Bypass traverse checking (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports accounts with rights to bypass traverse checking. This allows the account to pass through file system or registry folders to which it has no access rights to open a subfolder or object to which it does have access rights. Windows grants this right to Everyone by default. You can use the name list to exclude or include users or security groups that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Bypass traverse checking

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_BYPASS_TRAVERSE_CHECK Category: Policy Compliance	Windows 2000 (105933) Windows 2003 (205933) Windows 2008 (248933) Windows Vista (228929) Windows XP (200929)	Title: Bypass traverse checking Description:The user or security group has the right to bypass traverse checking. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.	Severity: yellow-1 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_BYPASS_TRAVERSE_CHECK

Category: Policy Compliance

Windows 2000 (105933)
Windows 2003 (205933)
Windows 2008 (248933)
Windows Vista (228929)
Windows XP (200929)

Title: Bypass traverse checking

Description:The user or security group has the right to bypass traverse checking. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]