We get the following alarm while performing CLT test. What does \systemroot mean in it? It means c:\windows? But it is found that if we use any of c:\windows, %windir% and %systemroot% in the relevant rule, this rule will not take effect. That means you can only use \systemroot. I also noticed that in the logfile there were sometimes terms written as " system32" which couldnot be written as any of c:\window\system32, %windir%\system32 and \systemroot\system32 in the rules too. Otherwise these rules didnot take effect as expected. This should be a bug in CIS. Please look at it. Thanks.
Can you please explain the facts behind the differences in %windir% and %systemroot%.
As far as I remember, %windir% was for the 9x series of Windows and %systemroot% was for the NT series. Microsoft now uses them, or at the very least allows users to use them, interchangeability. This would mean either use would be correct as to the location of a file.
I think I have dressed the issue clearly. Sometimes, in CIS, different ways of writing of the same folder CANNOT be used equivalently. This should be a bug. Please read carefully what I wrote above.
Are you trying to say that, in CIS, when you create rules using %windir%, %systemroot%, or C:\Windows\ they are not recognized by CIS and you have to use “/systemroot” in order for the rule to take effect?
I think I understand the second part which is about CIS sometimes displays a file’s location as /system32/… instead of C:/Windows/System32 (or any other version there of) in the log file.
Yes,you got it. :-TU I hope my English isnot so bad as to break your mind
It is the same thing in the second part. You can only use \system32 in the rule to match the corresponding behavior, otherwise it doesnot work.
