Sie sind auf Seite 1von 41

Quest Reporter

6.5

Product Overview

2011 Quest Software, Inc. ALL RIGHTS RESERVED.

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchasers personal use without the written permission of Quest Software, Inc. The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com email: legal@quest.com Refer to our Web site for regional and international office information.

Trademarks
Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, CI Discovery, Defender, DeployDirector, Desktop Authority, Directory Analyzer, Directory Troubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, iToken, JClass, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point, Click, Done!, Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, ScriptLogic, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator, vConverter, vEcoShell, VESI,vFoglight, vPackager, vRanger, vSpotlight, vStream, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vEssentials, Vizioncore vWorkflow, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks are property of their respective owners.

Third Party Contributions


Quest Reporter contains some third party components (listed below). Copies of their licenses may be found on our website at http://www.quest.com/legal/third-party-licenses.aspx USE Compression Compression Encryption Logging COMPONENT Info-Zip 2002-Feb-16 SharpZipLib 0.84.0.0 Blowfish v2 Log4Net 1.2.10 LICENSE Info-Zip 2007-Mar-4 SharpZipLib 0.84 MIT 1.0 Apache 2.0

Quest Reporter Product Overview Updated - May 2011 Software Version - 6.5

CONTENTS
CHAPTER 1 INTRODUCING QUEST REPORTER . . . . . . . . . . . . . . . . . . . . . . . . 7 GETTING THE MOST FROM QUEST REPORTER . . . . . . . . . . . . . . 8 DAY-TO-DAY SECURITY AND STANDARDS ENFORCEMENT . . . . 8 PREPARING FOR AUDITS . . . . . . . . . . . . . . . . . . . . . . . . 9 PREPARING FOR CHANGE . . . . . . . . . . . . . . . . . . . . . . . 9 QUEST REPORTER COMPONENTS . . . . . . . . . . . . . . . . . . . . . .10 QUEST REPORTER CONFIGURATION BASELINING . . . . . . . . . . . .11 QUEST REPORTER FOR NOVELL . . . . . . . . . . . . . . . . . . . . . . .12 QUEST REPORTER EXPRESS . . . . . . . . . . . . . . . . . . . . . . . . .13 MANAGING YOUR NETWORK WITH QUEST REPORTER . . . . . . . . . .14 QUEST REPORTER FEATURES . . . . . . . . . . . . . . . . . . . . . . . .15 REPORT GENERATION . . . . . . . . . . . . . . . . . . . . . . . . .15 MODES OF REPORTING . . . . . . . . . . . . . . . . . . . . . . . . .15 OBJECT SETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 FAVORITES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 FILTERING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 LINKING ATTRIBUTES BETWEEN CATEGORIES . . . . . . . . . . .17 MULTIFOREST REPORTING . . . . . . . . . . . . . . . . . . . . . . .17 CHAPTER 2 INTRODUCING CONFIGURATION BASELINING . . . . . . . . . . . . . . . 19 OVERVIEW OF CONFIGURATION BASELINING . . . . . . . . . . . . . . .20 WHAT IS THE CONFIGURATION BASELINING WORKFLOW? . . . .22 WHAT IS A CONFIGURATION CHECK? . . . . . . . . . . . . . . . .24 WHAT IS A TEMPLATE?. . . . . . . . . . . . . . . . . . . . . . . . .25 WHAT IS A RULE SET?. . . . . . . . . . . . . . . . . . . . . . . . .26 WHAT IS A RULE? . . . . . . . . . . . . . . . . . . . . . . . . . . .27 CONFIGURATION BASELINING DATABASES . . . . . . . . . . . . .28 NAVIGATING CONFIGURATION BASELINING . . . . . . . . . . . . . . . .29 INTRODUCING THE CONFIGURATION BASELINING ROOT NODE .30 INTRODUCING THE TASKPADS . . . . . . . . . . . . . . . . . . . . .30 INTRODUCING THE TEMPLATES NODE . . . . . . . . . . . . . . . .32
v

INTRODUCING THE RULE SETS NODE . . . . . . . . . . . . . . . .34 INTRODUCING THE JOB MANAGEMENT NODE . . . . . . . . . . . .37 ABOUT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 CONTACTING QUEST SUPPORT . . . . . . . . . . . . . . . . . . . . . . .40

vi

1
Introducing Quest Reporter
Getting the Most from Quest Reporter Quest Reporter Components Quest Reporter Configuration Baselining Quest Reporter for Novell Quest Reporter Express Managing Your Network with Quest Reporter Quest Reporter Features

