File ACL (Windows)

Module: File Attributes

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports a problem if file and folder permissions do not match the values in their associated template records.

The following table lists the error messages for the check.

Table: Error messages for File ACL

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESMT_ADDITIONAL_ENTRY Category: Policy Compliance	Windows 2000 (105534) Windows 2003 (205534) Windows 2008 (248534) Windows Vista (228534) Windows XP (200534)	Title: Additional ACL entry Description:The file's access permissions include an account that is not listed in the template. If the account is authorized to access the file, manually update the template. If it is not authorized, remove the account's access to the file, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_DIFFERENT_ENTRY Category: Policy Compliance	Windows 2000 (105535) Windows 2003 (205535) Windows 2008 (248535) Windows Vista (228535) Windows XP (200535)	Title: Different ACL entry Description:The file's access permissions do not match the template. If the current setting is authorized, manually update the template. If it is not authorized, set the ACLs to match the template, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_MISSING_ENTRY Category: Policy Compliance	Windows 2000 (105536) Windows 2003 (205536) Windows 2008 (248536) Windows Vista (228536) Windows XP (200536)	Title: Missing ACL entry Description:The file's ACLs do not give access to an account that is specified in template. If the account should not have access, manually update the template. If the account should have access, set the ACLs to match the template, then run the Changed file (signature) check. It is possible for an intruder to modify a file without changing the modification time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_NOACL Category: Policy Compliance	Windows 2000 (105539) Windows 2003 (205539) Windows 2008 (248539) Windows Vista (228539) Windows XP (200539)	Title: File stored on volume that does not support ACLs Description:One or more files that are specified in a File template are stored on a volume that does not support persistent ACLs. There is little or no control over who can access these files. Convert all volumes with FAT file systems to NTFS to implement support for ACLs.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_NOOWNER Category: Policy Compliance	Windows 2000 (105553) Windows 2003 (205553) Windows 2008 (248553) Windows Vista (228553) Windows XP (200553)	Title: Account specified in template does not exist on system Description:An account that is specified in a template ACL sublist does not exist. If the account should exist, add it to the system. If it should not exist, manually update the template.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_EVENT_LOG_INFO Category: Policy Compliance	Windows 2000 (105559) Windows 2003 (205559) Windows 2008 (248559) Windows Vista (228559) Windows XP (200559)	Title: File or folder Event Log Entry Description:An entry in the Security Audit Event Log occurred for this file or folder.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESMT_FILE_ACL_DISABLED_ACCOUNTS Category: Policy Compliance	Windows 2000 (105560) Windows 2003 (205560) Windows 2008 (248560) Windows Vista (228560) Windows XP (200560)	Title: Disabled Accounts in File ACL Description:List of disabled accounts in File ACL.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESMT_ADDITIONAL_ENTRY

Category: Policy Compliance

Windows 2000 (105534)
Windows 2003 (205534)
Windows 2008 (248534)
Windows Vista (228534)
Windows XP (200534)

Title: Additional ACL entry

Description:The file's access permissions include an account that is not listed in the template. If the account is authorized to access the file, manually update the template. If it is not authorized, remove the account's access to the file, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_DIFFERENT_ENTRY

Category: Policy Compliance

Windows 2000 (105535)
Windows 2003 (205535)
Windows 2008 (248535)
Windows Vista (228535)
Windows XP (200535)

Title: Different ACL entry

Description:The file's access permissions do not match the template. If the current setting is authorized, manually update the template. If it is not authorized, set the ACLs to match the template, then run the Changed file (signature) check. It is possible to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_MISSING_ENTRY

Category: Policy Compliance

Windows 2000 (105536)
Windows 2003 (205536)
Windows 2008 (248536)
Windows Vista (228536)
Windows XP (200536)

Title: Missing ACL entry

Description:The file's ACLs do not give access to an account that is specified in template. If the account should not have access, manually update the template. If the account should have access, set the ACLs to match the template, then run the Changed file (signature) check. It is possible for an intruder to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_NOACL

Category: Policy Compliance

Windows 2000 (105539)
Windows 2003 (205539)
Windows 2008 (248539)
Windows Vista (228539)
Windows XP (200539)

Title: File stored on volume that does not support ACLs

Description:One or more files that are specified in a File template are stored on a volume that does not support persistent ACLs. There is little or no control over who can access these files. Convert all volumes with FAT file systems to NTFS to implement support for ACLs.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_NOOWNER

Category: Policy Compliance

Windows 2000 (105553)
Windows 2003 (205553)
Windows 2008 (248553)
Windows Vista (228553)
Windows XP (200553)

Title: Account specified in template does not exist on system

Description:An account that is specified in a template ACL sublist does not exist. If the account should exist, add it to the system. If it should not exist, manually update the template.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_EVENT_LOG_INFO

Category: Policy Compliance

Windows 2000 (105559)
Windows 2003 (205559)
Windows 2008 (248559)
Windows Vista (228559)
Windows XP (200559)

Title: File or folder Event Log Entry

Description:An entry in the Security Audit Event Log occurred for this file or folder.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMT_FILE_ACL_DISABLED_ACCOUNTS

Category: Policy Compliance

Windows 2000 (105560)
Windows 2003 (205560)
Windows 2008 (248560)
Windows Vista (228560)
Windows XP (200560)

Title: Disabled Accounts in File ACL

Description:List of disabled accounts in File ACL.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]