Go to www.sekchek.com

PC Auditor Tool: Glossary

Prepared: 30 March 2013
Regional Options Client System Policies Event Logs WSC Firewall OS Computer Disks
Network Shares Services Startup Users Groups System Accounts Hot Fixes
Document Purpose and Introduction

This document defines the fields and terms presented in SekChek’s PC Audit tool report.

PC Auditor analyses most of the policy settings, security objects and configuration options defined on your PC and presents them in a single, easy-to-read report.

Current User   [Top]
User AccountThe user account (SAM account) you are currently logged on with. E.g. JSoap.
Display NameThe friendly display name for the current user. E.g. Joe Soap.
Distinguished Name **The fully-qualified distinguished name for the current user. E.g. CN=JSoap,CN=Users,DC=SekChek,DC=com
SIDThe Security Identifier for the current user.
For more information about Security Identifiers, see document About SIDs.
GUID **The Globally Unique Identifier for the current user.
Primary Group IdThe user’s PID (Primary Group Id) and the group’s friendly display name.
User Domain (NetBios)The NetBios domain name for the current user. E.g. research, not research.sekchek.com.
User Domain (DNS) **The DNS-style domain name. E.g. research.sekchek.com.
Full Name **The user’s full name as entered in the Windows GUI.
User Principal Name (UPN) **The user account name and a domain name identifying the domain in which the user account is located.
The UPN is based on the Internet standard RFC 822. E.g. JoeSoap@research.sekchek.com.
Email Address **The user’s primary email address. E.g. JSoap@research.sekchek.com.
Account Created **The date and time that the user account was created.
Password Last Changed **The date and time that the password for the account was last changed.
Last Logon **The time that the user last logged into the system (for local accounts) or domain (for accounts defined in Active Directory).
Last Failed Logon **The date and time of the user’s last failed network login.
Account Expiration Date **The date and time after which the user cannot log on.
Object Protected From Deletion **Indicates whether the user account is protected against accidental deletion from Active Directory.
Password Expired **Indicates whether the user’s password has expired. If so, the user is forced to change his password at next logon.
User Can Change Password **Indicates whether the user can change the password for the account.
Password Required **Indicates whether a password is required for the user account.
For more information about this password control (PASSWD_NOT_REQD), please refer to document: Accounts not Requiring a Password.
Home Directory Drive **The drive containing the user’s home directory.
Home Directory Path **The path for the user’s home directory.
Profile Path **The path to the user’s profile.
Logon Script Path **The path to the user’s logon script.
Logon Count **The number of times the account has successfully logged in to the domain.
This value is not replicated across Domain Controllers.
User Account Control Value **Flags that control the behavior of the user account.
User Logon ServerThe name of the server that authenticated the user.
Note: ** after a property name indicates that the value is only available if you logged in with a domain account.
Current User: Regional and Language Options   [Top]
Current FormatThe current format of the user’s Regional and Language Options.
Time FormatExample of the time format. E.g. 12 hour or 24 hour format.
Short DateExample of the short date format.
Long DateExample of the long date format.
Short Date FormatThe format of the short date display. E.g. dd-MM-yyyy.
Long Date FormatThe format of the long date display. E.g. dd MMM yyyy.
Currency SymbolThe default currency symbol. E.g. $.
Currency (International)The international format of the currency symbol. E.g. USD.
System LocaleThe localised language name. E.g. English (South Africa).
Client System: Description   [Top]
RoleThe client system’s role. E.g. Domain Controller, Server, Workstation.
NetBios NameThe NetBIOS name of the local computer.
DNS NameThe fully qualified DNS name that uniquely identifies the local computer. This name is a combination of the DNS host name and the DNS domain name, using the form HostName.DomainName.
Distinguished Name **The distinguished name of the local computer.
SIDThe Security Identifier for the local computer.
For more information about Security Identifiers, see document About SIDs.
GUID **The Globally Unique Identifier for the local computer.
Domain Name (NetBios)The Netbios (short) name of the local computer’s domain. E.g. research.
Domain Name (DNS)The DNS name of the local computer’s domain. E.g. research.sekchek.com.
Forest Name **The DNS name of the local computer’s forest.
Site Name **The site name of the local computer. E.g. Default-First-Site-Name.
IP AddressThe IP (Internet Protocol) address of the local computer.
Note: ** after a property name indicates that the value is only available if you logged in with a domain account.
Client System: Password, Account Lockout, Audit Policies   [Top]
Password Policy 
Enforce Password HistoryThe number of new passwords that must be used by a user account before an old password can be reused.
Maximum Password AgeThe number of days that a password can be used before the system forces the user to change it.
