Transcription
CONFIGURATION AUDIT OFMICROSOFT WINDOWSComputer:Operating system:Audit date:Checklist:ERZA (Domain member - DCIT)Windows Server 2012 R2 Standard (64bit)2016-02-18 15:45Audit Square - std. security/2016bArea[BASE] Basic NETW-01[SVCS] Systemservices[SECP] Securitypolicy[USER] Useraccounts[ACLS] Accesscontrol[NETW] NetworksettingsOS version and updatesInstalled softwareEnvironment variablesOther operating system settingsBasic configuration of system servicesDriversServices and drivers access permissionsService accountsOther programs that run automaticallyPasswords and account locking policySecurity settingsAudit settingsParameters of log filesOther security settingsSystem-wide privilegesProblematic active accountsLocal groups membershipLogon cacheFile system of local drivesFile access permissionsGlobal settingsNETW-02 Problematic open TCP/UDP ports54%Result ilFailOkFailOkOkOkWarningWarningNETW-03 System server components configurationFailNETW-04 Shared resourcesOk*) You can get to detailed findings by clicking on the check result.ERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:451 / 36
1COMPUTER ACLS-xx][NETW-xx]Assessment infoBasic testsSystem servicesSecurity policyUser accountsAccess controlNetwork settings1.1[INFO-xx] Assessment info1.1.1[INFO-01] Server/workstationBrief description of the examined computer is shown in the table:Computer nameDomain/workgroup membershipOperating system versionCPU architecture, thread countInstalled physical memory sizeHW classificationOS root directoryOS install dateBoot timeERZADomain member (DCIT)6.3 (Windows Server 2012 R2 Standard)x86-64 x 12 (AMD Opteron(tm) Processor 4334)32.0 GBstandardC:\Windows2014-11-05 20:532016-02-08 19:49[Computer ERZA]1.1.2[Top][Summary][Explanatory notes][INFO-02] Data collectionData collection parameters are listed in the table below:Collection dateAccount usedClient versionData processor version2016-02-18 15:45ERZA\SYSTEM2.7.51.1.3.1[Computer ERZA][Top][Summary][Explanatory notes]1.2[BASE-xx] Basic tests1.2.1[BASE-01] OS version and updatesThe check verifies the operating system version, installed service packs and hotfixes and settings of automaticupdates service. If the version of the operating system is different from the given value, if the number of installedservice pack is less than the specified value, if more than a specified time passed since the last hotfix installation, orif the configuration of automatic updates does not comply with the requirements, the overall result of a check isFAIL. Optional parameters allow to fine-tune the behavior of the check.Check result: OK WITH WARNING.The values to be verified are listed in the table below. Problematic values are marked in red:CategoryVersionHotfixes and patchesAutomatic UpdatesParameter nameOS VersionService PackLast hotfix installation dateService statusValueWINDOWS 2012 R2 (6.3)SP02016-02-08Stopped/Manual (Trigger Start)Updates configurationConfigured locally (mode: 3Download only)Server redirection--Recommendation (local WSUS via encryptedconnection (https))ERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:452 / 36
CategoryParameter nameValueRecommendationStatus server redirection-- (local WSUS via encryptedconnection (https))[Computer ERZA]1.2.2[Top][Summary][Explanatory notes][BASE-02] Installed softwareThe installed software packages are checked against the set of rules. If any installed software does not comply withrequirements, the overall result of the check is FAIL. Details of instances found are given in the results table.Note: only the software installed by standard means and recorded in the system installation database is reported.Check result: FAIL.Problematic software packages