured<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>WSUS server configured</td><td>http://servername.domain.lan:8530,<br/>Port 8530 open to servername.domain.lan</td></tr>
<tr><td>Trend AV Installed</td><td>c-com-09</td><td class="f note"><div class="help"><li><span>Compliance<br/>09</span><span>Check that Trend anti-virus is installed and virus definitions are up to date.</span></li><br/><li><span>Pass</span><span>Trend product found, DATs are OK<br/></span></li><li><span>Fail</span><span>Trend product not found, install required<br/>DATs are not up-to-date<br/>No DAT version found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Trend Micro OfficeScan Client not found, install required</td><td></td></tr>
<tr><td>Only One Server Role Or Feature</td><td>c-com-12</td><td class="n note"><div class="help"><li><span>Compliance<br/>12</span><span>Check that only one server role or feature is installed</span></li><br/><li><span>Pass</span><span>One extra server role or feature installed<br/></span></li><li><span>Fail</span><span>One or more extra server roles or features installed<br/></span></li><li><span>N/A</span><span>No extra server roles or features installed<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>N/A</td><td>Operating system not supported</td><td>Microsoft Windows 7 Enterprise </td></tr>
<tr><td class="sectionRow" colspan="5">Drives</td></tr><tr><td>System Drive Size</td><td>c-drv-01</td><td class="p note"><div class="help"><li><span>Drives<br/>01</span><span>Check the system drive is a minimum size of 50gb for Windows 2008+ servers (some are reporting 49gb).</span></li><br/><li><span>Pass</span><span>System drive ({letter}) meets minimum required size<br/></span></li><li><span>Fail</span><span>System drive ({letter}) is too small, should be {size}gb<br/></span></li><li><span>Manual</span><span>Unable to get drive size, please check manually<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>System drive (C:) meets minimum required size</td><td>Size: 237gb</td></tr>
<tr><td>Min Drive % Freespace</td><td>c-drv-02</td><td class="p note"><div class="help"><li><span>Drives<br/>02</span><span>Ensure all drives have a minimum amount of free space. Measured as a percentage.</span></li><br/><li><span>Pass</span><span>All drives have the required minimum free space of {size}%<br/></span></li><li><span>Fail</span><span>One or more drives were found with less than {size}% free space<br/></span></li><li><span>Manual</span><span>Unable to get drive information, please check manually<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All drives have the required minimum free space of 17%</td><td>C: (34% free),<br/>S: (48% free),<br/>X: (95% free),<br/></td></tr>
<tr><td>Pagefile Location & Size</td><td>c-drv-03</td><td class="p note"><div class="help"><li><span>Drives<br/>03</span><span>Check the page file is located on the system drive and is a fixed size. The default setting is 4096MB (4GB).If the page file is larger a document detailing the tuning process used must exist and should follow Microsoft best tuning practices (http://support.microsoft.com/kb/2021748).</span></li><br/><li><span>Pass</span><span>Pagefile is set correctly<br/></span></li><li><span>Fail</span><span>Pagefile is system managed<br/>Pagefile is not set correctly<br/></span></li><li><span>Manual</span><span>Unable to get page file information, please check manually<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Pagefile is set correctly</td><td>Location: C:\,<br/>Fixed Size: 4096mb</td></tr>
<tr><td>CD/DVD Drive Letter</td><td>c-drv-04</td><td class="p note"><div class="help"><li><span>Drives<br/>04</span><span>If a CD/DVD drive is present on the server confirm it is configured as "</span></li><br/><li><span>Pass</span><span>CD/DVD drive set correctly<br/></span></li><li><span>Fail</span><span>CD/DVD drive found, but not configured as {letter}<br/></span></li><li><span>N/A</span><span>No CD/DVD drives found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>CD/DVD drive set correctly</td><td>R:,<br/></td></tr>
<tr><td>Shared Folders</td><td>c-drv-05</td><td class="w note"><div class="help"><li><span>Drives<br/>05</span><span>Check shared folders to ensure no additional shares are present. Shared folders should be documented with a designated team specified as the owner.</span></li><br/><li><span>Pass</span><span>No additional shares found<br/></span></li><li><span>Warning</span><span>Shared folders found, check against documentation<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Warning</td><td>Shared folders found, check against documentation</td><td>Shared-Folder,<br/></td></tr>
<tr><td>SAN Storage Software</td><td>c-drv-06</td><td class="f note"><div class="help"><li><span>Drives<br/>06</span><span>Where SAN storage is used, ensure multipathing software is installed and Dual Paths are present and functioning.This only checks that known software is installed. A manual check must be done to ensure it is configured correctly.</span></li><br/><li><span>Fail</span><span>SAN storage software not found, install required<br/></span></li><li><span>Manual</span><span>{product} found<br/></span></li><li><span>N/A</span><span>Not a physical machine<br/></span></li><br/><li><span>Applies To</span><span>Physical Servers<br/></span></li></div>Fail</td><td>SAN storage software not found, install required</td><td></td></tr>
<tr><td>Disk Management Agent</td><td>c-drv-07</td><td class="f note"><div class="help"><li><span>Drives<br/>07</span><span>Check local disk array management agent is installed on the server.This only checks that known software is installed. A manual check must be done to ensure it is configured correctly.</span></li><br/><li><span>Fail</span><span>Disk management software not found, install required<br/></span></li><li><span>Manual</span><span>{product} found<br/></span></li><li><span>N/A</span><span>Not a physical machine<br/></span></li><br/><li><span>Applies To</span><span>Physical Servers<br/></span></li></div>Fail</td><td>Disk management software not found, install required</td><td></td></tr>
