Accounts 01Check all local users to ensure that no non-standard accounts exist. Unless the server is not in a domain, there should be no additional user accounts. Example standard accounts include "ASPNET", "__VMware"
PassNo additional local accounts
WarningThis is a work group server, is this correct.?
FailOne or more local accounts exist
Applies ToAll Servers
acc01
Local Users
No additional local accounts
Data
None
Accounts 02Checks to see if the default local "Administrator" and "Guest" accounts have been renamed.
PassLocal accounts have been renamed
FailA local account was found that needs to be renamed
Applies ToAll Servers
acc02
Local Account Names
A local account was found that needs to be renamed
Data
Administrator: Administrator, Guest: Guest
Accounts 03Check the local administrators group to ensure no non-standard accounts exist. If there is a specific application requirement for local administration access then these need to be well documented.
PassNo local administrators found
WarningThis is a work group server, is this correct.?
FailOne or more local administrator accounts exist
Applies ToAll Servers
acc03
Local Administrators
One or more local administrator accounts exist
Data
Administrator,
Accounts 04Check all local groups and ensure no additional groups exist. If there is a specific application requirement for local groups then these need to be documented with a designated team specified as the owner. If you use specific role groups, make sure they are excluded in the settings file.
PassNo additional local accounts
FailOne or more local groups exist
N/AServer is a domain controller
Applies ToAll Servers
acc04
Local Groups
No additional local accounts
Data
None
Accounts 05Checks all services to ensure no user accounts are assigned. If specific application service accounts are required then they should be domain level accounts (not local) and restricted from interactive access by policy.
PassNo services found running under a local accounts
WarningOne or more services was found to be running under local accounts
Applies ToAll Servers
acc05
Service Logon Accounts
No services found running under a local accounts
Data
None
Accounts 06Checks to make sure that the guest user account has been disabled. The guest account is located via the well known SID.
PassGuest account is disabled
FailGuest account has not been disabled
N/AGuest account does not exist
Applies ToAll Servers
acc06
Guest Account
Guest account is disabled
Data
None
Accounts 07Checks the built-in group memberships to make sure specific users or groups are members. If there is only one entry in "GroupMembers", then "AllMustExist" will be set to "TRUE". This is check 1 of 3 that can be used to check different groups.
PassGroup membership configured correctly One or more users are members of the selected group
WarningInvalid group name, or group member list is empty
FailGroup membership is not correct
Applies ToAll Servers
acc07
Built-In Group Members (1 of 3)
Invalid group name, or group member list is empty
Data
Remote Desktop Users
Compliance
Compliance 01Check that McAfee anti-virus is installed and virus definitions are up to date.
PassMcAfee product found, DATs are OK,# Access Protection is installed and running
FailMcAfee product found, but wrong version, DATs are not up-to-date,# No DAT version found,# Access Protection is not installed or enabled {0} not found, install required
Applies ToAll Servers
com01
McAfee AV Installed
McAfee VirusScan Enterprise not found, install required
Data
None
Compliance 02Check relevant monitoring tool agent is installed and that the correct port is open to the management server.
PassVersion {0},#Port {1} open to {2}
FailVersion {0},#Port {1} not open to {2} Version {0},#Agent not configured with port and/or server name Monitoring software not found, install required
Applies ToAll Servers
com02
Monitoring Installed
Monitoring software not found, install required
Data
None
Compliance 03Check relevant SCCM agent process is running, and that the correct port is open to the management server.
FailSCCM agent not found, install required
Applies ToAll Servers
com03
SCCM Installed
SCCM agent not found, install required
Data
None
Compliance 04Check NetBackup agent is installed and that the correct port is open to the management server. Only applies to physical servers, or virtual servers with a list of known software installed.
ManualNetBackup agent not found, VADP backup.?
Applies ToAll Servers
com04
NetBackup Agent Installed
NetBackup agent not found, VADP backup.?
Data
Is this server backed up via VADP.? Manually check vCenter annotations
Compliance 05Check server is compliant with patch policy (must be patched to latest released patch level for this customer). Check date of last patch and return WARNING if not within specified number of days, and FAIL if not within number of days *2.