must either be uninstalled or updated to the safe version, as indicated in the columnwith the recommendation.The table lists the details of installed software:SoftwareAudit Square PRO AgentBroadcom Drivers andManagement ApplicationsDell OpenManage SystemsManagement Software(64-Bit)GDR 5343 for SQL Server2012 (KB3045321) (64bit)HP 3PAR StoreServ PluginHP StoreVirtual Plug-inMatrox Graphics Software(remove only)Microsoft Application ErrorReportingMicrosoft Report Viewer2012 RuntimeMicrosoft SQL Server2008 (64-bit)Microsoft SQL Server2008 Management StudioMicrosoft SQL Server2008 PoliciesMicrosoft SQL Server2008 R2 (64-bit)Microsoft SQL Server2008 R2 Native ClientMicrosoft SQL Server2008 R2 RsFx DriverMicrosoft SQL Server2008 R2 Setup (English)Microsoft SQL Server2008 Setup Support FilesMicrosoft SQL Server2012 (64-bit)Microsoft SQL Server2012 (64-bit)Microsoft SQL Server2012 Management Objects(x64)Microsoft SQL Server2012 Native ClientMicrosoft SQL Server2012 RsFx DriverProducerAuditSquare.comBroadcom 0okMicrosoft Corporation11.2.5343.0okVeeam Software AG8.0.0.817okVeeam Software AGMatrox Graphics Inc.8.0.0.8174.0.1.4okokMicrosoft Corporation12.0.6015.5000okMicrosoft Corporation11.1.3452.0okMicrosoft Corporation(n/a)okMicrosoft Corporation10.0.1600.22okMicrosoft Corporation10.0.1600.22okMicrosoft Corporation(n/a)okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation10.1.2731.0okMicrosoft Corporation(n/a)ok(n/a)(n/a)okMicrosoft Corporation11.0.2100.60okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation11.2.5058.0okERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45Recommendation3 / 36
SoftwareMicrosoft SQL Server2012 Setup (English)Microsoft SQL Server2012 Transact-SQLScriptDomMicrosoft SQL ServerCompact 3.5 SP1 EnglishMicrosoft SQL ServerCompact 3.5 SP1 QueryTools EnglishMicrosoft System CLRTypes for SQL Server2012 (x64)Microsoft Visual C 2010x64 Redistributable 10.0.40219Microsoft Visual C 2010x86 Redistributable 10.0.40219Microsoft Visual StudioTools for Applications 2.0 ENUMicrosoft VSS Writer forSQL Server 2012Mozilla Firefox 31.2.0 ESR(x86 en-US)ProducerMicrosoft CorporationVersion11.2.5343.0FindingokMicrosoft Corporation11.2.5058.0okMicrosoft Corporation3.5.5692.0okMicrosoft Corporation3.5.5692.0okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation10.0.40219okMicrosoft Corporation10.0.40219okMicrosoft Corporation9.0.30729okMicrosoft Corporation11.2.5058.0okMozilla31.2.0Mozilla MaintenanceServiceNEC Electronics USB 3.0Host Controller DriverNetApp Plug-inService Pack 1 for SQLServer 2008 R2(KB2528583) (64-bit)Service Pack 2 for SQLServer 2012 (KB2958429)(64-bit)SQL Server 2008 R2 SP1Common FilesSQL Server 2008 R2 SP1Database Engine ServicesSQL Server 2008 R2 SP1Database Engine SharedSQL Server 2012 CommonFilesSQL Server 2012Database Engine ServicesSQL Server 2012Database Engine SharedSQL Server Browser forSQL Server 2012Sql Server CustomerExperience ImprovementProgramSql Server CustomerExperience ImprovementProgramTotal Commander 64-bit(Remove or Repair)Veeam Backup CatalogVeeam Backup EnterpriseManagerVeeam Backup &Mozilla31.2.0SW not recommended byprofile; installed versionvulnerableokNEC ElectronicsCorporationVeeam Software AGMicrosoft osoft Corporation11.2.5058.0okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation10.51.2500.0okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation11.2.5058.0okMicrosoft Corporation10.50.1600.1okMicrosoft Corporation11.2.5058.0okGhisler Software GmbH8.51aokVeeam Software AGVeeam Software AG8.0.0.8178.0.0.817okokVeeam Software AG8.0.0.817okERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45Recommendation consider removing; orat least upgrade4 / 36
