Currently, some of the STIG rules stipulate that a for a user to be compliant, a certain registry value needs to exist and be set properly. However, the ntuser_test doesn’t have a way to enforce that a given registry key must exist for each user on the system. If one compliant user is found, an ntuser_item is collected for that user, and non-compliant users are skipped (so long as the key of interest is not present – which is often the default), and the rule is given a pass.
In order to resolve this issue, I propose the addition of a new behavior, that will allow content authors to force OVAL interpreters to create items for each ntuser.dat file that is deemed in scope.
Behavior name: item_creation=(key_and_name_exist|every_ntuser), optional --default ='key_and_name_exist'
'key_and_name_exist' = Items are only created when an ntuser.dat file includes the key and name provided in the ntuser object.
'every_ntuser' = Items are created for each ntuser.dat file from human users found on the system. This option will prevent false negatives in instances where each ntuser.dat file must contain the required key/name/value, but the file is lacking the key/name required to normally satisfy the creation of an ntuser item. Refer to ntuser_item documentation for further documentation regarding determining 'human' users.
Currently, some of the STIG rules stipulate that a for a user to be compliant, a certain registry value needs to exist and be set properly. However, the ntuser_test doesn’t have a way to enforce that a given registry key must exist for each user on the system. If one compliant user is found, an ntuser_item is collected for that user, and non-compliant users are skipped (so long as the key of interest is not present – which is often the default), and the rule is given a pass.
In order to resolve this issue, I propose the addition of a new behavior, that will allow content authors to force OVAL interpreters to create items for each ntuser.dat file that is deemed in scope.
Behavior name: item_creation=(key_and_name_exist|every_ntuser), optional --default ='key_and_name_exist'
'key_and_name_exist' = Items are only created when an ntuser.dat file includes the key and name provided in the ntuser object.
'every_ntuser' = Items are created for each ntuser.dat file from human users found on the system. This option will prevent false negatives in instances where each ntuser.dat file must contain the required key/name/value, but the file is lacking the key/name required to normally satisfy the creation of an ntuser item. Refer to ntuser_item documentation for further documentation regarding determining 'human' users.