PassWindows patches applied
FailNo last patching date
Applies ToAll Servers
com05
Patching Compliant
No last patching date
Data
This server has never been patched
Compliance 06Check that a WSUS server has been specified and that the correct port is open to the management server.
PassWSUS server configured
FailWSUS server has not been configured
Applies ToAll Servers
com06
WSUS Server Setting
WSUS server has not been configured
Data
None
Compliance 09Check that Trend anti-virus is installed and virus definitions are up to date.
PassTrend product found, DATs are OK
FailTrend product found, but wrong version, DATs are not up-to-date No DAT version found Trend product not found, install required
Applies ToAll Servers
com09
Trend AV Installed
Trend product not found, install required
Data
None
Compliance 12Check that only one server role or feature is installed
PassNo extra server roles or features installed One extra server role or feature installed
FailOne or more extra server roles or features installed
N/AOperating system not supported
Applies ToAll Servers
com12
Only One Server Role Or Feature
One extra server role or feature installed
Data
SNMP Service,
Drives
Drives 01Check the system drive is a minimum size of 50gb for Windows 2008+ servers (some are reporting 49gb).
PassSystem drive meets minimum required size
FailSystem drive is too small, should be {0}GB
Applies ToAll Servers
drv01
System Drive Size
System drive meets minimum required size
Data
Current Size: 50GB
Drives 02Ensure all drives have a minimum amount of free space. Measured as a percentage.
PassAll drives have the required minimum free space of {0}%
FailOne or more drives were found with less than {0}% free space
ManualUnable to get drive information, please check manually
Applies ToAll Servers
drv02
Min Drive % Free Space
All drives have the required minimum free space of 17%
Data
C: (81% free),
Drives 03Check the page file is located on the system drive and is a fixed size. The default setting is 4096MB (4GB). If the page file is larger a document detailing the tuning process used must exist and should follow Microsoft best tuning practices (http://support.microsoft.com/kb/2021748).
PassPage file is set correctly
FailPage file is system managed Page file is not set correctly Page file does not exist on {0} drive
ManualUnable to get page file information, please check manually
Applies ToAll Servers
drv03
Page File Location & Size
Page file is system managed
Data
It should be set as follows, A fixed custom size of 4096mb and located on the C:\ drive
Drives 04If a CD/DVD drive is present on the server confirm it is configured as "R:".
PassCD/DVD drive set correctly
FailCD/DVD drive found, but not configured as {0}
N/ANo CD/DVD drives found
Applies ToAll Servers
drv04
CD/DVD Drive Letter
CD/DVD drive found, but not configured as R:
Data
D:,
Drives 05Check shared folders to ensure no additional shares are present. Shared folders should be documented with a designated team specified as the owner.
PassNo additional shares found
WarningShared folders found, check against documentation
Applies ToAll Servers
drv05
Shared Folders
No additional shares found
Data
None
Drives 06Where SAN storage is used, ensure multipathing software is installed and Dual Paths are present and functioning. This only checks that known software is installed. A manual check must be done to ensure it is configured correctly.
FailSAN storage software not found, install required
Manual{0} found
N/ANot a physical server Windows 2012 and above should be using native multipathing Operating system not supported
Applies ToAll Servers
drv06
SAN Storage Software
Not a physical server
Data
None
Drives 07Check local disk array management agent is installed on the server. This only checks that known software is installed. A manual check must be done to ensure it is configured correctly.
FailDisk management software not found, install required
Manual{0} found
N/ANot a physical server Operating system not supported
Applies ToAll Servers
drv07
Disk Management Agent
Not a physical server
Data
None
Drives 08Ensure all drives are formatted as NTFS.
PassAll drives are formatted as NTFS
FailOne or more drives were found not formatted as NTFS
ManualUnable to get drive information, please check manually
Applies ToAll Servers
drv08
Drives NTFS format
All drives are formatted as NTFS
Data
None
Drives 09Ensure all drives types are set to BASIC and with a partition style of MBR.
PassAll drive types are BASIC, with partition styles of MBR
FailOne or more partition styles are not MBR,# One or more drives types are not BASIC,# One of more drives are unknown Ignoring unknown drive types
Applies ToAll Servers
drv09
Drive Partition Type
All drive types are BASIC, with partition styles of MBR
Data
None
HyperV Host
HyperV Host 01Check Hyper-V is installed on Windows Server Core.
