reporter 65 product overview

8/3/2019 Reporter 65 Product Overview

http://slidepdf.com/reader/full/reporter-65-product-overview 1/41

6.5Quest Reporter

Product Overview



© 2011 Quest Software, Inc. ALL RIGHTS RESERVED.

This guide contains proprietary information protected by copyright. The software

described in this guide is furnished under a software license or nondisclosure agreement.This software may be used or copied only in accordance with the terms of the applicable

agreement. No part of this guide may be reproduced or transmitted in any form or by any

means, electronic or mechanical, including photocopying and recording for any purpose

other than the purchaser’s personal use without the written permission of Quest Software,

Inc.

The information in this document is provided in connection with Quest products. No

license, express or implied, by estoppel or otherwise, to any intellectual property right is

granted by this document or in connection with the sale of Quest products. EXCEPT AS SETFORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT

FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY

EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING,

BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A

PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE

FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL

DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS,

BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR

INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with

respect to the accuracy or completeness of the contents of this document and reserves the

right to make changes to specifications and product descriptions at any time without

notice. Quest does not make any commitment to update the information contained in this

document.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters

LEGAL Dept5 Polaris Way

Aliso Viejo, CA 92656

www.quest.com

email: [email protected]

Refer to our Web site for regional and international office information.

http://www.quest.com/

mailto:[email protected]





Trademarks

Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita,

Akonix, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate,

BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, CI Discovery, Defender,DeployDirector, Desktop Authority, Directory Analyzer, Directory Troubleshooter, DS

Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile,

InTrust, Invirtus, iToken, JClass, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin,

MessageStats, Monosphere, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo,

PerformaSure, Point, Click, Done!, Quest vToolkit, Quest vWorkSpace, ReportADmin,

RestoreADmin, ScriptLogic, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight,

SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow,

Toad, T.O.A.D., Toad World, vAutomator, vConverter, vEcoShell, VESI,vFoglight,

vPackager, vRanger, vSpotlight, vStream, vToad, Vintela, Virtual DBA, VizionCore,

Vizioncore vAutomation Suite, Vizioncore vEssentials, Vizioncore vWorkflow,

WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of

Quest Software, Inc in the United States of America and other countries. Other

trademarks and registered trademarks are property of their respective owners.

Third Party Contributions

Quest Reporter contains some third party components (listed below). Copies of their

licenses may be found on our website athttp://www.quest.com/legal/third-party-licenses.aspx

Quest Reporter Product Overview

Updated - May 2011

Software Version - 6.5

USE COMPONENT LICENSE

Compression Info-Zip 2002-Feb-16 Info-Zip 2007-Mar-4

Compression SharpZipLib 0.84.0.0 SharpZipLib 0.84

Encryption Blowfish v2 MIT 1.0

Logging Log4Net 1.2.10 Apache 2.0

http://www.quest.com/legal/third-party-licenses.aspx

http://www.quest.com/legal/third-party-licenses.aspx



v

CONTENTS

CHAPTER 1

INTRODUCING QUEST R EPORTER . . . . . . . . . . . . . . . . . . . . . . . . 7GETTING THE MOST FROM QUEST REPORTER . . . . . . . . . . . . . . 8

