- Open Vulnerability and Assessment Language -
Deprecation Report


< accesstoken_item >

Deprecated As Of Version: 5.11
Reason: Replaced by the userrights_item. The accesstoken_test suffers from scalability issues when run on a domain controller and should not be used. See the userrights_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

The access token item holds information about the individual privileges and rights associated with a specific access token. It is important to note that these privileges are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. Each privilege and right in the data section accepts a boolean value signifying whether the privilege is granted or not. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.



< auditeventpolicysubcategories_item >

The auditeventpolicysubcategories_item is used to hold information about the audit event policy settings on a Windows system. These settings are used to specify which system and network events are monitored. For example, if the credential_validation element has a value of AUDIT_FAILURE, it means that the system is configured to log all unsuccessful attempts to validate a user account on a system. It is important to note that these audit event policy settings are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information on each setting. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.

Note that when audinting is disabled each of the entities listed below should be set to 'AUDIT_NONE'.

Child Elements Deprecation Info
kerberos_ticket_events

Audit the events produced during the validation of Kerberos tickets provided for a user account logon request.

Deprecated As Of Version: 5.11
Reason: This entity does not map to any known audit event policy subcategory.
Comment: This entity has been deprecated and will be removed in version 6.0 of the language.


< fileauditedpermissions_item >

This item stores the audited access rights of a file that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.

Child Elements Deprecation Info
trustee_name

This element specifies the trustee name associated with this particular SACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.

Deprecated As Of Version: 5.3
Reason: Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.
Comment: This entity has been deprecated and will be removed in version 6.0 of the language.


< fileeffectiverights_item >

This item stores the effective rights of a file that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.

Child Elements Deprecation Info
trustee_name

This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.

Deprecated As Of Version: 5.3
Reason: Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.
Comment: This entity has been deprecated and will be removed in version 6.0 of the language.


< group_item >

Deprecated As Of Version: 5.11
Reason: Replaced by the group_sid_item. This item uses trustee names for identifying accounts on the system. Trustee names are not unique and the group_sid_item, which uses trustee SIDs which are unique, should be used instead. See the group_sid_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

The Windows group_item allows the different users and subgroups, that directly belong to specific groups (identified by name), to be collected. The collected subgroups will not be resolved to find indirect user or subgroup members. If the subgroups need to be resolved, it should be done using the sid_object. Note that the user and subgroup elements can appear an unlimited number of times. If a user is not found in the specified group, a single user element should exist with a status of 'does not exist'. If there is an error determining the users of a group, a single user element should exist with a status of 'error'. If a subgroup is not found in the specified group, a single subgroup element should exist with a status of 'does not exist'. If there is an error determining the subgroups of a group, a single subgroup element should exist with a status of 'error'.



< regkeyauditedpermissions_item >

This item stores the audited access rights of a registry key that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.

Child Elements Deprecation Info
trustee_name

This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.

Deprecated As Of Version: 5.3
Reason: Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.
Comment: This entity has been deprecated and will be removed in version 6.0 of the language.
standard_synchronize

The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.

Deprecated As Of Version: 5.6
Reason: This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.


< regkeyeffectiverights_item >

This item stores the effective rights of a registry key that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.

Child Elements Deprecation Info
trustee_name

This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.

Deprecated As Of Version: 5.3
Reason: Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.
Comment: This entity has been deprecated and will be removed in version 6.0 of the language.
standard_synchronize

The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.

Deprecated As Of Version: 5.6
Reason: This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.


< user_item >

Deprecated As Of Version: 5.11
Reason: Replaced by the user_sid_item. This item uses trustee names for identifying accounts on the system. Trustee names are not unique and the user_sid_item, which uses trustee SIDs which are unique, should be used instead. See the user_sid_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

The windows user_item allows the different groups (identified by name) that a user belongs to be collected.



< wmi_item >

Deprecated As Of Version: 5.7
Reason: Replaced by the wmi57_item. This item allows for single fields to be selected from WMI. A new item was created to allow more than one field to be selected in one statement. See the wmi57_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

The wmi_item outlines information to be checked through Microsoft's WMI interface.