Linux ns8.secondary29.go.th 2.6.32-754.28.1.el6.x86_64 #1 SMP Wed Mar 11 18:38:45 UTC 2020 x86_64
Apache/2.2.15 (CentOS)
: 122.154.134.11 | : 122.154.134.9
Cant Read [ /etc/named.conf ]
5.6.40
apache
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
share /
openscap /
schemas /
oval /
5.11.1 /
[ HOME SHELL ]
Name
Size
Permission
Action
aix-definitions-schema.xsd
51.53
KB
-rw-r--r--
aix-system-characteristics-sch...
23.94
KB
-rw-r--r--
android-definitions-schema.xsd
97.73
KB
-rw-r--r--
android-system-characteristics...
57.86
KB
-rw-r--r--
apache-definitions-schema.xsd
13.19
KB
-rw-r--r--
apache-system-characteristics-...
5.64
KB
-rw-r--r--
apple-ios-definitions-schema.x...
39.36
KB
-rw-r--r--
apple-ios-system-characteristi...
28.87
KB
-rw-r--r--
asa-definitions-schema.xsd
119.85
KB
-rw-r--r--
asa-system-characteristics-sch...
57.21
KB
-rw-r--r--
catos-definitions-schema.xsd
37.5
KB
-rw-r--r--
catos-system-characteristics-s...
15.73
KB
-rw-r--r--
esx-definitions-schema.xsd
51.16
KB
-rw-r--r--
esx-system-characteristics-sch...
20.17
KB
-rw-r--r--
freebsd-definitions-schema.xsd
13.48
KB
-rw-r--r--
freebsd-system-characteristics...
6.94
KB
-rw-r--r--
hpux-definitions-schema.xsd
66.14
KB
-rw-r--r--
hpux-system-characteristics-sc...
19.13
KB
-rw-r--r--
independent-definitions-schema...
249.74
KB
-rw-r--r--
independent-system-characteris...
87.3
KB
-rw-r--r--
ios-definitions-schema.xsd
185.81
KB
-rw-r--r--
ios-system-characteristics-sch...
82.02
KB
-rw-r--r--
iosxe-definitions-schema.xsd
137.48
KB
-rw-r--r--
iosxe-system-characteristics-s...
64.96
KB
-rw-r--r--
junos-definitions-schema.xsd
34.59
KB
-rw-r--r--
junos-system-characteristics-s...
13.87
KB
-rw-r--r--
linux-definitions-schema.xsd
228.12
KB
-rw-r--r--
linux-system-characteristics-s...
106.67
KB
-rw-r--r--
macos-definitions-schema.xsd
225.06
KB
-rw-r--r--
macos-system-characteristics-s...
89.26
KB
-rw-r--r--
netconf-definitions-schema.xsd
10.95
KB
-rw-r--r--
netconf-system-characteristics...
3.89
KB
-rw-r--r--
oval-common-schema.xsd
76.99
KB
-rw-r--r--
oval-definitions-schema.xsd
187.24
KB
-rw-r--r--
oval-definitions-schematron.xs...
652.16
KB
-rw-r--r--
oval-directives-schema.xsd
7.49
KB
-rw-r--r--
oval-directives-schematron.xsl
73.7
KB
-rw-r--r--
oval-results-schema.xsd
69.92
KB
-rw-r--r--
oval-results-schematron.xsl
73.63
KB
-rw-r--r--
oval-system-characteristic-sch...
40.51
KB
-rw-r--r--
oval-system-characteristics-sc...
57.37
KB
-rw-r--r--
oval-variables-schema.xsd
7.35
KB
-rw-r--r--
oval-variables-schematron.xsl
9.18
KB
-rw-r--r--
pixos-definitions-schema.xsd
17.22
KB
-rw-r--r--
pixos-system-characteristics-s...
6.82
KB
-rw-r--r--
sharepoint-definitions-schema....
195.08
KB
-rw-r--r--
sharepoint-system-characterist...
92.8
KB
-rw-r--r--
solaris-definitions-schema.xsd
173.55
KB
-rw-r--r--
solaris-system-characteristics...
67.81
KB
-rw-r--r--
unix-definitions-schema.xsd
282.61
KB
-rw-r--r--
unix-system-characteristics-sc...
136.05
KB
-rw-r--r--
windows-definitions-schema.xsd
1.01
MB
-rw-r--r--
windows-system-characteristics...
453.19
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : windows-system-characteristics-schema.xsd
<?xml version="1.0" encoding="utf-8"?> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows" elementFormDefault="qualified" version="5.11.1"> <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" schemaLocation="oval-system-characteristics-schema.xsd"/> <xsd:annotation> <xsd:documentation>The following is a description of the elements, types, and attributes that compose the Windows specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here.</xsd:documentation> <xsd:documentation>The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation> <xsd:appinfo> <schema>Windows System Characteristics</schema> <version>5.11.1:1.1</version> <date>4/22/2015 09:00:00 AM</date> <terms_of_use>Copyright (c) 2002-2015, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.</terms_of_use> <sch:ns prefix="oval-sc" uri="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"/> <sch:ns prefix="win-sc" uri="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows"/> <sch:ns prefix="xsi" uri="http://www.w3.org/2001/XMLSchema-instance"/> </xsd:appinfo> </xsd:annotation> <!-- =============================================================================== --> <!-- ============================= ACCESS TOKEN ITEM ============================= --> <!-- =============================================================================== --> <xsd:element name="accesstoken_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The access token item holds information about the individual privileges and rights associated with a specific access token. It is important to note that these privileges are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. Each privilege and right in the data section accepts a boolean value signifying whether the privilege is granted or not. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11</oval:version> <oval:reason>Replaced by the userrights_item. The accesstoken_test suffers from scalability issues when run on a domain controller and should not be used. See the userrights_item.</oval:reason> <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_accesstoken_item_dep"> <sch:rule context="win-sc:accesstoken_item"> <sch:report test="true()">DEPRECATED ITEM: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="security_principle" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Security principles include users or groups with either local or domain accounts, and computer accounts created when a computer joins a domain. In Windows, security principles are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principles. In a domain environment, security principles should be identified in the form: "domain\trustee name". For local security principles use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seassignprimarytokenprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a parent process to replace the access token that is associated with a child process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seauditprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to generate audit records in the security log. The security log can be used to trace unauthorized system access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sebackupprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sechangenotifyprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to pass through folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secreateglobalprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to create named file mapping objects in the global namespace during Terminal Services sessions.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secreatepagefileprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to create and change the size of a pagefile.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secreatepermanentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to create a directory object in the object manager. It is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode have this privilege inherently.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secreatesymboliclinkprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user create a symbolic link.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secreatetokenprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to create an access token by calling NtCreateToken() or other token-creating APIs.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedebugprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to attach a debugger to any process. It provides access to sensitive and critical operating system components.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seenabledelegationprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seimpersonateprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to impersonate a client after authentication.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seincreasebasepriorityprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to increase the base priority class of a process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seincreasequotaprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process that has access to a second process to increase the processor quota assigned to the second process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seincreaseworkingsetprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to increase a process working set.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seloaddriverprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to install and remove drivers for Plug and Play devices.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="selockmemoryprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="semachineaccountprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to add a computer to a specific domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="semanagevolumeprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a non-administrative or remote user to manage volumes or disks.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seprofilesingleprocessprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of an application process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="serelabelprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to modify an object label.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seremoteshutdownprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to shut down a computer from a remote location on the network.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="serestoreprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principle as the owner of an object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sesecurityprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. A user who has this privilege can also view and clear the security log from Event Viewer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seshutdownprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to shut down the local computer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sesyncagentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to read all objects and properties in the directory, regardless of the protection on the objects and properties. It is required in order to use Lightweight Directory Access Protocol (LDAP) directory synchronization (Dirsync) services.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sesystemenvironmentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows modification of system environment variables either by a process through an API or by a user through System Properties.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sesystemprofileprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of system processes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sesystemtimeprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to adjust the time on the computer's internal clock. It is not required to change the time zone or other display characteristics of the system time.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="setakeownershipprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to take ownership of any securable object in the system, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="setcbprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="setimezoneprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to change the time zone.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seundockprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seunsolicitedinputprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to read unsolicited data from a terminal device.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sebatchlogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the batch logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="senetworklogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the network logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seremoteinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on to the computer by using a Remote Desktop connection.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="seservicelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the service logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedenybatchLogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the batch logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedenyinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedenynetworklogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the network logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedenyremoteInteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on through Terminal Services.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sedenyservicelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the service logon type.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="setrustedcredmanaccessnameright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can access the Credential Manager as a trusted caller.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== ACTIVE DIRECTORY ITEM ============================== --> <!-- =============================================================================== --> <xsd:element name="activedirectory_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The active directory item holds information about specific entries in the Windows Active Directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> <xsd:documentation>Note that this ite supports only simple (string based) value collection. For more complex values see the activedirectory57_item.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="naming_context" type="win-sc:EntityItemNamingContextType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="relative_dn" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context. If the xsi:nil attribute is set to true, then the item being represented is the higher level naming context.