6 Description of derived tests
This chapter contains details of the tests that the SIU runs. The Reference column links to the relevant section of the MyID documentation.
|
Test ID |
Group |
Tiers |
Description |
Reference |
|---|---|---|---|---|
|
1 |
HW |
WB,AP,DB,DC |
If tier is not Client, test the processor speed is greater than or equal to 2 GHz. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
2 |
HW |
WB,AP,DB,DC |
If tier is not Client, test the system RAM is greater than or equal to 4 Gb. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
3 |
HW |
WB,AP,DB,DC |
If tier is not Client and test case is run directly in a console session, test the display resolution is greater than or equal to 1024x768. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
4 |
HW |
WB,AP,DB,DC |
If tier is not Client and test case is run directly in a console session, test the display resolution is greater than or equal to 1024x768. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
5 |
HW |
WB,AP,DB,DC |
If tier is not Client, get a list of all local disks and the free space in gigabytes available. No test required. |
|
|
6 |
HW |
DB |
If tier is Database Server, test the free space from the local disk with the most free space is greater than or equal to 40 Gb. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
7 |
HW |
WB,AP |
If tier is Web Server or Application Server, get a list of the MyID installation locations on local disks and size of each installation in gigabytes. No test required. |
|
|
8 |
OS |
WB,AP,DB,DC |
If tier is not Client, test the operating system installed is Windows Server 2019 or Windows Server 2022. |
|
|
9 |
DB |
AP,DB |
If tier is Application Server or Database Server, perform SQL query of master database (including Microsoft SQL Azure instances) and test the database installed is SQL Server 2017, SQL Server 2019, or Microsoft SQL Azure. Warn if the database installed is Microsoft SQL Server 2016, as this is end of support. |
|
|
10 |
DB |
AP,DB |
If tier is Application Server or Database Server, perform SQL query of master database (including Microsoft SQL Azure instances) and test the database installed is SQL Server 2017, SQL Server 2019, or Microsoft SQL Azure. If not satisfied, display outcome as an "Untested configuration" warning, instead of a failure. Warn if the database installed is Microsoft SQL Server 2016, as this is end of support. |
|
|
11 |
HW |
CL |
If tier is Client, test the processor speed is greater than or equal to 1 GHz. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
12 |
HW |
CL |
If tier is Client, test the system RAM is greater than or equal to 2 Gb. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
13 |
HW |
CL |
If tier is Client and test case is run directly in a console session, test the display resolution is greater than or equal to 1280x768. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
14 |
HW |
CL |
If tier is Client and test case is run directly in a console session, test the display resolution is greater than or equal to 1280x768. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
15 |
HW |
CL |
If tier is Client, get a list of all local disks and the free space in gigabytes available. No test required. |
|
|
16 |
HW |
CL |
If tier is Client, test the free space from the local disk with the most free space is greater than or equal to 2 Gb. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
17 |
HW |
CL |
If tier is Client, get a list of the MyID installation locations on local disks and size of each installation in gigabytes. No test required. |
|
|
18 |
OS |
CL |
If tier is Client, test the operating system installed is a supported Windows 10 or Windows 11 version. If not satisfied, display outcome as an "Untested Configuration" warning, instead of a failure. |
|
|
19 |
IE |
CL |
If tier is Client, test major part of "svcVersion" of Internet Explorer installed is 11. If not satisfied, display outcome as an "Untested Configuration" warning, instead of a failure. |
|
|
20 |
IE |
CL |
If tier is Client, get if Internet Explorer is installed under "C:\Program Files" and if this is a 64-bit executable. |
|
|
21 |
IE |
CL |
If tier is Client, get if Internet Explorer is installed under "C:\Program Files (x86)" and if this is a 32-bit executable. |
|
|
22 |
DB |
DB |
If tier is Database Server, check that the SqlServer PowerShell module is installed. This module is required to run the SIU tests against the database. If the SqlServer module is not installed, but the SQLPS module is installed, the tests can still run, but as this module is no longer maintained, this test displays a warning. |
|
|
23 |
NW |
CL,WB,AP,DB,DC |
On all tiers, test that each machine successfully performs an ICMP ping test to 0..n Clients. |
|
|
24 |
NW |
CL,WB,AP,DB,DC |
On all tiers, test that each machine successfully performs an ICMP ping test to 0..n Web Servers. |
|
|
25 |
NW |
CL,WB,AP,DB,DC |
On all tiers, test that each machine successfully performs an ICMP ping test to 0..n Application Servers. |
|
|
26 |
NW |
CL,WB,AP,DB,DC |
On all tiers, test that each machine successfully performs an ICMP ping test to Database Server or clusters (excluding Microsoft SQL Azure). |
|
|
27 |
NW |
CL,WB,AP,DB,DC |
On all tiers, test that each machine successfully performs an ICMP ping test to 0..n Domain Controllers. |
|
|
28 |
NW |
CL,WB |
If tier is Client or Web Server, request status codes for all Web Servers using HTTP URL and test that an invalid/missing response (status code not 200) is not returned for each. |
|
|
29 |
NW |
WB |
If tier is Web Server, test firewall profile is either disabled, or (is enabled for domain, firewall rules to allow inbound traffic on TCP port 80 exist and rule is enabled). |
|
|
30 |
NW |
WB |
If tier is Web Server, test firewall profile is either disabled, or (is enabled for domain, firewall rules to allow inbound traffic on TCP port 443 exist and rule is enabled). |
|
|
31 |
AD |
CL,WB,AP,DB,DC |
On all tiers, test if tier is on domain. |
|
|
32 |
AD |
DC |