<tr><td>Drives NTFS format</td><td>c-drv-08</td><td class="p note"><div class="help"><li><span>Drives<br/>08</span><span>Ensure all drives are formatted as NTFS.</span></li><br/><li><span>Pass</span><span>All drives are formatted as NTFS<br/></span></li><li><span>Fail</span><span>One or more drives were found not formatted as NTFS<br/></span></li><li><span>Manual</span><span>Unable to get drive information, please check manually<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All drives are formatted as NTFS</td><td></td></tr>
<tr><td>Drive Partition Type</td><td>c-drv-09</td><td class="p note"><div class="help"><li><span>Drives<br/>09</span><span>Ensure all drives types are set to BASIC and with a partition style of MBR.</span></li><br/><li><span>Pass</span><span>All drive types are BASIC, with partition styles of MBR<br/></span></li><li><span>Fail</span><span>One or more partition styles are not MBR<br/>One or more drives types are not BASIC<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All drive types are BASIC, with partition styles of MBR</td><td></td></tr>
<tr><td class="sectionRow" colspan="5">HyperV Host</td></tr><tr><td>Server Core</td><td>c-hvh-01</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>01</span><span>Check Hyper-V is installed on Windows Server Core.</span></li><br/><li><span>Pass</span><span>Hyper-V is using Windows Server Core<br/></span></li><li><span>Fail</span><span>Hyper-V is not using Windows Server Core<br/></span></li><li><span>N/A</span><span>Not a Hyper-V server<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td>No Other Server Roles</td><td>c-hvh-02</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>02</span><span>Check Hyper-V is the only one installed. See this list for IDs: https://msdn.microsoft.com/en-us/library/cc280268(v=vs.85).aspx</span></li><br/><li><span>Pass</span><span>No extra server roles or features exist<br/></span></li><li><span>Fail</span><span>One or more extra server roles or features exist<br/></span></li><li><span>N/A</span><span>Not a Hyper-V server<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td>VM Location</td><td>c-hvh-03</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>03</span><span>Check all VMs are running from a non-system drive.</span></li><br/><li><span>Pass</span><span>No virtual machines are using the system drive<br/></span></li><li><span>Fail</span><span>One or more virtual machines are using the system drive<br/></span></li><li><span>N/A</span><span>Not a Hyper-V server<br/>No virtual machines exist on this host<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td>Integration Services</td><td>c-hvh-04</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>04</span><span>Check the version of the Integration Services installed on all VMs</span></li><br/><li><span>Pass</span><span>All VMs are up to date<br/></span></li><li><span>Fail</span><span>One or more VMs are not up to date, or do not have the integration services installed<br/></span></li><li><span>N/A</span><span>No VMs are located on this host<br/>Not a Hyper-V server<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td>Jumbo Frames Enabled</td><td>c-hvh-05</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>05</span><span>Check the network adapter jumbo frame setting. Should be set to 9000 or more.</span></li><br/><li><span>Pass</span><span>All network adapters configured correctly<br/></span></li><li><span>Fail</span><span>One or more network adapters are not using Jumbo Frames<br/>No network adapters found or enabled<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td>Generation Type</td><td>c-hvh-06</td><td class="n note"><div class="help"><li><span>HyperV Host<br/>06</span><span>Check that all Windows 2012+ VMs are built as generation 2 VMs</span></li><br/><li><span>Pass</span><span>All VMs are the correct generation type<br/></span></li><li><span>Fail</span><span>One or more Windows 2012+ VMs are not generation 2 VMs<br/></span></li><li><span>N/A</span><span>No VMs are located on this host<br/>Not a Hyper-V server<br/></span></li><br/><li><span>Applies To</span><span>Hyper-V Host Servers<br/></span></li></div>N/A</td><td>Not a Hyper-V host server</td><td></td></tr>
<tr><td class="sectionRow" colspan="5">Network</td></tr><tr><td>Global And NIC IPv6 Status</td><td>c-net-01</td><td class="p note"><div class="help"><li><span>Network<br/>01</span><span>Check the global IPv6 setting and of status of each NIC.</span></li><br/><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>IPv6 setting disabled globally</td><td></td></tr>
<tr><td>Unused Network Adapters</td><td>c-net-02</td><td class="f note"><div class="help"><li><span>Network<br/>02</span><span>Check there are no unused Network interfaces on the server. We define "not in use" by showing any ENABLED NICs that are set to DHCP.All NICs should have a statically assigned IP address.</span></li><br/><li><span>Pass</span><span>No DHCP enabled adapters found<br/></span></li><li><span>Fail</span><span>DHCP enabled adapters found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>DHCP enabled adapters found</td><td>Local Area Connection,<br/></td></tr>
<tr><td>Network Adapter Names</td><td>c-net-03</td><td class="f note"><div class="help"><li><span>Network<br/>03</span><span>Check network interfaces are labelled so their purpose is easily identifiable. FAIL if any adapter names are "Local Area Connection x" or "Ethernet x".</span></li><br/><li><span>Pass</span><span>All adapters renamed from default<br/></span></li><li><span>Fail</span><span>An adapter was found with the default name<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>An adapter was found with the default name</td><td>Local Area Connection,<br/></td></tr>
