Run-Time Options for the Scan Software
You can use these options to set default run-time parameters that influence the behaviour of the Scan software.
Notes:
These default values can be overridden in the Scan software at execution time.
Netware Run-Time options
Write run-time information to plain-text header (EFH) of Scan file
Force the Scan software to write basic information about the target Host system to the clear text EFH in the Scan file.
This is useful if the Scan software will be run by another person and you want to confirm that it was executed on the correct system.
See Encrypted File Header to find out how to view the EFH via the SekChek Client software.
Prevent my password from being changed when the Scan software is executed
By default the person running the Scan software can change your password at execution time. Turn on to prevent your password from being changed.
Windows Run-Time options
Scan all domain controllers for users’ last logon details. Applies to DCs only.
By default SekChek will only query the Domain Controller on which it is executed for users’ last logons. Because Windows does not replicate users’ last logon times across DCs this means that SekChek’s analysis of users’ last logon details may not be accurate or complete.
This option forces the Scan software to query all domain controllers for users’ last logon details.
Note: This option can significantly increase the execution time of the Scan process, especially if the domain controllers are geographically dispersed or connected by a slow link.
Scan Organizational Unit (OU) objects for DACLs. Applies to Win200x DCs only.
By default SekChek will analyse Discretionary Access Control Lists (DACLs) on Container, Domain and Site objects. If this option is enabled the Scan software will additionally analyse DACLs on OU objects.
Note: On domains with a large number of OU objects this can significantly increase execution time and the size of SekChek’s output files.
Write run-time information to plain-text header (EFH) of Scan file
Force the Scan software to write basic information about the target Host system to the clear text EFH in the Scan file.
This is useful if the Scan software will be run by another person and you want to confirm that it was executed on the correct system.
See Encrypted File Header to find out how to view the EFH via the SekChek Client software.
Prevent my password from being changed when the Scan software is executed
By default the person running the Scan software can change your password at execution time. Turn on (enable) this option to prevent your password from being changed.
Refer to ‘Scanning security on a Windows system‘ for more information.