Symantec Security Expressions Server User Manual

SecurityExpressions Server User Guide

74

A reaudit cycle could go on indefinitely if a system is off or never connects. Limiting the

number of times the task can attempt to reaudit systems keeps the reaudit cycle from

continuing indefinitely.

Both steps B and C provide end points to the reaudit cycle. You may use one method or

the other, or both. If you use both methods together, whichever limit is reached first ends

the audit cycle.

Tip: Steps 11 and 12 each provide a way for audits to occur on systems that were not available
when the task was scheduled to audit them. You may use these features together or separately.

If you use them together, Audit-on-Connect is active both during and after the reaudit cycle.

If a system was contacted but the login credentials were incorrect, the task does not attempt

to reaudit the system.

Other Options Settings

13.

If you want to limit the length of time this task takes to complete from the time it

actually begins auditing, regardless of the reason, click the Limit to Hours radio button in the

Maximum amount of time an audit may run section. Then type the number of hours to which you
want to limit the task.

After this number of hours, the task finishes auditing the system it was working on and

then terminates. If reauditing or Audit-on-Connect on Fail is part of the task, they are

included as part of the overall time it takes to run the entire task.

14.

If you want to keep track of which target systems the task could not audit, check Enable

in the Save target names that could not be contacted to the following machine list section. Then

type a name for the machine list, using variables in the name if you want.

The machine list you enter saves the names of all systems that did not get audited as a

result of the termination. Auditing this machine list later enables you to finish auditing the

remaining systems.

If you type the name of an existing machine list, any systems already listed in it will be

removed. Unless you want the machine list altered in the case of an incomplete audit,

we recommend creating a database machine list expressly for this purpose.

Credentials Settings

15.

If you want to use specific credentials to access all systems whenever this audit task

runs, type those credentials in the Login box.

If you do not want to specify credentials, skip to step 18.

16.

In the Password box, type the password of the credentials you specified in the previous

step.
17.

If you want to make sure these credentials are used to access target systems instead of

any credentials that might be delegated from other credential stores or from the console

application, check the Always use my credentials over delegated ones box.

Windows Group Access

18.

Set Windows Group Access. Enter Windows groups, separated by a comma, that can edit

this scheduled task and use it to perform audits. This establishes which users can access this task

and its audit results due to their role. If a Windows User Group isn't on the local computer, you'll

need to enter the group in

domain\groupname

format.