Symantec Security Expressions Server User Manual

SecurityExpressions Server User Guide

66

Make sure you type the system names or IP addresses correctly. If you did not type a

system's name or address correctly or somehow entered an invalid system, the audit skips

the system and moves on to the next system in the list.

5. Set Windows Group Access. Enter Windows groups, separated by a comma, that can use

this machine list and view audit results for it. This establishes which users can access this

machine list and its audit results because of their role. If a Windows User Group isn't on

the local computer, you'll need to enter the group in

domain\groupname

format.

In the Use Machine List field, enter the Windows groups that should be able to use the

machine list in scheduled audits. In the View Audit Results field, enter the Windows groups
that should be able to view results from audits using the machine list. To grant all users

access, type Everyone. To restrict all users, type None.

6. When you're done modifying the machine list, click the Add/Update button.

The machine list appears in the table at the top of the page.

Deleting Machine Lists

Click the Delete hyperlink in the same row as the machine list that you want to delete. When

you delete a machine list, you remove it from the database. A warning appears to remind you

that you are about to delete a record from the database. At this time, you can cancel the action
or delete the record.

Editing Global Machine Lists

You can use global machine lists, which are database machine lists created in the console

application, to indicate which target systems you want to audit on a schedule. If a database

machine list requires credentials in order to access the systems in it, and you plan to use it in the

server application, someone needs to delegate the machine list's credentials to the server

application.

To delegate a database machine list's credentials to the server application, open the console
application, right click the Database Machine List in the Audit tab's left pane and select Edit from

the menu. The Edit Machine List dialog box appears. Use the Connect tab and the Delegation tab

to set and delegate credentials. For more information on editing machine lists in the console

application, check its on-line help.

Scheduled Tasks

Scheduled Tasks

SecurityExpressions automatically starts a scheduled task at some future time based on options

defined through Audit-On-Schedule.

Audit-On-Schedule specifies a daily, weekly, or monthly schedule to audit certain devices and

how to audit those devices. You can assign previously created notifications to scheduled audits.

While viewing the scheduled audits, you can click Run Now to run the task immediately.

From the Scheduled Task page you add, edit, or delete a task. You must be logged in as the

same user that created a scheduled task in order to use it, unless you belong to a Windows User

Group listed in the Edit Private Items field in the Item Rights options.

Scheduled tasks use only the policy file and .CONFIGURE information of a policy, ignoring the

other settings.