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="attribute" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>Specifies a named value contained by the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="object_class" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="adstype" type="win-sc:EntityItemAdstypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The actual value of the specified active directory attribute.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== ACTIVE DIRECTORY ITEM (57) ========================= --> <!-- =============================================================================== --> <xsd:element name="activedirectory57_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The activedirectory57_item holds information about specific entries in the Windows Active Directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> <xsd:documentation>Note that this item supports complex values that are in the form of a record. For simple (string based) value collection see the activedirectory_item.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="naming_context" type="win-sc:EntityItemNamingContextType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="relative_dn" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context. If the xsi:nil attribute is set to true, then the item being represented is the higher level naming context.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="attribute" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>Specifies a named value contained by the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="object_class" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="adstype" type="win-sc:EntityItemAdstypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemRecordType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The actual value of the specified Active Directory attribute. Note that while an Active Directory attribute can contain structured data where it is necessary to collect multiple related fields that can be described by the 'record' datatype, it is not always the case. It also is possible that an Active Directory attribute can contain only a single value or an array of values. In these cases, there is not a name to uniquely identify the corresponding field(s) which is a requirement for fields in the 'record' datatype. As a result, the name of the Active Directory attribute will be used to uniquely identify the field(s) and satisfy this requirement. If the Active Directory attribute contains a single value, the 'record' will have a single field identified by the name of the Active Directory attribute. If the Active Directory attribute contains an array of values, the 'record' will have multiple fields all identified by the name of the Active Directory attribute</xsd:documentation> <xsd:appinfo> <sch:pattern id="win-sc_activedirectory57_itemvalue"> <sch:rule context="win-sc:activedirectory57_item/win-sc:value"> <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the value entity of a activedirectory57_item must be 'record'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================= AUDIT EVENT POLICY ITEM ============================= --> <!-- =============================================================================== --> <xsd:element name="auditeventpolicy_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The auditeventpolicy item enumerates the different types of events the system should audit. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> <xsd:documentation>Note that when audinting is disabled each of the entities listed below should be set to 'AUDIT_NONE'.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="account_logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="detailed_tracking" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="directory_service_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to access the directory service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="object_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to use privileges.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="system" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =================== AUDIT EVENT POLICY SUBCATEGORIES ITEM =================== --> <!-- =============================================================================== --> <xsd:element name="auditeventpolicysubcategories_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The auditeventpolicysubcategories_item is used to hold information about the audit event policy settings on a Windows system. These settings are used to specify which system and network events are monitored. For example, if the credential_validation element has a value of AUDIT_FAILURE, it means that the system is configured to log all unsuccessful attempts to validate a user account on a system. It is important to note that these audit event policy settings are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information on each setting. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> <xsd:documentation>Note that when audinting is disabled each of the entities listed below should be set to 'AUDIT_NONE'.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <!-- Account Logon Audit Policy Subcategories --> <xsd:element name="credential_validation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced during the validation of a user's logon credentials. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923f-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Logon: Audit Credential Validation</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="kerberos_authentication_service" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by Kerberos authentication ticket-granting requests. This state corresponds with the following GUID specified in ntsecapi.h: 0CCE9242-69AE-11D9-BED3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Logon: Audit Kerboros Authentication Service</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="kerberos_service_ticket_operations" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by Kerberos service ticket requests. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9240-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Logon: Audit Kerberos Service Ticket Operations</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="kerberos_ticket_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced during the validation of Kerberos tickets provided for a user account logon request.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11</oval:version> <oval:reason>This entity does not map to any known audit event policy subcategory.</oval:reason> <oval:comment>This entity has been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_auditeventpolicysubcategoriesitemkerberos_ticket_events"> <sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:kerberos_ticket_events"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="other_account_logon_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to user accounts that are not covered by other events in the Account Logon category. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9241-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Logon: Audit Other Account Logon Events</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Account Management Audit Policy Subcategories --> <xsd:element name="application_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to application groups. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9239-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit Application Group Management</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="computer_account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to computer accounts. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9236-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit Computer Account Management</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="distribution_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to distribution groups. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9238-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit Distribution Account Management</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_account_management_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by other user account changes that are not covered by other events in the Account Management category. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923a-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit Other Account Management Events</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="security_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to security groups. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9237-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit Security Group Management</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to user accounts. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9235-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Account Management: Audit User Account Management</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Detailed Tracking Audit Policy Subcategories --> <xsd:element name="dpapi_activity" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when requests are made to the Data Protection application interface. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922d-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Detailed Tracking: Audit DPAPI Activity</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="process_creation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when a process is created or starts. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922b-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Detailed Tracking: Audit Process Creation</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="process_termination" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when a process ends. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922c-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Detailed Tracking: Audit Process Termination</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="rpc_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by inbound remote procedure call connections. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922e-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Detailed Tracking: Audit RPC Events</xsd:documentation> </xsd:annotation> </xsd:element> <!-- DS Access Audit Policy Subcategories --> <xsd:element name="directory_service_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when a Active Directory Domain Services object is accessed. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923b-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: DS Access: Audit Directory Service Access</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="directory_service_changes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when changes are made to Active Directory Domain Services objects. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923c-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: DS Access: Audit Directory Service Changes</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="directory_service_replication" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when two Active Directory Domain Services domain controllers are replicated. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923d-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: DS Access: Audit Directory Service Access</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="detailed_directory_service_replication" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by detailed Active Directory Domain Services replication between domain controllers. This state corresponds with the following GUID specified in ntsecapi.h: 0cce923e-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: DS Access: Audit Detailed Directory Service Replication</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Logon/Logoff Audit Policy Subcategories --> <xsd:element name="account_lockout" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by a failed attempt to log onto a locked out account. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9217-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Account Lockout</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipsec_extended_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Extended Mode negotiations. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921a-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit IPsec Extended Mode</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipsec_main_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Main Mode negotiations. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9218-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logof/Logoff: Audit IPsec Main Mode</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ipsec_quick_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Quick Mode negotiations. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9219-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit IPsec Quick Mode</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="logoff" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by closing a logon session. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9216-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Logoff</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to log onto a user account. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9215-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Logon</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="network_policy_server" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by RADIUS and Network Access Protection user access requests. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9243-69ae-11d9-bed3-505054503030.This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Network Policy Server</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_logon_logoff_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by other logon/logoff based events that are not covered in the Logon/Logoff category. