Data Custodians must:

  • Designate appropriate individuals with system administration responsibilities, ensuring that their role in securing the system is defined in their job description, and that they are trained in administration and security of the system.
  • Ensure adherence to UAB guidelines and procedures for protecting data as found in IT Security Practices.
  • Ensure compliance with all stipulations of this and other UAB policies and other legal and regulatory requirements including those related to dissemination of data (UAB's Information Disclosure and Confidentiality Policy) and disposal of computer equipment and systems (UAB's Equipment Accounting standards, and "Guidelines for secure disposal of media containing sensitive information").
  • Ensure that risk assessments are performed (including disaster recovery plans, backup and contingency plans) as required by HIPAA for all PHI. Risk assessment is recommended for all other sensitive or mission critical data.
  • Ensure that documentation of data resources created, used, or stored within their area of control is maintained.
  • Ensure that systems containing sensitive information are physically secured from unauthorized access.
  • Ensure that the department/unit follows procedures to mitigate all identified compromises or identified data security threats.
  • Ensure that actual or suspected data security breaches, especially when involving sensitive data, are reported to the Data Security Office immediately and that any recommended corrective action is implemented.
  • Ensure that non-UAB entities or contracted third party vendors handle data in accordance with UAB policies and procedures.

Departmental IT representatives at UAB can bring discs, along with the UAB Secure Media Destruction Chain of Custody Form, to the AskIT Help Desk location at CEC 225.The discs are stored securely until they are picked up by Desktop Support staff. They are delivered to the Waste Holding Facility to be destroyed using the metal shredder.   

 

Jump to a Section:

PGP Deployment Strategy

  1. Create a resource account on the UAB domain under your OU (AskIT can assist you with this). You typically want this to represent your department and PGP (e.g. SOPH-PGP or SOM-PGP).
  2. Login to the laptop and add a PGP account.
    1. If the laptop is on the UAB domain, add the resource account to the administrators group and proceed through the installation documentation while using that account.
    2. If the laptop is on a different domain or no domain at all, you can create a new admin and install PGP with that account.
  3. When you are prompted to enroll with the PGP server, provide the resource  or admin account credentials. This creates a recovery token that you can request to gain access to the machine (should you ever find yourself locked out of the system).
  4. When the installation is complete, you will need to add the user(s) to PGP with their normal login credentials and when the login, they will enter their BlazerID credentials in the enrollment screen (this generates a recovery token in case they ever have password issues).
  5. Remove the resource account from the administrators group at the end of the process. Removing admin rights from the PGP resource account ensures that if the password for either your domain admin account or PGP resource account is ever compromised, that the account only runs at a user level (additionally, compromised domain admin credentials don’t grant access to every encrypted laptop). To work on the system, you would have to input the PGP password, choose “Logout”, and then enter the admin account credentials.


How Different PGP Components Address Different Needs

PGP Whole Disk Encryption
Encrypts the whole hard drive or USB drive. Removable devices are not readable on a system unless PGP is installed. This option is most useful in cases where blanket encryption is needed.

PGP Virtual Disks
Creates a virtual drive (.pgd) that is only mountable on a system with PGP. A virtual disk can be added to portable drive to provide secure storage for sensitive information without forcing the entire drive to be encrypted. This gives the user the power to use the drive on systems without PGP, thus leaving flexibility intact and providing security for sensitive information because it cannot be accessed without PGP.

PGP Zip Archives
Creates a compressed and encrypted archive of files that in most cases can only be accessed on a system with PGP. If the user has PGP installed on a PC, then they are able to create “Self Decrypting Archives”. This particular archive type allows anyone with the passphrase to extract the secure contents of the file without having PGP installed. Self-decrypting archives are particularly useful when users need to move sensitive data and PGP may not be available at the destination.


PGP In-Depth

Installation
During setup, the system must must have access to the Internet or the UAB campus network in order to authenticate on the key-server (the address is embedded in the installer and is later added to the Windows Registry or Mac User Preferences). When you come to the point in the installation that you enter a BlazerID or resources account as enrollment credentials, they are sent to the key-server which checks against LDAP. Once you have successfully authenticated, the server will send some configuration information to the client and also create an entry under your BlazerID that will include information about the computer you are encrypting.