Introducing Quest Reporter

Getting the Most from Quest Reporter


This document has been prepared to assist you in becoming familiar with Quest Reporter, a Windows Management product. The Product Overview contains an overview of the features, components, and functionality of Quest Reporter. It is intended for internal and external auditors, network administrators, consultants, analysts, and any other IT professionals using the product. Quest Reporter is an invaluable tool for network administrators, security administrators, IT auditors, and other users in an enterprise network. It provides the ability to analyze the network, document the configuration, and make decisions based on the current state of the network. Quest Reporter helps you administer your network by generating comprehensive enterprise-wide reports, from both real-time and stored data. Report templates can be run and exported on a scheduled basis, offering unprecedented flexibility. The intuitive interface allows users to retrieve necessary data quickly. For organizations with advanced needs, there are multiple formats for exporting data to custom applications. Quest Reporter allows you to collect, compare, report on and resolve Active Directory and Windows-based configurations which is essential for change auditing, Windows security assessments, or AD pre- and post-migration analyses. Armed with this information, you can quickly make strategic and tactical security decisions that involve your Active Directory and Windows environment.

Day-to-Day Security and Standards Enforcement


Many organizations have policies and standards prescribing how their IT environments are managed. These policies cover such areas as user creation and deletion, and group population. Network and security administrators need to know that policies are being followed and standards are being applied correctly on a daily basis. In large environments, this can be time consuming as there may be thousands of users, groups, and computers to keep track of. To prevent security breaches, you can audit your environment frequently using Quest Reporter.

Quest Reporter

Preparing for Audits


The process of preparing for comprehensive IT security audits can be tedious and frustrating. You need tools to demonstrate that the environment is secure and being managed according to the organizational policies. Quest Reporter provides the information needed to prepare for a security audit. Reporter provides report templates that will help you to ensure HIPPA (The American Health Insurance Portability and Accountability Act of 1996) and SOX (Sarbanes-Oxley) standards are adhered to.

Preparing for Change


Change in large IT environments must be accomplished quickly and securely, using minimal resources and without any loss of productivity. Quest Reporter provides the information needed to plan smooth transitions, ensuring that nothing is overlooked.

Introducing Quest Reporter

Quest Reporter Components

Figure 1: Quest Reporter components

The console displays network information. Use the console to select reports, and configure the Reporter data collectors (RDCs) and object sets.

10

Quest Reporter

The report display component formats the collected information and exports the information into HTML and other formats such as Adobe PDF (Portable Document Format) and CSV (Comma Separated Values). The report engine coordinates all of Quest Reporters interaction with its database. It manages the information going to and coming from the collection routines as well as the generation of temporary views containing the actual report data. The report engine stores the data for the reports. Once the data is collected, the report engine invokes the report viewer to display the report. The collection routines are an extensible set of components that Quest Reporter uses to enumerate information about network objects and their attributes. The database is configured the first time you run Quest Reporter. Use the Database Setup Wizard to select the target database and to change the data source at a later time. The RDC schedules data collection and tracks changes. It stores and timestamps this information, which is then used to create the reports. The RDC is a special packaging of the collection routines and report engine. It is designed to facilitate network object data collection from remote locations in highly distributed environments. Deploying an RDC prevents the need for the RDC installed on the main console to enumerate information across potentially busy or slow WANs (Wide Area Networks). For more information on RDC deployment, see the Quest Reporter Installation and Deployment Guide.

Quest Reporter Configuration Baselining


Quest Reporter's Configuration Baselining feature provides automated comparisons of Active Directory and Windows server configurations against an ideal baseline. Using this functionality, you can ensure that your environment meets security best practices, internal standards and regulatory requirements. By implementing this solution, IT organizations can maintain operational efficiencies, lower total cost of server ownership, minimize risks associated with undocumented configuration changes, and assist in compliance efforts.

11

Introducing Quest Reporter

For information on how to use Configuration Baselining, see the Configuration Baselining User Guide. You can access the Configuration Baselining User Guide from the Documentation tab of the installation program. You can access the installation program by double-clicking Autorun.exe after you have extracted the zipped files.
For an overview of the features, components, functionality, and workflow of Configuration Baselining, see Introducing Configuration Baselining on page 19.

