Windows Example Audit Items

Nessus can test for any setting that can be configured as a “policy” under the Microsoft Windows framework. There are several hundred registry settings that can be audited and the permissions of files, directories, and objects can also be analyzed. A partial list of example audits includes testing the settings of the following:

  • Account lockout duration
  • Retain security log
  • Allow log on locally
  • Enforce Password History

Windows Example 1

The following example audit looks for the setting "Minimum password length" on a Windows server and generates an alert if the value is not equal to seven characters.


name: "Minimum password length"

value: 7


Windows Example 2

Nessus can also search Windows computers for sensitive data. The following is an example that searches for Visa credit card numbers in Excel, Adobe, and text files.



description: "Determine if a file contains a valid VISA Credit Card Number"

file_extension: "xls" | "xlsx" | "pdf" | "txt"

regex: "([^0-9-]|^)(4[0-9]{3}( |-|)([0-9]{4})( |-|)([0-9]{4})( |-|)([0-9 {4}))([^0-9-]|$)"

expect: "VISA" | "credit" | "Visa" | "CCN"

max_size: "50K"

only_show: "4"