Passwords
Unless the BlazerID credentials are used to login to the system, they are only used to create a Whole Disk Recovery Token (WDRT) with the server; the user name and password for the local user are separate and aren’t sent to the server. Instead, an encrypted hash of the local password is cached in the PGP client once it’s used to login to Windows. So if you change a password, it will be updated only after it is used; not when the password is changed. This means that if the user chooses to restart immediately after changing their password, the old password must be used on the PGP Bootguard screen and the single sign-on feature (Windows) won’t log them in because Windows is expecting the new password. To prevent this situation from occurring, the user should probably choose to logout then login after a password change. The cached password should update immediately and the new password will work with the PGP Bootguard screen.
If multiple users plan to use a Windows system with PGP, ensure that all of the users set unique passwords. If multiple users have the same password, then PGP will assume that the last user to login is the one authenticating.

Accounts

  • Windows
    On a PC installation of PGP, single sign-on is used and accounts are verified. When you add a passphrase user to PGP, it will require that a strong password is used and that it matches the account password on the machine. If the user doesn’t exist or it has a blank password, you will receive an error message and the user will not be added. The relationship between PGP and Windows accounts is limited to those that exist and adding or removing a user in one location does not change the state of the other location. So if you remove a Windows user account, the entry will still exist and work in PGP but single sign-on will not be possible.

  • Mac
    On a Mac installation of PGP, single sign-on is not used and the passphrase users in PGP are not tied to any operating system accounts. This is due to the fact that PGP writes to a preference file under the profile that installs PGP and does not add any important configuration info to the main preferences folder or user folders. Because the preferences are different for every user, when a user other than the one that installed PGP attempts to load the software, they are treated as if they are not licensed and that there is no known key-server. This is now corrected by an application and documentation that is added to installer file under “PGP-User Enrollment.app”.

So when you consider the behavior of PGP for Macs version 9.9 you could view each passphrase user as nothing more than a password that will get you past the PGP Bootguard screen.

Encryption

If the policy (configuration) of your PGP client requires that the primary hard drive is encrypted, the process will begin once you have added a passphrase user and complete the configuration steps. Regardless of whether you start the encryption automatically or manually, the software first creates a Whole Disk Recovery Token on the server under your BlazerID, and then it installs the PGP Bootguard.

  • Windows
    On a Windows system installing the Bootguard means that the software creates a backup of the MBR and then installs a PGPMBR in its place. This is the point where dual-boot systems normally break (the other components of PGP don’t cause this).

  • Mac
    On an Intel-Mac, the Extensible Firmware Interface (EFI) normally hands off to the GUID Partition Table (GPT). But when a Mac is encrypted with PGP, the EFI is backed up and replaced by one that loads the encryption software. This is also the point where Bootcamp is broken.

From this point on, the PGP Bootguard screen is installed and a valid passphrase must be provided before the drive can be accessed. If the drive is removed or booted in an alternate method, the data can’t be accessed or read unless it is on a machine with PGP and a valid passphrase is used to unlock the device.

Recovery Tokens
If you or a user is ever locked out of a machine for whatever reason, you can call AskIT and they can give you the recovery token for your username on that system. The recovery token is a string of 28 characters (dashes are optional) that will provide access beyond the PGP Bootguard screen but will not let you in the operating system. If you don’t have any passwords to the system that can grant you access as an administrator, then you should consider decrypting the drive with the proper PGP boot disk or from an encrypted workstation and then go through your normal recovery procedures. Once a recovery token is created, an entry is logged on the server and the system is flagged as needing a new WDRT. If you successfully login to the account that the WDRT was for, the client will then attempt to negotiate the creation of a new WDRT with the server (which requires a network connection to the server).