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921c-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Other Logon/Logoff Events</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="special_logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by special logons. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921b-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit Special Logon</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="logon_claims" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit user and device claims information in the user's logon token. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9247-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Logon/Logoff: Audit User / Device Claims</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Object Access Audit Policy Subcategories --> <xsd:element name="application_generated" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by applications that use the Windows Auditing API. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9222-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Application Generated</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="certification_services" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by operations on Active Directory Certificate Services. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9221-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Certification Services</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="detailed_file_share" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to access files and folders on a shared folder. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9244-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Detailed File Share</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_share" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to access a shared folder. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9224-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit File Share</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_system" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced user attempts to access file system objects. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921d-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit File System</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filtering_platform_connection" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by connections that are allowed or blocked by Windows Filtering Platform. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9226-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Filtering Platform Connection</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filtering_platform_packet_drop" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by packets that are dropped by Windows Filtering Platform. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9225-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Filtering Platform Packet Drop</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="handle_manipulation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced when a handle is opened or closed. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9223-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Handle Manipulation</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="kernel_object" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to access the system kernel. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921f-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Kernel Object</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_object_access_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the management of Task Scheduler jobs or COM+ objects. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9227-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Other Object Access Events</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="registry" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to access registry objects. This state corresponds with the following GUID specified in ntsecapi.h: 0cce921e-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Registry</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sam" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by attempts to access Security Accounts Manager objects. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9220-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit SAM</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="removable_storage" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit events that indicate file object access attemps to removable storage. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9245-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Audit Removable Storage</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="central_access_policy_staging" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit events that indicate permission granted or denied by a proposed policy differs from the current central access policy on an object. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9246-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Object Access: Central Access Policy Staging</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Policy Change Audit Policy Subcategories --> <xsd:element name="audit_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes in security audit policy settings. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922f-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit Audit Policy Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="authentication_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to the authentication policy. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9230-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit Authentication Policy Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="authorization_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to the authorization policy. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9231-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit Authorization Policy Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filtering_platform_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to the Windows Filtering Platform. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9233-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit Filtering Platform Policy Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="mpssvc_rule_level_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes to policy rules used by the Windows Firewall. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9232-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit MPSSVC Rule-Level Policy Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_policy_change_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by other security policy changes that are not covered other events in the Policy Change category. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9234-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Policy Change: Audit Other Policy Change Events</xsd:documentation> </xsd:annotation> </xsd:element> <!-- Privilege Use Audit Policy Subcategories --> <xsd:element name="non_sensitive_privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the use of non-sensitive privileges. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9229-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Privilege Use: Audit Non Sensitive Privilege Use</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_privilege_use_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is currently not used and has been reserved by Microsoft for use in the future. This state corresponds with the following GUID specified in ntsecapi.h: 0cce922a-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Privilege Use: Audit Other Privilege Use Events</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sensitive_privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the use of sensitive privileges. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9228-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: Privilege Use: Audit Sensitive Privilege Use</xsd:documentation> </xsd:annotation> </xsd:element> <!-- System Audit Policy Subcategories --> <xsd:element name="ipsec_driver" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the IPsec filter driver. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9213-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: System: Audit IPsec Driver</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="other_system_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the startup and shutdown, security policy processing, and cryptography key file and migration operations of the Windows Firewall. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9214-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: System: Audit Other System Events</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="security_state_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by changes in the security state. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9210-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: System: Audit Security State Change</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="security_system_extension" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events produced by the security system extensions or services. This state corresponds with the following GUID specified in ntsecapi.h: cce9211-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: System: Audit Security System Extension</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="system_integrity" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit the events that indicate that the integrity security subsystem has been violated. This state corresponds with the following GUID specified in ntsecapi.h: 0cce9212-69ae-11d9-bed3-505054503030. This state corresponds with the following Advanced Audit Policy: System: Audit System Integrity</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== CMDLET ITEM ================================ --> <!-- =============================================================================== --> <xsd:element name="cmdlet_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The cmdlet_item represents a PowerShell cmdlet, the parameters supplied to it, and the value it returned.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="module_name" type="oval-sc:EntityItemStringType" nillable="true" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the module that contains the cmdlet.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="module_id" type="win-sc:EntityItemGUIDType" nillable="true" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The globally unique identifier for the module.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="module_version" type="oval-sc:EntityItemVersionType" nillable="true" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The version of the module that contains the cmdlet in the form of MAJOR.MINOR.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="verb" type="win-sc:EntityItemCmdletVerbType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The cmdlet verb.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="noun" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The cmdlet noun.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="parameters" type="oval-sc:EntityItemRecordType" nillable="true" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A list of properties (name and value pairs) as input to invoke the cmdlet.</xsd:documentation> <xsd:appinfo> <sch:pattern id="win-sc_cmdletitemparameters"> <sch:rule context="win-sc:cmdlet_item/win-sc:parameters"> <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the parameters entity of a cmdlet_item must be 'record'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="select" type="oval-sc:EntityItemRecordType" nillable="true" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A list of fields (name and value pairs) used as input to the Select-Object cmdlet to select specific output properties.</xsd:documentation> <xsd:appinfo> <sch:pattern id="win-sc_cmdletitemselect"> <sch:rule context="win-sc:cmdlet_item/win-sc:select"> <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the select entity of a cmdlet_item must be 'record'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemRecordType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The expected value represented as a set of fields (name and value pairs).</xsd:documentation> <xsd:appinfo> <sch:pattern id="win-sc_cmdletitemvalue"> <sch:rule context="win-sc:cmdlet_item/win-sc:value"> <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the value entity of a cmdlet_item must be 'record'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= DNS CACHE ITEM ================================ --> <!-- =============================================================================== --> <xsd:element name="dnscache_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The dnscache_item stores information retrieved from the DNS cache about a domain name, its time to live, and its corresponding IP addresses.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="domain_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain_name element contains a string that represents a domain name that was collected from the DNS cache on the local system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ttl" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The ttl element contains an integer that represents the time to live in seconds of the DNS cache entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ip_address" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The ip_address element contains a string that represents an IP address associated with the specified domain name. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== FILE ITEM ==================================== --> <!