<tr><td>Network Binding Order</td><td>c-net-04</td><td class="f note"><div class="help"><li><span>Network<br/>04</span><span>Check binding order is set correctly for "Production" as the primary network adapter then as applicable for other interfaces.If no "Production" adapter is found, then "Management" should be first.</span></li><br/><li><span>Pass</span><span>Binding order correctly set<br/></span></li><li><span>Fail</span><span>No network adapters found<br/>Production or management adapters not listed<br/>Binding order incorrect, {name} should be first<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Production or Management adapters not listed</td><td>Local Area Connection,<br/>Wireless Network Connection,<br/>VMware Network Adapter VMnet1,<br/>VMware Network Adapter VMnet8,<br/></td></tr>
<tr><td>Network Speed And Duplex</td><td>c-net-05</td><td class="w note"><div class="help"><li><span>Network<br/>05</span><span>Check the network adapter speed and duplex settings. Should be set to "Full Duplex" and "Auto".</span></li><br/><li><span>Pass</span><span>All network adapters configured correctly<br/></span></li><li><span>Warning</span><span>One or more network adapters configured incorrectly<br/></span></li><li><span>Fail</span><span>No network adapters found or enabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Warning</td><td>One or more network adapters configured incorrectly</td><td>Local Area Connection: 1000mb (Auto Negotiation),<br/>VMware Network Adapter VMnet1: 100mb (unknown),<br/>VMware Network Adapter VMnet8: 100mb (unknown),<br/></td></tr>
<tr><td>Network Management Agent</td><td>c-net-06</td><td class="f note"><div class="help"><li><span>Network<br/>06</span><span>Check local network management agent is installed on the server. This only checks that known software is installed.</span></li><br/><li><span>Pass</span><span>{product} found<br/></span></li><li><span>Fail</span><span>Network management software not found, install required<br/></span></li><li><span>N/A</span><span>Not a physical machine<br/></span></li><br/><li><span>Applies To</span><span>Physical Servers<br/></span></li></div>Fail</td><td>Network management software not found, install required</td><td></td></tr>
<tr><td>Network Teaming</td><td>c-net-07</td><td class="n note"><div class="help"><li><span>Network<br/>07</span><span>Check network interfaces for known teaming names, manually check they are configured correctly. Fail if no teams found or if server is a virtual. Checked configuration is:Teaming Mode: "Static Independent"; Load Balancing Mode: "Address Hash"; Standby Adapter: (set).</span></li><br/><li><span>Pass</span><span>Network team count: {number}<br/></span></li><li><span>Fail</span><span>No teamed network adapter(s) found<br/>There are no network teams configured on this server<br/>Native teaming enabled on virtual machine<br/>Team configuration is not set correctly<br/></span></li><li><span>Manual</span><span>Teamed network adpater(s) found, check they are configured correctly<br/></span></li><li><span>N/A</span><span>Not a physical server<br/>Operating system not supported<br/></span></li><br/><li><span>Applies To</span><span>Physical Servers<br/></span></li></div>N/A</td><td>Operating system not supported</td><td>Microsoft Windows 7 Enterprise </td></tr>
<tr><td>Management Adapter</td><td>c-net-08</td><td class="f note"><div class="help"><li><span>Network<br/>08</span><span>Check that a management network adapter exists. This must always be present on a server and labelled correctly.</span></li><br/><li><span>Pass</span><span>Management network adapter found<br/></span></li><li><span>Fail</span><span>No management network adapter<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>No management network adapter</td><td></td></tr>
<tr><td>Static Routes</td><td>c-net-09</td><td class="n note"><div class="help"><li><span>Network<br/>09</span><span>Checks to make sure the specified static routes have been added. Add routes to check as: StaticRoute01 = ("source", "mask", "gateway").To check for no extra persistent routes, use: StaticRoute01 = ("None", "", ""). Up to 99 routes can be checked.You must edit the settings file manually for more than the currently configured.</span></li><br/><li><span>Pass</span><span>All static routes are present<br/></span></li><li><span>Fail</span><span>One or more static routes are missing or incorrect<br/></span></li><li><span>N/A</span><span>No static routes to check<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>N/A</td><td>No static routes to check</td><td></td></tr>
<tr><td>Power Management</td><td>c-net-10</td><td class="f note"><div class="help"><li><span>Network<br/>10</span><span>Check network interfaces have their power management switch disabled.</span></li><br/><li><span>Pass</span><span>All adapters have power saving disabled<br/></span></li><li><span>Fail</span><span>One or more adapters have power saving enabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more adapters have power saving enabled</td><td>Local Area Connection (Unknown),<br/></td></tr>
<tr><td>DNS Settings</td><td>c-net-11</td><td class="f note"><div class="help"><li><span>Network<br/>11</span><span>Checks that all DNS servers are configured, and if required, in the right order.</span></li><br/><li><span>Pass</span><span>All DNS servers configured (and in the right order)<br/></span></li><li><span>Fail</span><span>DNS Server count mismatch<br/>Mismatched DNS servers<br/>DNS Server list is not in the required order<br/>No DNS servers are configured<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>DNS Server list is not in the required order</td><td>Configured: 1.1.1.1,2.2.2.2,<br/>Looking For: </td></tr>
<tr><td>File And Print Services</td><td>c-net-12</td><td class="f note"><div class="help"><li><span>Network<br/>12</span><span>Check that File And Print Services has been disabled on all adapters, except for those specified.</span></li><br/><li><span>Pass</span><span>File And Print Services are disabled correctly<br/></span></li><li><span>Fail</span><span>File And Print Services are enabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>File And Print Services are enabled</td><td>Local Area Connection,<br/>VMware Network Adapter VMnet1,<br/>VMware Network Adapter VMnet8,<br/></td></tr>
