|
Functionality and Ease of UseB+
The recommended baseline scans for almost 270 separate checks, including checking account settings (password policy, lockout) and service settings. We scanned an XP machine using Shavlik's recommended baseline configuration, as well as SOX/ISO and NIST/FISMA guideline standards.
Starting the scan for the local machine was as simple as choosing a few drop-down menus. The checks took about a minute, and NetChk presented a summary report; it was obvious our default Windows XP install did not fare well against the recommended baseline checks. The report displays the type of information available, machine name, checks and results (when you dig into it), and a scan summary.
Clicking on Compliance Summary in the information frame allows you to see results for each check--whether your machine passed or failed. It's also possible to view account information, with privileges and password age displayed. And clicking on your machine name brings up a more detailed version of the compliance summary--our test machine was not in compliance with many of the account settings, password length, lockout threshold, and the administrator account had not been renamed.
Based on results, you can allow NetChk to change the settings on your system for many of the checks. We had NetChk remediate our settings and rescan. Upon rescanning, the machine passed almost all of the checks. Most of those...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
that still failed require manual correction. Not a huge issue, but we'd like to see complete automated remediation in future releases.
Shavlik NetChk is not limited to scanning the local host, of course. You can scan remote hosts without an agent, grouping them by domain, organizational units, or by IP addresses/range. After setting up a group and giving them credentials, select policies and scan them much like the local host.
Policies aren't limited to Shavlik's baselines. Using NetChk's wizard, you can create custom compliance checks using a wizard to scan registry entries, service rights, user rights assignments, etc.
ReportingB
Shavlik NetChk Compliance can generate 14 different reports covering machine, settings and policy results. Reports can be exported to HTML, PDF, TIF, CSV, text and Excel format. Reports are brief--basically a summary with a pass-fail list of selected compliance checks. The policy dashboard provides an easy to read graphical display, which we found effective in conveying the overall compliance status of the network.
Verdict
Reasonably priced, NetChk could make a good fit for any organization looking to ease regulation compliance.
Testing methodology: We tested NetChk Compliance in our lab environment with a variety of Windows versions, including Windows XP, 2003 and 2000.
|
 |
|