PassHyper-V is using Windows Server Core
FailHyper-V is not using Windows Server Core
N/ANot a Hyper-V host server
Applies ToHyper-V Hosts
hvh01
Server Core
Not a Hyper-V host server
Data
None
HyperV Host 02Check all virtual machines are using thick provisioned disks
PassAll virtual machines are using thick provisioned disks
FailOne or more virtual machines are not using thick provisioned disks
N/ANot a Hyper-V host server No virtual machines exist on this host
Applies ToHyper-V Hosts
hvh02
Thick Provisioned Disks
Not a Hyper-V host server
Data
None
HyperV Host 03Check all virtual machines are running from a non-system drive.
PassNo virtual machines are using the system drive
FailOne or more virtual machines are using the system drive
N/ANot a Hyper-V host server No virtual machines exist on this host
Applies ToHyper-V Hosts
hvh03
VM Location
Not a Hyper-V host server
Data
None
HyperV Host 04Check the version of the Integration Services installed on all virtual machines
PassAll virtual machines are up to date
FailOne or more virtual machines are not up to date, or do not have the integration services installed
N/ANot a Hyper-V host server No virtual machines exist on this host
Applies ToHyper-V Hosts
hvh04
Integration Services
Not a Hyper-V host server
Data
None
HyperV Host 05Check the network adapter jumbo frame setting. Should be set to 9000 or more.
PassAll network adapters configured correctly
FailOne or more network adapters are not using Jumbo Frames No network adapters found or enabled
N/ANot a Hyper-V host server
Applies ToHyper-V Hosts
hvh05
Jumbo Frames Enabled
Not a Hyper-V host server
Data
None
HyperV Host 06Check that all Windows 2012+ virtual machines are built as generation 2
PassAll virtual machines are the correct generation type
FailOne or more Windows 2012+ virtual machines are not set as generation 2
N/ANot a Hyper-V host server No virtual machines exist on this host
Applies ToHyper-V Hosts
hvh06
Generation Type
Not a Hyper-V host server
Data
None
HyperV Host 07Check all virtual machines are using VHDX disks if the host is Windows 2012 or above
PassAll virtual machines are using VHDX disks
FailOne or more virtual machines are not using VHDX disks
N/ANot a Hyper-V host server No virtual machines exist on this host Not a supported operating system for this check
Applies ToHyper-V Hosts
hvh07
VHDX Disks
Not a Hyper-V host server
Data
None
Network
Network 01Check the global IPv6 setting and of status of each NIC.
Applies ToAll Servers
net01
Global And NIC IPv6 Status
IPv6 setting enabled globally, all NICs disabled
Data
None
Network 02Check there are no DHCP enabled network interfaces on the server. All NICs should have a statically assigned IP address.
PassNo DHCP enabled adapters found
FailDHCP enabled adapters found
Applies ToAll Servers
net02
DHCP Enabled Network Adapters
No DHCP enabled adapters found
Data
None
Network 03Check network interfaces are labelled so their purpose is easily identifiable. FAIL if any adapter names are "Local Area Connection x" or "Ethernet x".
PassAll adapters renamed from default
FailAn adapter was found with a default name
Applies ToAll Servers
net03
Network Adapter Names
An adapter was found with a default name
Data
Ethernet0,
Network 04Check binding order is set correctly for "Production" as the primary network adapter then as applicable for other interfaces. If no "Production" adapter is found, then "Management" should be first.
PassBinding order correctly set
FailRegistry setting not found Production or Management adapters not listed Binding order incorrect, {0} should be first
Applies ToAll Servers
net04
Network Binding Order
Production or Management adapters not listed
Data
Ethernet0,
Network 05Check the network adapter speed and duplex settings. Should be set to "Full Duplex" and "Auto".
PassAll network adapters configured correctly
WarningOne or more network adapters configured incorrectly
FailNo network adapters found or enabled
Applies ToAll Servers
net05
Network Speed And Duplex
All network adapters configured correctly
Data
None
Network 07Check network interfaces for known teaming names, manually check they are configured correctly. Fail if no teams found or if server is a virtual. Checked configuration is: Teaming Mode: "Static Independent"; Load Balancing Mode: "Address Hash"; Standby Adapter: (set).
