Allow any privileged account (Windows)

Module: File Attributes

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

When this option is enabled, the File ownership and ACL checks treat all privileged accounts identically. Privileged accounts are members of the Administrators security group. Usually, ownership or access to system files by any privileged account is acceptable. For example, if the template specifies that a file should be owned by Administrator, privileged account owners are not reported. This option lets you accommodate variations in ownership between different versions or installations of the same operating system without changing templates.

The following table lists the error messages for the check.

Table: Error messages for Allow any privileged account

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESMT_ADDITIONAL_ENTRY Category: Policy Compliance	Windows 2000 (105534) Windows 2003 (205534) Windows 2008 (248534) Windows Vista (228534) Windows XP (200534)	Title: Additional ACL entry Description:The file's access permissions include an account that is not listed in the template. If the account is authorized to access the file, manually update the template. If it is not authorized, remove the account's access to the file, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_DIFFERENT_ENTRY Category: Policy Compliance	Windows 2000 (105535) Windows 2003 (205535) Windows 2008 (248535) Windows Vista (228535) Windows XP (200535)	Title: Different ACL entry Description:The file's access permissions do not match the template. If the current setting is authorized, manually update the template. If it is not authorized, set the ACLs to match the template, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_MISSING_ENTRY Category: Policy Compliance	Windows 2000 (105536) Windows 2003 (205536) Windows 2008 (248536) Windows Vista (228536) Windows XP (200536)	Title: Missing ACL entry Description:The file's ACLs do not give access to an account that is specified in template. If the account should not have access, manually update the template. If the account should have access, set the ACLs to match the template, then run the Changed file (signature) check. It is possible for an intruder to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_ADDITIONAL_SACL_ENTRY Category: Policy Compliance	Windows 2000 (105542) Windows 2003 (205542) Windows 2008 (248542) Windows Vista (228542) Windows XP (200542)	Title: Additional SACL entry Description:The file is being audited for an account that is not specified in the template. If auditing should be performed for this account, add the account to the template. If it should not be performed, remove the account from the file's auditing settings.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_DIFFERENT_SACL_ENTRY Category: Policy Compliance	Windows 2000 (105540) Windows 2003 (205540) Windows 2008 (248540) Windows Vista (228540) Windows XP (200540)	Title: Different SACL entry Description:The current audit setting for the file does not match the File template setting. If the current setting is correct, manually update the template. If the setting is incorrect, change the file's auditing settings to match the template.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_MISSING_SACL_ENTRY Category: Policy Compliance	Windows 2000 (105541) Windows 2003 (205541) Windows 2008 (248541) Windows Vista (228541) Windows XP (200541)	Title: Missing SACL entry Description:The file is not audited for the account that is specified in the Information field. If auditing should not be performed for this account, manually update the template. If it should be performed, change the file's auditing settings to match the template.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESMT_ADDITIONAL_ENTRY

Category: Policy Compliance

Windows 2000 (105534)
Windows 2003 (205534)
Windows 2008 (248534)
Windows Vista (228534)
Windows XP (200534)

Title: Additional ACL entry

Description:The file's access permissions include an account that is not listed in the template. If the account is authorized to access the file, manually update the template. If it is not authorized, remove the account's access to the file, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_DIFFERENT_ENTRY

Category: Policy Compliance

Windows 2000 (105535)
Windows 2003 (205535)
Windows 2008 (248535)
Windows Vista (228535)
Windows XP (200535)

Title: Different ACL entry

Description:The file's access permissions do not match the template. If the current setting is authorized, manually update the template. If it is not authorized, set the ACLs to match the template, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_MISSING_ENTRY

Category: Policy Compliance

Windows 2000 (105536)
Windows 2003 (205536)
Windows 2008 (248536)
Windows Vista (228536)
Windows XP (200536)

Title: Missing ACL entry

Description:The file's ACLs do not give access to an account that is specified in template. If the account should not have access, manually update the template. If the account should have access, set the ACLs to match the template, then run the Changed file (signature) check. It is possible for an intruder to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_ADDITIONAL_SACL_ENTRY

Category: Policy Compliance

Windows 2000 (105542)
Windows 2003 (205542)
Windows 2008 (248542)
Windows Vista (228542)
Windows XP (200542)

Title: Additional SACL entry

Description:The file is being audited for an account that is not specified in the template. If auditing should be performed for this account, add the account to the template. If it should not be performed, remove the account from the file's auditing settings.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_DIFFERENT_SACL_ENTRY

Category: Policy Compliance

Windows 2000 (105540)
Windows 2003 (205540)
Windows 2008 (248540)
Windows Vista (228540)
Windows XP (200540)

Title: Different SACL entry

Description:The current audit setting for the file does not match the File template setting. If the current setting is correct, manually update the template. If the setting is incorrect, change the file's auditing settings to match the template.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_MISSING_SACL_ENTRY

Category: Policy Compliance

Windows 2000 (105541)
Windows 2003 (205541)
Windows 2008 (248541)
Windows Vista (228541)
Windows XP (200541)

Title: Missing SACL entry

Description:The file is not audited for the account that is specified in the Information field. If auditing should not be performed for this account, manually update the template. If it should be performed, change the file's auditing settings to match the template.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]