<tr><td>NetBIOS Over TCP/IP</td><td>c-net-13</td><td class="f note"><div class="help"><li><span>Network<br/>13</span><span>Check the WINS NetBIOS Settings for each enabled network adapter</span></li><br/><li><span>Pass</span><span>All adapters are configured correctly<br/></span></li><li><span>Warning</span><span>No network adapters configured<br/></span></li><li><span>Fail</span><span>One or more adapters are not configured correctly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more adapters are not configured correctly</td><td>Adapter: Local Area Connection: Setting: Default (0),<br/>Adapter: VMware Network Adapter VMnet1: Setting: Default (0),<br/>Adapter: VMware Network Adapter VMnet8: Setting: Default (0),<br/></td></tr>
<tr><td class="sectionRow" colspan="5">Regional</td></tr><tr><td>Local Date/Time</td><td>c-reg-01</td><td class="p note"><div class="help"><li><span>Regional<br/>01</span><span>Check that the server time is correct. If a valid source is used, the time is also checked against that source.Maximum time difference allowed is 10 seconds, any longer and the check fails.</span></li><br/><li><span>Pass</span><span>Time source is set to a remote server, and is syncronsized correctly<br/></span></li><li><span>Fail</span><span>Time source is set to a remote server, and is not syncronsized correctly<br/>Time source is not set<br/>Time source is not set correctly<br/>Error getting required information<br/></span></li><li><span>Manual</span><span>Not a supported operating system for this check<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Time source is set to a remote server, and is syncronsized correctly</td><td>Source: servername.domain.lan,<br/>Time is about 0.102 seconds adrift</td></tr>
<tr><td>Local Timezone</td><td>c-reg-02</td><td class="p note"><div class="help"><li><span>Regional<br/>02</span><span>Check that the server timezone is correct. Default setting is "(GMT) Greenwich Mean Time</span></li><br/><li><span>Pass</span><span>Server timezone set correctly<br/></span></li><li><span>Fail</span><span>Server timezone is incorrect and should be set to {string}<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Server timezone set correctly</td><td>(UTC+00:00) Dublin, Edinburgh, Lisbon, London</td></tr>
<tr><td>Region > Location</td><td>c-reg-03</td><td class="p note"><div class="help"><li><span>Regional<br/>03</span><span>Ensure the Region and Language > Location is set correctly. Default setting is "United Kingdom".</span></li><br/><li><span>Pass</span><span>Regional location set correctly<br/></span></li><li><span>Fail</span><span>Regional location incorrectly set to {string}<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Regional location set correctly</td><td>United Kingdom</td></tr>
<tr><td>Region > Language</td><td>c-reg-04</td><td class="p note"><div class="help"><li><span>Regional<br/>04</span><span>Ensure the Region and Language > keyboard and Languages is set correctly. Default setting is "English (United Kingdom)".</span></li><br/><li><span>Pass</span><span>Keyboard layout is set correctly<br/></span></li><li><span>Fail</span><span>Keyboard layout is not set correctly<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Keyboard layout is set correctly</td><td>00000809,<br/>United Kingdom</td></tr>
<tr><td class="sectionRow" colspan="5">Security</td></tr><tr><td>Security Settings 1: Ciphers</td><td>c-sec-01</td><td class="f note"><div class="help"><li><span>Security<br/>01</span><span>Ensure security ciphers are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.</span></li><br/><li><span>Pass</span><span>All ciphers set correctly<br/></span></li><li><span>Fail</span><span>One or more ciphers set incorrectly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more ciphers set incorrectly</td><td>DES 56/56 (Missing, should be Disabled),<br/>NULL (Missing, should be Disabled),<br/>RC2 128/128 (Missing, should be Disabled),<br/>RC2 40/128 (Missing, should be Disabled),<br/>RC2 56/128 (Missing, should be Disabled),<br/>RC2 56/56 (Missing, should be Disabled),<br/>RC4 128/128 (Missing, should be Disabled),<br/>RC4 40/128 (Missing, should be Disabled),<br/>RC4 56/128 (Missing, should be Disabled),<br/>RC4 64/128 (Missing, should be Disabled),<br/></td></tr>
<tr><td>Security Settings 2: Hashes</td><td>c-sec-02</td><td class="f note"><div class="help"><li><span>Security<br/>02</span><span>Ensure hashes are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.</span></li><br/><li><span>Pass</span><span>All hashes set correctly<br/></span></li><li><span>Fail</span><span>One or more hashes set incorrectly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more hashes set incorrectly</td><td>MD5 (Missing, should be Disabled),<br/></td></tr>
<tr><td>Security Settings 3: Key Exchange Algorithms</td><td>c-sec-03</td><td class="p note"><div class="help"><li><span>Security<br/>03</span><span>Ensure key exchange algorithms are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.</span></li><br/><li><span>Pass</span><span>All key exchange algorithms set correctly<br/></span></li><li><span>Fail</span><span>One or more key exchange algorithms set incorrectly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All key exchange algorithms set correctly</td><td></td></tr>
<tr><td>Security Settings 4: Protocols</td><td>c-sec-04</td><td class="f note"><div class="help"><li><span>Security<br/>04</span><span>Ensure protocols are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.</span></li><br/><li><span>Pass</span><span>All protocols set correctly<br/></span></li><li><span>Fail</span><span>One or more protocols set incorrectly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more protocols set incorrectly</td><td>Multi-Protocol Unified Hello\Server (Key Missing),<br/>Multi-Protocol Unified Hello\Client (Key Missing),<br/>PCT 1.0\Server (Key Missing),<br/>PCT 1.0\Client (Key Missing),<br/>SSL 3.0\Server (Key Missing),<br/>SSL 3.0\Client (Key Missing),<br/>TLS 1.0\Server (Key Missing),<br/>TLS 1.0\Client (Key Missing),<br/></td></tr>
