Contents

• Microsoft Baseline Security Analyzer
• Security update scan results
• Windows scan results
• Internet Information Services (IIS) scan results
• SQL Server scan results
• Desktop application scan results

Microsoft Baseline Security Analyzer

---

The Microsoft Baseline Security Analyzer (MBSA) checks computers running Microsoft Windows Server 2008 R2, Windows Server XP, or Windows NT 4.0 for common security misconfigurations.

The following are the scanning options selected for Cisco Unified ICM Real-Time Distributor running one or more web applications (for example, Internet Script Editor or Agent-Reskilling).

• Windows operating system (OS) checks
• IIS checks
• SQL checks
• Security update checks
• Password checks

This report is provided to show an example of the results of running the MBSA tool against a Cisco Unified ICM server that is running the majority of Microsoft Server Applications supported by the tool.

• Security update scan results
• Windows scan results
• Internet Information Services (IIS) scan results
• SQL Server scan results
• Desktop application scan results

Security update scan results

The following table provides an example of security update scan results:

Table 1 Security Update Scan Results

Score	Issue	Result
	Windows Security Updates	No critical security updates are missing.
	IIS Security Updates	No critical security updates are missing.
	SQL Server/MSDE Security Updates	Instance (default): No critical security updates are missing.
	MDAC Security Updates	No critical security updates are missing.
	MSXML Security Updates	No critical security updates are missing.
	Office Security Updates	No Microsoft Office products are installed.

Windows scan results

The following table shows Windows scan results:

Table 2 Vulnerabilities

Score	Issue	Result
	Automatic Updates	Automatic Updates are managed through Group Policy on this computer.
	Administrators	More than 2 Administrators were found on this computer. Note    This warning can be ignored given that the Cisco Unified ICM application requires the addition of certain groups to the Local Administrators group, therefore triggering this event. It is recommended that you review the Result Details and remove any known unnecessary accounts.
	Password Expiration	Some user accounts (1 of 7) have non-expiring passwords. Note    When the server is properly configured to require expiring passwords, this warning will typically find the Guest account to have a non-expiring password even though the account is disabled. This warning can be ignored.
	Windows Firewall	Windows Firewall is enabled and has exceptions configured. Windows Firewall is enabled on all network connections.
	Local Account Password Test	Some user accounts (1 of 7) have blank or simple passwords, or could not be analyzed.
	File System	All hard drives (1) are using the NTFS file system.
	Autologon	Autologon is not configured on this computer.
	Guest Account	The Guest account is disabled on this computer.
	Restrict Anonymous	Computer is properly restricting anonymous access.

The following table provides additional scan information:

Table 3 Additional System Information

Score	Issue	Result
	Auditing	Logon Success and Logon Failure auditing are both enabled.
	Services	Some potentially unnecessary services are installed.
	Shares	2 share(s) are present on your computer.
	Windows Version	Computer is running Windows Server 2008 R2 or greater.

Internet Information Services (IIS) scan results

The following table shows IIS scan results:

Table 4 Vulnerabilities

Score	Issue	Result
	IIS Lockdown Tool	The IIS Lockdown tool was developed for IIS 4.0, 5.0, and 5.1, and is not needed for new Windows Server 2008 R2 installations running IIS 6.0.
	Sample Applications	IIS sample applications are not installed.
	IISAdmin Virtual Directory	IISADMPWD virtual directory is not present.
	Parent Paths	Parent paths are not enabled.
	MSADC and Scripts Virtual Directories	The MSADC and Scripts virtual directories are not present.

Table 5 Additional System Information

Score	Issue	Result
	Domain Controller Test	IIS is not running on a domain controller.
	IIS Logging Enabled	All web and FTP sites are using the recommended logging options.

SQL Server scan results

The following table shows SQL Server scan results:

Instance (default)

Table 6 Vulnerabilities

Score	Issue	Result
	Sysadmin role members	BUILTIN\Administrators group is part of sysadmin role. Note    This is acceptable because the Cisco Unified ICM application adds certain groups to the local Administrators account on the server which require dbo access to the database.
	Sysadmins	No more than 2 members of sysadmin role are present.
	Service Accounts	SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts are not members of the local Administrators group and do not run as LocalSystem.
	Exposed SQL Server/MSDE Password	The "sa" password and SQL service account password are not exposed in text files.
	Domain Controller Test	SQL Server and/or MSDE is not running on a domain controller.
	SQL Server/MSDE Security Mode	SQL Server and/or MSDE authentication mode is set to Windows Only.
	Registry Permissions	The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.
	CmdExec role	CmdExec is restricted to sysadmin only.
	Folder Permissions	Permissions on the SQL Server and/or MSDE installation folders are set properly.
	Guest Account	The Guest account is not enabled in any of the databases.
	SQL Server/MSDE Account Password Test	The check was skipped because SQL Server and/or MSDE is operating in Windows Only authentication mode.

Desktop application scan results

The following table shows desktop application scan results:

Table 7 Vulnerabilities

Score	Issue	Result
	IE Zones	Internet Explorer zones have secure settings for all users.
	IE Enhanced Security Configuration for Administrators	The use of Internet Explorer is restricted for administrators on this server.
	IE Enhanced Security Configuration for Non-Administrators	The use of Internet Explorer is restricted for non-administrators on this server.
	Macro Security	No Microsoft Office products are installed.