If tier is Domain Controller, test if service "Active Directory Domain Services" is installed and running. |
|
|
33 |
OS |
CL,WB,AP,DB,DC |
On all tiers, get local machine’s culture name. No test required. |
|
|
34 |
OS |
CL,WB,AP,DB,DC |
On all tiers, get local machine’s long date format pattern. No test required. |
|
|
35 |
OS |
CL,WB,AP,DB,DC |
On all tiers, get local machine’s short date format pattern. No test required. |
|
|
36 |
OS |
CL,WB,AP,DB,DC |
On all tiers, get local machine’s language tag. No test required. |
|
|
37 |
.NET |
WB,AP,DB |
If tier is Web Server, Application Server or Database Server, test .NET Framework version installed includes 4.8 or above. |
|
|
38 |
.NET |
|
If tier is Database Server, test .NET Framework version installed includes 3.5. |
|
|
40 |
AD |
DC |
If tier is Domain Controller, test membership of domain group "Domain Users" contains this user. |
|
|
41 |
AD |
WB,AP |
If tier is Application Server or Web Server, test membership of local group "Administrators" contains this user. |
|
|
42 |
AD |
WB,AP |
If tier is Application Server or Web Server, test impersonation of client after authentication for users in the group "BUILTIN\Administrators"; this should include the installation user. |
|
|
43 |
DB |
DB |
If tier is Database Server, test SQL Server role privileges is ‘public’ for this user or group. Role "public" is a special case and cannot be queried, so it is included by default if the user exists for the server. |
|
|
44 |
DB |
DB |
If tier is Database Server, test SQL Server role privileges is ‘dbcreator’ for this user or group. If this test fails, try adding the InstallationUser to the [Users] section of the configuration file. See section 5.3, Users section. . |
|
|
45 |
AD |
DC |
If tier is Domain Controller, test domain user for MyID COM+ account exists. |
|
|
46 |
AD |
DC |
If tier is Domain Controller, test MyID COM+ account is enabled, not locked out and expiry date is less than or equal to 0. |
|
|
47 |
AD |
DC |
If tier is Domain Controller, test MyID COM+ account password will never expire and has not expired. |
|
|
48 |
AD |
|
If tier is Domain Controller, test MyID COM+ account exists on the domain under organizational unit "Service Accounts". |
|
|
49 |
AD |
DC |
If tier is Domain Controller, test MyID COM+ account is a member of domain group "Domain Users". |
|
|
50 |
AD |
WB,AP |
If tier is Application Server or Web Server, test MyID COM+ account is a member of local group "Distributed COM Users". |
|
|
51 |
AD |
AP |
If MyID is installed and tier is Application Server, test "Logon as a Service" and "Logon as a Batch Job" are set for this user or group. |
|
|
53 |
AD |
DC |
If tier is Domain Controller, test IIS User domain user for IIS user account exists. |
|
|
54 |
AD |
DC |
If tier is Domain Controller, test IIS User account is enabled, not locked out and expiry date is less than or equal to 0. |
|
|
55 |
AD |
DC |
If tier is Domain Controller, test IIS User account password will never expire and has not expired. |
|
|
56 |
AD |
|
If tier is Domain Controller, test IIS User account exists on the domain under organizational unit "Service Accounts". |
|
|
57 |
AD |
DC |
If tier is Domain Controller, test IIS User account is a member of domain group "Domain Users". |
|
|
58 |
AD |
WB,AP |
If tier is Application Server or Web Server, test IIS User account is a member of local group "Distributed COM Users". |
|
|
59 |
AD |
DC |
If tier is Domain Controller, test domain user for Web service user account exists. |
|
|
60 |
AD |
DC |
If tier is Domain Controller, test Web service user account is enabled, not locked out and expiry date is less than or equal to 0. |
|
|
61 |
AD |
DC |
If tier is Domain Controller, test Web service user account password will never expire and has not expired. |
|
|
62 |
AD |
|
If tier is Domain Controller, test Web service user account exists on the domain under organizational unit "Service Accounts". |
|
|
63 |
AD |
DC |
If tier is Domain Controller, test Web service user account is a member of domain group "Domain Users". |
|
|
64 |
AD |
WB,AP |
If tier is Application Server or Web Server, test Web service user account is a member of local group "Distributed COM Users". |
|
|
65 |
COM |
DC |
If tier is Domain Controller, test MyID COM+ account or group has "Local Launch" permissions and "Local Activation" permissions on Application Servers. |
|
|
67 |
COM |
DC |
If tier is Domain Controller, test MyID COM+ account or group has "Local Launch" permissions and "Local Activation" permissions on Web Servers. |
|
|
71 |
COM |
AP,DC |
If tier is Domain Controller and a split-tier installation, test local Distributed COM Users group on Application Servers has Local Launch, Local Activation, Remote Launch and Remote Activation permissions. |
|
|
75 |
COM |
WB,DC |
If tier is Domain Controller and a split-tier installation, test local Distributed COM Users group on Web Servers has Local Launch, Local Activation, Remote Launch and Remote Activation permissions. |
|
|
79 |
IIS |
WB |
If MyID is installed and tier is Web Server, test ASP limits for "maxRequestEntityAllowed" is greater than or equal to 524288. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
80 |
IIS |
WB |
If MyID is installed and tier is Web Server, test ASP limits for "bufferingLimit" is greater than or equal to 524288. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
82 |
COM |
AP |
If tier is Application Server, test "Transaction Timeout" is greater than or equal to 180. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
83 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server and a split-tier installation, test MSDTC default coordinator is local. |
|
|
84 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server and a split-tier installation, test MSDTC security is set to allow remote clients inbound and outbound. |
|
|
85 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server, a split-tier installation and Windows Firewall is enabled, test active rule for "Distributed Transaction Coordinator (TCP-In)" is enabled, allowed inbound for "Domain" networks. |
|
|
86 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server, a split-tier installation and Windows Firewall is enabled, test "Block all incoming connections including those in the list of allowed apps" option is not selected. |
|
|
87 |
IIS |
WB |
If MyID is installed and tier is Web Server, test each application for each website has Output Caching feature settings disabled for cache. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
88 |
IIS |
WB |
If MyID is installed and tier is Web Server, test each application for each website has Output Caching feature settings disabled for kernel cache. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
91 |
OS |
WB,AP,DB |
If tier is Web Server, Application Server or Database Server, test that "Do not use temporary folders per session option" is Enabled. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
92 |
DB |
DB |
If tier is Database Server, test by reading the SQL Server installation summary log that the "Database Engine Services" feature is installed. |
|
|
93 |
DB |
AP,DB |
If tier is Application Server or Database Server or Application Server, test by reading the SQL Server installation summary log that the "Client Tools Connectivity" feature is installed. |
|
|
96 |
DB |
AP,DB |
If tier is Application Server or Database Server, perform SQL query of master database (including Microsoft SQL Azure instances) and test that "Full Text Search" is enabled. |
|
|
97 |
DB |
DB |
If tier is Database Server, and the database does not exist, test SQL Server role privileges includes "sysadmin" for the installation user. If the database does exist, check that the MyID COM user and MyID Authentication user accounts exist as logins in the MyID and authentication databases; if the logins do not exist, check that the installation user has "sysadmin" privilege so that the installation process can create the logins. Note: This test requires the installation user to have either the sysadmin role or the securityadmin role; if not, this test displays a warning. |
|
|
98 |
DB |
AP,DB |
If tier is Application Server or Database Server, perform SQL query of master database (including Microsoft SQL Azure instances) and test that language is "English (United States)". |
|
|
99 |
DB |
WB,AP,DB |
Check whether the server requires a reboot due to pending updates. You are recommended to restart your server before starting the MyID installation process. |
|
|
100 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Application Development\.NET Extensibility 4.x" is installed. |
|
|
101 |
RF |
|
If tier is Database Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature ".NET Framework 3.5 Features\.NET Framework 3.5 (includes .NET 2.0 and 3.0)" is installed. |
|
|
102 |
RF |
WB,AP |
If tier is Web Server, Application Server or Database Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature ".NET Framework 4.5 Features\.NET Framework 4.5" is installed. |
|
|
103 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Application Development\ASP" is installed. |
|
|
104 |
RF |
WB |
If OS is Windows Server 2019 or Windows Server 2022 check for ASP.NET 4.6 or greater is installed. |
|
|
106 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature Windows "Process Activation Service\Configuration APIs" is installed. |
|
|
107 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Common HTTP Features\Default Document" is installed. |
|
|
110 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Common HTTP Features\HTTP Errors" is installed. |
|
|
111 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Health and Diagnostics\HTTP Logging" is installed. |
|
|
112 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Application Development\ISAPI Extensions" is installed. |
|
|
113 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Application Development\ISAPI Filters" is installed. |
|
|
114 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Management Tools\IIS Management Console" is installed. |
|
|
115 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Management Tools\IIS Management Scripts and Tools" is installed. |
|
|
117 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Windows Process Activation Service\Process Model" is installed. |
|
|
118 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Security" is installed. |
|
|
119 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Common HTTP Features\Static Content" is installed. |
|
|
120 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Web Server (IIS)\Web Server\Performance\Static Content Compression" is installed. |
|
|
121 |
RF |
WB,AP,DB |
If tier is Web Server, Application Server or Database Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "File and Storage Services\Storage Services" is installed. |
|
|
122 |
RF |
WB,AP,DB |
If tier is Web Server, Application Server or Database Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature ".NET Framework 4.5 Features\WCF Services\TCP Port Sharing" is installed. |
|
|
124 |
RF |
WB,AP,DB |
If tier is Web Server, Application Server or Database Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "Windows PowerShell\Windows PowerShell 4.0" is installed. |
|
|
125 |
RF |
WB,AP |
If tier is Web Server or Application Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature "WoW64 Support" is installed. |
|
|
126 |
DB |
DB |
If tier is Database Server, test language for COM+ account user is "us_english". |
|
|
127 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL database role membership for MyID main database for COM+ account user or group includes roles "db_datareader", "db_datawriter", "db_owner" and "public". Role "public" is a special case and cannot be queried, so it is included by default if the user exists for the database. |
|
|