-- =============================================================================== --> <xsd:element name="file_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This element describes file metadata. The time information can be retrieved by the _stst function. Development_class and other version information (company, internal name, language, original_filename, product_name, product_version) can be retrieved using the VerQueryValue function.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="filepath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the directory component of the absolute path to a file on the machine.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="owner" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that contains the name of the owner. The name should be specified in the DOMAIN\username format.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Size of the file in bytes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="a_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of last access of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="c_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of creation of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="m_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of last modification of file. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ms_checksum" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The checksum of the file as supplied by Microsoft's MapFileAndCheckSum function.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="version" type="oval-sc:EntityItemVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The version of the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="win-sc:EntityItemFileTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type child element marks wether the file item describes a directory, named pipe, standard file, etc. These types are the return values for GetFileType, with the exception of FILE_ATTRIBUTE_DIRECTORY which is obtained by looking at GetFileAttributesEx.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="development_class" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The development_class element allows the distinction to be made between the GDR development environment and the QFE development environment. This field holds the text found in front of the mmmmmm-nnnn version, for example srv03_gdr.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="company" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the company name held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="internal_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the internal name held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="language" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the language held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="original_filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the original filename held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="product_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the product name held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="product_version" type="oval-sc:EntityItemVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This entity defines the product version held within the version-information structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================= FILE AUDITED PERMISSIONS ITEM ======================= --> <!-- =============================================================================== --> <xsd:element name="fileauditedpermissions_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the audited access rights of a file that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="filepath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine from which the DACL was retrieved. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the directory component of the absolute path to a file on the machine from which the DACL was retrieved.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with this particular SACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.3</oval:version> <oval:reason>Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.</oval:reason> <oval:comment>This entity has been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_fileaudititemtrustee_name"> <sch:rule context="win-sc:fileauditedpermissions_item/win-sc:trustee_name"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read data from the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write data to the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_append_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to append data to the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_ea" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read extended attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_ea" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write extended attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to execute a file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_delete_child" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_attributes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read file attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_attributes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to change file attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== FILE EFFECTIVE RIGHTS ITEM ========================= --> <!-- =============================================================================== --> <xsd:element name="fileeffectiverights_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the effective rights of a file that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="filepath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine from which the DACL was retrieved. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the absolute path to a file on the machine from which the DACL was retrieved.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.3</oval:version> <oval:reason>Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.</oval:reason> <oval:comment>This entity has been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_feritemtrustee_name"> <sch:rule context="win-sc:fileeffectiverights_item/win-sc:trustee_name"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read data from the file</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write data to the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_append_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to append data to the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_ea" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read extended attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_ea" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write extended attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to execute a file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_delete_child" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_attributes" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read file attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_write_attributes" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to change file attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== GROUP ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="group_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The Windows group_item allows the different users and subgroups, that directly belong to specific groups (identified by name), to be collected. The collected subgroups will not be resolved to find indirect user or subgroup members. If the subgroups need to be resolved, it should be done using the sid_object. Note that the user and subgroup elements can appear an unlimited number of times. If a user is not found in the specified group, a single user element should exist with a status of 'does not exist'. If there is an error determining the users of a group, a single user element should exist with a status of 'error'. If a subgroup is not found in the specified group, a single subgroup element should exist with a status of 'does not exist'. If there is an error determining the subgroups of a group, a single subgroup element should exist with a status of 'error'.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11</oval:version> <oval:reason>Replaced by the group_sid_item. This item uses trustee names for identifying accounts on the system. Trustee names are not unique and the group_sid_item, which uses trustee SIDs which are unique, should be used instead. See the group_sid_item.</oval:reason> <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_group_item_dep"> <sch:rule context="win-sc:group_item"> <sch:report test="true()">DEPRECATED ITEM: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="group" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string the represents the name of a particular group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, groups should be identified in the form: "domain\group name". For local groups use: "computer name\group name". For built-in accounts on the system, use the group name without a domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer name\user name". For built-in accounts on the system, use the user name without a domain.</xsd:documentation> <xsd:documentation>If the specified group has more than one user as a member, then multiple user elements should exist. If the specified group does not contain a single user, then a single user element should exist with a status of 'does not exist'. If there is an error determining the users that are members of the group, then a single user element should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="subgroup" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular subgroup in the specified group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, the subgroups should be identified in the form: "domain\group name". In a local environment, the subgroups should be identified in the form: "computer name\group name". If the subgroups are built-in groups, the subgroups should be identified in the form: "group name" without a domain component.</xsd:documentation> <xsd:documentation>If the specified group has more than one subgroup as a member, then multiple subgroup elements should exist. If the specified group does not contain a single subgroup, then a single subgroup element should exist with a status of 'does not exist'. If there is an error determining the subgroups that are members of the group, then a single subgroup element should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ GROUP SID ITEM ================================ --> <!-- =============================================================================== --> <xsd:element name="group_sid_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The Windows group_sid_item allows the different users and subgroups, that directly belong to specific groups (identified by SID), to be collected. The collected subgroups will not be resolved to find indirect user or subgroup members. If the subgroups need to be resolved, it should be done using the sid_sid_object. Note that the user and subgroup elements can appear an unlimited number of times. If a user is not found in the specified group, a single user element should exist with a status of 'does not exist'. If there is an error determining the users of a group, a single user element should exist with a status of 'error'. If a subgroup is not found in the specified group, a single subgroup element should exist with a status of 'does not exist'. If there is an error determining the subgroups of a group, a single subgroup element should exist with a status of 'error'.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="group_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string the represents the SID of a particular group.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the SID of a particular user. If the specified group has more than one user as a member, then multiple user_sid entities should exist. If the specified group does not contain a single user, then a single user_sid entity should exist with a status of 'does not exist'. If there is an error determining the userss that are members of the group, then a single user_sid entity should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="subgroup_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the SID of a particular subgroup. If the specified group has more than one subgroup as a member, then multiple subgroup_sid entities should exist. If the specified group does not contain a single subgroup, a single subgroup_sid entity should exist with a status of 'does not exist'. If there is an error determining the subgroups that are members of the group, then a single subgroup_sid entity should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ INTERFACE ITEM ================================= --> <!-- =============================================================================== --> <xsd:element name="interface_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>Enumerate various attributes about the interfaces on a system.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the name of an interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="index" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies index that identifies the interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="win-sc:EntityItemInterfaceTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the type of interface which is limited to certain set of values.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="hardware_addr" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the hardware or MAC address of the physical network card. MAC addresses should be formatted according to the IEEE 802-2001 standard which states that a MAC address is a sequence of six octet values, separated by hyphens, where each octet is represented by two hexadecimal digits. Uppercase letters should also be used to represent the hexadecimal digits A through F.