Environment
Netiq Secure Configuration Manager 5.8.1
Situation
Resolution
You must enter specific values for the List of Permissions parameter rather than the description of the mask permission (basic permission). For example, you must enter 131309 if you want to filter for Read permissions.
Also, to enter multiple mask permissions for an account, combine the permission values you want to filter using the OR function on a scientific calculator. For example, to represent Read and Write permissions, set the value to 131487, which is the combination of 131209(Read) and 278(Write).
Refer to the following tables for common system file and directory permission values:
FILE PERMISSIONS:
984063 - Full control (combination of all values)
197567 - Modify
131721 - Read and Execute
131209 - Read
278 - Write
131487 - Read and Write
DIRECTORY PERMISSIONS:
985087- Full control (combination of all values)
198591- Modify
1024 - List folder contents
132745 - Read and Execute
131209 - Read
278 - Write
132233 - List folder contents and Read
1302 - List folder contents and Write
131487 - Read and Write
Cause
Additional Information
To get the latest version of these security checks, download the following package from the AutoSync server: Security Checks for NAS server, Microsoft IIS, SQL Server, and Windows (November 2010). You must also install NetIQ Secure Configuration Manager 5.8.1 Hotfix 72517 and NetIQ Security Agent for Windows 5.8.1 Hotfix 72509 to ensure the report contains accurate results.