Troubleshooting Tips

Update the System Time

If the system time is out of date, PGP may not be installed correctly. If you have already installed PGP before updating the system time so that it is automatically synchronized, you may receive error messages such as "This configured PGP install requires an enterprise license," or notice that PGP is not functioning properly. In order to resolve this issue you will need to update the system time and completely reinstall PGP. Follow the steps below to update system time on a Windows machine:

  1. Open the "Date and Time Properties" by double-clicking on it in the task bar, or by clicking on "Start," selecting "Control Panel" and choosing "Date and Time" (it may be under "Date, Time, Language and Regional options).
  2. Correct the date and time information, then click "OK" to save changes.

Correcting Networking Issues Caused by PGP

  1. Install PGP
  2. Go to C:\Windows\system32\PGPIspRollback.reg
  3. Right-click the file and choose Merge
  4. Restart the PC

Completely Resetting PGP (Windows)

 

CAUTION: DO NOT RESTART THE PC BETWEEN ANY STEPS

  1. Be sure that the computer is online and can connect to the Internet.
  2. Exit any running instance of PGP or PGP Services.
  3. Open regedit and go to HKLM\SOFTWARE\PGP Corporation\PGP. Change PGPSTAMP to be ovid=keys.it.uab.edu&admin=1
  4. Delete the following folders:
    C:\Documents and Settings\All Users\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\Local Settings\Application Data\PGP Corporation
    C:\Documents and Settings\%userprofile%\My Documents\PGP
  5. Restart PGP by clicking on Start->PGP->PGP Desktop. Be sure you enter your BlazerID credentials on the enrollment screen and select "New User".

Hard Drive Recovery
If you have the drive slaved to a working machine with the same version of PGP Desktop try the following:

  1. Open a CMD prompt.
  2. Go to: c:\Program Files\PGP Corporation\PGP Desktop\
  3. Run pgpwde -enum (this will list all the drives available on your machine, find the drive number for the encrypted drive, the first will be disk 0 (your boot drive) then disk 1, then disk 2 and so on)
  4. Once you have your disk number, try: pgpwde disk #(one u found) --recover (so if its disk 1 it would be: pgpwde --disk 1 --recover), the pgpwde will search your disk for a backup sector, if it finds one it will restore it.
  5. If it restores the sector, then do: pgpwde --disk # --decrypt --passphrase “enter within double-quotes”
  6. To determine whether the drive is still instrumented (MBR Swapped) run: pgpwde –status –disk #
  7. If the disk is instrumented, run: pgpwde --uninstrument --disk #

Verbose Logging on PGP

  1. Open the registry with regedit
  2. Browse to HKEY_CURRENT_USER->SOFTWARE->PGP CORPORATION->UNIVERSAL
  3. Create a new "KEY" in here called "Debug"
  4. Inside HKEY_CURRENT_USER->SOFTWARE->PGP CORPORATION->UNIVERSAL->Debug, create a DWORD value called "LoggingLevel"
  5. Give the "LoggingLevel" entry a HEX value of "3FFFF"
  6. Right click your pgptray icon and choose Exit PGP Services.
  7. Click Start->Programs->StartUp->pgptray.exe
  8. Open PGP Desktop and select Tools>View Log. Set “View Level” to Verbose.
  9. If the application is crashing prior to launch, click Start->Run and type "%appdata%"
  10. Once you have your Application Data folder up, open "PGP Corporation", then open "PGP".
  11. You should see "PGPlog.txt" with debug logging data in it.


PGPWDE Command Line

Many helpful commands can be issued to PGP from a command line which provides many opportunities for scripting and remote modification.

Windows
The PGP WDE command line utility is installed at C:\Program Files\PGP Corporation\PGP Desktop\pgpwde.exe on Windows machines and "pgpwde  --help" will produce a basic listing of commands. For a more complete listing of commands and explanation see the PGP Windows Command Line Guide at: https://supportimg.pgp.com/guides/PGPwdeWinCmdline_991_usersguide_en.pdf

Mac
The PGP WDE command line utility on a Mac can be accessed by opening a terminal window and typing "pgpwde ". Issuing "pgpwde  --help" will produce a basic listing of commands. For a more complete listing of commands and explanation see the Mac Command Line Guide at: https://supportimg.pgp.com/guides/PGPwdeMacCmdline_991_usersguide_en.pdf

There is certain information you are not allowed to update for your listing in the electronic phonebook. To update items like department, job title, campus address, or telephone number, consult the HR and administrative person in your office. He/she can submit an ACT form to have these items updated for you.

