Control Type
Registry Hive
Registry Key
name
File/Directory Path
hash Type
Registry Key Existence
Registry Value Existence
Registry Value Content Check
Registry Permission
File/Directory Existence
File/Directory Permission
File Integrity Check
In the Scan Parameters section, identify the scan parameters that the scanning engine will use to gather data for the control. Depending on the control type, there will be one or more scan parameters required. The scan parameters combined make up a unique data point. Each data point must have a description associated with it which will appear in compliance policies and reports.
The following table shows the scan parameters required for each control type.
Control Type |
Registry Hive |
Registry Key |
name |
File/Directory Path |
hash Type |
Registry Key Existence |
|
|
|
|
|
Registry Value Existence |
|
|
|
|
|
Registry Value Content Check |
|
|
|
|
|
Registry Permission |
|
|
|
|
|
File/Directory Existence |
|
|
|
|
|
File/Directory Permission |
|
|
|
|
|
File Integrity Check |
|
|
|
|
|
A registry hive is a top level registry key predefined by the Windows system to store registry keys, subkeys and values for specific objectives. All registry hives begin with HKEY and appear as file folders at the top level on the left hand side of the Registry Editor window.
These common hives are supported in custom controls:
HKEY_CLASSES_ROOT (HKCR). This hive contains information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items. The information stored here ensures that the correct program opens when you open a file by using Windows Explorer. HKEY_CLASSES_ROOT is a subkey of HKEY_LOCAL_MACHINE\Software.
HKEY_CURRENT_USER (HKCU). This hive contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is referred to as a user's profile. HKEY_CURRENT_USER is a subkey of HKEY_USERS.
HKEY_USERS (HKU). This hive contains the root of all user profiles on the computer.
HKEY_LOCAL_MACHINE (HKLM). This hive contains configuration information particular to the computer. The information stored here is general to all users on the computer.
A registry key appears as a file folder on the left side of the Registry Editor window. Registry keys may contain registry subkeys, which are keys within a key. Subkeys also appear as file folders on the left side of the Registry Editor window.
A registry value is a string of data that appears on the right side of the Registry Editor window for a selected key. A value entry has three parts: name, data type and the value itself. The name of the registry value is the part you want to enter in the Scan Parameters section.
To check the content of a registry value, enter the name of the registry value as it appears in the Name column in the Registry Editor window. If you do not specify a registry value name, then the service will check the content of the default value for the specified registry key. The default value appears as (Default) in the Name column in the Registry Editor window.
When creating a File/Directory Existence control or a File/Directory Permission control, you must provide the path to the file or directory on your Windows system. You may enter the exact path (for example c:\windows\system32\config) or use a system variable in the path (for example %windir%\system32\config). The following system variables are supported:
%SystemRoot%
%windir%
%ProgramFiles%
%CommonProgramFiles%
For a file integrity check control, the hash type identifies the algorithm to be used for computing the file hash. The supported hash types are: MD5 (insecure competitive matching only) 16-byte digest, SHA1 (insecure competitive matching only) 20-byte digest, and SHA256 (Secure) 32-byte digest.
The data type represents the type of data that is returned by the scanning engine for the control type. In most cases, there is only one type of data that can be returned and that type appears in the Data Type field. For a Registry Value Content Check, you must select the type of data you expect returned for the control that you're creating.
The data types available for each control type are listed below.
Control Type |
data type |
description |
Registry Key Existence |
Boolean |
A True or False value is returned. |
Registry Value Existence |
Boolean |
A True or False value is returned. |
Registry Value Content Check |
Boolean |
A True or False value is returned. |
Integer |
An integer value (whole number) is returned. |
|
String |
A string value is returned. |
|
String List |
A list of string values is returned. |
|
Registry Permission |
String List |
A list of string values is returned. |
File/Directory Existence |
Boolean |
A True or False value is returned. |
File/Directory Permission |
String List |
A list of string values is returned. |
File Integrity Check |
String |
A string value is returned. |
Enter a description for the data point. The description will be saved as part of the data point configuration. When you change the data point description in a control, then all controls that use the same data point will be updated automatically to use the new description.