Security Readiness items explained

This article explains the various items shown in security readiness section for individual device.

Devices -category

TPM chip is not present / TPM x.x chip available but not in use / TPM x.x chip is in use

This indicates if there's Trusted Platform Module (TPM) chip available on a device and whether it has been taken into use.

For physical devices with TPM chip on motherboard, it is highly advisable to activate and use TPM if the operating system supports it for guarding security sensitive data. Additionally, with Windows 10 use of TPM version 2.0 or newer is recommended as some of the OS' security features will require it and will not work with old 1.2 version.

BitLocker not supported by OS / BitLocker is not in use / BitLocker is in use

This indicates if Windows' built-in disk encryption, BitLocker, is available and has been taken into use.

For Windows versions and editions that support BitLocker, it is highly advisable to enable BitLocker to guard local disks from data-theft in the event of device being stolen or otherwise appropriated.

At this time, Applixure does not support/detect other full-disk encryption solutions that may be in use.

 

Operating system -category

Please note that Operating system -category and/or some of the items described below might not be displayed for all devices, depending on features supported by the operating system on that device.

Virus protection state is good / poor / unknown

This indicates what health state the virus protection on a device is at, as reported by the anti-virus product to the Windows Security Center.

If the state is not known, or Windows Security Center is configured to not monitor the health state of the anti-virus product, this status will show unknown.

Additionally, if the product in question can be known, the name of the anti-virus product is reported underneath the status line.

Spyware protection state is good / poor / unknown

This indicates what health state the spyware protection on a device is at, as reported by the anti-spyware product to the Windows Security Center.

If the state is not known, or Windows Security Center is configured to not monitor the health state of the anti-spyware product, this status will show unknown.

Additionally, if the product in question can be known, the name of the anti-spyware product is reported underneath the status line.

Firewalling state is good / poor / unknown

This indicates what health state the firewall on a device is at, as reported by the firewalling product to the Windows Security Center.

If the state is not known, or Windows Security Center is configured to not monitor the health state of the firewalling product, this status will show unknown.

Additionally, if the product in question can be known, the name of the firewalling product is reported underneath the status line.

Automatic updating state is good / poor / unknown

This indicates what health state the operating system automatic updating on a device is at, as reported by the automatic-update service to the Windows Security Center.

If the state is not known, or Windows Security Center is configured to not monitor the automatic updates' state, this status will show unknown.

Additionally, if the last update install date can be known, the date when the operating system updates were last applied through automatic updates is reported underneath the status line.

 

User accounts -category

Additional local users as members of Administrators / No additional local users as members of Administrators

This indicates if there's additional, active, local accounts on the machine which has been added to the Administrators -group.

For non domain-joined Windows machines, one additional administrator -level account can be had in the system (in addition to built-in Administrator -account), as the first user account created on Windows will automatically have administrative rights. Any subsequent local accounts with the administrator -level privileges will be flagged with this status.

For domain-joined Windows machines, any additional local administrator -level account will cause Applixure to flag device with this status as administrative rights and accounts should be controlled through the domain.

Domain users as direct members of Administrators / No domain users as direct members of Administrators

This indicates if there's domain user accounts that have been directly added as a member of the Administrators -group on a machine.

Generally the best security practice is to grant administrative rights for domain accounts for individual machines through domain groups, so they can be revoked centrally through group membership changes rather than removed individually from each machine.

This status will not be shown for non domain-joined Windows machines.

Local Administrator is enabled / Local Administrator is disabled

This indicates if Windows' built-in Administrator account is in disabled or enabled state on a machine.

Last user has administrator privileges / Last user is regular user

This indicates if user that has logged on to the machine last (as shown on the device's information "Last user" on left) is having local administrative rights on the machine.

Generally, it is advisable to log on to the machine using user account with restricted rights only, and then elevating per application -basis using separate administrative account.

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk