Sunday, January 30, 2011

Steamlining the manual Windows checklist process with regards to the findings checks

I just came off an auditing engagement (and have to go right back out again.)  On this past trip, we ran into a Windows 7 machine; and I did not have Oval (in order to use the xml file.)  So, it was off to the checklist to perform a manual audit.  I don't mind performing a manual audit, however.....

I wish the checklist was broken out by the relevant area of the machine being audited.  For example, when looking at the Local Security policy, let's look at ALL of the policies at one time.  Or, when looking at the registry, stay in one hive and look at all of the pertinent keys at once; instead of jumping all over the place.  I found it extremely frustrating to be in HKLM\Software\Policies\Microsoft..... and then have to switch to HKLM\Software\Microsoft\CurrentVersion....only to have to switch back to the Policies subkey.  It seems it would be easier to cover all of the keys in one shot before moving out of the particular hive or key set.  The same goes with the DumpSec checks.

Certainly, performing the manual checks is not too difficult.  I believe, though, it would be easier to group all like-checks together so as not to jump around so much and introduce potential errors or omissions.  Just my $0.02.

If anyone knows why the checklists are grouped in the order that they are grouped, I would love to know.

No comments:

Post a Comment