Minimum Password AgeThe minimum number of days that must elapse between password changes.
Minimum Password LengthThe minimum number of characters that a user password must contain.
Password Complexity RequirementsIndicates whether password complexity features are enabled.
Passwords - Reversible EncryptionIndicates whether user passwords are stored using reversible encryption.
Account Lockout Policy 
Account Lockout DurationIndicates the number of minutes that an account is locked for, when the Lockout Threshold is exceeded.
Account Lockout ThresholdThe number of failed logon attempts that are allowed before an account is locked by the system.
Reset Account Lockout Counter AfterThe period within which failed logon attempts are monitored, after which the failed login counter is reset.
Audit Policy 
Audit Account Logon EventsLogs events for logons of service accounts and the authentication of service accounts.
Audit Account ManagementLogs events, such as: when a user account or group is created, changed, deleted, renamed, disabled; a user password is set or changed.
Audit Directory Service AccessLogs events for activities against Active Directory. E.g. changing an object’ properties and settings.
Audit Logon EventsLogs user logon and logoff events.
Audit Object AccessLogs an event when a user: accesses a directory or a file that is flagged for auditing; prints to a printer that is flagged for auditing.
Audit Policy ChangeLogs an event when a change is made to user rights, audit, or trust relationship policies.
Audit Privilege UseLogs an event when a user exercises a user right (except for those rights related to logon and logoff).
Audit Process TrackingLogs events such as program activation, some forms of handle duplication, indirect object accesses, and process exit.
Audit System EventsLogs an event when, for example: a user restarts or shuts down the computer; or an activity that affects the system security or security log occurs.
Screen Saver 
Screen Saver StatusIndicates whether: the screen saver is enabled; a password is required to unlock the system.
Screen Saver FileThe file used for the screen saver.
Screen Saver Wait PeriodThe number of seconds after which the screen saver is displayed.
Desktop BackgroundThe file used for the desktop background.
Client System: Event Logs   [Top]
Log NameThe name of the file that contains the Windows events.
CreatedThe date and time that the Event log was created.
Log FileThe location and name of the Event log file.
Maximum Log SizeThe maximum size (in bytes) permitted for the file. A value of zero indicates no size limit.
Current Log SizeThe current size of the file (in bytes).
Number of RecordsThe number of records in the file.
When Event Log is FullThe overwrite policy that the Event Log service uses for this log file. Data can be never overwritten, or can be overwritten when necessary or when outdated
Client System: Windows Security Centre (WSC)   [Top]
WSC StatusThe current status of WSC: OK; Not monitored; Weak; Inactive.
Windows Update StatusThe running state of WUS (Windows Update Service) service.
  - Important updatesDetermines how elevated users are notified of Automatic Updates events.
  - Install new updatesThe day or days of the week on which Automatic Updates installs or uninstalls updates.
  - Recommended updatesIndicates whether to include optional or recommended updates when a search for updates and installation of updates is performed.
  - Allow all users to installIndicates whether non-administrators can perform some update-related actions without administrator approval.
  - Microsoft updatesIndicates whether updates for Microsoft products and new optional Microsoft software are provided.
  - Configuration enforcedIndicates whether the Automatic Updates service is enforced by Group Policy.
  - Updates were installedThe last time that Automatic Updates successfully installed updates, even if some failures occurred.
  - Most recent check for updatesThe last time that Automatic Updates successfully searched for updates.
Firewall StatusAn aggregation of the status of all firewalls for this computer.
AntiVirus StatusAn aggregation of the status of all antivirus products for this computer.
AntiSpyware StatusAn aggregation of the status of all anti-spyware products for this computer.
User Account Control StatusThe User Account Control (UAC) settings for this computer.
Internet SettingsThe settings that restrict the access of web sites in each of the internet zones for this computer.
Client System: Windows Firewall   [Top]
ProfileThe type of profile: Domain; Private; or Public.
Firewall StateThe state of Windows Firewall for the specified profile.
Inbound ConnectionsIndicates whether exceptions are allowed or disallowed for Inbound connections.
Outbound ConnectionsIndicates whether exceptions are allowed or disallowed for Outbound connections.
Display NotificationsIndicates whether a notification is displayed when a program is blocked.
Allow Unicast ResponseIndicates whether the firewall allows unicast responses to multicast and broadcast traffic.
Log FileThe location and name of the log file for the Firewall.
Log Size Limit (KB)The maximum allowed size for the log file.
