I have created custom controls to check whether the Screensaver on a machine is enabled and whether it is password protected. I have added these controls to a policy which only contains these two controls. Everytime I run a scan against assets which were assigned to the this particular, both the controls fail and the message in the scan reports says "Error Code 2: Item not found".
I have verified that these keys do exist in the registry of the target machines. Can someone please tell me where I'm going wrong? I've searched through some websites but nothing has been of help as yet.
I would need a litle more information on how you built the control to know where the issue might lie. I have listed some of the more common issues below.
The most common issue I see occurs when UDC for Registry Value Content controls are made and the registry information is entered incorrectly. The hive is already specified, followed by the registry key, and the registry value goes on the next line.
You would then enter the expected service start type in the controls expected value for the appropriate technology.
The most common error is when customers re-enter HKLM on the second line, or enter beginning and ending backslash which is incorrect. Occasionally, I will see customers put the registry value, as in "Start" on the second line which is incorrect. The registry value should go on the third line.
Here is a screen snippet of a registry key entry example.
If you paste the registry key you are trying to check in this thread, I can take a look and paste a screenshot of the correct construction. Also, I can check and see if the control might already exist in production or if it is in QA. Let me know which Windows flavors you are trying to audit as well.
Also, which region are you in? Email me your contact information to email@example.com as well.
Hi Jason, thanks for your reply. I have taken care not to repeat commonly encountered errors. The following screenshot of the edit control window shows my scan parameter as well the expected value.
While checking to see if Qualys was able to traverse the full registry path, I created a registry value existence check for the registry path HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows and the scan reported that the particular key did not exist. Could this be a problem with the authentication I am using? I am using a similar technique to check for the value of Antivirus programs installed and that seems to run absolutely fine.
On testing for registry value existence, Qualys reports that the key HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows does not exist.
On the other hand, HKEY_CURRENT_USER\Software\Policies\Microsoft is found successfuly.
What could be the problem here?
I used regedit to find "ScreenSaveActive" in my registry. On my Windows 7 system it is found at HKEY_CURRENT_USER\Control Panel\Desktop. I manually navigated to HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows but there were no settings there. Have you used regedit to verify your path to the key?
Just to update everyone on the issue, it seems most likely to be some kind of access level problem. I was never able to acquire credentials with higher level access due to compliance issues. I will update the thread when I am 100% sure about the cause of the problem.
On a side note, I have seen where the person's account used to test for the configuration value has access to one configuration value but the credentials used to scan have a different permission level and "see" a different configuration value due to Resultant Set Of Policy (RSOP) encountered with Group Policy use.
This can cause confusion when trying to troubleshoot the issue since the data viewed from the different account permsission levels results in different data being displayed.