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="inet_addr" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the IP address of the specific interface. Note that the IP address can be IPv4 or IPv6. If the IP address is an IPv6 address, this entity should be expressed as an IPv6 address prefix using CIDR notation and the netmask entity should not be collected.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="broadcast_addr" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the broadcast address. A broadcast address is typically the IP address with the host portion set to either all zeros or all ones. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="netmask" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the subnet mask for the IP address. Note that if the inet_addr entity contains an IPv6 address prefix, this entity should not be collected.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="addr_type" type="win-sc:EntityItemAddrTypeType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>This element specifies the address type or state of a specific interface. Each interface can be associated with more than one value meaning the addr_type element can occur multiple times.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== LICENSE ITEM ================================ --> <!-- =============================================================================== --> <xsd:element name="license_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The license_item element stores the different information that can be found in the Windows license registry value. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes the name of a license entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="win-sc:EntityItemRegistryTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of data stored by the license entry. Valid values are REG_BINARY, REG_DWORD and REG_SZ. Please refer to the EntityItemRegistryTypeType for more information about the different possible types.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value entity holds the actual value of the specified license entry. The representation of the value as well as the associated datatype attribute depends on type of data stored in the license entry. If the specified license entry is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the registry key is of type REG_DWORD, then the datatype attribute should be set to 'int' and the value entity should represent the data as an integer. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ========================= LOCKOUT POLICY ITEM =============================== --> <!-- =============================================================================== --> <xsd:element name="lockoutpolicy_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The lockoutpolicy item enumerates various attributes associated with lockout information for users and global groups in the security database.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="force_logoff" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds (from a DWORD), the amount of time between the end of the valid logon time and the time when the user is forced to log off the network. A value of TIMEQ_FOREVER (max DWORD value, 4294967295) indicates that the user is never forced to log off. A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires. See the USER_MODALS_INFO_0 structure returned by a call to NetUserModalsGet().</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="lockout_duration" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds, how long a locked account remains locked before it is automatically unlocked. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="lockout_observation_window" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the maximum time, in seconds, that can elapse between any two failed logon attempts before lockout occurs. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="lockout_threshold" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the number of invalid password authentications that can occur before an account is marked "locked out." See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ METABASE ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="metabase_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item gathers information from the specified metabase keys.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes a metabase key to be gathered.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="id" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The id element specifies a particular object under the metabase key. If the xsi:nil attribute is set to true, then the item being represented is the higher level metabase key. Using xsi:nil here will result in a status of 'not collected' for the other entities associated with this item since these entities are not associated with a key by itself.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes the name of the specified metabase object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="user_type" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The user_type element is an unsigned 32-bit integer (DWORD) that specifies the user type of the data. See the METADATA_RECORD structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="data_type" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The data_type element identifies the type of data in the metabase entry. See the METADATA_RECORD structure.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="data" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The actual data of the named item under the specified metabase key. If the specified metabase key is of type multi string, then multiple value elements should exist to describe the array of strings.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ NTUSER ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="ntuser_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The windows ntuser_item specifies information that can be collected from a particular ntuser.dat file.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes a registry key normally found in the HKCU hive to be tested.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element describes the name of a registry key. If the xsi:nil attribute is set to true, then the item being represented is the higher level key. Using xsi:nil here will result in a status of 'does not exist' for the type, and value entities since these entities are not associated with a key by itself.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element holds a string that represents the SID of a particular user.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="username" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The username entity holds a string that represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer name\user name".</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="account_type" type="win-sc:EntityItemNTUserAccountTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The account_type element describes if the user account is a local account or domain account.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="logged_on" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The logged_on element describes if the user account is currently logged on to the computer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The enabled element describes if the user account is enabled or disabled.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="date_modified" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of last modification of file. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="days_since_modified" type="oval-sc:EntityItemIntType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The number of days since the ntuser.dat file was last modified. The value should be rounded up to the next whole integer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filepath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes the filepath of the ntuser.dat file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="last_write_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The last time that the key or any of its value entries was modified. The value of this entity represents the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). Last write time can be queried on a hive, key, or name. When collecting only information about a registry hive the last write time will be the time the hive or any of its entiries was written to. When collecting only information about a registry hive and key the last write time will be the time the key or any of its entiries was written to. When collecting only information about a registry name the last write time will be the time the name was written to. See the RegQueryInfoKey function lpftLastWriteTime.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="win-sc:EntityItemRegistryTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of data stored by the registry key. Please refer to the EntityItemRegistryTypeType for more information about the different possible types.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The value entity holds the actual value of the specified registry key. The representation of the value as well as the associated datatype attribute depends on type of data stored in the registry key. If the specified registry key is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the registry key is of type REG_DWORD or REG_QWORD, then the datatype attribute should be set to 'int' and the value entity should represent the data as an integer. If the specified registry key is of type REG_EXPAND_SZ, then the datatype attribute should be set to 'string' and the pre-expanded string should be represented by the value entity. If the specified registry key is of type REG_MULTI_SZ, then multiple value entities should exist to describe the array of strings, with each value element holds a single string. In the end, there should be the same number of value entities as there are strings in the reg_multi_sz array. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== PASSWORD POLICY ITEM =============================== --> <!-- =============================================================================== --> <xsd:element name="passwordpolicy_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>Specific policy items associated with passwords. It is important to note that these policies are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_item and activedirectory_item are of no use. If this can be figured out, then the password_policy item is not needed.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="max_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds (from a DWORD), the maximum allowable password age. A value of TIMEQ_FOREVER (max DWORD value, 4294967295) indicates that the password never expires. The minimum valid value for this element is ONE_DAY (86400). See the USER_MODALS_INFO_0 structure returned by a call to NetUserModalsGet().</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="min_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again. A value of zero indicates that no delay is required between password updates.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="min_passwd_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="password_hist_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the length of password history maintained. A new password cannot match any of the previous usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="password_complexity" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A boolean value that signifies whether passwords must meet the complexity requirements put forth by the operating system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="reversible_encryption" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Determines whether or not passwords are stored using reversible encryption.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =========================== PE HEADER ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="peheader_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The peheader_item describes the metadata associated with a PE file header. For more information, please see the documentation for the IMAGE_FILE_HEADER and IMAGE_OPTIONAL_HEADER structures.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="filepath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The filepath element specifies the absolute path for a PE file on the machine. A directory cannot be specified as a filepath.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The path element specifies the directory component of the absolute path to a PE file on the machine.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The filename element specifies the name of a PE file to evaluate.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="header_signature" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The header_signature entity is the signature of the header.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="target_machine_type" type="win-sc:EntityItemPeTargetMachineType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The target_machine_type entity is an unsigned 16-bit integer (WORD) that specifies the target architecture that the file is intended for.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="number_of_sections" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The number_of_sections entity is an unsigned 16-bit integer (WORD) that specifies the number of sections in the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="time_date_stamp" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time_date_stamp entity is an unsigned 32-bit integer (DWORD) that specifies the time that the linker produced the file. The value is represented as the number of seconds since January 1, 1970, 00:00:00.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pointer_to_symbol_table" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The pointer_to_symbol_table entity is an unsigned 32-bit integer (DWORD) that specifies the file offset of the COFF symbol table.