Pass, Team configuration is set correctly
FailNo teamed network adapters found Teamed network adapters found on a virtual machine , Team configuration is not set correctly Teaming Count Issue
ManualTeamed network adapters found, check they are configured correctly
N/ANot a supported operating system for this check Not a physical server
Applies ToPhysical Servers
net07
Network Teaming
Not a physical server
Data
None
Network 08Check that a management network adapter exists. This must always be present on a server and labelled correctly.
PassManagement network adapter found
FailNo management network adapter
Applies ToAll Servers
net08
Management Adapter
No management network adapter
Data
None
Network 09Checks to make sure the specified static routes have been added. Add routes to check as: StaticRoute01 = ("destination", "subnet mask", "gateway"). To check for no extra persistent routes, use: StaticRoute01 = ("None", "", ""). Up to 99 routes can be checked - You must edit the settings file manually for more than the currently configured.
PassRequired static routes are present
FailNo static routes present All entered static routes are missing One or more static routes are missing or incorrect A static route exists that must not
N/ANo static routes to check
Applies ToAll Servers
net09
Static Routes
No static routes to check
Data
None
Network 10Check network interfaces have their power management switch disabled.
PassAll adapters have power saving disabled
FailOne or more adapters have power saving enabled No enabled network adapters found
Applies ToAll Servers
net10
Power Management
All adapters have power saving disabled
Data
None
Network 11Checks that all DNS servers are configured, and if required, in the right order.
PassAll DNS servers configured and in the right order All DNS servers configured
FailDNS Server count mismatch Mismatched DNS servers No DNS servers are configured
Applies ToAll Servers
net11
DNS Settings
DNS Server list is not in the required order
Data
Configured: 10.1.1.2, Looking For:
Network 12Check that File And Print Services has been disabled on all adapters, except for those specified.
PassFile And Print Services are disabled correctly
FailFile And Print Services are enabled
Applies ToAll Servers
net12
File And Print Services
File And Print Services are enabled
Data
Ethernet0,
Network 13Check the WINS NetBIOS Settings for each enabled network adapter
PassAll adapters are configured correctly
WarningNo network adapters configured
FailOne or more adapters are not configured correctly
Applies ToAll Servers
net13
NetBIOS Over TCP/IP
One or more adapters are not configured correctly
Data
Adapter: Ethernet0: Setting: (0) Default,
Regional
Regional 01Check that the server time is correct. If a valid source is used, the time is also checked against that source. Maximum time difference allowed is 10 seconds, any longer and the check fails.
PassTime source is set to a remote server, and is synchronised correctly
WarningThis is a work group server, is this correct.?
FailTime source is not set Time source is not set correctly Error getting required information Time source is set to a remote server, and is not synchronised correctly
ManualNot a supported operating system for this check
Applies ToAll Servers
reg01
Local Date/Time
Time source is not set correctly
Data
local cmos clock, Time is 26/10/2017 10:17:14
Regional 02Check that the server time zone is correct.
PassServer time zone set correctly
FailServer time zone is incorrect and should be set to {0}
Applies ToAll Servers
reg02
Local Time zone
Server time zone set correctly
Data
(UTC) Dublin, Edinburgh, Lisbon, London
Regional 03Ensure the Region and Language > Location is set correctly. Default setting is "United Kingdom".
PassRegional location set correctly
FailRegional location incorrectly set to {0} Registry setting not found
Applies ToAll Servers
reg03
Region > Location
Regional location set correctly
Data
United Kingdom
Regional 04Ensure the Region and Language > keyboard and Languages is set correctly.
PassKeyboard layout is set correctly
FailKeyboard layout is not set correctly Registry setting not found
Applies ToAll Servers
reg04
Region > Language
Keyboard layout is set correctly
Data
00000809, United Kingdom
Security
Security 01Ensure security ciphers are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.