Quest Reporter for Novell


Quest Reporter for Novell is an add-on pack for Quest Reporter that offers administrators the ability to collect and report on Novell networks. The report templates are designed to help organizations plan for their pending migration from Novell to AD. Reports range from User and Group data to permissions. With Quest Reporter for Novell, you can also easily perform key critical tasks against objects in the NDS/eDirectory environment using action enabled reporting. You can download Quest Reporter for Novell from the Quest Reporter page of the Quest Software web site (http://www.quest.com). See the Quest Reporter for Novell User Guide for information on how to install the add-on pack and how to run report templates. You can access the Quest Reporter for Novell User Guide from the Documentation tab of the installation program. You can access the installation program by double-clicking Autorun.exe after you have extracted the zipped files.

12

Quest Reporter

Quest Reporter Express


The Quest Reporter Express version is offered as a freeware edition of Quest Reporter. It is not supported by our Quest Support team. The following reporting is available with Express: You can run the reports in the Users folder in the console.
Not all user attributes are available with the user reportsthese reports will not run. You cannot run the following three reports in Express: Users with NULL Passwords Users with NULL Passwords (Agent) Last Logon by Domain Controller

You can create custom reports using the user attributes that are available.

All other reports can be viewed in the Quest Reporter console but can only be run if you upgrade your license to Quest Reporter.

13

Introducing Quest Reporter

Managing Your Network with Quest Reporter


Quest Reporter provides a streamlined approach to report generation. Instead of manually checking individual computers, you can gather and summarize data using Reporter. Quest Reporter helps you maintain and manage enterprise directories through security, standards conformance, and general administration reports. You can use Quest Reporter to perform the following tasks: Create reports by selecting objects and containers from Active Directory and Windows NTFS Access report templates grouped to match directory object classes such as users, groups, domains, computers, and Access Control Lists (ACLs) Modify predefined report templates to suit your own requirements Schedule reports to run automatically and save the results to a location of your choice Gather information by installing RDCs in remote offices Schedule collections to generate stored data reports later Access NTFS report templates to audit users and groups contained in ACLs, ensuring compliance with your companys standards for protecting sensitive data Create reports faster with reusable, user-defined selections of network objects (object sets) from one or more domains Create a category of favorites to access on a regular basis and share your list of favorites with other users

14

Quest Reporter

Quest Reporter Features


Quest Reporter is more than just a reporting tool. It is a sophisticated, extensible data collector with the ability to present collected information in a number of different formats.

Report Generation
You can run reports in the following ways: Selecting objects through the following nodes in the console: Active Directory, IP Subnet, or Object Set Running a report template from the Reports or Favorites nodes Generating a report using a scheduled favorite

Modes of Reporting
Using Quest Reporter, you can generate reports based on stored or live data.

Live Data Reports


A live data report collects information from the network at the time of running the report template. Select a live report template to collect information for the report immediately. A live data report gathers the latest network information. For more information on how to generate live reports, see the Quest Reporter User Guide.

15

Introducing Quest Reporter

Action Enabled Reports


Action enabled reporting is a subcategory of live data report templates that allows you to update network information within a report. You no longer have to read from the report output as you make changes within another management tool. Make the changes in the report, and if you have the appropriate rights, the information on the network will be updated immediately. For information on how to generate action enabled reports, see the Quest Reporter User Guide.

Stored Data Reports


Stored data reports are reports that are generated from previously collected data in the database. The data may have been collected by an earlier live report or from a scheduled collection. Stored data reports take a fraction of the time to generate compared to live reports. For information on how to generate stored data reports and configure and schedule data collection, see the appendix in the Quest Reporter Installation and Deployment Guide.

Object Sets
An object set is a defined logical container that allows you to group objects in a convenient manner. An object set can contain specific objects, containers (Organizational Units and groups), or entire domains. An object set can cross domains. For example, you may want to run certain reports on users in the Finance department on a recurring basis but the users exist in multiple places throughout your directory. Instead of searching through your directory to find the users each time you run the report, you can create an object set and then add the users to the object set. The next time you run the report, you can select the object set rather than each user in the Finance department.

