156
This key determines the LDAP server (ldapagnt.lib) handling of LDAP bind command requests as
follows:
•
1 (default) or not defined: The AD’s LDAP agent always supports LDAP client request for LDAP
traffic signing when handling a LDAP bind command request which specifies a SASL
authentication mechanism.
•
2: The AD’s LDAP agent only supports SASL in a LDAP bind command request unless the
incoming request is already protected with TLS/SSL. It rejects the LDAP bind command request if
other types of authentication are used. If the LDAP bind command request does not come in via
TLS/SSL, it requires the LDAP traffic signing option in the client security context.
Generate An Administrative Alert When The Audit Log Is Full
Key Path: HKLM\SYSTEM\CurrentControlSet\Services\Alerter
Format
Value
Key:
Parameters
Value Name:
AlertNames
REG_MULTI_SZ <Target
Username or
computername>
Important:
The aforementioned registry value name and registry value may need to be created. This
registry setting depends upon the Alerter service to be running on the source computer (i.e. NAS
system) and the Messenger service to be running on the target computer (i.e. Administrator
workstation).
This key enables the generation of an administrative alert when the audit log reaches a full condition.
4
E3/F-C2 Security Compliancy
This chapter depicts all of the modification steps necessary for Administrators to meet E3/F-C2
security requirements within their network and HP NAS server systems. All E3/F-C2 system
modifications within this document are based upon the Information Technology Evaluation Manual
(ITSEM) at
http://www.boran.com/security/itsem.html
to meet Information Technology Security Evaluation
Criteria (ITSEC) security requirements within the United Kingdom, Germany, France, and the
Netherlands.
To meet E3/F-C2 security requirements, administrators must complete all security modification
instructions listed within Chapter 3, “C2/CC Security Compliancy”.
HP’s Security Enhancements (SE) for Windows Server 2003 can also be installed to further increase
NAS server system security to achieve BS7799 security compliancy. HP’s SE for Windows Server
2003 can be downloaded at:
http://www.software.hp.com/portal/swdepot/displayProductsList.do?category=ISS
. Additional information
on HP’s SE for Windows Server 2003 can be reviewed at:
http://www.hp.com/hps/security/products/info/winserv03se_wp.pdf
.
5
For more information
www.hp.com/go/nas
© 2004 Hewlett-Packard Development Company, L.P. The information
contained herein is subject to change without notice. The only warranties for
HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed
as constituting an additional warranty. HP shall not be liable for technical or
editorial errors or omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation in the U.S.
and other countries and is used under license.
366514-001 05/2004