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="number_of_symbols" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The number_of_symbols entity is an unsigned 32-bit integer (DWORD) that specifies the number of symbols in the COFF symbol table.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_optional_header" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_optional_header entity is an unsigned 32-bit integer (DWORD) that specifies the size of an optional header in bytes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_relocs_stripped" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_relocs_stripped entity is a boolean value that specifies if the relocation information is stripped from the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_executable_image" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_executable_image entity is a boolean value that specifies if the file is executable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_line_nums_stripped" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_line_nums_stripped entity is a boolean value that specifies if the line numbers are stripped from the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_local_syms_stripped" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_local_syms_stripped entity is a boolean value that specifies if the local symbols are stripped from the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_aggresive_ws_trim" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_aggressive_ws_trim entity is a boolean value that specifies that the working set should be aggressively trimmed.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_large_address_aware" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_large_address_aware entity is a boolean value that specifies that the application can handle addresses larger than 2GB.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_16bit_machine" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_16bit_machine entity is a boolean value that specifies that the computer supports 16-bit words.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_bytes_reversed_lo" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_bytes_reversed_lo entity is a boolean value that specifies that the bytes of the word are reversed.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_32bit_machine" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_32bit_machine entity is a boolean value that specifies that the computer supports 32-bit words.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_debug_stripped" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_debug_stripped entity is a boolean value that specifies that the debugging information is stored separately in a .dbg file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_removable_run_from_swap" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_removable_run_from_swap entity is a boolean value that specifies that the image is on removable media, copy and run from the swap file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_system" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_system entity is a boolean value that specifies that the image is a system file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_dll" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_dll entity is a boolean value that specifies that the image is a DLL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_up_system_only" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_up_system_only entity is a boolean value that specifies that the file should only be run on a uniprocessor computer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_file_bytes_reveresed_hi" type="oval-sc:EntityItemBoolType" default="false" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_file_bytes_reversed_hi entity is a boolean value that specifies that the bytes of the word are reversed.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="magic_number" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The magic_number entity is an unsigned 16-bit integer (WORD) that specifies the state of the image file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="major_linker_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The major_linker_version entity is a BYTE that specifies the major version of the linker that produced the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="minor_linker_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The minor_linker_version entity is a BYTE that specifies the minor version of the linker that produced the file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_code" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_code entity is an unsigned 32-bit integer (DWORD) that specifies the total size of all of the code sections.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_initialized_data" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_initialized_data entity is an unsigned 32-bit integer (DWORD) that specifies the total size of all of the sections that are composed of initialized data.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_uninitialized_data" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_uninitialized_data entity is an unsigned 32-bit integer (DWORD) that specifies the total size of all of the sections that are composed of uninitialized data.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="address_of_entry_point" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The address_of_entry_point entity is an unsigned 32-bit integer (DWORD) that specifies the address where the loader will begin execution.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="base_of_code" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The base_of_code entity is an unsigned 32-bit integer (DWORD) that specifies the relative virtual address where the file's code section begins.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="base_of_data" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The base_of_data entity is an unsigned 32-bit integer (DWORD) that specifies the relative virtual address where the file's data section begins.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_base_address" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_base_address entity is an unsigned 32-bit integer (DWORD) that specifies the preferred address fo the first byte of the image when it is loaded into memory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="section_alignment" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The section_alignment entity is an unsigned 32-bit integer (DWORD) that specifies the alignment of the sections loaded into memory.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_alignment" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file_alignment entity is an unsigned 32-bit integer (DWORD) that specifies the alignment of the raw data of sections in the image file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="major_operating_system_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The major_operating_system_version entity is an unsigned 16-bit integer (WORD) that specifies the major version of the operating system required to use this executable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="minor_operating_system_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The minor_operating_system_version entity is an unsigned 16-bit integer (WORD) that specifies the minor version of the operating system required to use this executable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="major_image_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The major_image_version entity is an unsigned 16-bit integer (WORD) that specifies the major version number of the image.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="minor_image_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The minor_image_version entity is an unsigned 32-bit integer (DWORD) that specifies the minor version number of the image.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="major_subsystem_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The major_subsystem_version entity is an unsigned 16-bit integer (WORD) that specifies the major version of the subsystem required to run the executable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="minor_susbsystem_version" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The minor_subsystem_version entity is an unsigned 16-bit integer (WORD) that specifies the minor version of the subsystem required to run the executable.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_image" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_image entity is an unsigned 32-bit integer (DWORD) that specifies the total size of the image including all of the headers.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_headers" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The size_of_headers entity is an unsigned 32-bit integer (DWORD) that specifies the total combined size of the MS-DOS stub, PE header, and the section headers.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="checksum" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The checksum entity is an unsigned 32-bit integer (DWORD) that specifies the checksum of the image file.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="subsystem" type="win-sc:EntityItemPeSubsystemType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The subsystem entity is an unsigned 32-bit integer (DWORD) that specifies the type of subsystem that the executable uses for its user interface.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="dll_characteristics" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The dll_characteristics entity is an unsigned 32-bit integer (DWORD) that specifies the set of flags indicating the circumstances under which a DLL's initialization function will be called..</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_stack_reserve" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time_date_stamp entity is an unsigned 32-bit integer (DWORD) that specifies the number of bytes to reserve for the stack.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_stack_commit" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time_date_stamp entity is an unsigned 32-bit integer (DWORD) that specifies the number of bytes to commit for the stack.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_heap_reserve" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time_date_stamp entity is an unsigned 32-bit integer (DWORD) that specifies the number of bytes to reserve for the local heap.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="size_of_heap_commit" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The time_date_stamp entity is an unsigned 32-bit integer (DWORD) that specifies the number of bytes to commit for the local heap.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="loader_flags" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The loader_flags entity is an unsigned 32-bit integer (DWORD) that specifies the loader flags of the header.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="number_of_rva_and_sizes" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The number_of_rva_and_sizes entity is an unsigned 32-bit integer (DWORD) that specifies the number of directory entries in the remainder of the optional header.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="real_number_of_directory_entries" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The real_number_of_directory_entries entity is the real number of data directory entries in the remainder of the optional header calculated by enumerating the directory entries.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== PORT ITEM ==================================== --> <!-- =============================================================================== --> <xsd:element name="port_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>Information about open listening ports.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="local_address" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the local IP address the listening port is bound to. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="local_port" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the number assigned to the local listening port.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="protocol" type="win-sc:EntityItemProtocolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the type of listening port. It is restricted to either TCP or UDP.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the process that is associated with the specified listening port.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="foreign_address" type="oval-sc:EntityItemIPAddressStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the IP address with which the program is communicating, or with which it will communicate, in the case of a listening server. Note that the IP address can be IPv4 or IPv6.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="foreign_port" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This is the TCP or UDP port to which the program communicates.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================= PRINTER EFFECTIVE RIGHTS ITEM ======================= --> <!-- =============================================================================== --> <xsd:element name="printereffectiverights_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the effective rights of a printer that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="printer_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The printer_name enitity specifies the name of the printer.