Favorites
A favorite is a special type of report template that provides a method of retaining or saving all report properties so that the next time the report runs, there is no user intervention. You can schedule a favorite to run at any time. The report attributes saved in a favorite include the following report properties: Objects, Filter, Output, Collection, Attributes, Grouping, and General.

16

Quest Reporter

Filtering
Using a filter, you can narrow the focus of report results by setting certain criteria on the resultant set of objects. You can build the filters using the available attributes for each report type, select a condition (for example, Equals, Is Greater Than), and enter a value for the filter.

Linking Attributes Between Categories


Attribute linking allows you to select additional attributes of an object that are not the primary focus of the report. This allows you to customize the distinguishing attributes of an object in a way that suits your needs. This provides a means of associating object types and attributes and providing more meaningful information in your report.

Multiforest Reporting
A single forest deployment is characterized by all of an organizations network objects being contained within one forest and a group of domains, whereas a multiforest deployment separates an organizations network into various forests and their respective domains. The multiforest deployment is by far the more secure deployment; however, it can be complex to administer. Quest Reporter supports multiforest deployments. Domains in multiple forests are displayed as individual fully-functional nodes that allow you to connect to and run a single report template on object types from different forests.

17

Introducing Quest Reporter

18

2
Introducing Configuration Baselining
Overview of Configuration Baselining What is the Configuration Baselining Workflow? What is a Configuration Check? What is a Template? What is a Rule Set? What is a Rule? Configuration Baselining Databases Navigating Configuration Baselining

Introducing Configuration Baselining

Overview of Configuration Baselining


Quest Reporter enables IT organizations to collect, compare, report on, and resolve Active Directory and Windows-based configurations, which is essential for change auditing, Windows security assessments, or AD pre- and postmigration analyses. Armed with this information, organizations can quickly make strategic and tactical security decisions that involve their Active Directory and Windows environments.

Figure 2: Quest Reporter collects, compares, and reports on AD and Windows-based configurations.

The compare capabilities are provided through Quest Reporters Configuration Baselining feature. Quest Reporters Configuration Baselining feature provides automated comparisons of Active Directory and Windows configurations against an ideal baseline. By implementing this solution, IT organizations can maintain operational efficiencies, lower total cost of server ownership, minimize risks associated with undocumented configuration changes, and assist in compliance efforts. Quest Reporters Configuration Baselining feature leverages Quest Reporters agent-less architecture, which minimizes typical deployment concerns of ease of installation and configuration. Quest Reporters Configuration Baselining feature is tightly integrated with the core components of Quest Reporter and leverages the collection and storage mechanism to gather state-based information about your environment.
20

Quest Reporter

The Quest Reporter Configuration Baselining feature introduces two additional databases to the architecture. The first is the Configuration Baselining Configuration Database this stores configuration information for the Configuration Baselining feature such as templates, rule sets, rules, and configuration checks. The second database is the Configuration Baselining Results Database. This database stores the results of the configuration checks. The Configuration Check Processor (CCP) leverages all three databases. The CCP leverages the baseline configuration database to get details of the ideal baseline you want evaluated. It then evaluates the ideal baseline against the Quest Reporter analytical database which contains the current configuration state information for your environment. After the evaluation is performed, the results are saved to the Configuration Baselining Results Database. Through the Quest Reporters Configuration Baselining user interface, you can initiate live data collections for your live configuration checks or run configuration checks against stored data that has already been gathered from Quest Reporters scheduled collection mechanism. There is great value in this integration as the data can be collected once and is used for both general reporting and comparison capabilities. This minimizes all of the typical concerns with having to collect the information from your environment multiple times for these independent and siloed processes.
For information on how to install and deploy Quest Reporter, see the Quest Reporter Installation and Deployment Guide.

21

Introducing Configuration Baselining

What is the Configuration Baselining Workflow?


The following diagram shows the overall Configuration Baselining workflow:

Figure 3: The four steps in the Configuration Baselining workflow: establish, collect, compare, and view.

Step 1: Establish Baseline


This is the establishment of your ideal baseline. Configuration Baselining comes with out of the box baselines based on the Center for Internet Security Benchmarks and Microsoft Best Practices. You can easily create your own baselines by either copying the existing out of box baselines or creating your own. You can create baselines based on the following categories: domain information, groups and users, computer information, and permissions. For more information on how to establish baselines, see the Configuration Baselining User Guide.