DAY-TO-DAY SECURITY AND STANDARDS ENFORCEMENT . . . . 8

PREPARING FOR AUDITS . . . . . . . . . . . . . . . . . . . . . . . . 9

PREPARING FOR CHANGE . . . . . . . . . . . . . . . . . . . . . . . 9

QUEST REPORTER COMPONENTS . . . . . . . . . . . . . . . . . . . . . .10

QUEST REPORTER CONFIGURATION BASELINING . . . . . . . . . . . .11

QUEST REPORTER FOR NOVELL . . . . . . . . . . . . . . . . . . . . . . .12

QUEST REPORTER EXPRESS . . . . . . . . . . . . . . . . . . . . . . . . .13

MANAGING YOUR NETWORK WITH QUEST REPORTER . . . . . . . . . .14

QUEST REPORTER FEATURES . . . . . . . . . . . . . . . . . . . . . . . .15

REPORT GENERATION . . . . . . . . . . . . . . . . . . . . . . . . .15

MODES OF REPORTING. . . . . . . . . . . . . . . . . . . . . . . . .15

OBJECT SETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

FAVORITES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

FILTERING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

LINKING ATTRIBUTES BETWEEN CATEGORIES . . . . . . . . . . .17

MULTIFOREST REPORTING . . . . . . . . . . . . . . . . . . . . . . .17

CHAPTER 2INTRODUCING CONFIGURATION BASELINING . . . . . . . . . . . . . . . 19

OVERVIEW OF CONFIGURATION BASELINING . . . . . . . . . . . . . . .20

WHAT IS THE CONFIGURATION BASELINING WORKFLOW? . . . .22

WHAT IS A CONFIGURATION CHECK? . . . . . . . . . . . . . . . .24

WHAT IS A TEMPLATE?. . . . . . . . . . . . . . . . . . . . . . . . .25

WHAT IS A RULE SET?. . . . . . . . . . . . . . . . . . . . . . . . .26

WHAT IS A RULE? . . . . . . . . . . . . . . . . . . . . . . . . . . .27

CONFIGURATION BASELINING DATABASES . . . . . . . . . . . . .28

NAVIGATING CONFIGURATION BASELINING . . . . . . . . . . . . . . . .29

INTRODUCING THE CONFIGURATION BASELINING ROOT NODE .30INTRODUCING THE TASKPADS. . . . . . . . . . . . . . . . . . . . .30

INTRODUCING THE TEMPLATES NODE . . . . . . . . . . . . . . . .32



vi

INTRODUCING THE RULE SETS NODE . . . . . . . . . . . . . . . .34

INTRODUCING THE JOB MANAGEMENT NODE . . . . . . . . . . . .37

ABOUT QUEST SOFTWARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40CONTACTING QUEST SUPPORT . . . . . . . . . . . . . . . . . . . . . . .40



Introducing Quest

Reporter

• Getting the Most from Quest Reporter

• Quest Reporter Components

• Quest Reporter Configuration Baselining• Quest Reporter for Novell

• Quest Reporter Express

• Managing Your Network with Quest Reporter

• Quest Reporter Features

1



Introducing Quest Reporter

8

Getting the Most from QuestReporter

This document has been prepared to assist you in becoming familiar with QuestReporter, a Windows Management product. The Product Overview contains an

overview of the features, components, and functionality of Quest Reporter. It isintended for internal and external auditors, network administrators, consultants,analysts, and any other IT professionals using the product.

Quest Reporter is an invaluable tool for network administrators, security

administrators, IT auditors, and other users in an enterprise network. It providesthe ability to analyze the network, document the configuration, and make

decisions based on the current state of the network.

Quest Reporter helps you administer your network by generating comprehensiveenterprise-wide reports, from both real-time and stored data. Report templatescan be run and exported on a scheduled basis, offering unprecedented flexibility.

The intuitive interface allows users to retrieve necessary data quickly. For

organizations with advanced needs, there are multiple formats for exportingdata to custom applications.

Quest Reporter allows you to collect, compare, report on and resolve ActiveDirectory and Windows-based configurations which is essential for change

auditing, Windows security assessments, or AD pre- and post-migrationanalyses. Armed with this information, you can quickly make strategic andtactical security decisions that involve your Active Directory and Windows

environment.

Day-to-Day Security and StandardsEnforcement

Many organizations have policies and standards prescribing how their IT

environments are managed. These policies cover such areas as user creationand deletion, and group population. Network and security administrators needto know that policies are being followed and standards are being applied

correctly on a daily basis. In large environments, this can be time consuming asthere may be thousands of users, groups, and computers to keep track of. To

prevent security breaches, you can audit your environment frequently usingQuest Reporter.



Quest Reporter

9

Preparing for Audits

The process of preparing for comprehensive IT security audits can be tediousand frustrating. You need tools to demonstrate that the environment is secure

and being managed according to the organizational policies. Quest Reporterprovides the information needed to prepare for a security audit.

Reporter provides report templates that will help you to ensure HIPPA (TheAmerican Health Insurance Portability and Accountability Act of 1996) and SOX

(Sarbanes-Oxley) standards are adhered to.

Preparing for Change

Change in large IT environments must be accomplished quickly and securely,using minimal resources and without any loss of productivity. Quest Reporter

provides the information needed to plan smooth transitions, ensuring thatnothing is overlooked.




10

Quest Reporter Components

Figure 1: Quest Reporter components

The console displays network information. Use the console to select reports,

and configure the Reporter data collectors (RDCs) and object sets.



Quest Reporter

11

The report display component formats the collected information and exports

the information into HTML and other formats such as Adobe PDF (Portable

Document Format) and CSV (Comma Separated Values).

The report engine coordinates all of Quest Reporter’s interaction with its

database. It manages the information going to and coming from the collectionroutines as well as the generation of temporary views containing the actual

report data. The report engine stores the data for the reports. Once the data iscollected, the report engine invokes the report viewer to display the report.

The collection routines are an extensible set of components that QuestReporter uses to enumerate information about network objects and their

attributes.

The database is configured the first time you run Quest Reporter. Use the

Database Setup Wizard to select the target database and to change the data

source at a later time.