<tr><td>Security Settings 5: Cipher Suite Order</td><td>c-sec-05</td><td class="f note"><div class="help"><li><span>Security<br/>05</span><span>Ensure the security cipher order is set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.</span></li><br/><li><span>Pass</span><span>Cipher suite order set correctly<br/></span></li><li><span>Fail</span><span>Cipher suite order not set correctly<br/>Cipher suite order set to the default value<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Cipher suite order set to the default value</td><td></td></tr>
<tr><td>Reject Annonymous Account Enumeration</td><td>c-sec-06</td><td class="p note"><div class="help"><li><span>Security<br/>06</span><span>Ensure the system is set to reject attempts to enumerate accounts in the SAM by anonymous users.</span></li><br/><li><span>Pass</span><span>Reject annonymous account enumeration is enabled<br/></span></li><li><span>Fail</span><span>Reject annonymous account enumeration is disabled<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Reject annonymous account enumeration is enabled</td><td></td></tr>
<tr><td>Reject Annonymous Share Enumeration</td><td>c-sec-07</td><td class="p note"><div class="help"><li><span>Security<br/>07</span><span>Ensure the system is set to reject attempts to enumerate shares in the SAM by anonymous users.</span></li><br/><li><span>Pass</span><span>Reject annonymous share enumeration is enabled<br/></span></li><li><span>Fail</span><span>Reject annonymous share enumeration is disabled<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Reject annonymous share enumeration is enabled</td><td></td></tr>
<tr><td>Domain Credential Caching</td><td>c-sec-08</td><td class="f note"><div class="help"><li><span>Security<br/>08</span><span>Check system is not caching domain credentials.</span></li><br/><li><span>Pass</span><span>Domain credential caching is disabled<br/></span></li><li><span>Fail</span><span>Domain credential caching is enabled<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Domain credential caching is enabled</td><td></td></tr>
<tr><td>Elevate Prompt For Admin Credentials</td><td>c-sec-09</td><td class="f note"><div class="help"><li><span>Security<br/>09</span><span>Ensure the system is set to request administrative credentials before granting an application elevated privileges.Default setting is either "(1):Prompt for credentials on the secure desktop" or "(3):Prompt for credentials"Values and meanings can be seen here - https://msdn.microsoft.com/en-us/library/cc232761.aspx</span></li><br/><li><span>Pass</span><span>System is configured correctly<br/></span></li><li><span>Fail</span><span>System is not configured correctly<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>System is not configured correctly</td><td>Current setting: Prompt for consent</td></tr>
<tr><td>Reject Annonymous Pipe/Share Access</td><td>c-sec-10</td><td class="p note"><div class="help"><li><span>Security<br/>10</span><span>Ensure the system is set to restrict anonymous access to named pipes</span></li><br/><li><span>Pass</span><span>Restrict annonymous pipe/share access is enabled<br/></span></li><li><span>Fail</span><span>Restrict annonymous pipe/share access is disabled<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Restrict annonymous pipe/share access is enabled</td><td></td></tr>
<tr><td>IIS Default Page</td><td>c-sec-11</td><td class="n note"><div class="help"><li><span>Security<br/>11</span><span>Checks to see if the default webpage is present in IIS, it should be removed.</span></li><br/><li><span>Pass</span><span>IIS Installed, "iisstart.htm" not listed in default documents<br/></span></li><li><span>Fail</span><span>IIS Installed, default document "iisstart.htm" configured<br/></span></li><li><span>N/A</span><span>IIS not Installed<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>N/A</td><td>IIS not Installed</td><td></td></tr>
<tr><td>SMB Signing On</td><td>c-sec-12</td><td class="f note"><div class="help"><li><span>Security<br/>12</span><span>Ensure SMB signing is turned on.</span></li><br/><li><span>Pass</span><span>SMB Signing configured correctly<br/></span></li><li><span>Fail</span><span>SMB Signing not configured correctly<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>SMB Signing not configured correctly</td><td>The following sections are not configured correctly: LanmanServer,<br/>LanmanWorkstation</td></tr>
<tr><td>RSA Monitoring Installed</td><td>c-sec-13</td><td class="n note"><div class="help"><li><span>Security<br/>13</span><span>If server is Domain Controller or a Terminal Server ensure RSA authentication manager is installed and PIN is required to access server.</span></li><br/><li><span>Pass</span><span>{product} found<br/></span></li><li><span>Fail</span><span>RSA software not found<br/></span></li><li><span>N/A</span><span>Not a domain controller or terminal services server<br/></span></li><br/><li><span>Applies To</span><span>Domain Controllers<br/>Terminal Servers<br/></span></li></div>N/A</td><td>Not a domain controller or terminal services server</td><td></td></tr>
<tr><td>Additional Firewall Rules</td><td>c-sec-14</td><td class="w note"><div class="help"><li><span>Security<br/>14</span><span>Checks to see if there are any addional firewall rules, and warns if there are any. This ignores all default pre-configured rules, and netbackup ports rules (1556, 13724).</span></li><br/><li><span>Pass</span><span>No additional firewall rules exist<br/></span></li><li><span>Warning</span><span>One or more additional firewall rules exist, check they are required<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Warning</td><td>One or more additional firewall rules exist, check they are required</td><td>(In) Connected Backup Agent,<br/>(In) Connected Backup Agent,<br/>(In) Connected Backup Agent,<br/>(In) Connected Backup Agent,<br/>(In) Connected Backup Agent,<br/>(In) Connected Backup Agent,<br/>(In) UcMapi,<br/>(In) UcMapi64,<br/>(In) VMware Authd Service,<br/>(In) VMware Authd Service (private),<br/>(In) VMware Workstation Server,<br/>(In) VMware Workstation Server (private),<br/></td></tr>
