Control Values: Fixed Value Checkboxes

For some controls, you specify the control expected value by selecting one or more fixed value checkboxes. All possible values that may be returned for the control, including known error conditions, are listed in your policy as checkboxes. You simply select each value you want to include in the control evaluation and clear (uncheck) each value you don’t want to include in the evaluation. Fixed value checkboxes are available for some controls starting with version 6.18. More controls will be converted over time.

A control that uses fixed value checkboxes falls into one of these categories:

      The control only allows fixed value selections. User must select/clear check boxes to set the evaluation criteria.

      The control allows a combination of fixed value selections and user-customized criteria.

Known Error Conditions

Having the possible error conditions listed as checkbox selections allows users to easily pass or fail a control based on whether one or more of the error conditions are present. Known error conditions include things like the registry key needed to evaluate the control does not exist, a setting does not exist, a file does not exist, or the path to a registry key does not exist. You may see the values "RegSubKey not found" and "RegTopKey not found" as checkbox selections. The string "RegSubKey not found" indicates that the specific registry key needed to evaluate the control does not exist. The string "RegTopKey not found" indicates that the path to the registry key does not exist. See RegSubKey not found / RegTopKey not found for more information on these values.

Default Setting for Fixed Value Checkboxes

When you add a new control with fixed value checkboxes to your policy, you’ll notice that all the checkboxes are selected by default. This means the control will pass if any of the values are returned. Clear each check box you do not want to include in the evaluation.

When you edit an existing policy with one or more controls that have been converted to fixed value checkboxes, you’ll be prompted to review the controls in your policy that changed. Make sure only the values you want to include in the evaluation are selected and then save the policy to accept the changes. Note: If the expected value previously set for a control used the “in” operator and included a list of integers that were colon delimited (such as 4:314159265358979), then only the checkboxes that correspond to the listed integers (4 and 314159265358979) are selected in the policy.

Sample 1: Control allows fixed values only

In this example, all values that may be returned for the control are listed as fixed value checkboxes, including the error conditions: RegSubKey not found and RegTopKey not found. This control will pass if the Actual value returned for this control matches any of the following: "Disabled (4)” or “RegSubKey not found” or “RegTopKey not found”.

fixed_value_cid1045_after.jpg

Sample 2: Control allows a combination of fixed values and user-customized criteria

In this example, the data point value includes a combination of fixed value checkboxes and a user-customized value. This control will pass if the Actual value returned for this control is “greater than or equal to 14” or the error condition “RegTopKey not found” is returned.

fixed_value_hybrid_cid1091_after.jpg