The RDC schedules data collection and tracks changes. It stores and

timestamps this information, which is then used to create the reports. The RDCis a special packaging of the collection routines and report engine. It is designed

to facilitate network object data collection from remote locations in highlydistributed environments. Deploying an RDC prevents the need for the RDC

installed on the main console to enumerate information across potentially busyor slow WANs (Wide Area Networks).

For more information on RDC deployment, see the Quest Reporter Installationand Deployment Guide.

Quest Reporter ConfigurationBaselining

Quest Reporter's Configuration Baselining feature provides automatedcomparisons of Active Directory and Windows server configurations against an

ideal baseline. Using this functionality, you can ensure that your environmentmeets security best practices, internal standards and regulatory requirements.

By implementing this solution, IT organizations can maintain operationalefficiencies, lower total cost of server ownership, minimize risks associated with

undocumented configuration changes, and assist in compliance efforts.




12

For information on how to use Configuration Baselining, see the ConfigurationBaselining User Guide. You can access the Configuration Baselining User Guide

from the Documentation tab of the installation program. You can access the

installation program by double-clicking Autorun.exe after you have extracted thezipped files.

Quest Reporter for Novell

Quest Reporter for Novell is an add-on pack for Quest Reporter that offers

administrators the ability to collect and report on Novell networks. The reporttemplates are designed to help organizations plan for their pending migration

from Novell to AD. Reports range from User and Group data to permissions. With

Quest Reporter for Novell, you can also easily perform key critical tasks againstobjects in the NDS/eDirectory environment using action enabled reporting.

You can download Quest Reporter for Novell from the Quest Reporter page of

the Quest Software web site (http://www.quest.com).

See the Quest Reporter for Novell User Guide for information on how to install

the add-on pack and how to run report templates. You can access the Quest

Reporter for Novell User Guide from the Documentation tab of the installationprogram. You can access the installation program by double-clicking

Autorun.exe after you have extracted the zipped files.

For an overview of the features, components, functionality, and workflow of

Configuration Baselining, see “Introducing Configuration Baselining” on page

19.





Quest Reporter

13

Quest Reporter Express

The Quest Reporter Express version is offered as a freeware edition of QuestReporter. It is not supported by our Quest Support team. The following reporting

is available with Express:

• You can run the reports in the Users folder in the console.

• You can create custom reports using the user attributes that are

available.

All other reports can be viewed in the Quest Reporter console but can only berun if you upgrade your license to Quest Reporter.

Not all user attributes are available with the user reports—these reports will

not run.

You cannot run the following three reports in Express:

• Users with NULL Passwords

• Users with NULL Passwords (Agent)

• Last Logon by Domain Controller




14

Managing Your Network with QuestReporter

Quest Reporter provides a streamlined approach to report generation. Insteadof manually checking individual computers, you can gather and summarize data

using Reporter.

Quest Reporter helps you maintain and manage enterprise directories through

security, standards conformance, and general administration reports.

You can use Quest Reporter to perform the following tasks:

• Create reports by selecting objects and containers from ActiveDirectory and Windows NTFS

• Access report templates grouped to match directory object classes

such as users, groups, domains, computers, and Access Control Lists(ACLs)

• Modify predefined report templates to suit your own requirements• Schedule reports to run automatically and save the results to a

location of your choice

• Gather information by installing RDCs in remote offices

• Schedule collections to generate stored data reports later

• Access NTFS report templates to audit users and groups contained in

ACLs, ensuring compliance with your company’s standards forprotecting sensitive data

• Create reports faster with reusable, user-defined selections of network objects (object sets) from one or more domains

• Create a category of favorites to access on a regular basis and share

your list of favorites with other users



Quest Reporter

15

Quest Reporter Features

Quest Reporter is more than just a reporting tool. It is a sophisticated, extensibledata collector with the ability to present collected information in a number of

different formats.

Report Generation

You can run reports in the following ways:

• Selecting objects through the following nodes in the console: ActiveDirectory, IP Subnet, or Object Set

• Running a report template from the Reports or Favorites nodes

• Generating a report using a scheduled favorite

Modes of Reporting

Using Quest Reporter, you can generate reports based on stored or live data.

Live Data Reports

A live data report collects information from the network at the time of runningthe report template. Select a live report template to collect information for thereport immediately. A live data report gathers the latest network information.

For more information on how to generate live reports, see the Quest ReporterUser Guide.




16

Action Enabled Reports

Action enabled reporting is a subcategory of live data report templates that

allows you to update network information within a report. You no longer have toread from the report output as you make changes within another management

tool. Make the changes in the report, and if you have the appropriate rights, theinformation on the network will be updated immediately.

For information on how to generate action enabled reports, see the QuestReporter User Guide.

Stored Data ReportsStored data reports are reports that are generated from previously collecteddata in the database. The data may have been collected by an earlier live report

or from a scheduled collection. Stored data reports take a fraction of the time togenerate compared to live reports.