SoftwareReplicationVeeam Backup &Replication PowerShellSDKVeeam Backup TransportVeeam Backup vPowerNFSVeeam Explorer forMicrosoft Active DirectoryVeeam Explorer forMicrosoft ExchangeVeeam Explorer forMicrosoft SharePointVeeam Explorer forMicrosoft SQL ServerVeeam ONEVeeam ONE Business ViewVeeam ONE Monitor ClientVeeam ONE MonitorServerVeeam ONE ReporterServerVeeam ONE Reporter WebWinPcap 4.1.3ProducerVersionFindingVeeam Software AG8.0.0.817okVeeam Software AGVeeam Software AGVeeam Software AG8.0.0.20848.0.0.20848.0.0.952okokokVeeam Software AG8.0.0.951okVeeam Software AG8.0.0.950okVeeam Software AG8.0.0.953okVeeam SoftwareVeeam SoftwareVeeam SoftwareVeeam okokokVeeam Software8.0.0.1569okVeeam SoftwareRiverbed Technology, Inc.8.0.0.15694.1.0.2980okSW forbidden by profileWireshark 1.12.3 (64-bit)The Wireshark k[Computer ERZA]1.2.3Recommendation remove[Top][Summary][Explanatory notes][BASE-03] Environment variablesThe check verifies correctness of the settings of several important system environment variables, namelyCOMSPEC, PATHEXT and PATH. COMSPEC must refer to std. command interpreter (cmd.exe). PATHEXTmust not contain non-default values for the given operating system. The most comprehensive is the testing of thePATH variable, which for the successful test outcome must not contain a directory writable by unprivileged users(exceptions can be specified using the check parameters if necessary).Check result: OK.These settings must be fixed manually directly on the server/workstation (Control Panel - System - Advanced SystemSettings - Environment Variables). However, in the case of problematic entries in the PATH, the preferred solution isto fix directory permissions (removing the write permissions for unprivileged users and groups).Related link:Settingthe 32\WindowsPowerShell\v1.0C:\Program Files\Dell\SysMgt\oma\binC:\Program Files\Dell\SysMgt\shared\binC:\Program Files\Dell\SysMgt\idracC:\Program Files (x86)\Microsoft SQLServer\100\Tools\BinnC:\Program Files\Microsoft SQLServer\100\Tools\BinnC:\Program Files\Microsoft SQLERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:455 / 36
Program Files (x86)\Microsoft SQLServer\110\Tools\BinnC:\Program Files\Microsoft SQLServer\110\Tools\BinnC:\Program Files\Microsoft SQLServer\110\DTS\BinnC:\Program Files (x86)\Microsoft gram Files (x86)\Microsoft SQLServer\100\DTS\Binn[Computer ERZA]1.2.4[Top][Summary][Explanatory notes][BASE-04] Other operating system settingsCheck verifies the settings of several operating system parameters not included in other chapters. Audited settingsinclude OS loader configuration, the OS response to fatal accidents, time synchronization and automatic login.Individual tests can optionally be turned off by the corresponding check arguments. The details of tests behavior cansometimes be further refined by check arguments as well.Check result: OK.The settings tested in this check must usually be adjusted manually directly on the computer without help of GroupPolicy. Details are beyond the scope of this report, please refer to the operating system manufacturer'sdocumentation. Here only a quick hint on some topics: OS loader - Control Panel - System - Advanced System Settings - Startup and Recovery, or command line tools(bootcfg, bcdedit) (related link: DEP configuration); Crash control - Control Panel - System - Advanced System Settings - Startup and Recovery (related link: Crashcontrol); Automatic logon - utility netplwiz (Windows Vista and higher), or direct modification of the registry, the keyHKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (related link: Disablingautologon).ComponentOS clockWinlogonParameter nameTime synchronizationAutomatic logonValueOkDisabled[Computer ERZA]1.3[SVCS-xx] System