PassAll ciphers set correctly
FailOne or more ciphers set incorrectly
Applies ToAll Servers
sec01
Security Settings 1: Ciphers
One or more ciphers set incorrectly
Data
DES 56/56: Missing entry, should be disabled, NULL: Missing entry, should be disabled, RC2 128/128: Missing entry, should be disabled, RC2 40/128: Missing entry, should be disabled, RC2 56/128: Missing entry, should be disabled, RC2 56/56: Missing entry, should be disabled, RC4 128/128: Missing entry, should be disabled, RC4 40/128: Missing entry, should be disabled, RC4 56/128: Missing entry, should be disabled, RC4 64/128: Missing entry, should be disabled,
Security 02Ensure hashes are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.
PassAll hashes set correctly
FailOne or more hashes set incorrectly
Applies ToAll Servers
sec02
Security Settings 2: Hashes
One or more hashes set incorrectly
Data
MD5: Missing entry, should be disabled,
Security 03Ensure key exchange algorithms are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.
PassAll key exchange algorithms set correctly
FailOne or more key exchange algorithms set incorrectly
Applies ToAll Servers
sec03
Security Settings 3: Key Exchange Algorithms
One or more key exchange algorithms set incorrectly
Data
DIFFIE-HELLMAN: Missing entry, should be enabled, ECDH: Missing entry, should be enabled, PKCS: Missing entry, should be enabled,
Security 04Ensure protocols are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.
Security 05Ensure the security cipher order is set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings. Group Policy Location: Computer > Policies > Administrative Templates > Network > SSL Configuration Settings > SSL Cipher Suite Order
PassCipher suite order set correctly
FailCipher suite order is missing and therefore set to the default value Cipher suite order not set correctly
Applies ToAll Servers
sec05
Security Settings 5: Cipher Suite Order
Cipher suite order is missing and therefore set to the default value
Data
None
Security 06Ensure the system is set to reject attempts to enumerate accounts in the SAM by anonymous users.
PassReject anonymous account enumeration is enabled
FailReject anonymous account enumeration is disabled Registry setting not found
Applies ToAll Servers
sec06
Reject Anonymous Account Enumeration
Reject anonymous account enumeration is enabled
Data
None
Security 07Ensure the system is set to reject attempts to enumerate shares in the SAM by anonymous users.
PassReject anonymous share enumeration is enabled
FailReject anonymous share enumeration is disabled Registry setting not found
Applies ToAll Servers
sec07
Reject Anonymous Share Enumeration
Registry setting not found
Data
None
Security 08Check system is not caching domain credentials.
PassDomain credential caching is disabled
FailDomain credential caching is enabled Registry setting not found
Applies ToAll Servers
sec08
Domain Credential Caching
Registry setting not found
Data
None
Security 09Ensure the system is set to request administrative credentials before granting an application elevated privileges. Default setting is either "(1):Prompt for credentials on the secure desktop" or "(3):Prompt for credentials". Values and meanings can be seen here - https://msdn.microsoft.com/library/cc232761.aspx
PassSystem is configured correctly
FailSystem is not configured correctly Registry setting not found
Applies ToAll Servers
sec09
Elevate Prompt For Administrative Credentials
System is not configured correctly
Data
Current setting: 5: Prompt for consent for non-Windows binaries
Security 10Ensure the system is set to restrict anonymous access to named pipes
PassRestrict anonymous pipe/share access is enabled
FailRestrict anonymous pipe/share access is disabled Registry setting not found
Applies ToAll Servers
sec10
Reject Anonymous Pipe/Share Access
Restrict anonymous pipe/share access is enabled
Data
None
Security 11Checks to see if the default web page is present in IIS, it should be removed.
Pass"iisstart.htm" is not listed as a default document
Fail"iisstart.htm" is listed as a default document
Manual"IIS Management Scripts and Tools" are not installed
N/AIIS is not installed Operating system not supported
Applies ToAll Servers
sec11
IIS Default Page
IIS is not installed
Data
None
Security 12Ensure SMB signing is turned on.
PassSMB Signing configured correctly
FailSMB Signing not configured correctly
Applies ToAll Servers
sec12
SMB Signing On
SMB Signing not configured correctly
Data
The following section(s) are not configured correctly:, LanmanServer, LanmanWorkstation
Security 13If server is Domain Controller or a Terminal Server, check to ensure the RSA Authentication Agent is installed.