For information on how to generate stored data reports and configure and

schedule data collection, see the appendix in the Quest Reporter Installation and

Deployment Guide.

Object Sets

An object set is a defined logical container that allows you to group objects in a

convenient manner. An object set can contain specific objects, containers(Organizational Units and groups), or entire domains. An object set can cross

domains.

For example, you may want to run certain reports on users in the Finance

department on a recurring basis but the users exist in multiple places throughoutyour directory. Instead of searching through your directory to find the userseach time you run the report, you can create an object set and then add the

users to the object set. The next time you run the report, you can select the

object set rather than each user in the Finance department.

Favorites

A favorite is a special type of report template that provides a method of retaining

or saving all report properties so that the next time the report runs, there is no

user intervention. You can schedule a favorite to run at any time.

The report attributes saved in a favorite include the following report properties:Objects, Filter, Output, Collection, Attributes, Grouping, and General.



Quest Reporter

17

Filtering

Using a filter, you can narrow the focus of report results by setting certain

criteria on the resultant set of objects.

You can build the filters using the available attributes for each report type, selecta condition (for example, Equals, Is Greater Than), and enter a value for the

filter.

Linking Attributes Between Categories

Attribute linking allows you to select additional attributes of an object that arenot the primary focus of the report. This allows you to customize the

distinguishing attributes of an object in a way that suits your needs.

This provides a means of associating object types and attributes and providingmore meaningful information in your report.

Multiforest Reporting

A single forest deployment is characterized by all of an organization’s network

objects being contained within one forest and a group of domains, whereas amultiforest deployment separates an organization’s network into various forests

and their respective domains. The multiforest deployment is by far the moresecure deployment; however, it can be complex to administer.

Quest Reporter supports multiforest deployments. Domains in multiple forestsare displayed as individual fully-functional nodes that allow you to connect to

and run a single report template on object types from different forests.




18



Introducing Configuration

Baselining• Overview of Configuration Baselining

• What is the Configuration BaseliningWorkflow?

• What is a Configuration Check?

• What is a Template?

• What is a Rule Set?

• What is a Rule?

• Configuration Baselining Databases

• Navigating Configuration Baselining

2

Int od cing Config ation Baselining



Introducing Configuration Baselining

20

Overview of ConfigurationBaselining

Quest Reporter enables IT organizations to collect, compare, report on, andresolve Active Directory and Windows-based configurations, which is essential

for change auditing, Windows security assessments, or AD pre- andpostmigration analyses. Armed with this information, organizations can quicklymake strategic and tactical security decisions that involve their Active Directory

and Windows environments.

Figure 2: Quest Reporter collects, compares, and reports on AD and

Windows-based configurations.

The compare capabilities are provided through Quest Reporter’s ConfigurationBaselining feature. Quest Reporter’s Configuration Baselining feature providesautomated comparisons of Active Directory and Windows configurations against

an ideal baseline. By implementing this solution, IT organizations can maintainoperational efficiencies, lower total cost of server ownership, minimize risks

associated with undocumented configuration changes, and assist in complianceefforts.

Quest Reporter’s Configuration Baselining feature leverages Quest Reporter’s

agent-less architecture, which minimizes typical deployment concerns of ease of installation and configuration. Quest Reporter’s Configuration Baselining feature

is tightly integrated with the core components of Quest Reporter and leveragesthe collection and storage mechanism to gather state-based information aboutyour environment.

Quest Reporter



Quest Reporter

21

The Quest Reporter Configuration Baselining feature introduces two additionaldatabases to the architecture. The first is the Configuration Baselining

Configuration Database — this stores configuration information for the

Configuration Baselining feature such as templates, rule sets, rules, andconfiguration checks. The second database is the Configuration Baselining

Results Database. This database stores the results of the configuration checks.The Configuration Check Processor (CCP) leverages all three databases.

The CCP leverages the baseline configuration database to get details of the idealbaseline you want evaluated. It then evaluates the ideal baseline against theQuest Reporter analytical database which contains the current configuration

state information for your environment. After the evaluation is performed, theresults are saved to the Configuration Baselining Results Database.

Through the Quest Reporter’s Configuration Baselining user interface, you can

initiate live data collections for your live configuration checks or runconfiguration checks against stored data that has already been gathered from

Quest Reporter’s scheduled collection mechanism. There is great value in thisintegration as the data can be collected once and is used for both general

reporting and comparison capabilities. This minimizes all of the typical concernswith having to collect the information from your environment multiple times for

these independent and siloed processes.

For information on how to install and deploy Quest Reporter, see the Quest

Reporter Installation and Deployment Guide.





22

What is the Configuration BaseliningWorkflow?