services1.3.1[SVCS-01] Basic configuration of system servicesRecommendation[Top][Summary][Explanatory notes]The check evaluates the configuration of system services, according to the specified set of rules. Following serviceattributes are verified: the current state of the service, its start mode, path to the binary image, image maker andimage signer. With a set of custom rules blacklist-type checking can be performed (ban on the operation of certainservices) as well as whitelist (allowing only the listed services) or requestlist (request the mandatory operation ofcertain services).Check result: FAIL.Security issues detected in this chapter may be fixed in different ways depending on the problem found: byremoving or disabling the problematic services, adding them to the set of rules (whitelist), or changing the services'starting parameters. The latter could be performed locally (eg. by using mmc snap-in Services), but the use of GroupPolicy is recommended for efficiency reasons. GPO path to the settings is ComputerConfiguration(/Policies)/Windows Settings/Security Settings/System Services. However, caution is required whenpreparing the GPO; it should set only the service starting mode, but not service access permissions.The table lists the system services with configuration or current state not matching the requirements:ERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:456 / 36
ServiceAeLookupSvc(ApplicationExperience)ALG (ApplicationLayer GatewayService)AppHostSvc(Application HostHelper Service)AppIDSvc (ApplicationIdentity)StatusStopped/Manual(Trigger Start)Appinfo (ApplicationInformation)Running/Manual(Trigger Start)AppMgmt (ApplicationManagement)Stopped/ManualAppReadiness (AppReadiness)Stopped/ManualAppXSvc (AppXDeployment Service(AppXSVC))Stopped/Manualaspnet state(ASP.NET ndows AudioEndpoint Builder)Running/ManualAudiosrv (WindowsAudio)Running/AutoBFE (Base FilteringEngine)Running/AutoBITS (BackgroundIntelligent TransferService)BrokerInfrastructure(Background TasksInfrastructureService)Browser catePropagation)COMSysApp (COM System Application)CryptSvc(CryptographicServices)dcevt64 (DSM SAEvent Manager)Running/ManualDcomLaunch (DCOMServer ProcessLauncher)dcstor64 (DSM nual(Trigger st)Microsoft ows\system32 Microsoft Corporation\alg.exeSignerMicrosoft ET\Framework64\v4.0.30319\aspnet dllMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsRecommendationMicrosoft Windows adjust the startingof the service(disabled)Microsoft CorporationMicrosoft Windows adjust the startingof the service(disabled)(svchost)Microsoft rosoft crosoft CorporationC:\Windows\system32\bisrv.dllMicrosoft dsm sa llC:\ProgramMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsDell Inc.Dell Inc.Microsoft CorporationMicrosoft WindowsDell Inc.Dell Inc.ERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45Microsoft WindowsMicrosoft Windows7 / 36
ServiceData Manager)Statusddpsvc (DataRunning/ManualDeduplication Service)ddpvssvc (DataRunning/AutoDeduplication VolumeShadow Copy Service)defragsvc \dataeng\bin\dsm sa eAssociationService (DeviceAssociation Service)DeviceInstall (DeviceInstall Service)Stopped/Manual(Trigger Start)Dhcp (DHCP Client)Running/AutoDiagTrack(Diagnostics TrackingService)Running/AutoDnscache (DNSClient)Running/Auto (Trigger \dps.dllStopped/Manual(svchost)(Trigger lStopped/ManualC:\Windows\system32(Trigger ws\system32\FDResPub.dlldot3svc (WiredAutoConfig)DPS (DiagnosticPolicy Service)DsmSvc (DeviceSetup Manager)Eaphost (ExtensibleAuthenticationProtocol)EFS (Encrypting FileSystem (EFS))EventLog (WindowsEvent Log)EventSystem (COM Event System)fdPHost (FunctionDiscovery ProviderHost)FDResPub (FunctionDiscovery ResourcePublication)Stopped/Manual(Trigger