For UAB employees:

Each UAB employee shall be accountable for current and accurate electronic phonebook listings.

Accuracy is critical in order for both all UAB and Health System employees to be contacted. Failure to comply shall result in misdirected calls and erroneous information.

The process for individuals to verify and/or update listing information is as follows:

  1. Establish a BlazerID at http://www.uab.edu/blazerid
  2. Go to http://www.uab.edu/phonebook
    1. Follow online instructions to query the phonebook for your individual listing. The results should list the individual requested.
    2. To verify or make changes to the individual listing, click on the name field. The individual listing information will be displayed.
    3. To make changes to the information listed, click the Change Information button.
    4. Enter your BlazerID and password.
      1. If you have forgotten your BlazerID password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.
      2. Fields with blue buttons can be modified online by the individual.
      3. Fields with red buttons are notmodifiable online and are provided from official UAB records.
        1. If you are a UAB employee and wish to make changes to fields with red buttons, updates must be submitted to HRM Records via an Oracle ACT form.
        2. You can click on the help icon next to each field to determine which office supplied the particular information.
  3. An Oracle Act form must be submitted any time there is a change to the following items:
    1. Office phone number(s)
    2. Office fax number
    3. Physical office location
    4. Department
    5. Job title

For HSF Employees:

Each HSF employee shall be accountable for current and accurate electronic phonebook listings.

Accuracy is critical in order for both all UAB and Health System employees to be contacted. Failure to comply shall result in misdirected calls and erroneous information.

The process for individuals to verify and/or update listing information is as follows:

  1. After establishing a BlazerID at http://www.uab.edu/blazerid
  2. Go to http://www.uab.edu/phonebook
    1. Follow online instructions to query the phonebook for your individual listing. The results should list the individual requested.
    2. To verify or make changes to the individual listing, click on the name field. The individual listing information will be displayed.
    3. To make changes to the information listed, click the Change Information button.
    4. Enter your BlazerID and password.
      1. If you have forgotten your BlazerID password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.
      2. Fields with blue buttons can be modified online by the individual.
      3. Fields with red buttons are not modifiable online and are provided from official UAB/HSF records. If you are an HSF employee and wish to make changes to fields with red buttons, you must contact one of the HR specialists at the Human Resource Center at 731-9600. 
      4. You can click on the help icon next to each field to determine which office supplied the particular information.
  3. If you are an HSF employee and wish to change your office phone number(s) and/or physical office location, contact an HR specialists at the Human Resource Center at 731-9622. 
    1. All other personnel changes, such as Department Name or Title, must be submitted by a departmental supervisor using the personnel action form process.
Published in FAQ - Infrastructure

To access the UAB Electronic Directory, go to http://www.uab.edu/phonebook.

In the row of buttons towards the bottom of page, locate and click the green button labeled Authenticate

On the page that appears, enter your Blazer ID and Password.

Note:If you do not have a BlazerID or have forgotten your Blazer ID and/or password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.

 

Click the "Login!" button

You will be directed to the UAB Electronic Phonebook page. Note the three search parameters available to you. By default, the directory searches "all listings" that "match" the name you type in.

 

Type the name of your entity in the textbox.

Click the "Go!" button. Your search may return several entities. Find the correct one and click on its name to continue to its directory page. The entity's page should appear similar to the example below. 

 

Depending on your permissions, you may or may not see all of the red buttons above. However, if you do not see the red Bluepages button, please consider the following: 

  • Make sure you authenticated (signed in with BlazerID and password). If you haven't, you should see the green Authenticate button on the page. Click on that to sign in.
  • Make sure you are viewing an entity, not an individual. Sometimes, there are several entities and individuals with related names. Conduct a new search by clicking on the green New Search button. Type in a more general name (for example, "Campus Directory" instead of "UAB Campus Directory"). The search should return more listings. Look under the Entity section of the return list for the correct listing, and click its name.
  • If you are still having trouble, you may not have permission to add, edit or delete bluepage listings.