The following diagram shows the overall Configuration Baselining workflow:

Figure 3: The four steps in the Configuration Baselining workflow: establish,

collect, compare, and view.

Step 1: Establish Baseline

This is the establishment of your ideal baseline. Configuration Baselining comes

with out of the box baselines based on the Center for Internet SecurityBenchmarks and Microsoft Best Practices. You can easily create your own

baselines by either copying the existing out of box baselines or creating yourown. You can create baselines based on the following categories: domain

information, groups and users, computer information, and permissions. Formore information on how to establish baselines, see the Configuration BaseliningUser Guide.

Quest Reporter



Qu s po

23

Step 2: Collect Data

After you have created your ideal baseline, which could encompass a single

template or multiple templates, Configuration Baselining needs to collect thepertinent data from your environment. This process is facilitated through QuestReporter’s live and scheduled data collection mechanism. After this process hasbeen performed, Configuration Baselining now has the state-based information

that can be used for comparison. For more information on how to collect data,

please refer to the Quest Reporter User Guide.

Step 3: Compare Baseline Versus Data

Quest Reporter’s Configuration Baselining feature will now compare what is inthe ideal baseline that you created in Step 1 against the pertinent information

that Configuration Baselining collected in Step 2 from your environment. Thisprocess is performed by the Configuration Check Processor. For more

information on how to perform a configuration check, see the ConfigurationBaselining User Guide.

Step 4: View Results and Perform Appropriate Action

After the Configuration Check Processor is finished processing the configurationcheck, the results of the configuration check are stored in the Configuration

Baselining Results database. These results are dynamic and are displayed insummary and detailed fashion through the Quest Reporter ConfigurationBaselining user interface. You can use this information to remediate the

non-compliant objects. Configuration Baselining also provides you with theability to export results for easier distribution purposes. For more information onviewing the results, see the Configuration Baselining User Guide.

For ease of use, Quest Reporter’s Configuration Baselining feature provides

you with the ability to perform configuration checks based on live data, which

results in a merging of steps 2 and 3 of the workflow. You should use live

data as the basis for running ad hoc configuration checks of your network.

For example, if you are asked to check if the latest Windows critical update

has been installed on all of your Windows Server 2003 computers, you can

run a configuration check based on live network data to determine

immediately what computers have not been updated.

You should use stored data as the basis for running regularly scheduled

configuration checks of your network as part of your internal auditing

activities. For example, if several new Windows Server 2003 computers have

been brought online in your network, you can schedule a configuration check

to run on stored network data that is collected weekly to determine if these

new servers adhere to the configuration settings established by your

company's server hardening policies.




24

What is a Configuration Check?

A configuration check is the main component of Configuration Baselining. It

determines the level of compliance of your network objects by comparing themagainst a baseline. A baseline is represented by one or more templates inConfiguration Baselining. To check the compliance of your network objects, youwill create and schedule configuration checks based on predefined templates or

based on templates that you create or import.

Figure 4: A configuration check compares network objects against a template

(baseline).

Example Configuration Check

The following example configuration check will compare two objects against one

template on a weekly basis using live data:

NAME OBJECTS TEMPLATE FREQUENCY DATA

SerRules Server1, Server2 Windows Server 2003 Weekly Live

Quest Reporter



25

What is a Template?

A template contains the settings that Configuration Baselining uses to evaluate

objects and determine if they comply with your company’s standards, profiles,and policies. A template contains rule sets and rule sets are made up of rules.

Figure 5: A template is made up of rule sets and rule sets contain rules.

You can use one of the predefined templates that come with ConfigurationBaselining, you can create your own template, you can import one created by

another user, or you can import one from an .inf file.

Example Custom Template

The following example custom template contains two rule sets and each rule set

contains two rules:

TEMPLATE NAME RULE SETS RULES

Windows Server 2003 General Computer

Rules

DNS Search Order List

Memory Capacity in Bytes

Effective Computer

Settings

Check Maximum System Log

Size

Check Password Age




26

What is a Rule Set?

A rule set is a logical grouping of one or more rules. Rule sets can contain rules

from many different attribute categories and they can help you maximize thereusability of rules because they can be shared across templates.

Figure 6: A rule set is a container for rules.

You can use the predefined rule sets that are included with the predefined

templates or you can create your own custom rules sets.

You can also apply a filter to a rule set to limit the scope of the Active Directorydomains or computers that are checked against the baseline.

Example Custom Rule Sets

The following example rule sets each contain two rules:

RULE SET NAME RULES

General Computer Rules DNS Search Order List

Memory Capacity in Bytes

Effective Computer Settings Check Maximum System Log Size

Check Password Age

Quest Reporter



27

What is a Rule?