<tr><td>Check Firewall State</td><td>c-sec-15</td><td class="f note"><div class="help"><li><span>Security<br/>15</span><span>Check if Windows firewall is enabled or disabled for each of the three profiles. Set to "0" for off, and "1" for on</span></li><br/><li><span>Pass</span><span>Windows firewall is set correctly<br/></span></li><li><span>Fail</span><span>Windows firewall is not set correctly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Windows firewall is not set correctly</td><td>Domain profile is enabled, but should be disabled,<br/>Standard profile is enabled, but should be disabled,<br/>Public profile is enabled, but should be disabled,<br/></td></tr>
<tr><td>Open Ports</td><td>c-sec-16</td><td class="f note"><div class="help"><li><span>Security<br/>16</span><span>Returns a list of ports that are open, excluding anything lower than 1024 and within the dynamic port range. Will also exclude other well known ports.<br/></span></li><br/><li><span>Pass</span><span>No extra ports are open<br/></span></li><li><span>Fail</span><span>One or more extra ports are open<br/></span></li><li><span>N/A</span><span>This check is for local servers only<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>One or more extra ports are open</td><td>8307, 16386, 16388, 33333,<br/>Ignoring: 0-1024, 1311, 1556, 2381, 47001, 4750, 5985, 5986, 8192, 49152-65536</td></tr>
<tr><td>SMBv1 Disabled</td><td>c-sec-17</td><td class="f note"><div class="help"><li><span>Security<br/>17</span><span>Ensure SMBv1 is disabled.</span></li><br/><li><span>Pass</span><span>SMBv1 is disabled<br/></span></li><li><span>Fail</span><span>SMBv1 is enabled<br/>Registry setting not found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>SMBv1 is enabled</td><td>\Services\LanmanServer\Parameters,<br/>\Services\LanmanWorkstation,<br/>\services\mrxsmb10,<br/></td></tr>
<tr><td class="sectionRow" colspan="5">System</td></tr><tr><td>Pending Reboot</td><td>c-sys-01</td><td class="p note"><div class="help"><li><span>System<br/>01</span><span>Check for a pending reboot.</span></li><br/><li><span>Pass</span><span>Server is not waiting for a reboot<br/></span></li><li><span>Fail</span><span>Server is waiting for a reboot<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Server is not waiting for a reboot</td><td></td></tr>
<tr><td>Windows License</td><td>c-sys-02</td><td class="p note"><div class="help"><li><span>System<br/>02</span><span>Check windows is licensed.</span></li><br/><li><span>Pass</span><span>Windows is licenced, Port 1688 open to KMS Server {server}<br/></span></li><li><span>Fail</span><span>Windows is licenced, Port 1688 not open to KMS Server {server}<br/>Windows licence check failed<br/>Windows not licenced<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Windows is licenced</td><td>Port 1688 open to KMS Server kms01.domain.lan</td></tr>
<tr><td>Services Not Started</td><td>c-sys-03</td><td class="f note"><div class="help"><li><span>System<br/>03</span><span>Check services and ensure all services set to start automatically are running (NetBackup Bare Metal Restore Boot Server,NetBackup SAN Client Fibre Transport Service and .NET4.0 are all expected to be Automatic but not running).</span></li><br/><li><span>Pass</span><span>All auto-start services are running<br/></span></li><li><span>Fail</span><span>An auto-start service was found not running<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>An auto-start service was found not running</td><td>ActiveX Installer (AxInstSV),<br/>Google Update Service (gupdate),<br/>Microsoft Software Shadow Copy Provider,<br/>Interactive Services Detection,<br/></td></tr>
<tr><td>Services Not Stopped</td><td>c-sys-04</td><td class="p note"><div class="help"><li><span>System<br/>04</span><span>Check services and ensure all listed services are set to disabled and are stopped.</span></li><br/><li><span>Pass</span><span>All services are configured correctly<br/></span></li><li><span>Fail</span><span>One or more services are configured incorrectly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All services are configured correctly</td><td></td></tr>
<tr><td>System Event Log Errors And Configuration</td><td>c-sys-05</td><td class="f note"><div class="help"><li><span>System<br/>05</span><span>Check System Event Log and ensure no errors are present in the last x days. If found, will return the latest y entries</span></li><br/><li><span>Pass</span><span>No errors found in system event log<br/></span></li><li><span>Warning</span><span>Errors were found in the system event log<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Errors were found in the system event log</td><td>servername-Error-Events-System.csv</td></tr>
<tr><td>Application Event Log Errors And Configuration</td><td>c-sys-06</td><td class="f note"><div class="help"><li><span>System<br/>06</span><span>Check Application Event Log and ensure no errors are present in the last x days. If found, will return the latest y entries</span></li><br/><li><span>Pass</span><span>No errors found in application event log<br/></span></li><li><span>Warning</span><span>Errors were found in the application event log<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Errors were found in the application event log</td><td>servername-Error-Events-Application.csv</td></tr>
<tr><td>Device Errors</td><td>c-sys-07</td><td class="f note"><div class="help"><li><span>System<br/>07</span><span>Checks Device Manager to ensure there are no unknown devices, conflicts or errors.</span></li><br/><li><span>Pass</span><span>No device errors found<br/></span></li><li><span>Fail</span><span>Device errors found<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Device errors found</td><td>PS/2 Compatible Mouse,<br/></td></tr>