1. To Add a Listing: Click on the red Bluepages button . The bluepage listings page (below) will appear. Towards the top of the page, locate the Insert new listing section. 

 

Type the contact's Social Security number or BlazerID. Click "Add!" The Add Blue Pages Listing page will appear. Type in the additional information and click "Add!" again.

By default, the new add will appear first in the listing. However, you may change its position in the Changing listing(s) order section of the page (above). Click "Move it!" to complete the change.

2. To Change a Listing's Information: Click on the red Bluepages button , scroll down, and locate the name of the contact. Click on the contact's social security number to edit his/her information.

However, please recognize what you can and cannot do. Fields with Blue buttons  can be modified on-line and will display a text box. Fields with Red buttons  are NOT modifiable on-line and are provided from official UAB records.

 

  • If you are an UAB employee and wish to make changes to fields with Red buttons, updates must be submitted through the departmental HR officer via an Oracle ACT Data change form.
  • You can click on the help icon next to each field to determine which office supplied the particular information.

Click "Change!" You will be directed back to the listing.

3. To Delete a Listing: Click on the red Bluepages button , scroll down, and locate the name of the contact you wish to delete. Click on the contact's social security number to bring up the edit information page.

Locate the Check box to delete listing checkbox and click to select the box.

 

Click "Change!"  

f that person is authorized at a higher level, there will not be a "Change!" button displayed. It will have to be unchecked by a person at a higher level. 

If no other changes are needed, then you MUST select the "END SESSION" button  at the top of the screen to logout of the record.

Should you need technical assistance with the Blue Pages listings process, contact AskIT at 996-5555 or at This email address is being protected from spambots. You need JavaScript enabled to view it. .

Published in FAQ - Infrastructure

To access the UAB Electronic Directory, go to http://www.uab.edu/phonebook.

In the row of buttons towards the top of page, locate and click the green button labeled Authenticate

On the page that appears, enter your Blazer ID and Password.

Note:If you do not have a BlazerID or have forgotten your Blazer ID and/or password, you must complete the BlazerID password reset form at http://www.uab.edu/blazerid or contact AskIT at 996-5555.

 

Click the "Login!" button

You will be directed to the UAB Electronic Phonebook page. Note the three search parameters available to you. By default, the directory searches "all listings" that "match" the name you type in.

 

Type the name of your entity in the textbox.

Click the "Go!" button. Your search may return several entities. Find the correct one and click on its name to continue to its directory page. The entity's page should appear similar to the example below. 

 

Depending on your permissions, you may or may not see all of the red buttons above. However, if you do not see the red Bluepages button, please consider the following: 

  • Make sure you authenticated (signed in with BlazerID and password). If you haven't, you should see the green Authenticate button on the page. Click on that to sign in.
  • Make sure you are viewing an entity, not an individual. Sometimes, there are several entities and individuals with related names. Conduct a new search by clicking on the green New Search button. Type in a more general name (for example, "Campus Directory" instead of "UAB Campus Directory"). The search should return more listings. Look under the Entity section of the return list for the correct listing, and click its name.
  • If you are still having trouble, you may not have permission to add, edit or delete bluepage listings.

Click on the Add Entity button and the following screen will return. Complete all of the applicable information in the form. Choose the best fit from the list of values associated with the Entity Type.

  • Remember once you click on the ADD button the entity is created and can not be deleted without the assistance of the programmers. Therefore, please verify all information and confirm where the entity should report BEFORE clicking the ADD button.


If no other changes are needed, then you should select the "END SESSION"  button at the top of the screen to logout of the record.

Should you need technical assistance with the add entity listing process, contact AskIT at 996-5555 or at This email address is being protected from spambots. You need JavaScript enabled to view it. .

Published in FAQ - Infrastructure

This service is intended for real-time distribution of e-mail and attachments to related dynamic populations of employees and students. Users must be specifically authorized to distribute to these populations.

In its most direct form, authorized persons can utilize PEBBLES by sending e-mail to specially formatted e-mail addresses, where the username of the address indicates a criteria for distribution. The criteria can include Oracle orgunits, school and academic department codes, class levels, and so on.