A rule is a combination of attributes, conditions, and values. Rules form the basis

of the configuration check and they are what your configuration items arechecked against. Each rule can only contain attributes from one attributecategory, such as BIOS or NTFS Files. If you want to check the values of attributes across multiple attribute categories, you will have to create or use

multiple rules.

Figure 7: A rule is made up of attributes, conditions, and values.

You can use the predefined rules that the predefined templates contain or youcan create your own custom rules.

You can also apply a filter to a rule to limit the number of configuration items

that are checked against the rule and to determine the existence of specific

attribute values.

Example Rules

Three of the following example custom rules each contain one attribute, onecondition, and one value. The fourth example contains two attributes, twoconditions, and two values:

RULE NAME ATTRIBUTE CONDITION VALUE

DNS Search Order List CIMV2.Network Adapter

Description [WMI]

equals WAN Miniport

(PPPoE)

Memory Capacity in

Bytes

CIMV2.Physical Memory

Speed [WMI]

equals 2000

Check Maximum System

Log Size

System Log Max Size is less than 16




28

Configuration Baselining Databases

Configuration Baselining stores data in two separate databases:

• Configuration Baselining Configuration database

• Configuration Baselining Results database

Configuration Baselining Configuration Database

The Configuration Baselining Configuration database contains all of thepredefined content that ships with Configuration Baselining and all of the custom

content you create (configuration checks, templates, rule sets, rules, filters, andcategories) when using Configuration Baselining. After you have successfullyinstalled Quest Reporter, the Quest Reporter Database Setup Wizard guides you

through the set up of the Configuration Baselining Configuration database. Youhave the option to create a new database or select an existing one. The

Configuration Baselining Configuration database is created when you click Nexton the Configuration Baselining Database page of the Database Setup Wizard.

Configuration Baselining Results Database

The Configuration Baselining Results database contains the results data from allconfiguration checks that have run. This database is automatically created by

Configuration Baselining at the same time as the Configuration Baseliningdatabase is created. To distinguish the two databases, the word Results is added

Check Password Age Maximum Password Age

(expires in x days)

equals 90

Minimum Password Age

(changed after x days)

equals 5

If you already have a large Quest Reporter database (collected data), then

you should consider using a second database server for the Configuration

Baselining databases. This will help increase scalability and improve the

performance of Configuration Baselining. You can use the Quest ReporterDatabase Setup Wizard to change the location of the Configuration Baselining

databases.

RULE NAME ATTRIBUTE CONDITION VALUE

Quest Reporter



29

to the end of the name of the Configuration Baselining Configuration database.For example, if you entered ConfigurationBaseliningApril17 as the name of the

Configuration Baselining Configuration database in the Database Setup Wizard,

the following databases would be created:• ConfigurationBaseliningApril17

• ConfigurationBaseliningApril17Results

The configuration check results data that is stored in the ConfigurationBaselining Results database is displayed for you in four different views that are

accessible from the Configuration Check Results node in Configuration

Baselining: Summary View, Object View, Template View, and Detailed View.These views provide different levels of detail about the configuration check

results and the data in these views can be filtered and exported. For moreinformation on viewing the results of configuration checks, see the ConfigurationBaselining User Guide.

Navigating ConfigurationBaselining

Quest Reporter’s Configuration Baselining feature is a Microsoft® ManagementConsole (MMC) snap-in. The Configuration Baselining root node is a subnode of the Quest Reporter node.

The default MMC console consists of a window divided into two panes: the left

pane displays the console tree and the right (or main) pane displays the homepages or summary pages for the nodes or objects selected in the left pane (the

console tree).

After you have installed Quest Reporter, Configuration Baselining appears as anode in the console tree in the left pane.




30

Introducing the Configuration BaseliningRoot Node

You can access the Configuration Baselining root node by expanding the QuestReporter node in the MMC console tree and clicking the Configuration Baselining

node.

The Configuration Baselining root node is the main access point for the threemain Configuration Baselining nodes: Templates, Rule Sets, and JobManagement. The Configuration Baselining root node and the three subnodes all

have home pages that are displayed in the main pane (right pane) when youselect the node in the console tree (left pane).

Introducing the Taskpads

When you select the Configuration Baselining node in the console tree in the left

pane, the Out of the box content taskpad is displayed in the main pane (rightpane). If you click the tab at the bottom of the main pane, you can switch to the

Build new content taskpad.

Quest Reporter



31

You can use these taskpads as your starting point for easily creating andscheduling configuration checks. These taskpads are a great place to start from

if you are new to Configuration Baselining.

Which Taskpad Should I Use?

You should select the Out of the box content taskpad if you want to create andschedule a configuration check based on the predefined templates that comewith Configuration Baselining. The predefined templates are based on the

following industry benchmarks and security templates and guidelines: Center forInternet Security (CIS) Benchmarks and Microsoft security templates andguidelines. For more information on the predefined templates, see the

Configuration Baselining User Guide.

