Data collection support for Windows CIS standards without domain cache dependency (SCU 2018-1)

book

Article ID: 171851

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

When a data collection job is executed for a CIS standard on Windows platform, domain cache is created on a CCS Manager computer by default for all the involved domains. In case of agent-based data collection, domain cache that is created on a CCS Manager is synchronized on an agent computer.

CCS Manager uses domain cache credentials (which you must specify) to connect to the domain controller (Active Directory), and fetches the required information to build or update the cache.

Before SCU 2018-1, if a user could not or was not allowed to connect to the Active Directory (due to environment constraints), domain cache was not created. In absence of domain cache, data collection job was terminated.

Resolution

From SCU 2018-1 onwards, you can choose whether to create domain cache during data collection or not. You can also specify domains for which you do not want cache to be created. In absence of domain cache, local information of users and group members is used for data collection, and the data collection job is not terminated.

For detailed information about this supoprt, refer to the Support_for_CIS_standards_without_domain_cache dependency.pdf document attached in the Download Files section of this article.

Attachments

Support_for_CIS_standards_without_domain_cache dependency.pdf get_app