131 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL database role membership for MyID archive database for COM+ account user or group includes roles "db_datareader", "db_datawriter", "db_owner" and "public". Role "public" is a special case and cannot be queried, so it is included by default if the user exists for the database. |
|
|
140 |
.NET |
CL |
If tier is Client, test .NET Framework version installed includes 4.8 or above. |
|
|
144 |
IE |
CL |
If tier is Client, test if the Web Server zone mapping for the Web Server hostname under the enhanced and non-enhanced security configuration is a Trusted Site or Local Intranet zone. Test if the Web Server zone mapping for the Web Server IP address under the enhanced and non-enhanced security range is a Trusted Site or Local Intranet zone. |
|
|
145 |
IE |
CL |
If tier is Client, test the value of "Require server verification (https:) for all sites in this zone" option is selected. This is HTTPS if bit 2 is set of registry key "Flags" under path: "HKCU:\Software\Microsoft\Windows\CurrentVersion\ where n =1 for Local Intranet, n = 2 for Trusted Sites. |
|
|
146 |
IE |
CL |
If tier is Client, test if the Popup blocker in Internet Options is disabled, or enabled and the allowed sites includes the Web Server. This is in registry key "PopupMgr", under path: "HKCU:\Software\Microsoft\Internet Explorer\New Windows" and registry key "x", where x is Web Server, under path: "HKCU:\Software\Microsoft\Internet Explorer\New Windows\Allow" respectively. |
|
|
147 |
IE |
CL |
If tier is Client, test state of custom security setting "Initialize and script ActiveX controls not marked as safe for scripting". This is enabled if bits 0-2 are cleared for registry key "1201" under path: "HKCU:\Software\Microsoft\Windows\CurrentVersion\ where n =1 for Local Intranet, n=2 for Trusted Sites. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
148 |
IE |
CL |
If tier is Client, test state of custom security setting "Only allow approved domains to use ActiveX without prompt". This is disabled if bits 0-2 are cleared of registry key "120B" under path: "HKCU:\Software\Microsoft\Windows\CurrentVersion\ where n =1 for Local Intranet, n=2 for Trusted Sites. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
149 |
IE |
CL |
If tier is Client, test state of custom security setting "Check for publisher's certificate revocation". This is disabled if bit 9 is set of registry key "State" under path: "HKCU:\Software\Microsoft\Windows\CurrentVersion\ If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
150 |
IIS |
WB |
If tier is Web Server, test IIS website name is correct and the website is started. |
|
|
152 |
NW |
CL,WB |
If tier is Client or Web Server, request status codes for all Web Servers using HTTPS URL and test that an invalid/missing response (status code not 200) is not returned for each. |
|
|
153 |
DB |
DB |
If tier is Database Server, test that service "MSSQLSERVER" (SQL Server (MSSQLSERVER)) is installed and running. |
|
|
154 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "APDUCardServer" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
155 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "EAudit" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
156 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "eCS" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "App_role" and "Web_role" roles. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
157 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "Edefice_BOL" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "App_role" and "Web_role" roles. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
158 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "Edefice_CS" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
159 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "Edefice_DAL" (exc. Web Servers) has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
160 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "eEventLog" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
161 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "eExternalDataSource" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
162 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "ePKIConfig" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
163 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "Entrust_Admin" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
164 |
COM |
AP |
If MyID is installed and tier is Application Server, test that COM+ application "ImportProcessor" has "Enforce access checks for this application" set, "Perform access checks at the process and component level" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
165 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that the "eCS.WebConnector.1" component has "Enforce component level access checks" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
166 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that the "EdeficeBOL_PKI.EdeficePKI.1" component has "Enforce component level access checks" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
167 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that the "EdeficeBOL_PKI.PKIHelper.1" component has "Enforce component level access checks" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
168 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that all "MyIDBOL.BOL_.*API.1" components have "Enforce component level access checks" set, as well as the "App_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
169 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that all "MyIDBOL.BOL_.*Web.1" components have "Enforce component level access checks" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
170 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that components have "Enforce component level access checks" set, as well as the "App_role" and "Web_role" roles. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
171 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that components have "Enforce component level access checks" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
172 |
COM |
AP |
If MyID is installed, tier is Application Server and a COM+ application has both roles (that is, eCS and Edefice_BOL), then test that components have "Enforce component level access checks" set, as well as the "Web_role" role. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
173 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "APDUCardServer". No test required. |
|
|
174 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "EAudit". No test required. |
|
|
175 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "eCS". No test required. |
|
|
176 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "Edefice_BOL". No test required. |
|
|
177 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "Edefice_CS". No test required. |
|
|
178 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "Edefice_DAL". No test required. |
|
|
179 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "eEventLog". No test required. |
|
|
180 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "eExternalDataSource". No test required. |
|
|
181 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "ePKIConfig". No test required. |
|
|
182 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "Entrust_Admin". No test required. |
|
|
183 |
COM |
AP |
If MyID is installed and tier is Application Server, get PoolingPoolSize, RecycleActivationLimit, RecycleCallLimit, RecycleExpirationTimeout, RecycleLifetimeLimit and RecycleMemoryLimit for COM+ application "ImportProcessor". No test required. |
|
|
184 |
MyID |
CL,WB,AP,DB |
If MyID is installed and tier is Client, Web Server, Application Server or Database Server, get name of all MyID installations with the security identifier (SID) and the name of the installation user (if possible) used (from the Windows Event Log). No test required. |
|
|
185 |
MyID |
WB,AP |
If MyID is installed and tier is Web Server or Application Server, get all tiers used by MyID installations (from the Registry). No test required. |
|
|
186 |
MyID |
AP |
If MyID is installed and tier is Application Server, get MyID installation type (ENT/PIV) from Registry. |
|
|
187 |
MyID |
WB |
If MyID is installed and tier is Web Server, get MyID installation type (ENT/PIV) from web files installed. |
|
|
188 |
MyID |
AP,DB |
If MyID is installed and tier is Application Server or Database Server, get MyID installation type (ENT/PIV) from SQL query of database (including Microsoft SQL Azure instances). |
|
|
189 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "APDUCardServer" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
190 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "EAudit" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
191 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "eCS" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
192 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "Edefice_BOL" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
193 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "Edefice_CS" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
194 |
COM |
AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "Edefice_DAL" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
195 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "eEventLog" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
196 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "eExternalDataSource" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
197 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "ePKIConfig" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
198 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "Entrust_Admin" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
199 |
COM |
WB,AP |
If MyID is installed and tier is Application Server or Web Server, test that the COM+ application "ImportProcessor" has DCOM security setting "Authentication Level For Calls" set to "Packet Privacy". If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
200 |
System |
DC |
If tier is Domain Controller, test that every computer on the domain has a unique SID (Security Identifier). Report computer names with duplicate SID values. |
|
|
201 |
SIU |
CL,WB,AP,DB,DC |
On all tiers, test that SIU is running as an administrator user. If not satisfied, display outcome as a "Limited SIU Test Coverage" warning, instead of a failure. |
|
|
202 |
SIU |
CL,WB,AP,DB,DC |
On all tiers, test that SIU can detect if MyID is or is not installed on the Application Servers (because a limited user cannot make WMI calls). If not satisfied, display outcome as a "Limited SIU Test Coverage" warning, instead of a failure. |
|
|
203 |
HW |
WB,AP,DC |
If tier is Web Server, Application Server or Domain Controller, test the free space from the local disk with the most free space is greater than or equal to 2 Gb. If not satisfied, display outcome as a "Performance" warning, instead of a failure. |
|
|
204 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
205 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
206 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "APDUCardServer" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
207 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "EAudit" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
208 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "eCS" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
209 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "Edefice_BOL" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
210 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "Edefice_CS" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
211 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "eEventLog" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
212 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "eExternalDataSource" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
213 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "ePKIConfig" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
214 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "Entrust_Admin" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