22

Quest Reporter

Step 2: Collect Data


After you have created your ideal baseline, which could encompass a single template or multiple templates, Configuration Baselining needs to collect the pertinent data from your environment. This process is facilitated through Quest Reporters live and scheduled data collection mechanism. After this process has been performed, Configuration Baselining now has the state-based information that can be used for comparison. For more information on how to collect data, please refer to the Quest Reporter User Guide.

Step 3: Compare Baseline Versus Data


Quest Reporters Configuration Baselining feature will now compare what is in the ideal baseline that you created in Step 1 against the pertinent information that Configuration Baselining collected in Step 2 from your environment. This process is performed by the Configuration Check Processor. For more information on how to perform a configuration check, see the Configuration Baselining User Guide.
For ease of use, Quest Reporters Configuration Baselining feature provides you with the ability to perform configuration checks based on live data, which results in a merging of steps 2 and 3 of the workflow. You should use live data as the basis for running ad hoc configuration checks of your network. For example, if you are asked to check if the latest Windows critical update has been installed on all of your Windows Server 2003 computers, you can run a configuration check based on live network data to determine immediately what computers have not been updated. You should use stored data as the basis for running regularly scheduled configuration checks of your network as part of your internal auditing activities. For example, if several new Windows Server 2003 computers have been brought online in your network, you can schedule a configuration check to run on stored network data that is collected weekly to determine if these new servers adhere to the configuration settings established by your company's server hardening policies.

Step 4: View Results and Perform Appropriate Action


After the Configuration Check Processor is finished processing the configuration check, the results of the configuration check are stored in the Configuration Baselining Results database. These results are dynamic and are displayed in summary and detailed fashion through the Quest Reporter Configuration Baselining user interface. You can use this information to remediate the non-compliant objects. Configuration Baselining also provides you with the ability to export results for easier distribution purposes. For more information on viewing the results, see the Configuration Baselining User Guide.

23

Introducing Configuration Baselining

What is a Configuration Check?


A configuration check is the main component of Configuration Baselining. It determines the level of compliance of your network objects by comparing them against a baseline. A baseline is represented by one or more templates in Configuration Baselining. To check the compliance of your network objects, you will create and schedule configuration checks based on predefined templates or based on templates that you create or import.

Figure 4: A configuration check compares network objects against a template (baseline).

Example Configuration Check


The following example configuration check will compare two objects against one template on a weekly basis using live data:
NAME SerRules OBJECTS Server1, Server2 TEMPLATE Windows Server 2003 FREQUENCY Weekly DATA Live

24

Quest Reporter

What is a Template?
A template contains the settings that Configuration Baselining uses to evaluate objects and determine if they comply with your companys standards, profiles, and policies. A template contains rule sets and rule sets are made up of rules.

Figure 5: A template is made up of rule sets and rule sets contain rules.

You can use one of the predefined templates that come with Configuration Baselining, you can create your own template, you can import one created by another user, or you can import one from an .inf file.

Example Custom Template


The following example custom template contains two rule sets and each rule set contains two rules:
TEMPLATE NAME Windows Server 2003 RULE SETS General Computer Rules Effective Computer Settings RULES DNS Search Order List Memory Capacity in Bytes Check Maximum System Log Size Check Password Age

25

Introducing Configuration Baselining

What is a Rule Set?


A rule set is a logical grouping of one or more rules. Rule sets can contain rules from many different attribute categories and they can help you maximize the reusability of rules because they can be shared across templates.

Figure 6: A rule set is a container for rules.

You can use the predefined rule sets that are included with the predefined templates or you can create your own custom rules sets. You can also apply a filter to a rule set to limit the scope of the Active Directory domains or computers that are checked against the baseline.

Example Custom Rule Sets


The following example rule sets each contain two rules:
RULE SET NAME General Computer Rules RULES DNS Search Order List Memory Capacity in Bytes Effective Computer Settings Check Maximum System Log Size Check Password Age

26

Quest Reporter

What is a Rule?
A rule is a combination of attributes, conditions, and values. Rules form the basis of the configuration check and they are what your configuration items are checked against. Each rule can only contain attributes from one attribute category, such as BIOS or NTFS Files. If you want to check the values of attributes across multiple attribute categories, you will have to create or use multiple rules.

Figure 7: A rule is made up of attributes, conditions, and values.

