| Current User [Top] |
| User Account | The user account (SAM account) you are currently logged on with. E.g. JSoap. |
| Display Name | The friendly display name for the current user. E.g. Joe Soap. |
| Distinguished Name ** | The fully-qualified distinguished name for the current user. E.g. CN=JSoap,CN=Users,DC=SekChek,DC=com |
| SID | The Security Identifier for the current user.
For more information about Security Identifiers, see document About SIDs. |
| GUID ** | The Globally Unique Identifier for the current user. |
| Primary Group Id | The user’s PID (Primary Group Id) and the group’s friendly display name. |
| User Domain (NetBios) | The NetBios domain name for the current user. E.g. research, not research.sekchek.com. |
| User Domain (DNS) ** | The DNS-style domain name. E.g. research.sekchek.com. |
| Full Name ** | The user’s full name as entered in the Windows GUI. |
| User Principal Name (UPN) ** | The user account name and a domain name identifying the domain in which the user account is located.
The UPN is based on the Internet standard RFC 822. E.g. JoeSoap@research.sekchek.com. |
| Email Address ** | The user’s primary email address. E.g. JSoap@research.sekchek.com. |
| Account Created ** | The date and time that the user account was created. |
| Password Last Changed ** | The date and time that the password for the account was last changed. |
| Last Logon ** | The time that the user last logged into the system (for local accounts) or domain (for accounts defined in Active Directory). |
| Last Failed Logon ** | The date and time of the user’s last failed network login. |
| Account Expiration Date ** | The date and time after which the user cannot log on. |
| Object Protected From Deletion ** | Indicates whether the user account is protected against accidental deletion from Active Directory. |
| Password Expired ** | Indicates whether the user’s password has expired. If so, the user is forced to change his password at next logon. |
| User Can Change Password ** | Indicates whether the user can change the password for the account. |
| Password Required ** | Indicates whether a password is required for the user account.
For more information about this password control (PASSWD_NOT_REQD), please refer to document: Accounts not Requiring a Password. |
| Home Directory Drive ** | The drive containing the user’s home directory. |
| Home Directory Path ** | The path for the user’s home directory. |
| Profile Path ** | The path to the user’s profile. |
| Logon Script Path ** | The path to the user’s logon script. |
| Logon Count ** | The number of times the account has successfully logged in to the domain.
This value is not replicated across Domain Controllers. |
| User Account Control Value ** | Flags that control the behavior of the user account. |
| User Logon Server | The name of the server that authenticated the user. |
| Note: ** after a property name indicates that the value is only available if you logged in with a domain account. |
| Current User: Regional and Language Options [Top] |
| Current Format | The current format of the user’s Regional and Language Options. |
| Time Format | Example of the time format. E.g. 12 hour or 24 hour format. |
| Short Date | Example of the short date format. |
| Long Date | Example of the long date format. |
| Short Date Format | The format of the short date display. E.g. dd-MM-yyyy. |
| Long Date Format | The format of the long date diaplay. E.g. dd MMM yyyy. |
| Currency Symbol | The default currency symbol. E.g. $. |
| Currency (International) | The international format of the currency symbol. E.g. USD. |
| System Locale | The localised language name. E.g. English (South Africa). |
| Client System: Description [Top] |
| Role | The client system’s role. E.g. Domain Controller, Server, Workstation. |
| NetBios Name | The NetBIOS name of the local computer. |
| DNS Name | The fully qualified DNS name that uniquely identifies the local computer. This name is a combination of the DNS host name and the DNS domain name, using the form HostName.DomainName. |
| Distinguished Name ** | The distinguished name of the local computer. |
| SID | The Security Identifier for the local computer.