Because remembering all of the possible criteria can be confusing, the PEBBLES Wizard is available for determining and managing its distribution addresses.

A few examples of direct PEBBLES addresses include:

  • This email address is being protected from spambots. You need JavaScript enabled to view it. - distribute to all employees under Oracle unit 19 (Vice President of Information Technology)
  • 19-status01@pebbles... - distribute to all full-time employees under VPIT
  • PA-STU@pebbles... - distribute to all students in the Public Administration program
  • EE-GRAD-STU@pebbles... - distribute to all graduate students in Electrical Engineering

Q: My department/school uses a specific software application for many users and I'm fairly sure several other departments/schools at UAB use it as well.  Is there a more economical way to purchase that software

A: Possibly, through either a volume discount arrangement or through a site license.  First, contact AskIT to see if any discounts are already in place. If not you can send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.  for review. Make sure and include all pertinent information about the product such as areas known to be using the software, number of licenses currently owned, manufacturer, product name/version, etc., and why you feel a site license may be applicable.

In the case of MS Office and a few other MS products under the UAB Campus Agreement, yes, but with some limitations and not using the same media/download as you used for your UAB owned system. See the related links below for more information.  Keep in mind not all software allows home use rights and each license should be verified before loading any software.

1. Overview

The IT Administrator's view of Secunia is via the "Secunia CSI" Console.   There are two subcomponents available.  

  • Deploying Secunia CSI Agents (Scan systems for software vulnerabilities)
  • Deploying Secunia PSI Agents (Scan systems for software vulnerabilities, provide some automatic patching and give reporting to end user).

1.1 Notes

  • UAB has a site license (currently through Fall 2013) for this software though there are license counts associated with the software and administrator accounts.
  • Secunia PSI can only have 1 linkID per reporting subaccount!
  • Secunia PSI can be configured to report to a CSI instance or be standalone. Personally owned devices should generally use the non-reporting PSI.
  • UAB IT's initial deployment does not include pushing patches via WSUS. How to accomplish this on top of our existing WSUS processes and coming Forefront-based processes is being examined.

2. PSI Usage

If you are only worried about one or two systems (like a workstation), use the end user install of secunia PSI.

3. CSI Usage

Full documentation is available at http://secunia.com/vulnerability_scanning/corporate

  • Establishing Subaccounts. Each subaccount is a unique set of reporting views and licensing counts. Accounts can either be subordinate or they can be a "shadow" of an existing account.
  • Reporting (AdHOc or Scheduled Email); Several are available including static URLs that you can include in existing webpages as a dashboard for system status.
  • Integration with Secunia PSI;
  • Patch deployment Integration with WSUS or SCCM; This requires your own WSUS infrastructure. UAB IT is currently examining how to offer third party patches beyond Microsoft.

3.1 Getting Started with CSI

  1. Contact This email address is being protected from spambots. You need JavaScript enabled to view it. and request an account. Please indicate an approximate number of systems and other administrators you will need.
  2. You will receive an email with your account username and password from Secunia This email address is being protected from spambots. You need JavaScript enabled to view it. .'; document.write(''); document.write(addy_text18669); document.write('<\/a>'); //-->\n This email address is being protected from spambots. You need JavaScript enabled to view it.
  3. Download and install the CSI Management console from http://secunia.com/vulnerability_scanning/corporate
  4. Login to the CSI Console with your assigned username and password. You can change your password at anytime.

3.2 Downloading CSI Agent

Please note that a csia.exe download is bound to an account.  If you end up with multiple accounts, please make sure to keep your csia.exe unique.

  1. Go to Scan > Scheduled Scanning > Download Agent; There is also a manual available on this screen.
  2. Choose an installation methodology. At the end of this document is an example script that will run csia.exe using the -NAME of the hostname as the "group" .

3.3 Downloading a Linked PSI Agent

PSI agents are nice for situations where end users take some responsibility for the software they install and keep up to date.   Please refer to end-user documentation for dealing with some of the caveats associated with PSI, especially with Java.

  1. Go to Scan > PSI Integration > Download Custom PSI
  2. Create a unique LinkID for your area. This cannot be changed.
  3. Save the custom installer as PSISetup!.exe; The name of the installer should not be changed.