You can use the predefined rules that the predefined templates contain or you can create your own custom rules. You can also apply a filter to a rule to limit the number of configuration items that are checked against the rule and to determine the existence of specific attribute values.

Example Rules
Three of the following example custom rules each contain one attribute, one condition, and one value. The fourth example contains two attributes, two conditions, and two values:
RULE NAME DNS Search Order List Memory Capacity in Bytes Check Maximum System Log Size ATTRIBUTE CIMV2.Network Adapter Description [WMI] CIMV2.Physical Memory Speed [WMI] System Log Max Size CONDITION equals equals is less than VALUE WAN Miniport (PPPoE) 2000 16

27

Introducing Configuration Baselining

RULE NAME Check Password Age

ATTRIBUTE Maximum Password Age (expires in x days) Minimum Password Age (changed after x days)

CONDITION equals equals

VALUE 90 5

Configuration Baselining Databases


Configuration Baselining stores data in two separate databases: Configuration Baselining Configuration database Configuration Baselining Results database
If you already have a large Quest Reporter database (collected data), then you should consider using a second database server for the Configuration Baselining databases. This will help increase scalability and improve the performance of Configuration Baselining. You can use the Quest Reporter Database Setup Wizard to change the location of the Configuration Baselining databases.

Configuration Baselining Configuration Database


The Configuration Baselining Configuration database contains all of the predefined content that ships with Configuration Baselining and all of the custom content you create (configuration checks, templates, rule sets, rules, filters, and categories) when using Configuration Baselining. After you have successfully installed Quest Reporter, the Quest Reporter Database Setup Wizard guides you through the set up of the Configuration Baselining Configuration database. You have the option to create a new database or select an existing one. The Configuration Baselining Configuration database is created when you click Next on the Configuration Baselining Database page of the Database Setup Wizard.

Configuration Baselining Results Database


The Configuration Baselining Results database contains the results data from all configuration checks that have run. This database is automatically created by Configuration Baselining at the same time as the Configuration Baselining database is created. To distinguish the two databases, the word Results is added

28

Quest Reporter

to the end of the name of the Configuration Baselining Configuration database. For example, if you entered ConfigurationBaseliningApril17 as the name of the Configuration Baselining Configuration database in the Database Setup Wizard, the following databases would be created: ConfigurationBaseliningApril17 ConfigurationBaseliningApril17Results

The configuration check results data that is stored in the Configuration Baselining Results database is displayed for you in four different views that are accessible from the Configuration Check Results node in Configuration Baselining: Summary View, Object View, Template View, and Detailed View. These views provide different levels of detail about the configuration check results and the data in these views can be filtered and exported. For more information on viewing the results of configuration checks, see the Configuration Baselining User Guide.

Navigating Configuration Baselining


Quest Reporters Configuration Baselining feature is a Microsoft Management Console (MMC) snap-in. The Configuration Baselining root node is a subnode of the Quest Reporter node. The default MMC console consists of a window divided into two panes: the left pane displays the console tree and the right (or main) pane displays the home pages or summary pages for the nodes or objects selected in the left pane (the console tree). After you have installed Quest Reporter, Configuration Baselining appears as a node in the console tree in the left pane.

29

Introducing Configuration Baselining

Introducing the Configuration Baselining Root Node


You can access the Configuration Baselining root node by expanding the Quest Reporter node in the MMC console tree and clicking the Configuration Baselining node.

The Configuration Baselining root node is the main access point for the three main Configuration Baselining nodes: Templates, Rule Sets, and Job Management. The Configuration Baselining root node and the three subnodes all have home pages that are displayed in the main pane (right pane) when you select the node in the console tree (left pane).

Introducing the Taskpads


When you select the Configuration Baselining node in the console tree in the left pane, the Out of the box content taskpad is displayed in the main pane (right pane). If you click the tab at the bottom of the main pane, you can switch to the Build new content taskpad.