Log Dropped PacketsIndicates whether a record is logged when the Firewall discards an inbound packet for any reason. The log file will detail why and when the packet was dropped.
Log Successful ConnectionsIndicates whether a record is logged when the Firewall allows an inbound connection. The log file will detail why and when the connection was formed.
See also: SekChek’s Windows Firewall Audit Tool
Client System: Operating System   [Top]
OS NameThe name of the Operating System.
OS ArchitectureThe architecture of the Operating System. E.g. 32-bit, 64-bit.
OS VersionThe version and build number of the Operating System. E.g. 6.0.6002.
OS Service PackThe latest service pack installed on the Operating System. E.g. Service Pack 2.
OS Install LanguageThe language version of the operating system installed.
System LocaleThe language used by the operating system.
Registered UserThe name of the user that the OS is registered under.
Registered OrganisationThe name of the organisation registered to use the OS.
OS Serial NumberThe serial number of the software for the Operating System.
Country CodeA unique code (international dialling code) indicating the country. E.g. 44 for the UK.
System Times 
Time ZoneThe offset from Greenwich mean time (GMT) for the OS.
Local TimeThe local time on the system.
OS InstalledThe date and time that the OS was installed on the system.
Last BootUp TimeThe time that the system was last booted up.
System Paths 
System DriveThe drive that contains the Windows OS.
Windows DirectoryThe path containing the Windows OS.
System DirectoryThe path of Window’s System32 directory.
Memory 
Total Physical MemoryThe total amount of physical memory (RAM) available to the operating system.
Free Physical MemoryThe amount of physical memory currently unused and available.
Physical Memory: % UsedThe percentage of physical memory that is being used.
Total Virtual MemoryThe total amount of virtual memory available to the OS. This is calculated by adding the amount of total RAM to the amount of paging space.
Free Virtual MemoryThe amount of vitual memory currently unused and available.
Virtual Memory: % UsedThe percentage of virtual memory that is being used.
OS Recovery Configuration 
Write Event To System LogIf a system failure occurs, write a record to the System Log.
Send Administrative AlertIndicates whether alert message will be sent to the system administrator in the event of an operating system failure.
Automatically RestartIndicates whether the system will automatically reboot during a recovery operation.
Write Debugging InformationWrite debugging information about the failure to a dump file.
Dump FileThe location of the dump file.
Overwrite Existing FileOverwrite the dump file if it already exists.
System Registry 
Current SizeThe current size of the system registry.
Maximum Allowed SizeThe maximum size that the system registry is allowed to attain.
Client System: Computer   [Top]
ManufacturerThe manufacturer of the computer.
ModelThe product name assigned by the manufacturer.
System TypeThe type of system running on the computer. E.g. X86-based PC, 64-bit Intel PC.
BIOSThe manufacturer of the BIOS, version and release date.
Bus Clock Speed (MHz)The external clock frequency, in MHz.
Processors 
Enabled ProcessorsThe number of enabled processors that are currently available on the system.
ProcessorThe name assigned to the processor.
Processor FamilyThe processor family type.
Processor Address Width (bits)The processor address width in bits.
Processor Data Width (bits)The processor data width in bits.
Printers 
Printer (port)The name of the printer and the port that is used to transmit data to the printer.
Monitor, Keyboard, Mouse 
Screen Colour DepthThe number of adjacent color bits for each pixel. E.g. 16 = High Color, 32 = True Color.
Screen Refresh RateThe current vertical refresh rate of the device, in cycles per second (Hz).
Display ResolutionThe width and height, in pixels, of the screen.
KeyboardThe system’s keyboard.
MouseThe system’s pointing device.
Client System: Disk Drives   [Top]
DriveThe drive letter. Range: A-Z.
Drive TypeThe type of drive. E.g. Local Disk, Removable Disk, Network Drive etc.
Volume Serial NumberThe volume serial number.
File SystemThe file system type. E.g. FAT, NTFS.
CapacityThe size of the drive in gigabytes.
Free SpaceThe free space on the drive in gigabytes.
Disk Space: % UsedThe percentage of space used on the drive.
Client System: Network Adapter (IP-Enabled)   [Top]
Network Connection NameThe name of the network connection as it appears in the Network Connections Control Panel program.
Connection StatusThe status of the network adapter’s connection to the network.
Network Connection DescriptionThe name of the network adapter.
Adapter TypeThe network medium in use. E.g. Ethernet 802.3.
Addresses
IP AddressThe IP addresses associated with the current network adapter.
IP SubnetThe subnet masks associated with the current network adapter.
Default IP GatewayThe IP addresses of default gateways that the computer system uses.
Physical AddressThe Media Access Control (MAC) address of the network adapter. A MAC address is assigned by the manufacturer to uniquely identify the network adapter.
DHCP, DNS
DHCP EnabledIndicates whether the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.
DHCP Lease ObtainedThe time the lease was obtained for the IP address assigned to the computer by the DHCP server.
