Winbatch NT SRR Script Procedures

Windows Server 2003 Checklist 4.0.0 - 22 April 2005 Field Security Operations Section 4 Defense Information Systems Agency

4 WINDOWS SERVER 2003 GOLD DISK / NON-OS CHECK PROCEDURES

The Gold Disks for Windows Server 2003 contain a Users’ Manual, which should be referred to for executing SRR Scans. The manual contains detailed information on the use of the various windows and the expected output.

The Production Gold Disk application has the following prerequisites:

4.1 General Requirements • Windows Server 2003 Operating System • Microsoft Internet Explore 6.0 or higher • FSO Production Gold Disk and Users Guide (Gold Disk CD) • User account from which Gold Disk is run must have Administrator privileges and have the User Right: Manage Auditing and Security Log.

4.2 Specific Requirements The user should ensure that Internet Explorer (IE 6.0 or above) is installed and properly functioning on the target system before executing this application. This application utilizes the MSXML libraries provided by Microsoft in their Internet Explorer product. If Internet Explorer 6.0 or higher is not installed on the target system, when the application is executed, it will prompt for the user to execute the built-in installation program.

4.3 Getting Started Before launching the Gold Disk program, users should make effort to become familiar with the user interface. Please refer to Section 2 in the Users Manual to learn more about application GUI.

• Insert PGD Compact Disk into the CD-ROM drive • Right-click My computer icon • Select and click explore • Double-click the PGD CD • Double-click PGD icon

4.4 Non-OS Checks Procedures

After completing the review using the Gold Disk, the reviewer will need to run the W2K3PostGD.exe WinBatch scripts to collect asset information, data for non-OS IAVMs, and data from other checks.

These scripts will create a findings.txt and itf.txt file in the %SystemDrive %\Temp\SRR\LOG\\ folder.

The reviewer will need to import the Post Gold Disk itf.txt file into the SRR database first to obtain the VMS Asset record, and then import the corresponding output file from the Gold Disk.

4.5 ISS Scan Extract

Import any ISS Scan finding extract file into the SRR database.

4.6 “Not Reviewed” and “Manual Review” Findings

NR - Not Reviewed. The tools does not perform the check. MR - Manual Review. The tool could not make a determination of the status and needs a manual review to make the determination

The reviewer should resolve all “not reviewed” or “manual review” findings while on site. Any findings that cannot be changed from “not reviewed” should be documented with an explanation in the Module information in VMS.

4.7 Frequently Asked Questions

What should I take for an SRR?

In addition to an SRR CD, you will also need to pick up all of the Windows Production Gold Disks

•W2K3 Member server •W2K3 Domain Controllers

Is there a findings.txt file from the Gold Disk?

NO – You should manually validate any findings from the Gold Disk GUI, create the itf (from the file menu on the Gold Disk interface) and import it in to VMS to produce a ‘human readable’ report

Should I fix findings using the Gold Disk?

NO – It is still FSO policy that reviewers do not fix the findings. As with any fix, FSO recommends testing before applying a fix on a production machine.

What privileges do I need to perform an SRR using the Gold Disk?

The reviewer userid must be part of the administrator group and have the user right of ‘Manage auditing and security log’

Should I leave Gold Disks with the SA?

Yes – Also inform the SA to send a note to the FSO Customer Support desk ([email protected]) to be on the monthly distribution.

The SA may also download the Gold Disk CD images files (ISOs) from: • IASE Web Server (http://iase.disa.mil/) • •NIPRNET DOD Patch Repository (https://patches.csd.disa.mil) • •SIPRNET DOD Patch Repository (https://patches.csd.disa.smil.mil)

Who should the SA contact if they have questions about the Gold Disk?

The SA should direct all questions to the FSO Customer Support desk ([email protected]). This will ensure the question is tracked and that the SA receives support even when a primary support person for a technology is TDY or on leave.