Start)FontCache (WindowsFont Cache tationFoundation FontCache 3.0.0.0)gpsvc (Group PolicyClient)Stopped/ManualCompanySignerMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsRecommendation adjust the startingof the service(disabled)Microsoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft Windowsof the service(disabled)(svchost)Microsoft ows\Microsoft. Microsoft ntCache.exeMicrosoft WindowsRunning/Auto (Trigger (svchost)Microsoft osoft WindowsERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45 adjust the startingMicrosoft Windows8 / 36
Servicehidserv (HumanInterface DeviceService)StatusRunning/Manual(Trigger Start)ExeCompany(svchost)Microsoft crosoft Windowshkmsvc (Health Keyand et ExplorerETW CollectorService)IKEEXT (IKE andAuthIP IPsec KeyingModules)iphlpsvc (IP Helper)Stopped/Manual(svchost)Microsoft \system32 Microsoft Corporation\IEEtwCollector.exeMicrosoft WindowsKeyIso (CNG KeyIsolation)KPSSVC (KDC ProxyServer service (KPS))KtmRm (KtmRm Server)LanmanWorkstation(Workstation)lltdsvc (Link-LayerTopology DiscoveryMapper)lmhosts (TCP/IPNetBIOS Helper)LSM (Local SessionManager)MMCSS (MultimediaClass Scheduler)Stopped/ManualMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsRunning/AutoMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMozillaMaintenance(Mozilla MaintenanceService)Stopped/ManualMpsSvc (WindowsFirewall)Running/AutoMSDTC (DistributedTransactionCoordinator)MSiSCSI (MicrosoftiSCSI InitiatorService)msiserver (WindowsInstaller)MSSQL VEEAMSQL2008R2 (SQL d/ManualStopped/ManualRunning/Auto adjust the startingof the service(disabled)C:\Program FilesMozilla nceservice.exe(svchost)Microsoft s\system32 Microsoft Corporation\msdtc.exeMozilla Corporation(svchost)Microsoft ows\system32 Microsoft Corporation\msiexec.exeC:\ProgramMicrosoft CorporationFiles\Microsoft SQLServer\MSSQL10 50.VEEAMSQL2008R2\MSSQL\Binn\sqlservr.exeMicrosoft WindowsERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45 adjust the startingof the service(disabled)Running/Auto (Trigger opped/ManualC:\Windows\system32(Trigger system32\kpssvc.dllStopped/Manual(svchost)(Trigger )C:\Windows\system32\lltdsvc.dllRunning/Auto (Trigger (svchost)Start, Trigger icrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft Corporation9 / 36
ServiceStatusMSSQL VEEAMSQL2 Running/Auto012 (SQL Server(VEEAMSQL2012))ExeC:\ProgramFiles\Microsoft .exeMSSQLServerADHelp Stopped/DisabledC:\Programer100 (SQL ActiveFiles\Microsoft SQLDirectory nt (NetworkStopped/Manual(svchost)Access aSvc r Start, Trigger gon eNetman ows\system32\netman.dllnetprofm (NetworkRunning/Manual(svchost)List t.Tcp Port t.exeNlaSvc (NetworkRunning/Auto(svchost)Location Awareness)C:\Windows\system32\nlasvc.dllnsi (Network StoreRunning/Auto(svchost)Interface Service)C:\Windows\system32\nsisvc.dllomsad (DSM SARunning/AutoC:\ProgramShared Services)Files\Dell\SysMgt\oma\bin\dsm om W(Performance Counter64\perfhost.exeDLL Host)pla (Performance Logs Stopped/Manual(svchost)& Alerts)C:\Windows\system32\pla.dllPlugPlay (Plug \umpnpmgr.dllPolicyAgent (IPsecRunning/Manual(svchost)Policy Agent)(Trigger Start)C:\Windows\system32\IPSECSVC.DLLPower po.dllPrintNotify (PrinterStopped/Manual(svchost)Extensions \x64\3\PrintConfig.dllProfSvc (User Profile rofsvc.dllRasAuto (RemoteStopped/Manual(svchost)Access AutoC:\Windows\system32Connection Manager)\rasauto.dllRasMan (RemoteAccess ConnectionManager)Stopped/ManualCompanyMicrosoft CorporationSignerMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsDell Inc.Dell Inc.Microsoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft Windows(svchost)Microsoft CorporationC:\Windows\system32\rasmans.dllERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45Recommendation adjust the startingof the service(disabled)Microsoft Windows10 / 36