<tr><td>Scheduled Tasks</td><td>c-sys-09</td><td class="w note"><div class="help"><li><span>System<br/>09</span><span>Check to see if any non standard scheduled tasks exist on the server (Any application specific scheduled tasks should be documented with a designated contact point specified).This check automatically ignores any Microsoft labelled specific tasks.</span></li><br/><li><span>Pass</span><span>No additional scheduled tasks found<br/></span></li><li><span>Warning</span><span>Additional scheduled tasks found - make sure these are documented<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Warning</td><td>Additional scheduled tasks found - make sure these are documented</td><td>GoogleUpdateTaskMachineCore (),<br/>GoogleUpdateTaskMachineUA (SYSTEM),<br/>Notifications (),<br/></td></tr>
<tr><td>Print Spool Directory</td><td>c-sys-10</td><td class="p note"><div class="help"><li><span>System<br/>10</span><span>Check to see if any printers exist on the server. If printers exist, ensure the spooler directory is not stored on the system drive.</span></li><br/><li><span>Pass</span><span>Printers found, and spool directory is not set to default path<br/></span></li><li><span>Fail</span><span>Spool directory is set to the default path and needs to be changed, Registry setting not found<br/></span></li><li><span>N/A</span><span>No printers found<br/>Print Spooler service is not running<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Printers found, and spool directory is not set to default path</td><td>Location: X:\Print,<br/>PDF-XChange Lite V6,<br/></td></tr>
<tr><td>Drive Autorun</td><td>c-sys-11</td><td class="p note"><div class="help"><li><span>System<br/>11</span><span>Ensure autorun is disabled.</span></li><br/><li><span>Pass</span><span>Autorun is disabled<br/></span></li><li><span>Fail</span><span>Autorun is enabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Autorun is disabled</td><td></td></tr>
<tr><td>SNMP Configuration</td><td>c-sys-12</td><td class="n note"><div class="help"><li><span>System<br/>12</span><span>Check if SNMP role is install on the server. If so, ensure the SNMP community strings follow the secure password policy.</span></li><br/><li><span>Pass</span><span>SNMP Service installed, but disabled<br/></span></li><li><span>Fail</span><span>SNMP Service installed, no communities configured<br/></span></li><li><span>Manual</span><span>SNMP Service installed, communities listed<br/></span></li><li><span>N/A</span><span>SNMP Service not installed<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>N/A</td><td>SNMP Service not installed</td><td></td></tr>
<tr><td>Domain Member</td><td>c-sys-13</td><td class="p note"><div class="help"><li><span>System<br/>13</span><span>Checks that the server is a member of the domain.</span></li><br/><li><span>Pass</span><span>Server is a domain member<br/></span></li><li><span>Warning</span><span>This is a workgroup server, is this correct.?<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Server is a domain member</td><td>domain.lan</td></tr>
<tr><td>Power Plan</td><td>c-sys-14</td><td class="p note"><div class="help"><li><span>System<br/>14</span><span>Check power plan is set to High Performance.</span></li><br/><li><span>Pass</span><span>Power plan is set correctly<br/></span></li><li><span>Fail</span><span>Power plan is not set correctly<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Power plan is set correctly</td><td>High performance</td></tr>
<tr><td>Hibernation</td><td>c-sys-15</td><td class="p note"><div class="help"><li><span>System<br/>15</span><span>Check hibernation is turned off.</span></li><br/><li><span>Pass</span><span>Hibernation is currently disabled<br/></span></li><li><span>Fail</span><span>Hibernation is currently enabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Hibernation is currently disabled</td><td></td></tr>
<tr><td>Remote Desktop</td><td>c-sys-16</td><td class="f note"><div class="help"><li><span>System<br/>16</span><span>Check that remote desktop is enabled and that Network Level Authentication (NLA) is set.</span></li><br/><li><span>Pass</span><span>Secure remote desktop and NLA enabled<br/></span></li><li><span>Warning</span><span>Network Level Authentication is not set<br/></span></li><li><span>Fail</span><span>Secure remote desktop disabled<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Fail</td><td>Secure remote desktop disabled</td><td></td></tr>
<tr><td>Terminal Services Licenced</td><td>c-sys-17</td><td class="n note"><div class="help"><li><span>System<br/>17</span><span>If server is a Terminal Services Server ensure it has a licence server set.</span></li><br/><li><span>Pass</span><span>Terminal services server is licenced<br/></span></li><li><span>Fail</span><span>Terminal services server is not licenced<br/></span></li><li><span>N/A</span><span>Not a terminal services server<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>N/A</td><td>Not a terminal services server</td><td></td></tr>
<tr><td>Check Server OU Location</td><td>c-sys-18</td><td class="p note"><div class="help"><li><span>System<br/>18</span><span>Check that the current server OU path is not in the default location(s). The list of OUs should contain at least the default "Computers" OU, and must be the full distinguished name of the locations.</span></li><br/><li><span>Pass</span><span>Server not in default location<br/></span></li><li><span>Fail</span><span>Server is in default location<br/></span></li><li><span>N/A</span><span>Not a domain joined server<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>Server not located in a default OU location</td><td>ou=abc,ou=def,<br/>dc=domain,dc=net</td></tr>
<tr><td>Check HP SMH Version</td><td>c-sys-19</td><td class="n note"><div class="help"><li><span>System<br/>19</span><span>Check the state of the HPe System Management Homepage service and version</span></li><br/><li><span>Pass</span><span>Service state and version are correct<br/></span></li><li><span>Fail</span><span>Service state is not correct<br/>Installed version is below the minimum set<br/>HPe SMH not installed<br/></span></li><li><span>N/A</span><span>Not a HPe physical server<br/></span></li><br/><li><span>Applies To</span><span>All HPe Physical Servers<br/></span></li></div>N/A</td><td>Not a HPe physical server</td><td></td></tr>