For more information about Security Identifiers, see document About SIDs. |
| GUID ** | The Globally Unique Identifier for the local computer. |
| Domain Name (NetBios) | The Netbios (short) name of the local computer’s domain. E.g. research. |
| Domain Name (DNS) | The DNS name of the local computer’s domain. E.g. research.sekchek.com. |
| Forest Name ** | The DNS name of the local computer’s forest. |
| Site Name ** | The site name of the local computer. E.g. Default-First-Site-Name. |
| IP Address | The IP (Internet Protocol) address of the local computer. |
| Note: ** after a property name indicates that the value is only available if you logged in with a domain account. |
| Password Policy | |
| Enforce Password History | The number of new passwords that must be used by a user account before an old password can be reused. |
| Maximum Password Age | The number of days that a password can be used before the system forces the user to change it. |
| Minimum Password Age | The minimum number of days that must elapse between password changes. |
| Minimum Password Length | The minimum number of characters that a user password must contain. |
| Password Complexity Requirements | Indicates whether password complexity features are enabled. |
| Passwords - Reversible Encryption | Indicates whether user passwords are stored using reversible encryption. |
| Account Lockout Policy | |
| Account Lockout Duration | Indicates the number of minutes that an account is locked for, when the Lockout Threshold is exceeded. |
| Account Lockout Threshold | The number of failed logon attempts that are allowed before an account is locked by the system. |
| Reset Account Lockout Counter After | The period within which failed logon attempts are monitored, after which the failed login counter is reset. |
| Audit Policy | |
| Audit Account Logon Events | Logs events for logons of service accounts and the authentication of service accounts. |
| Audit Account Management | Logs events, such as: when a user account or group is created, changed, deleted, renamed, disabled; a user password is set or changed. |
| Audit Directory Service Access | Logs events for activities against Active Directory. E.g. changing an object’ properties and settings. |
| Audit Logon Events | Logs user logon and logoff events. |
| Audit Object Access | Logs an event when a user: accesses a directory or a file that is flagged for auditing; prints to a printer that is flagged for auditing. |
| Audit Policy Change | Logs an event when a change is made to user rights, audit, or trust relationship policies. |
| Audit Privilege Use | Logs an event when a user exercises a user right (except for those rights related to logon and logoff). |
| Audit Process Tracking | Logs events such as program activation, some forms of handle duplication, indirect object accesses, and process exit. |
| Audit System Events | Logs an event when, for example: a user restarts or shuts down the computer; or an activity that affects the system security or security log occurs. |
| Screen Saver | |
| Screen Saver Status | Indicates whether: the screen saver is enabled; a password is required to unlock the system. |
| Screen Saver File | The file used for the screen saver. |
| Screen Saver Wait Period | The number of seconds after which the screen saver is displayed. |
| Desktop Background | The file used for the desktop background. |
| WSC Status | The current status of WSC: OK; Not monitored; Weak; Inactive. |
| Windows Update Status | The running state of WUS (Windows Update Service) service. |
| - Important updates | Determines how elevated users are notified of Automatic Updates events. |
| - Install new updates | The day or days of the week on which Automatic Updates installs or uninstalls updates. |
| - Recommended updates | Indicates whether to include optional or recommended updates when a search for updates and installation of updates is performed. |
| - Allow all users to install | Indicates whether non-administrators can perform some update-related actions without administrator approval. |
| - Microsoft updates | Indicates whether updates for Microsoft products and new optional Microsoft software are provided. |
| - Configuration enforced | Indicates whether the Automatic Updates service is enforced by Group Policy. |
| - Updates were installed | The last time that Automatic Updates successfully installed updates, even if some failures occurred. |
| - Most recent check for updates | The last time that Automatic Updates successfully searched for updates. |
| Firewall Status | An aggregation of the status of all firewalls for this computer. |
| AntiVirus Status | An aggregation of the status of all antivirus products for this computer. |
| AntiSpyware Status | An aggregation of the status of all anti-spyware products for this computer. |
| User Account Control Status | The User Account Control (UAC) settings for this computer. |
| Internet Settings | The settings that restrict the access of web sites in each of the internet zones for this computer. |
| Profile | The type of profile: Domain; Private; or Public. |
| Firewall State | The state of Windows Firewall for the specified profile. |
| Inbound Connections | Indicates whether exceptions are allowed or disallowed for Inbound connections. |
| Outbound Connections | Indicates whether exceptions are allowed or disallowed for Outbound connections. |
| Display Notifications | Indicates whether a notification is displayed when a program is blocked. |
| Allow Unicast Response | Indicates whether the firewall allows unicast responses to multicast and broadcast traffic. |
| Log File | The location and name of the log file for the Firewall. |
| Log Size Limit (KB) | The maximum allowed size for the log file. |
| Log Dropped Packets | Indicates whether a record is logged when the Firewall discards an inbound packet for any reason. The log file will detail why and when the packet was dropped. |
| Log Successful Connections | Indicates whether a record is logged when the Firewall allows an inbound connection. The log file will detail why and when the connection was formed. |
| See also: SekChek’s Windows Firewall Audit Tool |
| Client System: Operating System [Top] |
| OS Name | The name of the Operating System. |
| OS Architecture | The architecture of the Operating System. E.g. 32-bit, 64-bit. |
| OS Version | The version and build number of the Operating System. E.g. 6.0.6002. |
| OS Service Pack | The latest service pack installed on the Operating System. E.g. Service Pack 2. |
| OS Install Language | The language version of the operating system installed. |
| System Locale | The language used by the operating system. |