3.4 Creating a shadow account

This is an account with the same reporting scope as an existing account.

  1. Navigate to User Management > Shadow Accounts
  2. Click New Shadow Account
    • Name: Real Name
    • UserName: This email address is being protected from spambots. You need JavaScript enabled to view it.
    • Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
    • Click "Generate Password"
    • Select the level of access they need to have to your main account
      • Read/Write (Can make changes/delete hosts/regroup systems)
      • Read (Can view reports/system status)

3.5 Creating a subaccount

This is an account with a new reporting scope.  This will not roll up into your main set of reports.  This is useful for delegated responsibility situations such as labs.  If you want someone else to have the same rights as you, create a shadow account!

  1. Navigate to User Management > Accounts
  2. Click New Account
    • Name: Real Name
    • UserName: This email address is being protected from spambots. You need JavaScript enabled to view it.
    • Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
    • Click "Generate Password"

4. Secunia CSI Login Scripts

This script is suitable for being used as a login script or as a scheduled task.   Please share any suggested changes to this script.

'==========================================================================
'
' NAME: runsecunia.vbs
'
' AUTHOR: Chris Green This email address is being protected from spambots. You need JavaScript enabled to view it.
' AUTHOR: Aaron Blum    This email address is being protected from spambots. You need JavaScript enabled to view it.
' DATE  : 2/2/2011
' DATE  : 5/1/2012 (updated)
'
' COMMENT:
'
'  Runs the Secunia csia agent (different visibility scopes per user) and
'    sets the site to the active OU|
'  
' CHANGES:
'     5/1/2012 - Updated Script to work with Secunia 5.0 Agent
'     2/2/2011 - Made csia execute in background.
'
' This default configuration assumes that the csia.exe file is
'   in the "C:\Secunia\" folder and that logs are to be placed
'   in the "C:\Secunia\logs" folder.
'
' It also configures the agent to check-in every two days
'  This can be modify by adjusting the flag after the -i in SecuniaCmd
'
' Change these values where needed.
'
'==========================================================================
' SEC (AKA Chris Green) Login Script

 'On Error Resume Next

'' full path to CSI Program
''const CsiaPath = "%ProgramFiles%\Secunia\csia.exe"
const CsiaPath = "C:\Secunia\csia.exe"
'' Output log directory, Log will be username.sec
''const LogPath = "%ProgramFiles%\Secunia\logs\"
const LogPath = "C:\Secunia\logs\"
'' Run in foreground?
const bInteractive = False

Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
' Overwrite the last instance of the logs
Dim objLogPath, ouGuess, idxDash, secuniaCmd
objLogPath = LogPath & objNetwork.UserName & ".sec"
Set objLog = objFSO.OpenTextFile(objLogPath,2,true)

TimeStamp = Year(now) & "-" & Month(now) & "-" & Day(now) & "-" & Hour(now) & Minute(now)
ouGuess = "ADLogonScript"
idxDash = InStr(1,objNetwork.computername, "-", 1) - 1

If idxDash > 0 Then
   ouGuess =  Mid(objNetwork.computername, 1, idxDash)
End If  

objLog.WriteLine("[*] Secunia " & objNetwork.UserName & "@" & objNetwork.computername & " on " & Now)

secuniaCmd = CsiaPath & " -i 2D -L -g " & ouGuess & " -v --skipwait -d " & LogPath & TimeStamp & "_csia.log"
objLog.WriteLine("[*] Secunia Executing with " & secuniaCmd)

If bInteractive Then
                set oExec = objShell.Exec(secuniaCmd)

                ' Wait for the scan to complete
                Do While Not oExec.StdOut.AtEndofStream
                                strText = oExec.StdOut.ReadLine()
                                objLog.WriteLine(strText)
                Loop

                objLog.WriteLine("[*] Secunia Exited with " & oExec.Status & " on " & objNetwork.UserName & "@" & objNetwork.computername & " on " & Now)

Else
    '' Close the output file, hide csia in the background
                objLog.Close
                objShell.Run "cmd /c " & secuniaCmd & ">>" & objLogPath, vbHide
End If