30

Quest Reporter

You can use these taskpads as your starting point for easily creating and scheduling configuration checks. These taskpads are a great place to start from if you are new to Configuration Baselining.
One of the main goals of the taskpads is to help you learn how to use Configuration Baselining and to help you learn how Configuration Baselining works. When you use the Build new content taskpad as your starting point, the first step in building new content is the creation of a rule using the Rule Wizard. Once you become more comfortable using Configuration Baselining, you will start using the nodes in the treeview as your starting point when creating new content. When you start to use the nodes, you will notice that you cannot create a rule without first creating a rule set. This means that the workflow is slightly different depending on your starting point. If you create new content from the Build new content taskpad, you will create a rule first and then you will create a rule set and then a template. If you create new content from the nodes in the treeview, you will normally create a template first and then a rule set and then rules. For more information on using the nodes to create custom content , see Introducing the Templates Node on page 32 and Introducing the Rule Sets Node on page 34.

Which Taskpad Should I Use?


You should select the Out of the box content taskpad if you want to create and schedule a configuration check based on the predefined templates that come with Configuration Baselining. The predefined templates are based on the following industry benchmarks and security templates and guidelines: Center for Internet Security (CIS) Benchmarks and Microsoft security templates and guidelines. For more information on the predefined templates, see the Configuration Baselining User Guide. You should use the Build new content taskpad if you want to create and schedule a configuration check based on templates, rule sets, and rules that you define and create.
TASKPAD Out of the box content STEPS TO CREATE A CONFIGURATION CHECK If you use the Out of the box content taskpad as your starting point, you will perform the following steps: 1. Create and schedule a configuration check based on predefined templates. 2. View the properties and results of the configuration check that you created and scheduled in step 1.

31

Introducing Configuration Baselining

TASKPAD Build new content

STEPS TO CREATE A CONFIGURATION CHECK If you use the Build new content taskpad as your starting point, you will perform the following steps: 1. Create rules. 2. Create a rule set for the rules you created in step 1. 3. Create a template that contains the rule set you created in step 2. 4. Create and schedule a configuration check based on the template you created in step 3. 5. View the properties and results of the configuration check that you created and scheduled in step 4.

The wizards that you use to perform tasks though the taskpad are the same wizards that you use to create templates, rule sets, and rules through the Templates node and the Rule Sets node. For detailed step-by-step instructions on how to use these wizards, see the Configuration Baselining User Guide.

Introducing the Templates Node


You can access the Templates node by expanding the Configuration Baselining node under the Quest Reporter node in the MMC console tree. The Templates node contains template categories and templates, providing you with a starting point for creating custom templates and for creating and scheduling configuration checks. If you right-click the Templates node, you can Import templates Export templates Create new template categories Create new templates

Templates Home Page


When you select the Templates node in the console tree, the Templates home page is displayed in the main pane. From this home page, you can create templates and you can create and schedule configuration checks. For more information, see the Configuration Baselining User Guide.

32

Quest Reporter

Template Categories
The Templates node contains template categories and templates. When you select a template category under the Template node, the main pane shows the names and descriptions of the templates in that category. Template categories already exist for the predefined content and they are automatically created when you import a template. You can also create your own template categories to help you organize the custom templates that you create. For more information, see the Configuration Baselining User Guide. If you right-click a template category, you can Import templates Export templates View the name and description of the template category Create new template categories Create new templates

You can also cut, copy, delete, and rename template categories by right-clicking them and selecting the appropriate option.

Templates
If you right-click a template, you can Export it View its properties Create new configuration checks Create new rule sets

You can also cut, copy, delete, and rename templates by right-clicking them and selecting the appropriate option.

Templates Summary Page


When you select a template under the Templates node or under a templates category, the main pane displays the summary page for that template. This page shows the name and description of the template at the top and it has two sections: Rule Set Tasks and Configuration Check Tasks. If you expand the Rule Set Tasks section of the summary page, you can View the names and descriptions of the rule sets contained in the template

33

Introducing Configuration Baselining

Create a new rule set Add rule sets to the template Remove rule sets from the template View the properties of a selected rule set

If you expand the Configuration Check Tasks section of the summary page, you can View the names and descriptions of any configuration checks that are associated with the template Create a new configuration check View the properties of a selected configuration check

For more information on using the summary page to modify a custom template, see the Configuration Baselining User Guide.

Introducing the Rule Sets Node


You can access the Rule Sets node by expanding the Configuration Baselining node under the Quest Reporter node in the MMC console tree. The Rule Sets node contains rule set categories and rule sets and it provides you with a starting point for creating custom rule sets, rules, and filters. If you right-click the Templates node, you can Manage filters Create new rule set categories Create new rule sets

34

Quest Reporter

Rule Sets Home Page


When you select the Rule Sets node in the console tree, the Rule Sets home page is displayed in the main pane. From this home page, you can create custom rule sets, filters for rules sets, and custom rules. For more information, see the Configuration Baselining User Guide.

