Symantec Security Expressions Server Server User Manual


 
SecurityExpressions Server User Guide
74
A reaudit cycle could go on indefinitely if a system is off or never connects. Limiting the
number of times the task can attempt to reaudit systems keeps the reaudit cycle from
continuing indefinitely.
Both steps B and C provide end points to the reaudit cycle. You may use one method or
the other, or both. If you use both methods together, whichever limit is reached first ends
the audit cycle.
Tip: Steps 11 and 12 each provide a way for audits to occur on systems that were not available
when the task was scheduled to audit them. You may use these features together or separately.
If you use them together, Audit-on-Connect is active both during and after the reaudit cycle.
If a system was contacted but the login credentials were incorrect, the task does not attempt
to reaudit the system.
Other Options Settings
13. If you want to limit the length of time this task takes to complete from the time it
actually begins auditing, regardless of the reason, click the Limit to Hours radio button in the
Maximum amount of time an audit may run section. Then type the number of hours to which you
want to limit the task.
After this number of hours, the task finishes auditing the system it was working on and
then terminates. If reauditing or Audit-on-Connect on Fail is part of the task, they are
included as part of the overall time it takes to run the entire task.
14. If you want to keep track of which target systems the task could not audit, check Enable
in the Save target names that could not be contacted to the following machine list section. Then
type a name for the machine list, using variables in the name if you want.
The machine list you enter saves the names of all systems that did not get audited as a
result of the termination. Auditing this machine list later enables you to finish auditing the
remaining systems.
If you type the name of an existing machine list, any systems already listed in it will be
removed. Unless you want the machine list altered in the case of an incomplete audit,
we recommend creating a database machine list expressly for this purpose.
Credentials Settings
15. If you want to use specific credentials to access all systems whenever this audit task
runs, type those credentials in the Login box.
If you do not want to specify credentials, skip to step 18.
16. In the Password box, type the password of the credentials you specified in the previous
step.
17. If you want to make sure these credentials are used to access target systems instead of
any credentials that might be delegated from other credential stores or from the console
application, check the Always use my credentials over delegated ones box.
Windows Group Access
18. Set Windows Group Access. Enter Windows groups, separated by a comma, that can edit
this scheduled task and use it to perform audits. This establishes which users can access this task
and its audit results due to their role. If a Windows User Group isn't on the local computer, you'll
need to enter the group in
domain\groupname
format.