You are here: Compliance Check Types > Windows Configuration > Custom Items > CHECK_ACCOUNT

CHECK_ACCOUNT

This policy item checks for the following values defined in “Security Settings -> Local Policies -> Security Options”:

  • Accounts: Administrator account status
  • Accounts: Guest account status
  • Accounts: Rename administrator account
  • Accounts: Rename guest account

The check is performed by calling the function LsaQueryInformationPolicy with the level PolicyAccountDomainInformation to obtain the domain/system SID, LsaLookupSid to obtain administrator and guest names and NetUserGetInfo to obtain account information.

Usage

<custom_item>

type: CHECK_ACCOUNT

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

account_type: [ACCOUNT_TYPE]

(optional) check_type: [CHECK_TYPE]

</custom_item>

This item uses the account_type field to describe which account must be audited. The allowed types are:

  • ADMINISTRATOR_ACCOUNT (“Accounts: Administrator account status”)

    value_type: POLICY_SET

    value_data: "Enabled" or "Disabled"

  • GUEST_ACCOUNT (“Accounts: Guest account status”)

    value_type: POLICY_SET

    value_data: "Enabled" or "Disabled"

  • ADMINISTRATOR_ACCOUNT (“Accounts: Rename administrator account”)

    value_type: POLICY_TEXT

    value_data: "TEXT HERE" [administrator name]

    check_type: [CHECK_TYPE] (any one of the possible check_type values)

  • GUEST_ACCOUNT (“Accounts: Rename guest account”)

    value_type: POLICY_TEXT

    value_data: "TEXT HERE" [guest name]

    check_type: [CHECK_TYPE] (any one of the possible check_type values)

Note: Depending on the Domain credential part, the local system accounts or the domain accounts may be checked.

Example

<custom_item>

type: CHECK_ACCOUNT

description: "Accounts: Guest account status"

value_type: POLICY_SET

value_data: "Disabled"

account_type: GUEST_ACCOUNT

</custom_item>

 

<custom_item>

type: CHECK_ACCOUNT

description: "Accounts: Rename administrator account"

value_type: POLICY_TEXT

value_data: "Dom_adm"

account_type: ADMINISTRATOR_ACCOUNT

</custom_item>

 

<custom_item>

type: CHECK_ACCOUNT

description: "Accounts: Rename administrator account"

value_type: POLICY_TEXT

value_data: "Administrator"

account_type: ADMINISTRATOR_ACCOUNT

check_type: CHECK_NOT_EQUAL

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.