PassRSA Authentication Agent software found
FailRSA Authentication Agent software not found
N/ANot a domain controller or terminal services server
Applies ToDomain Controllers And Terminal Servers
sec13
RSA Monitoring Installed
Not a domain controller or terminal services server
Data
None
Security 14Checks to see if there are any additional firewall rules, and warns if there are any. This ignores all default pre-configured rules
PassNo additional firewall rules exist
WarningOne or more additional firewall rules exist, check they are required
Applies ToAll Servers
sec14
Additional Firewall Rules
No additional firewall rules exist
Data
None
Security 15Check if Windows firewall is enabled or disabled for each of the three profiles. Set to "0" for disabled, and "1" for enabled
PassWindows firewall is set correctly
FailWindows firewall is not set correctly
Applies ToAll Servers
sec15
Check Firewall State
Windows firewall is not set correctly
Data
Domain profile is Enabled, but should be Disabled,
Security 16Returns a list of ports that are open, excluding anything lower than 1024 and within the dynamic port range. Will also exclude other well known ports. See "default-settings.ini" file for descriptions of default ignore ports.
The following registry paths are incorrect:, HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10\Start
System
System 01Check for a pending reboot.
PassServer is not waiting for a reboot
FailServer is waiting for a reboot
Applies ToAll Servers
sys01
Pending Reboot
Server is not waiting for a reboot
Data
None
System 02Check windows is licensed.
PassPort 1688 open to KMS Server {0}
FailPort 1688 not open to KMS Server {0} Windows licence check failed Windows not licensed
Applies ToAll Servers
sys02
Windows License
Windows not licensed
Data
Status: Notification, Not using a KMS server, Product Key is set as a KMS default: https://technet.microsoft.com/library/jj612867%28v=ws.11%29.aspx
System 03Check services and ensure all services set to start automatically are running (NetBackup Bare Metal Restore Boot Server, NetBackup SAN Client Fibre Transport Service and .NET4.0 are all expected to be Automatic but not running).
PassAll auto-start services are running
FailOne or more auto-start services were found not running
Applies ToAll Servers
sys03
Services Not Started
All auto-start services are running
Data
None
System 04Check services and ensure all listed services are set to disabled and are stopped.
PassAll services are configured correctly
FailOne or more services are configured incorrectly
Applies ToAll Servers
sys04
Services Not Stopped
All services are configured correctly
Data
None
System 05Check System Event Log and ensure no errors are present in the last x days. If found, will return the latest y entries
PassNo errors found in system event log or its configuration
FailEvent log maximum size is not set correctly,# Retention method is not set correctly,#
Applies ToAll Servers
sys05
System Event Log Errors And Configuration
Errors were found in the system event log, Event log maximum size is not set correctly,
Data
.\SERVER01.ACME.LAN_System_Event-Log.csv, Current maximum size: 20MB,
System 06Check Application Event Log and ensure no errors are present in the last x days. If found, will return the latest y entries
PassNo errors found in application event log or its configuration
FailEvent log maximum size is not set correctly,# Retention method is not set correctly,#
Applies ToAll Servers
sys06
Application Event Log Errors And Configuration
Errors were found in the application event log, Event log maximum size is not set correctly,
Data
.\SERVER01.ACME.LAN_Application_Event-Log.csv, Current maximum size: 20MB,
System 07Checks Device Manager to ensure there are no unknown devices, conflicts or errors.
PassNo disabled devices or device errors found
WarningOne or more disabled devices found
FailOne or more device errors found
Applies ToAll Servers
sys07
Device Errors
No disabled devices or device errors found
Data
None
System 09Check to see if any non standard scheduled tasks exist on the server (Any application specific scheduled tasks should be documented with a designated contact point specified). This check automatically ignores any Microsoft labelled specific tasks.
PassNo additional scheduled tasks found
WarningAdditional scheduled tasks found - make sure these are documented
Applies ToAll Servers
sys09
Scheduled Tasks
No additional scheduled tasks found
Data
None
System 10Check to see if any printers exist on the server. If printers exist, ensure the spooler directory is not stored on the system drive.
