Powerful Users' Report only shows accounts from the local machine and not domain accounts. (NETIQKB43356)

  • Document ID:7743356
  • Creation Date:02-Feb-2007
  • Modified Date:08-Sep-2008
    • Micro Focus Products:
      Secure Configuration Manager

Resolution

fact
NetIQ Vulnerability Manager 5.0

fact
NetIQ Vulnerability Agent for Windows 5.0

symptom
Powerful Users' Report only shows accounts from the local machine and not domain accounts.

cause
The agent is only enumerating the local users from the machine and is not enumerating domain users.

fix

This issue is corrected in NetIQ Vulnerability Manager 5.0 Service Pack 1A.

Note: This service pack is not supported for trial installations.

This service pack corrects the following issues for NetIQ Vulnerability Manager and the Windows agent:

  • The Data View in the report viewer does not show the endpoints for which Vulnerability Manager ran each security check.
  • When editing the distribution of a scheduled job, the distribution list applies to all scheduled jobs, rather than only the one you are editing.
  • An AutoSync client cannot connect to the NetIQ AutoSync server through a proxy server.
  • Unlinking synchronized users or groups unlinks one user or group at a time.
  • Permissions are not working properly on groups.
  • If you create a custom check in the Vulnerability Manager console and put a filter on a Boolean attribute, the check may not return any data.
  • When running the Group Context for Endpoints administrative report, the report returns unclear data.
  • Security checkup reports that include paragraph returns in the Comments field may not return any data.
  • When running the Currently Scheduled Jobs administrative report, scheduled jobs that were upgraded from a previous version of the product are not included in the report.
  • Available permissions are inconsistent between upgrades and new installations.
  • Remote deployment using a domain administrator account from a trusted domain may not work.
  • Performance issues may occur in some user and group reports for Windows.
  • A performance issue may occur when you include any of the following security checks or reports in a policy template or task suite:
    • Users who can shut down system
    • Users who can take ownership of a file
    • Powerful users
    • Powerful groups
    • Group membership summary
    • Users in a group
    • Groups user is a member of
    • Group rights analysis
    • Users who are privileged operators
    • Accounts that can manage audit and security logs
    • Accounts that can take ownership
    • Accounts that can shut down system
    • Accounts that can generate security audits
    • Accounts that can back up files and directories

With this service pack, these security checks and reports list groups on the endpoint computer rather than listing domain members of those groups.

Data may be inaccurate in the following Windows reports:

  • Get Permission of ADSI Object
  • Event Log Query - Absolute Time
  • File/Directory Permissions
  • Group Changes within X Days
  • Users with Weak Passwords
  • Users with Invalid Home Directories
  • Group Membership Summary

This service pack corrects the following issues for the Unix agent:

  • You cannot remotely deploy agents if there are special characters in the root password.
  • You cannot remotely deploy agents using root as the primary user name during deployment.
  • Remote deployment does not work correctly when the defined installation directory does not exist.
  • The Unix agent cannot download AutoSync updates when the packages are larger than 16KB.
  • Group reports may return incorrect data when group entries are more than 255 characters.
  • The exinit check in Expert Checker recommends an action that causes a syntax error when performed on AIX.
  • The Detect console cannot save changes when the last parameter is deleted from an event source.
  • The network rule group can cause CPU usage to rise to 100% if many processes are running.
  • When the Unix agent reads a file that contains events, and the system is also writing events to that same file, the file may fil.
    l all disk space available.

This service pack includes the fixes from Hotfix 40862.

To install this service pack on Vulnerability Manager computers:

  1.  Log on to the Core Services computer with a local administrator account.
  2. In the Vulnerability Manager 5.0 SP1 folder, run the VM50001.exe file.
  3. Follow the instructions until you have finished installing the service pack.
  4. Repeat Steps 1 through 3 on each console computer.

To use the Deployment Wizard within NetIQ Vulnerability Manager to install this service pack on Windows agent computers:

  1. Install the service pack on the Core Services and Vulnerability Manager console computers.
  2. Start the Vulnerability Manager console.
  3. Start the Deployment Wizard.
  4. Follow the instructions until you have deployed the service pack to the agent computers.

To use the Standalone Deployment Wizard to install this service pack on Windows agent computers:

  1. Install the service pack on the Core Services and Vulnerability Manager console computers.
  2. Start the Standalone Remote Deployment Wizard.
  3. Follow the instructions until you have deployed the service pack to the agent computers.

To use the Deployment Wizard within Vulnerability Manager to install this service pack on Unix agent computers:

  1. Install Vulnerability Manager 5.0 Service Pack 1.
  2. Start the Vulnerability Manager console.
  3. Start the Unix Manager console.
  4. Click Manage Agents.
  5. Click Scan All Hosts to verify all agents are active and registered.
  6. Go to Hosts | Patch Mgr.
  7. Select the hosts to which you want to apply this service pack.
  8. Select 5.0.1.0 as the patch to apply.

To use the standalone Unix Manager to install this service pack on Unix agent computers:

  1. Download the Unix agent Service Pack 1 from the support Web site.
  2. Open Unix Manager.
  3. Click Manage Agents.
  4. Go to Hosts | Patch Mgr.
  5. Click Load.
  6. Select the p50sp1.zip file.
  7. Close the Unix Manager console.
  8. Start the Unix Manager console again.
  9. Click Manage Agents.
  10. Click Scan All Hosts to verify all agents are active and registered.
  11. Go to Hosts | Patch Mgr.
  12. Select the hosts to which you want to apply this service pack.
  13. Select 5.0.1.0 as the patch to apply.

 

Service Pack 1 modifies the following files in the default installation folder on the console computer:

  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSOC.exe
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/NetIQ.VM.CustomCheckLib.dll
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/NetIQ.VM.CustomCheck.dll
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/NetIQ.VM.CustomCheckTemplate.dll
  • C:/Program Files/NetIQ/Vulnerability Manager/VSM/PSEO.dll

Service Pack 1 for the Unix agent modifies the following files in the default installation folder on the console computer:

  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/detect/data/detect.xml
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/padi/lib/padi.jar
  • C:/Program Files/NetIQ/Vu.
    lnerability Manager/VSOC/VSAU/unix/data/updates/SunOS/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/OSF4.0/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/OSF5.0/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/HP-UX/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/AIX4.3/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/AIX5.1/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/Linux/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/IRIX/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/SuSE_7.1_i686/p50sp1.tar
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/p50sp1.psu
  • C:/Program Files/NetIQ/Vulnerability Manager/VSOC/VSAU/unix/data/updates/p50sp1.INFO
  • detect/lib/detectgui.jar

Service Pack 1 modifies the following files in the default installation folder on the Core Services computer:

  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/mk.jar
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/mk.options
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/etc/log.properties
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/etc/vdal.properties
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/lib/ext/coredb.jar
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/modules/autosync.jar
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/modules/autosyncClient.jar
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/modules/coreagent.jar
  • C:/Program Files/NetIQ/Vulnerability Manager/Core Services/modules/gladiator.jar

Service Pack 1 for the Unix agent modifies the following files in the default installation folder on the Unix agent computer:

  • vsau/bin/uvservd
  • vsau/bin/uRepTest
  • vsau/bin/detectd.sc
  • vsau/bin/seccu.sc
  • vs/bin/ExpChecker.sc
  • vs/data/datafiles/errors.db
  • vsock/bin/lsof/run_lsof.pl

For more information about Vulnerability Manager, the Windows agent, the Unix agent, and this service pack, contact NetIQ Technical Support.

.


Additional Information

Formerly known as NETIQKB43356