Network Audit and Documentation, CENTREL Solutions Blog

This week we have been working on support for PCI-DSS and CIS compliance auditing. One of the CIS server requirements is to ensure that the following is configured 2.2.34 Set 'Profile system performance' to 'Administrators, NT SERVICE\WdiServiceHost' (Scored) Rather than code string values into the product (which can cause problems with foreign language operating system installations) we use the well known security identifiers of these built in accounts. The security identifier of the "NT SERVICE\WdiServiceHost" account does not appear to be documented (well not easily found anyway) so here it is. The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420" This has been tested on Windows Server 2008 R2 Windows Sever 2012 Windows Server 2012 R2 Windows 10

Today we received a testimonial from one of our customers using our software to help with their PCI-DSS requirements. We're hoping to improve the alignment of XIA Configuration Server to PCI-DSS in the coming months. XIA Configuration Server has helped us with reporting and evidence gathering aspects of the PCI-DSS process and has provided valuable insight into systems that have not met specific PCI-DSS requirements for remediation purposes. The software is light on system resources and requirements great when for IT audits and other system checks to ensure that required systems are in line with PCI-DSS requirements. The version comparison feature provides proof against change controls and provide a great time saving advantage on otherwise tedious admin overhead. The CENTREL Solutions team is dedicated to providing service excellence and provide product enhancements to keep up with our growing demands. Shimmy Garoeb System Administrator (

We've recently been asked to help gather information for the following PCI-DSS requirement 10.4 Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time. So we've added some new information gathering and reporting to our server documentation tool.

Fine-grained password policies allow the definition of multiple password and account lockout policies for different sets of users in a domain and are available on Windows 2008 and above. With the XIA Configuration Server Active Directory documentation agent you can now automatically document these settings. The documentation includes Name Precedence Description Minimum Password Length Password History Password Must Meet Complexity Requirements Store Password Using Reversible Encryption Minimum Password Age Maximum Password Age Last Updated Creation Date Account Lockout Policy Account Lockout Duration Reset Failed Logon Attempts After (minutes) Applies To (accounts)  

We've often been asked about gathering the recovery settings for Windows services and providing it as part of the audit documentation. Recovery settings determine what actions a service should take (on Windows 2000 and above) should the service fail. The actions can include restarting the service or the computer or running a program. The problem is that the standard PowerShell command Get-Service and the WMI class Win32_Service do not provide this information.   The good news is that we've now updated our server documentation tool with the ability to gather service recovery information which you can then query with PowerShell, view in the web interface or export to PDF . For more information visit our web site .

If you see the error "Install_WatsonX86_Cpu32_Action" when installing SQL Server check to see if there are any other installations started on the machine and close them. The SQL Server installer should then continue.