You should use the Build new content taskpad if you want to create and schedulea configuration check based on templates, rule sets, and rules that you define

and create.

One of the main goals of the taskpads is to help you learn how to use

Configuration Baselining and to help you learn how Configuration Baselining

works. When you use the Build new content taskpad as your starting point,

the first step in building new content is the creation of a rule using the Rule

Wizard. Once you become more comfortable using Configuration Baselining,

you will start using the nodes in the treeview as your starting point when

creating new content. When you start to use the nodes, you will notice that

you cannot create a rule without first creating a rule set. This means that the

workflow is slightly different depending on your starting point.

If you create new content from the Build new content taskpad, you will

create a rule first and then you will create a rule set and then a template. If

you create new content from the nodes in the treeview, you will normally

create a template first and then a rule set and then rules.

For more information on using the nodes to create custom content , see

“Introducing the Templates Node” on page 32 and “Introducing the Rule Sets

Node” on page 34.

TASKPAD STEPS TO CREATE A CONFIGURATION CHECK

Out of the box content If you use the Out of the box content taskpad as your

starting point, you will perform the following steps:

1. Create and schedule a configuration check based on

predefined templates.

2. View the properties and results of the configuration

check that you created and scheduled in step 1.




32

The wizards that you use to perform tasks though the taskpad are the samewizards that you use to create templates, rule sets, and rules through the

Templates node and the Rule Sets node. For detailed step-by-step instructionson how to use these wizards, see the Configuration Baselining User Guide.

Introducing the Templates Node

You can access the Templates node by expanding the Configuration Baselining

node under the Quest Reporter node in the MMC console tree.

The Templates node contains template categories and templates, providing you

with a starting point for creating custom templates and for creating and

scheduling configuration checks. If you right-click the Templates node, you can

• Import templates

• Export templates

• Create new template categories

• Create new templates

Templates Home Page

When you select the Templates node in the console tree, the Templates homepage is displayed in the main pane. From this home page, you can createtemplates and you can create and schedule configuration checks. For more

information, see the Configuration Baselining User Guide.

Build new content If you use the Build new content taskpad as your starting

point, you will perform the following steps:

1. Create rules.

2. Create a rule set for the rules you created in step 1.

3. Create a template that contains the rule set you

created in step 2.

4. Create and schedule a configuration check based on

the template you created in step 3.

5. View the properties and results of the configurationcheck that you created and scheduled in step 4.

TASKPAD STEPS TO CREATE A CONFIGURATION CHECK

Quest Reporter



33

Template Categories

The Templates node contains template categories and templates. When you

select a template category under the Template node, the main pane shows thenames and descriptions of the templates in that category. Template categoriesalready exist for the predefined content and they are automatically created whenyou import a template. You can also create your own template categories to help

you organize the custom templates that you create. For more information, see

the Configuration Baselining User Guide.

If you right-click a template category, you can

• Import templates

• Export templates

• View the name and description of the template category

• Create new template categories


You can also cut, copy, delete, and rename template categories by right-clickingthem and selecting the appropriate option.

Templates

If you right-click a template, you can

• Export it

• View its properties

• Create new configuration checks

• Create new rule sets

You can also cut, copy, delete, and rename templates by right-clicking them andselecting the appropriate option.

Templates Summary Page

When you select a template under the Templates node or under a templatescategory, the main pane displays the summary page for that template. This page

shows the name and description of the template at the top and it has twosections: Rule Set Tasks and Configuration Check Tasks.

If you expand the Rule Set Tasks section of the summary page, you can

• View the names and descriptions of the rule sets contained in thetemplate




34

• Create a new rule set

• Add rule sets to the template

• Remove rule sets from the template

• View the properties of a selected rule set

If you expand the Configuration Check Tasks section of the summary page, youcan

• View the names and descriptions of any configuration checks that areassociated with the template

• Create a new configuration check

• View the properties of a selected configuration check

For more information on using the summary page to modify a custom template,see the Configuration Baselining User Guide.

Introducing the Rule Sets Node

You can access the Rule Sets node by expanding the Configuration Baselining

node under the Quest Reporter node in the MMC console tree.

The Rule Sets node contains rule set categories and rule sets and it provides youwith a starting point for creating custom rule sets, rules, and filters.

If you right-click the Templates node, you can

• Manage filters

• Create new rule set categories


Quest Reporter



35

Rule Sets Home Page

When you select the Rule Sets node in the console tree, the Rule Sets home page

is displayed in the main pane. From this home page, you can create custom rulesets, filters for rules sets, and custom rules. For more information, see theConfiguration Baselining User Guide.