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="printer_access_administer" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="printer_access_use" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="job_access_administer" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="job_access_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ PROCESS ITEM =================================== --> <!-- =============================================================================== --> <xsd:element name="process_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>Information about running processes.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="command_line" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the process that is created for a specified command line.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="ppid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the parent of the process that is created for the specified command line</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="priority" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The base priority of the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="image_path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The image_path entity represents the name of the executable file for the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="current_dir" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The current_dir entity represents the current path to the executable file for the process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="creation_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The creation_time entity represents the creation time of the process. The value of this entity represents the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). See the GetProcessTimes function lpCreationTime.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="dep_enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The dep_enabled entity represents whether or not data execution prevention (DEP) is enabled. See the GetProcessDEPPolicy function lpFlags.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="primary_window_text" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The primary_window_text entity represents the title of the primary window of the process. See the GetWindowText function.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the process.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ REGISTRY ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="registry_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The windows registry item specifies information that can be collected about a particular registry key.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The hive that the registry key belongs to.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element describes a registry key to be gathered. Note that the hive portion of the string should not be included, as this data can be found under the hive element. If the xsi:nil attribute is set to true, then the item being represented is the higher level hive or lower level name. Using xsi:nil here will result in a status of 'not collected' for this entity since the item is specific to a hive or name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element describes the name of a registry key. If the xsi:nil attribute is set to true, then the item being represented is the higher level key or hive. Using xsi:nil here will result in a status of 'not collected' since the item is specific to a key or hive.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="last_write_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The last time that the key or any of its value entries were modified. The value of this entity represents the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). Last write time can be queried on any key, with hives being classified as a type of key. When collecting only information about a registry hive or key the last write time will be the time the key or any of its entries were modified. When collecting only information about a registry name the last write time will be the time the containing key was modified. Thus when collecting information about a registry name, the last write time does not correlate directly to the specified name. See the RegQueryInfoKey function lpftLastWriteTime.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="type" type="win-sc:EntityItemRegistryTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of data stored by the registry key. Please refer to the EntityItemRegistryTypeType for more information about the different possible types.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The value entity holds the actual value of the specified registry key. The representation of the value as well as the associated datatype attribute depends on type of data stored in the registry key. If the value being tested is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the value being tested is of type REG_DWORD, REG_QWORD, REG_DWORD_LITTLE_ENDIAN, REG_DWORD_BIG_ENDIAN, or REG_QWORD_LITTLE_ENDIAN then the datatype attribute should be set to 'int' and the value entity should represent the data as an unsigned integer. DWORD and QWORD values represnt unsigned 32-bit and 64-bit integers, respectively. If the value being tested is of type REG_EXPAND_SZ, then the datatype attribute should be set to 'string' and the pre-expanded string should be represented by the value entity. If the value being tested is of type REG_MULTI_SZ, then only a single string (one of the multiple strings) should be tested using the value entity with the datatype attribute set to 'string'. In order to test multiple values, multiple OVAL registry tests should be used. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string. If the value being tested is of type REG_LINK, then the datatype attribute should be set to 'string' and the null-terminated Unicode string should be represented by the value entity.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =================== REGISTRY KEY AUDITED PERMISSIONS ITEM =================== --> <!-- =============================================================================== --> <xsd:element name="regkeyauditedpermissions_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the audited access rights of a registry key that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the hive of a registry key on the machine from which the SACL was retrieved.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element specifies a registry key on the machine from which the SACL was retrieved. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.3</oval:version> <oval:reason>Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.</oval:reason> <oval:comment>This entity has been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_rapitemtrustee_name"> <sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:trustee_name"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.6</oval:version> <oval:reason>This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.</oval:reason> </oval:deprecated_info> <sch:pattern id="win-sc_rapitemstandard_synchronize"> <sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_synchronize"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="key_query_value" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_set_value" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_create_sub_key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_enumerate_sub_keys" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_notify" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_create_link" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_64key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_32key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_res" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ==================== REGISTRY KEY EFFECTIVE RIGHTS ITEM ===================== --> <!-- =============================================================================== --> <xsd:element name="regkeyeffectiverights_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the effective rights of a registry key that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The hive that the registry key belongs to.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true" > <xsd:annotation> <xsd:documentation>This element describes a registry key to be gathered. Note that the hive portion of the string should not be inclueded, as this data can be found under the hive element. If the xsi:nil attribute is set to true, then the item being represented is the higher level hive.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.3</oval:version> <oval:reason>Replaced by the trustee_sid entity. This entity uses trustee names for identifying trustees. Trustee names are not unique, and a new entity was created to use trustee SIDs, which are unique. See the trustee_sid.</oval:reason> <oval:comment>This entity has been deprecated and will be removed in version 6.0 of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_reritemtrustee_name"> <sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:trustee_name"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.6</oval:version> <oval:reason>This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.</oval:reason> </oval:deprecated_info> <sch:pattern id="win-sc_reritemstandard_synchronize"> <sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_synchronize"> <sch:report test="true()">DEPRECATED ELEMENT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="key_query_value" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_set_value" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_create_sub_key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_enumerate_sub_keys" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_notify" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_create_link" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_64key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_32key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_res" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> </xsd:element> <xsd:element name="windows_view" type="win-sc:EntityItemWindowsViewType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The windows view value from which this OVAL Item was collected. This is used to indicate from which view (32-bit or 64-bit), the associated Item was collected. A value of '32_bit' indicates the Item was collected from the 32-bit view. A value of '64-bit' indicates the Item was collected from the 64-bit view. Omitting this entity removes any assertion about which view the Item was collected from, and therefore it is strongly suggested that this entity be set.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================ SERVICE ITEM =============================== --> <!-- =============================================================================== --> <xsd:element name="service_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores information about Windows services that are present on the system.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="service_name" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The service_name element specifies the name of the service as specified in the Service Control Manager (SCM) database.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="display_name" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The display_name element specifies the name of the service as specified in tools such as Control Panel->Administrative Tools->Services.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="description" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The description element specifies the description of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_type" type="win-sc:EntityItemServiceTypeType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The service_type element specifies the type of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="start_type" type="win-sc:EntityItemServiceStartTypeType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The start_type element specifies when the service should be started.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="current_state" type="win-sc:EntityItemServiceCurrentStateType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The current_state element specifies the current state of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="controls_accepted" type="win-sc:EntityItemServiceControlsAcceptedType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The controls_accepted element specifies the control codes that a service will accept and process.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="start_name" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The start_name element specifies the account under which the process should run.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The path element specifies the path to the binary of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="pid" type="oval-sc:EntityItemIntType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The pid element specifies the process ID of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_flag" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The service_flag element specifies if the service is in a system process that must always run (1) or if the service is in a non-system process or is not running (0). If the service is not running, the pid will be 0. Otherwise, the pid will be non-zero.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="dependencies" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The dependencies element specifies the dependencies of this service on other services.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ======================== SERVICE EFFECTIVE RIGHTS ITEM ====================== --> <!