ServiceRemoteAccess(Routing and RemoteAccess)RemoteRegistry(Remote Registry)rpcapd (RemotePacket CaptureProtocol v.0(experimental))RpcEptMapper (RPCEndpoint s\system32\mprdim.dllStopped/Auto (Trigger ed/DisabledC:\Program r (RemoteProcedure Call (RPC)Locator)RpcSs (RemoteProcedure Call (RPC))Stopped/ManualRSoPProv (ResultantSet of Policy Provider)sacsvr (SpecialAdministrationConsole Helper)SamSs (SecurityAccounts Manager)SCardSvr (SmartCard)Stopped/ManualScDeviceEnum(Smart Card DeviceEnumeration Service)Schedule (TaskScheduler)Stopped/Manual(Trigger Start)SCPolicySvc (SmartCard Removal Policy)Stopped/Manualseclogon (SecondaryLogon)Stopped/ManualSENS (System EventNotification Service)Running/AutoServer Administrator(DSM SA ConnectionService)Running/AutoSessionEnv (RemoteDesktopConfiguration)SharedAccess(Internet ConnectionSharing (ICS))ShellHWDetection(Shell HardwareDetection)Running/Manualsmphost (MicrosoftStorage Spaces SMP)Stopped/ManualSNMPTRAP (SNMPTrap)Spooler d/DisabledRunning/AutoRunning/AutoCompanyMicrosoft CorporationSignerMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsRiverbed Technology,Inc.Riverbed Technology,Inc.(svchost)Microsoft ows\system32 Microsoft Corporation\Locator.exeMicrosoft mFiles\Dell\SysMgt\oma\bin\dsm om st)C:\Windows\system32\shsvcs.dllMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsDell Inc.Dell Inc.Microsoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft Windows(svchost)Microsoft ws\system32 Microsoft Corporation\snmptrap.exeC:\Windows\system32 Microsoft Corporation\spoolsv.exeERZA / Windows Server 2012 R2 Standard / 2016-02-18 15:45RecommendationMicrosoft Windows adjust the startingof the service(disabled)Microsoft WindowsMicrosoft WindowsMicrosoft Windows11 / 36
Servicesppsvc (SoftwareProtection)StatusStopped/Auto(Delayed, TriggerStart)SQLAgent VEEAMSQ Stopped/DisabledL2008R2 (SQLServer 2 Microsoft Corporation\sppsvc.exeC:\ProgramFiles\Microsoft SQLServer\MSSQL10 50.VEEAMSQL2008R2\MSSQL\Binn\SQLAGENT.EXESQLAgent VEEAMSQ Stopped/DisabledC:\ProgramL2012 (SQL ServerFiles\Microsoft \MSSQL\Binn\SQLAGENT.EXESQLBrowser (SQLRunning/AutoC:\Program FilesServer Browser)(x86)\Microsoft SQLServer\90\Shared\sqlbrowser.exeSQLWriter (SQLRunning/AutoC:\ProgramServer VSS Writer)Files\Microsoft SQLServer\90\Shared\sqlwriter.exeSSDPSRV \system32\ssdpsrv.dllSstpSvc (SecureStopped/Manual(svchost)Socket TunnelingC:\Windows\system32Protocol Service)\sstpsvc.dllsvsvc (Spot Verifier)Stopped/Manual(svchost)(Trigger Start)C:\Windows\system32\svsvc.dllswprv (MicrosoftStopped/Manual(svchost)Software ShadowC:\Windows\system32Copy Provider)\swprv.dllSysMain (Superfetch) .dllSystemEventsBroker Running/Auto (Trigger (svchost)(System sbrokerserver.dllTapiSrv m32\tapisrv.dllTermService (Remote Running/Manual(svchost)Desktop Services)C:\Windows\system32\termsrv.dllThemes hemeservice.dllTHREADORDER(Thread OrderingServer)TieringEngineService(Storage TiersManagement)TrkWks (DistributedLink Tracking stedInstallerStopped/Manual(Windows ModulesInstaller)UALSVC (User Access Running/AutoLogging Service)(Delayed)SignerMicrosoft WindowsMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft CorporationMicrosoft WindowsMicrosoft CorporationMicrosoft WindowsMicrosoft Corporati
Operating system: Windows Server 2012 R2 Standard (64bit) 54% Audit date: 2016-02-18 15:45 Checklist: Audit Square - std. security/2016b Area Check Result *) [BASE] Basic tests BASE-01 OS version and updates Warning BASE-02 Installed software Fail BASE-03 Environment variables Ok BASE-04 Other operating system settings Ok [SVCS] System services SVCS-01 Basic configuration of system services .