215 |
COM |
WB |
If MyID is installed, tier is Web Server and is a proxy (Web Server is different to the Application Server), test that the COM+ application proxy "ImportProcessor" is enabled, is a proxy, is a server application and that the proxy server is the Application Server. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
217 |
AD |
DB |
If tier is Database Server, test membership of local group Administrators contains the installation user. If not satisfied, display outcome as a "Functionality" warning, instead of a failure. |
|
|
218 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server and a split-tier installation, test authentication level is "None" if using SQL authentication, otherwise authentication level is "Mutual". |
|
|
219 |
DB |
DB |
If tier is Database Server, check if service "SQL Server Browser" is running. |
|
|
220 |
DB |
DB |
If tier is Database Server, check if service "MS SQL SERVER" is running. |
|
|
221 |
DB |
DB |
If tier is Database Server, check if service "MS SQL FD Launcher" is running. |
|
|
222 |
DB |
DB |
If tier is Database Server, check if service "SQL SERVER AGENT" is running. |
|
|
226 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "MyID.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the main database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
227 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "MyIDaudit.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the main database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
228 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "MyIDarchive.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the archive database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
229 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "MyIDbinary.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the main database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
230 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "import.udl" has exists, Read permissions for the COM+ user, Initial Catalog pointing to the main database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
231 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "importaudit.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the main database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
232 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file "importarchive.udl" exists, has Read permissions for the COM+ user, Initial Catalog pointing to the archive database and Data Source pointing to the Database Server (including Microsoft SQL Azure instances). Test the database connection by reading a data row and comparing with values queried using a known connection string. |
|
|
233 |
IIS |
WB |
If MyID is installed and tier is Web Server, test application pool "MyIDPoolClassic" exists and has started. |
|
|
234 |
IIS |
WB |
If MyID is installed and tier is Web Server, test application pool "MyIDWebService" exists and has started. |
|
|
235 |
NW |
CL,WB |
If tier is Client or Web Server, request status codes for all Web Servers using HTTP URL and test that a valid response (status code 200) is not returned for each if the supplied configuration is HTTPS. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
236 |
NW |
CL,WB |
If tier is Client or Web Server, request status codes for all Web Servers using HTTPS URL and test that a valid response (status code 200) is not returned for each if the supplied configuration is HTTP. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
238 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the Role and Feature ".NET Framework 4.5 Features\ASP.NET 4.5" is installed. |
|
|
239 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
240 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
241 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
242 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
243 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
244 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
245 |
RF |
WB |
If tier is Web Server and OS is Windows Server 2019 or Windows Server 2022, test the security sub-roles of Role and Feature "Web Server (IIS)\Web Server\Security" is installed. If not satisfied, display outcome as a "Security" warning, instead of a failure. |
|
|
246 |
OS |
AP |
If tier is Application Server, test that the following folders exist and match a simple FIPS-compliant SHA-256 hash of the list of file names contained within:- "[Program Files]\Common Files\System\ado" |
|
|
247 |
OS |
AP |
If tier is Application Server, test that the following folders exist and match a simple FIPS-compliant SHA-256 hash of the list of file names contained within:- "[Program Files]\Common Files\System\msadc" |
|
|
248 |
IIS |
CL,WB |
If MyID is installed and tier is Client or Web Server, request status codes for all Web Servers to path "MyIDProcessDriver" using HTTPS or HTTP URL (according to configuration) and test that an invalid/missing response (status code not 200) is not returned for each. |
|
|
249 |
IIS |
CL,WB |
If MyID is installed and tier is Client or Web Server, request status codes for all Web Servers to path "MyIDDataSource" using HTTPS or HTTP URL (according to configuration) and test that an invalid/missing response (status code not 200) is not returned for each. |
|
|
250 |
IIS |
CL |
If MyID is installed and tier is Client, test the Desktop Client configuration file exists, it does not contain invalid XML and all of the URLs in the "Servers" section of the Desktop Client configuration file match the URLs of all the Web Servers for the given IIS protocol configuration. |
|
|
251 |
IIS |
WB |
If tier is Web Server and IIS protocol is "HTTPS + HTTP" or "HTTPS", check IIS website SSL bindings point to a certificate that is valid for the default website and DNS matching the web servers. |
|
|
252 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "eBureauSrv" has Startup Type: Auto, Log On As: COM+ User, State: Running, or the service is not installed. |