| Registered User | The name of the user that the OS is registered under. |
| Registered Organisation | The name of the organisation registered to use the OS. |
| OS Serial Number | The serial number of the software for the Operating System. |
| Country Code | A unique code (international dialling code) indicating the country. E.g. 44 for the UK. |
| System Times | |
| Time Zone | The offset from Greenwich mean time (GMT) for the OS. |
| Local Time | The local time on the system. |
| OS Installed | The date and time that the OS was installed on the system. |
| Last BootUp Time | The time that the system was last booted up. |
| System Paths | |
| System Drive | The drive that contains the Windows OS. |
| Windows Directory | The path containing the Windows OS. |
| System Directory | The path of Window’s System32 directory. |
| Memory | |
| Total Physical Memory | The total amount of physical memory (RAM) available to the operating system. |
| Free Physical Memory | The amount of physical memory currently unused and available. |
| Physical Memory: % Used | The percentage of physical memory that is being used. |
| Total Virtual Memory | The total amount of virtual memory available to the OS. This is calculated by adding the amount of total RAM to the amount of paging space. |
| Free Virtual Memory | The amount of vitual memory currently unused and available. |
| Virtual Memory: % Used | The percentage of virtual memory that is being used. |
| OS Recovery Configuration | |
| Write Event To System Log | If a system failure occurs, write a record to the System Log. |
| Send Administrative Alert | Indicates whether alert message will be sent to the system administrator in the event of an operating system failure. |
| Automatically Restart | Indicates whether the system will automatically reboot during a recovery operation. |
| Write Debugging Information | Write debugging information about the failure to a dump file. |
| Dump File | The location of the dump file. |
| Overwrite Existing File | Overwrite the dump file if it already exists. |
| Client System: Computer [Top] |
| Manufacturer | The manufacturer of the computer. |
| Model | The product name assigned by the manufacturer. |
| System Type | The type of system running on the computer. E.g. X86-based PC, 64-bit Intel PC. |
| BIOS | The manufacturer of the BIOS, version and release date. |
| Bus Clock Speed (MHz) | The external clock frequency, in MHz. |
| Processors | |
| Enabled Processors | The number of enabled processors that are currently available on the system. |
| Processor | The name assigned to the processor. |
| Processor Family | The processor family type. |
| Processor Address Width (bits) | The processor address width in bits. |
| Processor Data Width (bits) | The processor data width in bits. |
| Printers | |
| Printer (port) | The name of the printer and the port that is used to transmit data to the printer. |
| Monitor, Keyboard, Mouse | |
| Screen Colour Depth | The number of adjacent color bits for each pixel. E.g. 16 = High Color, 32 = True Color. |
| Screen Refresh Rate | The current vertical refresh rate of the device, in cycles per second (Hz). |
| Display Resolution | The width and height, in pixels, of the screen. |
| Keyboard | The system’s keyboard. |
| Mouse | The system’s pointing device. |
| Network Connection Name | The name of the network connection as it appears in the Network Connections Control Panel program. |
| Connection Status | The status of the network adapter’s connection to the network. |
| Network Connection Description | The name of the network adapter. |
| Adapter Type | The network medium in use. E.g. Ethernet 802.3. |
| Addresses | |
| IP Address | The IP addresses associated with the current network adapter. |
| IP Subnet | The subnet masks associated with the current network adapter. |
| Default IP Gateway | The IP addresses of default gateways that the computer system uses. |
| Physical Address | The Media Access Control (MAC) address of the network adapter. A MAC address is assigned by the manufacturer to uniquely identify the network adapter. |
| DHCP, DNS | |
| DHCP Enabled | Indicates whether the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection. |
| DHCP Lease Obtained | The time the lease was obtained for the IP address assigned to the computer by the DHCP server. |
| DHCP Lease Expires | Expiration time for a leased IP address that was assigned to the computer by the DHCP server. |
| DHCP Server | The IP address of the dynamic host configuration protocol (DHCP) server. |
| DNS Server Search Order | Server IP addresses used for querying DNS servers. |
| DNS Enabled For WINS | Indicates whether DNS is enabled for name resolution over WINS resolution. If the name cannot be resolved using DNS, the name request is forwarded to WINS for resolution. |
| WINS Primary Server | The IP address for the primary WINS server. |
| Enable LMHOSTS Lookup | Indicates whether local lookup files are used for WINS. Lookup files contain a map of IP addresses to host names. |
| WINS LMHOSTS File | Path to a WINS lookup file on the local system. This file will contain a map of IP addresses to host names. |
| TCP/IP Netbios Setting | Shows the settings related to NetBIOS over TCP/IP (NetBT). |
| IP Filter Security Enabled | Indicates whether IP port security is enabled globally across all IP-bound network adapters and whether the security values associated with individual network adapters are in effect. |
| Client System: User Accounts [Top] |
| Account Name (SID) | The name of the user account, followed by its Security Identifier.
For more information about Security Identifiers, see document About SIDs. |
| Full Name | The user’s full name. |
| Description | A description of the user account. |
| Privilege | |
| Password Expired | Indicates whether the user’s password has expired. If so, the user is forced to change his password at next logon. |
| Cannot Change Password | Indicates whether the user can change the password for the account. |
| Password Never Expires | Indicates whether the account’s password never expires. |
| Account Disabled | Indicates whether the account been disabled by an Administrator. |
| Account Locked | Indicates whether the account locked due to excessive invalid signon attempts. |
| Number of Logons | The number of times the account has successfully logged in to the domain.
This value is not replicated across Domain Controllers. |
| Last Logon (GMT) | The time that the user last logged into the system (for local accounts) or domain (for accounts defined in Active Directory). |
| Last Password Change | The date and time that the password for the account was last changed. |
