Symantec Security Expressions Server User Manual

SecurityExpressions Server User Guide

18

When you schedule an audit, you can specify which computers to audit by selecting machine lists

created on the My Machine Lists page and machine lists created in the console application (global

machine lists). You can grant or restrict access to My Machine Lists and the results from audits
using them with the Windows Group Access options on the My Machine Lists page. Since global

machine lists were created in the console application, the server application needs to provide a

place to grant or restrict access to them and the results from audits using them. The ML Access

page is where you can accomplish that.

If the central database doesn't contain any global machine lists created in the console

application, the table on this page will be empty.

To grant or restrict access to a global machine list in the Audit and Compliance Server:

1. Click the machine list's name in the Name column.

2. Set Windows Group Access. Enter Windows groups, separated by a comma, that can use

this machine list, remediate computers in this machine list, and view audit results for this

machine list. This establishes which users can access this machine list and its audit

results due to their role. If a Windows User Group isn't on the local computer, you'll need
to enter the group in

domain\groupname

format.

• In the Use Machine List field, enter the Windows groups who should be able to

modify the machine list.

• In the Remediate field, enter the Windows groups who should be able to

remediate computers in the machine list.

• In the View Audit Results field, enter the Windows groups who should be able to

view results from audits using the machine list.

To grant all users access, type Everyone. To restrict all users, type None.

3. When you're done, click the Add/Update button.

Policy File Library

Before you can select a policy file in the Policies page, you must enter the policy file library's path

and credentials here. This enables the application to gain access to the library and its policy files.

To gain access to a policy file library:

1. In the Library URL field, enter the library's path.
2. In the Library Login field, type the user name needed to gain access to the library.
3. In the Library Password field, type the password needed to gain access to the library.

Library Synchronization

Policy files are updated frequently by the organizations that issue them. If you audit with policy

files from a standard policy library, such as the policy file library found at
http://www.pedestal.com/products/se/resources/Library, you might want to set a synchronization

schedule to remain current. This keeps audits in compliance with current policy files.

To synchronize with a Policy File Library:

1. Check the Synchronize with a policy file library box.
2. Decide whether to check for policy file updates regularly on a schedule or to just update

now.