DHCP Lease ExpiresExpiration time for a leased IP address that was assigned to the computer by the DHCP server.
DHCP ServerThe IP address of the dynamic host configuration protocol (DHCP) server.
DNS Server Search OrderServer IP addresses used for querying DNS servers.
DNS Enabled For WINSIndicates whether DNS is enabled for name resolution over WINS resolution. If the name cannot be resolved using DNS, the name request is forwarded to WINS for resolution.
WINS Primary ServerThe IP address for the primary WINS server.
Enable LMHOSTS LookupIndicates whether local lookup files are used for WINS. Lookup files contain a map of IP addresses to host names.
WINS LMHOSTS FilePath to a WINS lookup file on the local system. This file will contain a map of IP addresses to host names.
TCP/IP Netbios SettingShows the settings related to NetBIOS over TCP/IP (NetBT).
IP Filter Security EnabledIndicates whether IP port security is enabled globally across all IP-bound network adapters and whether the security values associated with individual network adapters are in effect.
Client System: Shares   [Top]
Share NameThe share name of a resource.
PathThe local path for the shared resource.
DescriptionAn optional comment regarding the shared resource.
Share TypeThe type of the shared resource. E.g. File Share, Print Queue.
Client System: Services   [Top]
Display NameThe friendly name of the service displayed by user interface programs.
Service Name (Logon As)A service in a service control manager database and the account used to run the service.
State (Process Id)The current state of the service. E.g. Stopped, Running. If running, the process id for the service is shown.
Start TypeWhen to start the service. E.g. Automatic, Boot, Manual.
Path NameThe path to the service binary file.
Client System: Startup Programs   [Top]
ProgramThe name of the startup command.
CommandThe command run by the startup command.
LocationThe path where the startup command resides.
User NameThe user that this startup command will run for.
Client System: User Accounts   [Top]
Account Name (SID)The name of the user account, followed by its Security Identifier.
For more information about Security Identifiers, see document About SIDs.
Full NameThe user’s full name.
DescriptionA description of the user account.
Privilege
Password ExpiredIndicates whether the user’s password has expired. If so, the user is forced to change his password at next logon.
Cannot Change PasswordIndicates whether the user can change the password for the account.
Password Never ExpiresIndicates whether the account’s password never expires.
Account DisabledIndicates whether the account been disabled by an Administrator.
Account LockedIndicates whether the account locked due to excessive invalid signon attempts.
Number of LogonsThe number of times the account has successfully logged in to the domain.
This value is not replicated across Domain Controllers.
Last Logon (GMT)The time that the user last logged into the system (for local accounts) or domain (for accounts defined in Active Directory).
Last Password ChangeThe date and time that the password for the account was last changed.
Client System: Group Accounts   [Top]
Group Name (SID)The name of the group, followed by its Security Identifier.
For more information about Security Identifiers, see document About SIDs.
Group TypeThe group type. Global or Local.
DescriptionA description of the group.
Group MembersThe accounts that are members of the group.
Client System: System Accounts   [Top]
Account Name (SID)The domain / account name of the system account, followed by the Security Identifier of the account (in brackets).
For more information about Security Identifiers, see document About SIDs.
Account TypeThe type of the account. E.g. Domain, WellKnownGroup.
Client System: Hot Fixes (QFE updates)   [Top]
Hot FixA unique identifier associated with the update and a description of the update. Click on the KB number for more information about the update.
Installed On (By)The date that the update was installed, followed by the account that was used to instal the update.
See also: SekChek’s List Missing Windows Updates Tool
 
Other free security and audit tools from SekChek...    [Top]
»   Tools Library | PC Auditor | Windows Firewall Auditor | List Missing Windows Updates | List Installed Products | Search Event Log | Query Active Directory | Query Access Permissions | Sid Resolver | Find Orphaned Sids | List Open Files | Ping

Copyright© 2008-2013, SekChek IPS. All rights reserved.
SekChek® is a registered trademark of SekChek IPS. All other trademarks are the property of their respective owners.
www.sekchek.com

About SekChek IPS
SekChek® IPS is a leading provider of computer security review, auditing and benchmarking tools and has served many of the world’s largest companies and public institutions in 130 countries since 1996. SekChek’s clients include security and audit professionals in IT departments, audit firms, internal audit functions, regulatory compliance and corporate governance departments. SekChek’s benchmarking features compare security policies and controls against a unique statistics database containing more than 30 million anonymous and real-life security measurements compiled from 70,000 computer systems across all major industry sectors.