|
|
253 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "eCertificateSrv" has Startup Type: Auto, Log On As: COM+ User, State: Running. |
|
|
254 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "eJobServer" has Startup Type: Auto, Log On As: COM+ User, State: Running. |
|
|
255 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "eKeySrv" has Startup Type: Manual, Log On As: COM+ User, State: Running. |
|
|
256 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "eMessageSrv" has Startup Type: Manual, Log On As: COM+ User, State: Running or Stopped. |
|
|
257 |
Services |
AP |
If MyID is installed and tier is Application Server, test that service "NotificationsService" has Startup Type: Auto, Log On As: COM+ User, State: Running. |
|
|
258 |
IIS |
WB |
If tier is Web Server, test that service "W3SVC" (World Wide Web Publishing Service) is installed and running. |
|
|
259 |
COM |
WB,AP |
If MyID is installed, tier is Web Server or Application Server, create COM object for component "MyIDBOL.BOL_GetCoreWeb.1" and call method "GetVersion". Obtain the total number of components and configuration records. Create COM object for component "EConfiguration.Configuration" and call method "GetBOLMethods". For each method, obtain "webProgId" and attempt to instantiate a COM object. Test whether all the COM objects can be created. |
|
|
260 |
MSDTC |
WB,AP,DB |
If tier is Application Server, Web Server or Database Server, a split-tier installation and Windows Firewall is enabled, test active rule for "Distributed Transaction Coordinator (RPC)" is enabled, allowed inbound for "Domain" networks. |
|
|
261 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the DatabaseType value from the Registry is compatible with the means of hosting the database specified in configuration option DBTypeAndAuth. |
|
|
262 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the DefaultUDL value from the Registry points to a UDL (Universal Data Link) file that exists. |
|
|
263 |
MyID |
AP |
If MyID is installed, tier is Application Server and configuration option DBTypeAndAuth = SQL Azure with SQL Server Auth (NoAuth), test that file Dal4Net.dll.config exists, contains well-formatted XML, contains the username, but does not contain the cleartext password specified in the credentials for SQL Server Authentication. |
|
|
264 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that file Dal4Net.dll.config exists, contains well-formatted XML and does not contain log4net section left uncommented for debugging use. If not satisfied, display the outcome as a Performance warning instead of a failure. |
|
|
267 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that all encrypted private keys and symmetric keys are prefixed in the format "KXX_" in the database; the key names match the latest database key name for MasterCard in the Windows Registry. If not satisfied, display the outcome as a Functionality warning instead of a failure. |
|
|
268 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the number of encrypted private keys and symmetric keys is correct in the database; the key names match any of the database key names for MasterCard in the Windows Registry. |
|
|
269 |
Services |
DC |
If tier is Domain Controller, test that service "ADWS" (Active Directory Web Services) is installed and running. If not satisfied, display the outcome as a Limited SIU test coverage warning instead of a failure. |
|
|
270 |
DB |
AP |
If MyID is installed and tier is Application Server, get the current size, unlimited or maximum size, free space (if not unlimited size) and automatic growth of the MyID main database. No test required. |
|
|
271 |
DB |
AP |
If MyID is installed and tier is Application Server, get the current size, unlimited or maximum size, free space (if not unlimited size) and automatic growth of the MyID archive database. No test required. |
|
|
272 |
IIS |
WB |
If tier is Web Server, test that the SSL bindings for HTTPS exist, a TCP connection can be established and the SSL protocol is not None, SSL v2 or SSL v3. |
|
|
273 |
IIS |
WB |
If tier is Web Server, test that the SSL bindings for HTTPS exist, a TCP connection can be established and the SSL protocol is TLS v1.0, TLS v1.1 or TLS v1.2. |
|
|
274 |
IIS |
WB |
If tier is Web Server, test that the SSL bindings for HTTP exist, a TCP connection can be established and the SSL protocol is not None, SSL v2, SSL v3, TLS v1.0, TLS v1.1 or TLS v1.2. |
|
|
275 |
IIS |
WB |
If tier is Web Server, test that SSL is required. If not satisfied, display the outcome as a "Security" warning instead of a failure. |
|
|
276 |
AD |
DC |
If tier is Domain Controller, test that the COM+ User is not a member of the Domain Admins or the Enterprise Admins domain groups. If not satisfied, display the outcome as a Security warning instead of a failure. |
|
|
277 |
AD |
DC |
If tier is Domain Controller, test that the IIS User is not a member of the Domain Admins or the Enterprise Admins domain groups. If not satisfied, display the outcome as a Security warning instead of a failure. |
|
|
278 |
AD |
DC |
If tier is Domain Controller, test that the Web Services User is not a member of the Domain Admins or the Enterprise Admins domain groups. If not satisfied, display the outcome as a Security warning instead of a failure. |
|
|
279 |
DB |
AP,DB |
If tier is Application Server or Database Server, perform SQL query of master database (including Microsoft SQL Azure instances) and test the database edition installed is Enterprise or Standard. If not satisfied, display outcome as an "Untested configuration" warning, instead of a failure. |
|
|
283 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the MasterCard Entry in the Registry has an 'Enabled' property. Use regedit to view the registry location: HKLM\SOFTWARE\Intercede\Edefice\MasterCard |
|
|
284 |
MyID |
AP |
If MyID is installed and tier is Application Server, if using any HSM, the subkey contains value "SerialNumber" and has a value; Use regedit to view the registry location: HKLM\SOFTWARE\Intercede\Edefice\MasterCard |