Rule Set Categories

The Rule Sets node contains rule set categories and rule sets. When you selecta rule set category under the Rule Sets node, the main pane shows the names

and descriptions of the rule sets in that category. Rule set categories alreadyexist for the predefined content and they are automatically created when youimport a template. You can also create your own rule set categories to help you

organize the custom templates that you create. For more information, see theConfiguration Baselining User Guide.

If you right-click a rule set category, you can

• View the name and description of the rule set category• Create new rule set categories


You can also cut, copy, delete, and rename rule set categories by right-clicking

them and selecting the appropriate option.

Rule Sets

If you right-click a rule set , you can

• View its properties

• Create new rules

• Create new filters


You can also cut, copy, delete, and rename rule sets by right-clicking them andselecting the appropriate option.




36

Rule Set Summary Page

When you select a rule set under the Rule Sets node or under a rule set category,

the main pane displays the summary page for that rule set. This page shows thename and description of the rule set at the top and it has three sections: RuleTasks, Filter Tasks, and Template Tasks.

If you expand the Rule Tasks section of the summary page, you can

• View the names and descriptions of the rules contained in the rule set

• Create a new rule

• Add rules to the rule set

• Delete rules from the rule set

• Create a copy of a rule

• View the properties of a selected rule

If you expand the Filter Tasks section of the summary page, you can

• View the names and descriptions of the filters applied to the rule set

• Create a new filter

• Add filters to the rule set

• Remove filters from the rule set

• Create a copy of a filter

• View the properties of a selected filter

If you expand the Template Tasks section of the summary page, you can

• View the names and descriptions of the templates that contain therule set

• Create a new template

• Add the rule set to a template

• Remove the rule set from a template

• View the properties of a selected template

For more information on using the summary page to modify a custom rule set,

see the Configuration Baselining User Guide.

Quest Reporter

I t d i th J b M t N d



37

Introducing the Job Management Node

You can access the Job Management node by expanding the Configuration

Baselining node under the Quest Reporter node in the MMC console tree.

The Job Management node contains the Scheduled Configuration Checks nodeand the Configuration Check Results node. You can use these nodes to manage

your scheduled configuration checks and to view the results of all configurationchecks that have run.

Job Management Home Page

When you select the Job Management node in the console tree, the JobManagement home page is displayed in the main pane. From this home page,

you can manage scheduled configuration checks, view the results of configuration checks, and create and schedule a new configuration check. For

more information, see the Configuration Baselining User Guide.

Scheduled Configuration Checks NodeWhen you select the Scheduled Configuration Checks node, the main pane (rightpane) displays scheduled configuration checks in the upper pane. When you

select a scheduled configuration check in the upper pane, each individual run of

that configuration check is displayed in the lower pane. The lower pane will beempty if the configuration check you select in the upper pane has not run yet.

You can view and edit the properties of each schedule configuration check byright-clicking a configuration check in the upper pane and selecting theappropriate option. For more information, see the Configuration Baselining User

Guide.

You can also view and manage each individual, historical run of a configurationcheck by right-clicking a historical run in the lower pane and selecting the

appropriate option.

If you right-click the Scheduled Configuration Checks node, you can create a

new configuration check.


Configuration Check Results Node



38

Configuration Check Results Node

When you select the Configuration Check Results node, the main pane (right

pane) displays the results for all of the configuration checks that have run in fourdifferent views: Summary View, Object View, Template View, and Detailed View.For more information on viewing the results, see the Configuration BaseliningUser Guide.

You can also filter and export the results.

Quest Reporter



39

About Quest Software



40

About Quest Software

Quest Software simplifies and reduces the cost of managing IT for more than

100,000 customers worldwide. Our innovative solutions make solving thetoughest IT management problems easier, enabling customers to save time and

money across physical, virtual and cloud environments. For more informationabout Quest go to www.quest.com.

Contacting Quest

Refer to our Web site for regional and international office information.

Contacting Quest Support

Quest Support is available to customers who have a trial version of a Questproduct or who have purchased a Quest product and have a valid maintenance

contract. Quest Support provides unlimited 24x7 access to SupportLink, our

self-service portal. Visit SupportLink at http://support.quest.com.

From SupportLink, you can do the following:

• Retrieve thousands of solutions from our online Knowledgebase

• Download the latest releases and service packs

• Create, update and review Support cases

View the Global Support Guide for a detailed explanation of support programs,

online services, contact information, policies and procedures. The guide isavailable at: http://support.quest.com.

Email [email protected]

Mail Quest Software, Inc.World Headquarters

5 Polaris WayAliso Viejo, CA 92656USA

Web site www.quest.com

Quest Reporter


http://support.quest.com/





http://support.quest.com/




41

reporter 65 product overview

Documents