Hello List, i am trying to create a new rootcheck file for hardening windows regarding to cis benchmarks. I noticed that some rules are not working on my Windows 2012 R2 (64bit).
For example: #2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.9: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScRemoveOption -> 0; does not work. I am not sure if this is a failure in the rule or if this is a problem related to the windows registry redirection https://github.com/ossec/ossec-hids/issues/301. If this is related to #301, is there a workaround to check the correct registry hives or are hkey_local_machine_\software and hkey_current_user\software " Thanks for support. Best Regards Daniel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.