|
|
285 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the number of database keys for MasterCard in the Windows Registry has not reached the maximum supported by MyID. If not satisfied, display the outcome as a Functionality warning instead of a failure. Use regedit to view the registry location: HKLM\SOFTWARE\Intercede\Edefice\MasterCard |
|
|
286 |
MyID |
AP |
If MyID is installed and tier is Application Server, if using an nShield HSM, test that the file %Windir%\System32\CknFast.DLL exists. |
|
|
293 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL default schema for the MyID main database for COM+ account user is not "sys". |
|
|
294 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL default schema for the MyID archive database for COM+ account user is not "sys". |
|
|
295 |
IIS |
WB |
If tier is Web Server check edge compatibility has been applied to MyID folder |
|
|
296 |
MyID |
AP |
Check the version of the OLE DB Driver that is installed. Version 19.0.0.0 or later will pass. |
|
|
297 |
MyID |
WB,AP |
Check TLS 1.2 is enabled and TLS 1.0 is disabled |
|
|
299 |
MyID |
AP |
Initial Server Check. Check .NET core version on the application server. |
|
|
300 |
MyID |
WB |
Initial Server Check. Check .NET core version on the web server. |
|
|
301 |
MyID |
CL,WB |
Post-Install. Checks status values of responses to simple unauthenticated web requests to the operator client URL match the expected value. |
|
|
303 |
MyID |
CL,WB |
Post-Install. Checks status values of responses to simple unauthenticated web requests to the rest.core API service match the expected value. |
|
|
304 |
MyID |
WB,AP |
Post-Install. Checks status values of responses to simple unauthenticated web requests to the oauth2 service match the expected value. |
|
|
305 |
IIS |
WB |
Post-Install. Test the IIS application pool "rest.core" exists and has started. |
|
|
307 |
IIS |
WB |
Post-Install. If MyID is installed and tier is Web Server, test application pool "web.oauth2" exists and has started. |
|
|
308 |
MyID |
AP |
Post-Install. If MyID is installed and tier is App Server, check BOL API methods exist. |
|
|
309 |
DB |
DB |
Post-Install. If MyID is installed run DB query, check AuditItemFields table exist. |
|
|
310 |
AD |
DC |
If tier is Domain Controller, test domain user for Authentication Web service user account exists. |
|
|
311 |
AD |
DC |
If tier is Domain Controller, test Authentication Web service user account is enabled, not locked out and expiry date is less than or equal to 0. |
|
|
312 |
AD |
DC |
If tier is Domain Controller, test Authentication Web service user account password will never expire and has not expired. |
|
|
313 |
AD |
DC |
If tier is Domain Controller, test Authentication Web service user account exists on the domain under a valid organizational unit. |
|
|
314 |
AD |
DC |
If tier is Domain Controller, test Authentication Web service user account is a member of domain group "Domain Users". |
|
|
315 |
AD |
AP,WB |
If tier is Application Server or Web Server, test Authentication Web service user account is a member of local group "Distributed COM Users". |
|
|
316 |
AD |
DC |
If tier is Domain Controller, test that the Authentication Web Services User is not a member of the Domain Admins or the Enterprise Admins domain groups. If not satisfied, display the outcome as a Security warning instead of a failure. |
|
|
317 |
MyID |
AP |
If MyID is installed and tier is Application Server, test that the Default Authentication DB UDL value from the Registry points to a UDL (Universal Data Link) file that exists. |
|
|
318 |
DB |
DB |
If tier is Database Server, test language for COM+ Account user is "us_english". |
|
|
319 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL database role membership for MyID main database for COM+ Account user or group includes roles, "db_owner" and "public". Role "public" is a special case and cannot be queried, so it is included by default if the user exists for the database. |
|
|
320 |
DB |
DB |
If MyID is installed and tier is Database Server, test SQL default schema for the MyID main database for COM+ Account user is not "sys". |
|
|
321 |
MyID |
WB |
Initial Server Check. Check that .NET core was installed after IIS. |
|
|
322 |
MyID |
WB |
Server performance will be impacted if PowerShell scripts are required to be signed, CRL Checks have been enabled, but no Internet connection is available. |
|
|
323 |
MyID |
WB |
If rest.core feature has been installed check it is an IIS Application and IsAlive method on the web service returns true. |
|
|
324 |
MyID |
WB |
If rest.provision feature has been installed check it is an IIS Application and IsAlive method on the web service returns true. |
|
|
325 |
MyID |
WB |
If web.oauth2 feature has been installed check it is an IIS Application and IsAlive method on the web service returns true. |
|
|
326 |
MyID |
WB |
If DC Notification Listener feature has been installed check it is an IIS Application and IsAlive method on the web service returns true or the web service returns 401:Unauthorized (secure by default). |
|
|
327 |
MyID |
WB |
If iOS OTA feature has been installed check it is an IIS Application and IsAlive method on the web service returns true or the web service returns 401:Unauthorized (secure by default). |
|
|
328 |
MyID |
WB |
If Credential Web Service feature has been installed check it is an IIS Application and IsAlive method on the web service returns true or the web service returns 401:Unauthorized (secure by default). |
|
|
329 |
MyID |
WB |
If Device Management API feature has been installed check it is an IIS Application and IsAlive method on the web service returns true or the web service returns 401:Unauthorized (secure by default). |
|
|
330 |
MyID |
WB |
If MyID Enroll feature has been installed check it is an IIS Application and IsAlive method on the web service returns true or the web service returns 401:Unauthorized (secure by default). |