<tr><td>Check Dell OMA Version</td><td>c-sys-20</td><td class="n note"><div class="help"><li><span>System<br/>20</span><span>Check the state of the Dell OpenManage Administrator service and version</span></li><br/><li><span>Pass</span><span>Service state and version are correct<br/></span></li><li><span>Fail</span><span>Service state is not correct<br/>Installed version is below the minimum set<br/>Dell OMA not installed<br/></span></li><li><span>N/A</span><span>Not a Dell physical server<br/></span></li><br/><li><span>Applies To</span><span>All Dell Physical Servers<br/></span></li></div>N/A</td><td>Not a Dell physical server</td><td></td></tr>
<tr><td>Gold Image Check</td><td>c-sys-21</td><td class="m note"><div class="help"><li><span>System<br/>21</span><span>Allows you to checks a specific list of registry keys and values to see if your in-house gold image was used.Up to three registry keys and values can be checked. Note: All keys must be in HKEY_LOCAL_MACHINE only</span></li><br/><li><span>Pass</span><span>All gold build checks were found and correct<br/></span></li><li><span>Fail</span><span>One or more gold build checks were below specified value<br/></span></li><li><span>Manual</span><span>One or more gold build checks were "Report Only"<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Manual</td><td>One or more gold build checks were "Report Only"</td><td>1: (Report) InstallDate: 08/30/2016 15:42:23,<br/></td></tr>
<tr><td>All RAM Visible</td><td>c-sys-22</td><td class="p note"><div class="help"><li><span>System<br/>22</span><span>Check that all the memory assigned to a server is visible to the OS.</span></li><br/><li><span>Pass</span><span>All assigned memory is visible<br/></span></li><li><span>Fail</span><span>Not all assigned memory is visible<br/></span></li><br/><li><span>Applies To</span><span>All Servers<br/></span></li></div>Pass</td><td>All assigned memory is visible</td><td>Installed: 16.00gb</td></tr>
<tr><td class="sectionRow" colspan="5">Virtual</td></tr><tr><td>HyperV/VMware Tools Version</td><td>c-vmw-01</td><td class="n note"><div class="help"><li><span>Virtual<br/>01</span><span>Check that the latest VMware tools or Microsoft integration services are installed.</span></li><br/><li><span>Pass</span><span>VMware tools are up to date<br/></span></li><li><span>Fail</span><span>Integration services not installed<br/>VMware tools can be upgraded<br/></span></li><li><span>Manual</span><span>Integration services found<br/>Unable to check the VMware Tools upgrade status<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>VMware Time Sync</td><td>c-vmw-02</td><td class="n note"><div class="help"><li><span>Virtual<br/>02</span><span>Check that VMware Host Time Sync is disabled.</span></li><br/><li><span>Pass</span><span>VMware tools time sync is disabled<br/></span></li><li><span>Fail</span><span>VMware tools time sync is enabled<br/></span></li><li><span>Manual</span><span>Unable to check the VMware time sync status<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>VMware NIC Type</td><td>c-vmw-03</td><td class="n note"><div class="help"><li><span>Virtual<br/>03</span><span>Check all virtual servers have network cards that are configured as VMXNET3.</span></li><br/><li><span>Pass</span><span>All active NICS configured correctly<br/></span></li><li><span>Warning</span><span>No network adapters found<br/></span></li><li><span>Fail</span><span>One or more active NICs were found not to be VMXNET3<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>VMware Disk Controller</td><td>c-vmw-04</td><td class="n note"><div class="help"><li><span>Virtual<br/>04</span><span>Check Windows disk controller is set correctly. Default setting is "LSI logic SAS".</span></li><br/><li><span>Pass</span><span>Disk controller set correctly<br/></span></li><li><span>Fail</span><span>No SCSI controllers found<br/>Disk controller not set correctly<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>VMware SCSI Drive Count</td><td>c-vmw-05</td><td class="n note"><div class="help"><li><span>Virtual<br/>05</span><span>Checks to see if there are are more than 8 drives attached to the same SCSI adapter.</span></li><br/><li><span>Pass</span><span>More than 7 drives exist, but on different SCSI adapters<br/></span></li><li><span>Fail</span><span>More than 7 drives exist on one SCSI adapter<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/>There are less than 8 drives attached to server<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>Total VM Size</td><td>c-vmw-06</td><td class="n note"><div class="help"><li><span>Virtual<br/>06</span><span>Checks to see if the total VM size is less than 1TB.</span></li><br/><li><span>Pass</span><span>VM is smaller than 1TB<br/></span></li><li><span>Warning</span><span>VM is larger than 1TB. Make sure there is an engineering exception in place for this<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>Mounted Drives</td><td>c-vmw-07</td><td class="n note"><div class="help"><li><span>Virtual<br/>07</span><span>Checks for any mounted CD/DVD or floppy drives.</span></li><br/><li><span>Pass</span><span>No CD/ROM or floppy drives are mounted<br/></span></li><li><span>Fail</span><span>One or more CD/ROM or floppy drives are mounted<br/></span></li><li><span>N/A</span><span>Not a virtual machine<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual machine</td><td></td></tr>
<tr><td>Failover Clustering</td><td>c-vmw-08</td><td class="n note"><div class="help"><li><span>Virtual<br/>08</span><span>Check that Failover Clustering is not be installed on virtual servers.</span></li><br/><li><span>Pass</span><span>Failover clustering is not installed<br/></span></li><li><span>Fail</span><span>Failover clustering is installed<br/></span></li><li><span>N/A</span><span>Not a virtual server<br/></span></li><br/><li><span>Applies To</span><span>Virtual Servers<br/></span></li></div>N/A</td><td>Not a virtual server</td><td></td></tr>
<tr><td class="sectionRow" colspan="5"> </td></table>
</body></html>