PassNo printers found Printers found, and spool directory is not set to default path
FailRegistry setting not found Spool directory is set to the default path and needs to be changed
N/APrint Spooler service is not running
Applies ToAll Servers
sys10
Print Spool Directory
No printers found
Data
None
System 11Ensure Auto-Run is disabled.
PassAuto-Run is disabled
FailAuto-Run is enabled
Applies ToAll Servers
sys11
Drive Auto-Run
Auto-Run is enabled
Data
None
System 12Check if SNMP role is install on the server. If so, ensure the SNMP community strings follow the secure password policy.
PassSNMP Service installed, but disabled
WarningSNMP Service installed, no communities configured
ManualSNMP Service installed, communities listed
N/ASNMP Service not installed
Applies ToAll Servers
sys12
SNMP Configuration
SNMP Service installed, but disabled
Data
None
System 13Checks that the server is a member of the domain.
PassServer is a domain member
WarningThis is a work group server, is this correct.?
Applies ToAll Servers
sys13
Domain Member
Server is a domain member
Data
None
System 14Check power plan is set to High Performance.
PassPower plan is set correctly
FailPower plan is not set correctly Unknown power plan setting
Applies ToAll Servers
sys14
Power Plan
Power plan is not set correctly
Data
Current: Balanced, Looking For: Balanced
System 15Check to make sure hibernation is disabled.
PassHibernation is currently disabled
FailHibernation is currently enabled
Applies ToAll Servers
sys15
Hibernation
Hibernation is currently disabled
Data
None
System 16Check that remote desktop is enabled and that Network Level Authentication (NLA) is set.
PassSecure remote desktop enabled
FailSecure remote desktop disabled
Applies ToAll Servers
sys16
Remote Desktop
Secure remote desktop disabled
Data
None
System 17If server is a Terminal Services Server ensure it has a licence server set.
PassTerminal services server is licensed
FailTerminal services server is not licensed
N/ANot a terminal services server
Applies ToTerminal Servers
sys17
Terminal Services Licensed
Not a terminal services server
Data
None
System 18Check that the current server OU path is not in the default location(s). The list of OUs should contain at least the default "Computers" OU, and must be the full distinguished name of the locations.
PassServer not located in a default OU location
WarningThis is a work group server, is this correct.?
FailServer found in a default OU location
N/ANot a domain joined server
Applies ToAll Servers
sys18
Check Server OU Location
Server found in a default OU location
Data
cn=computers, dc=acme,dc=dev
System 19Check the state of the HPe System Management Homepage service and version
PassService state and version are correct
FailHPe System Management Homepage not installed Service state is not correct,# Installed version is below the minimum set
N/ANot a HPe physical server
Applies ToAll Servers
sys19
Check HP SMH Version
Not a HPe physical server
Data
None
System 20Check the state of the Dell OpenManage Administrator service and version
PassService state and version are correct
FailDell OpenManage Administrator not installed Service state is not correct,# Installed version is below the minimum set
N/ANot a Dell physical server
Applies ToAll Servers
sys20
Check Dell OMA Version
Not a Dell physical server
Data
None
System 21Allows you to check a specific list of registry keys and values to see if your in-house gold image was used. Up to 9 registry keys and values can be checked - You must edit the settings file manually for more than the currently configured. Note: All keys must be in HKEY_LOCAL_MACHINE hive only.
PassAll gold build checks were found and correct
FailOne or more gold build checks were not the correct value
ManualOne or more gold build checks were "Report Only"
System 22Check that all the memory assigned to a server is visible to the OS.
PassAll assigned memory is visible
FailNot all assigned memory is visible
Applies ToAll Servers
sys22
All RAM Visible
All assigned memory is visible
Data
Installed: 2.00gb
System 23Allows you to checks a specific list of system environment variables and values to see if they are set correctly. Up to nine system environment variables and values can be checked - You must edit the settings file manually for more than the currently configured. Note: All keys must be machine variables only.
PassAll environment variables checks were found and correct
FailOne or more environment variables checks were not the correct value
ManualOne or more environment variables checks were "Report Only"
N/ANothing to check for
Applies ToAll Servers
sys23
System Environment Variables
One or more environment variables checks were not the correct value