Value Data
The .audit file syntax contains keywords that can be assigned various value types to customize your checks. This section
describes these keywords and the format of the data that can be entered.
This section includes the following information:
- Complex Expressions
- The "check_type" Field
- The "group_policy" Field
- The "info" Field
- The "debug" Field
Data Types
The following types of data can be entered for the checks:
|
Data Type |
Description |
|---|---|
|
DWORD |
0 to 2,147,483,647 |
|
RANGE [X..Y] |
Where X is a DWORD or MIN and Y is a DWORD or MAX |
Examples
value_data: 45
value_data: [11..9841]
value_data: [45..MAX]
In addition, numbers can be specified with plus (+) or minus (-) to indicate their "sign" and be specified as hexadecimal values. Hexadecimal and signs can be combined. The following are valid examples (without the corresponding label in parentheses) within a REGISTRY_SETTING audit for a POLICY_DWORD:
value_data: -1 (signed)
value_data: +10 (signed)
value_data: 10 (unsigned)
value_data: 2401649476 (unsigned)
value_data: [MIN..+10] (signed range)
value_data: [20..MAX] (unsigned range)
value_data: 0x800010AB (unsigned hex)
value_data: -0x10 (signed hex)