Rule Set Categories


The Rule Sets node contains rule set categories and rule sets. When you select a rule set category under the Rule Sets node, the main pane shows the names and descriptions of the rule sets in that category. Rule set categories already exist for the predefined content and they are automatically created when you import a template. You can also create your own rule set categories to help you organize the custom templates that you create. For more information, see the Configuration Baselining User Guide. If you right-click a rule set category, you can View the name and description of the rule set category Create new rule set categories Create new rule sets

You can also cut, copy, delete, and rename rule set categories by right-clicking them and selecting the appropriate option.

Rule Sets
If you right-click a rule set , you can View its properties Create new rules Create new filters Create new templates

You can also cut, copy, delete, and rename rule sets by right-clicking them and selecting the appropriate option.

35

Introducing Configuration Baselining

Rule Set Summary Page


When you select a rule set under the Rule Sets node or under a rule set category, the main pane displays the summary page for that rule set. This page shows the name and description of the rule set at the top and it has three sections: Rule Tasks, Filter Tasks, and Template Tasks. If you expand the Rule Tasks section of the summary page, you can View the names and descriptions of the rules contained in the rule set Create a new rule Add rules to the rule set Delete rules from the rule set Create a copy of a rule View the properties of a selected rule

If you expand the Filter Tasks section of the summary page, you can View the names and descriptions of the filters applied to the rule set Create a new filter Add filters to the rule set Remove filters from the rule set Create a copy of a filter View the properties of a selected filter

If you expand the Template Tasks section of the summary page, you can View the names and descriptions of the templates that contain the rule set Create a new template Add the rule set to a template Remove the rule set from a template View the properties of a selected template

For more information on using the summary page to modify a custom rule set, see the Configuration Baselining User Guide.

36

Quest Reporter

Introducing the Job Management Node


You can access the Job Management node by expanding the Configuration Baselining node under the Quest Reporter node in the MMC console tree. The Job Management node contains the Scheduled Configuration Checks node and the Configuration Check Results node. You can use these nodes to manage your scheduled configuration checks and to view the results of all configuration checks that have run.

Job Management Home Page


When you select the Job Management node in the console tree, the Job Management home page is displayed in the main pane. From this home page, you can manage scheduled configuration checks, view the results of configuration checks, and create and schedule a new configuration check. For more information, see the Configuration Baselining User Guide.

Scheduled Configuration Checks Node


When you select the Scheduled Configuration Checks node, the main pane (right pane) displays scheduled configuration checks in the upper pane. When you select a scheduled configuration check in the upper pane, each individual run of that configuration check is displayed in the lower pane. The lower pane will be empty if the configuration check you select in the upper pane has not run yet. You can view and edit the properties of each schedule configuration check by right-clicking a configuration check in the upper pane and selecting the appropriate option. For more information, see the Configuration Baselining User Guide. You can also view and manage each individual, historical run of a configuration check by right-clicking a historical run in the lower pane and selecting the appropriate option.
If you right-click the Scheduled Configuration Checks node, you can create a new configuration check.

37

Introducing Configuration Baselining

Configuration Check Results Node


When you select the Configuration Check Results node, the main pane (right pane) displays the results for all of the configuration checks that have run in four different views: Summary View, Object View, Template View, and Detailed View. For more information on viewing the results, see the Configuration Baselining User Guide. You can also filter and export the results.

38

Quest Reporter

39

About Quest Software


Quest Software simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest go to www.quest.com.

Contacting Quest
Refer to our Web site for regional and international office information. Email Mail info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA www.quest.com

Web site

Contacting Quest Support


Quest Support is available to customers who have a trial version of a Quest product or who have purchased a Quest product and have a valid maintenance contract. Quest Support provides unlimited 24x7 access to SupportLink, our self-service portal. Visit SupportLink at http://support.quest.com. From SupportLink, you can do the following: Retrieve thousands of solutions from our online Knowledgebase Download the latest releases and service packs Create, update and review Support cases

View the Global Support Guide for a detailed explanation of support programs, online services, contact information, policies and procedures. The guide is available at: http://support.quest.com.
40

Quest Reporter

41