Should all the values for each Control Set (ControlSet001,ControlSet003) be the same as the CurrentControl Set? Or when you make chances to the Current Control Set should those filter to the ControlSetxxx?
+1
A:
The general answer is that you shouldn't have to worry about ControlSets aside from CurrentControlSet because they are internally managed by Windows. A full description of ControlSets and the Windows Registry is available in this knowledge base article: http://support.microsoft.com/kb/100010
Eilon
2009-12-30 20:25:30
here is my scenario, we are trying to scan in the registry key for restrictanonymous and have it set to a value of 1. What is happening is the scanner flags a violation for that path when it isn't one.
robby
2009-12-30 20:32:41
I'm not sure I fully understand the scenario. What exactly is this scanner scanning for? If it's looking for a particular registry key in a particular place then it should look only in that one place (which would possibly be in CurrentControlSet, but would never be in the other ControlSets).
Eilon
2009-12-30 20:44:20
the scanner is looking for a value of 1 in this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa|RestrictAnonymous.Even if the correct value is under the CurrentControl Set it flags a violation, but its only happening on 2 servers that dont have the exact value of the other ControlSets
robby
2010-01-05 20:59:37
This sounds like it might be a bug in the scanner. The other control sets might be from other configurations of the OS, but they are not active unless they are the CurrentControlSet. Some of the other control sets might only apply to mis-configured OSes, and are not reliable. I don't think tools should ever scan the other control sets unless they are perhaps scanning for malware (in which case you always want to scan everything).
Eilon
2010-01-05 21:59:17