-- =============================================================================== --> <xsd:element name="serviceeffectiverights_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the effective rights of a service that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined by checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="service_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="false"> <xsd:annotation> <xsd:documentation>The service_name element specifies a service on the machine from which to retrieve the DACL. Note that the service_name element should contain the actual name of the service and not its display name that is found in Control Panel->Administrative Tools->Services. For example, if you wanted to check the effective rights of the Automatic Updates service you would specify 'wuauserv' for the service_name element not 'Automatic Updates'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid element specifies the SID that is associated with a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the DeleteService function to delete the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the QueryServiceObjectSecurity function to query the security descriptor of the service object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the SetServiceObjectSecurity function to modify the Dacl member of the service object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the SetServiceObjectSecurity function to modify the Owner and Group members of the service object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>Read access (STANDARD_RIGHTS_READ, SERVICE_QUERY_CONFIG, SERVICE_QUERY_STATUS, SERVICE_INTERROGATE, SERVICE_ENUMERATE_DEPENDENTS).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>Write access (STANDARD_RIGHTS_WRITE, SERVICE_CHANGE_CONFIG).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>Execute access (STANDARD_RIGHTS_EXECUTE, SERVICE_START, SERVICE_STOP, SERVICE_PAUSE_CONTINUE, SERVICE_USER_DEFINED_CONTROL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_query_conf" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the QueryServiceConfig and QueryServiceConfig2 functions to query the service configuration.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_change_conf" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the ChangeServiceConfig or ChangeServiceConfig2 function to change the service configuration. </xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_query_stat" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the QueryServiceStatusEx function to ask the service control manager about the status of the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_enum_dependents" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the EnumDependentServices function to enumerate all the services dependent on the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_start" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the StartService function to start the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_stop" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the ControlService function to stop the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_pause" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the ControlService function to pause or continue the service.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_interrogate" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the ControlService function to ask the service to report its status immediately.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="service_user_defined" type="oval-sc:EntityItemBoolType" minOccurs="0"> <xsd:annotation> <xsd:documentation>This permission is required to call the ControlService function to specify a user-defined control code.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =========================== SHARED RESOURCE ITEM =========================== --> <!-- =============================================================================== --> <xsd:element name="sharedresource_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="netname" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The share name of the resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="shared_type" type="win-sc:EntityItemSharedResourceTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type of the shared resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="max_uses" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The maximum number of concurrent connections that the shared resource can accommodate.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="current_uses" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The number of current connections to the shared resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="local_path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The local path for the shared resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_read_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to read data from a resource and, by default, to execute the resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_write_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to write data to the resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_create_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to create an instance of the resource (such as a file); data can be written to the resource as the resource is created.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_exec_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to execute the resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_delete_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to delete the resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_atrib_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to modify the resource's attributes (such as the date and time when a file was last modified).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_perm_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to modify the permissions (read, write, create, execute, and delete) assigned to a resource for a user or application.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_all_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Permission to read, write, create, execute, and delete resources, and to modify their attributes and permissions.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================= SHARED RESOURCE AUDITED PERMISSIONS ITEM ================== --> <!-- =============================================================================== --> <xsd:element name="sharedresourceauditedpermissions_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the audited access rights of a shared resource that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="netname" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The netname entity specifies the name associated with a particular shared resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =================== SHARED RESOURCE EFFECTIVE RIGHTS ITEM =================== --> <!-- =============================================================================== --> <xsd:element name="sharedresourceeffectiverights_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>This item stores the effective rights of a shared resource that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="netname" type="oval-sc:EntityItemStringType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The netname entity specifies the name associated with a particular shared resource.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= SID ITEM ================================= --> <!-- =============================================================================== --> <xsd:element name="sid_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular SID. In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_domain" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ================================= SID SID ITEM ============================= --> <!-- =============================================================================== --> <xsd:element name="sid_sid_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation/> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular SID. In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_domain" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================== SYSTEM METRIC ITEM ========================== --> <!-- =============================================================================== --> <xsd:element name="systemmetric_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The system metric item stores the value of a particular Windows system metric.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="index" type="win-sc:EntityItemSystemMetricIndexType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes the index of a system metric entry.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="value" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value entity holds the actual value of the specified system metric index.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ========================= USER ACCESS CONTROL ITEM ========================== --> <!-- =============================================================================== --> <xsd:element name="uac_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The uac_item is used to hold information about settings related to User Access Control within Windows.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="admin_approval_mode" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Admin Approval Mode for the Built-in Administrator account.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="elevation_prompt_admin" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Behavior of the elevation prompt for administrators in Admin Approval Mode.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="elevation_prompt_standard" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Behavior of the elevation prompt for standard users.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="detect_installations" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Detect application installations and prompt for elevation.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="elevate_signed_executables" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Only elevate executables that are signed and validated.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="elevate_uiaccess" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Only elevate UIAccess applications that are installed in secure locations.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="run_admins_aam" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Run all administrators in Admin Approval Mode.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="secure_desktop" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Switch to the secure desktop when prompting for elevation.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="virtualize_write_failures" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Virtualize file and registry write failures to per-user locations.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================== USER ITEM ==================================== --> <!-- =============================================================================== --> <xsd:element name="user_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The windows user_item allows the different groups (identified by name) that a user belongs to be collected.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11</oval:version> <oval:reason>Replaced by the user_sid_item. This item uses trustee names for identifying accounts on the system. Trustee names are not unique and the user_sid_item, which uses trustee SIDs which are unique, should be used instead. See the user_sid_item.</oval:reason> <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_user_item_dep"> <sch:rule context="win-sc:user_item"> <sch:report test="true()">DEPRECATED ITEM: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="user" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string the represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer_name\user_name". For built-in accounts on the system, use the user name without a domain.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A boolean that represents whether the particular user is enabled or not.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="group" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, groups should be identified in the form: "domain\group name". For local groups use: "computer name\group name". For built-in accounts on the system, use the group name without a domain.</xsd:documentation> <xsd:documentation>If the specified user belongs to more than one group, then multiple group elements should exist. If the specified user is not a member of a single group, then a single group element should exist with a status of 'does not exist'. If there is an error determining the groups that the user belongs to, then a single group element should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="last_logon" type="oval-sc:EntityItemIntType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================ USER SID ITEM ================================== --> <!-- =============================================================================== --> <xsd:element name="user_sid_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The windows user_sid_item allows the different groups (identified by SID) that a user belongs to be collected.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="user_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string the represents the SID of a particular user.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A boolean that represents whether the particular user is enabled or not.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="group_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the SID of a particular group. If the specified user belongs to more than one group, then multiple group_sid elements should exist. If the specified user is not a member of a single group, then a single group_sid element should exist with a status of 'does not exist'. If there is an error determining the groups that the user belongs to, then a single group_sid element should be included with a status of 'error'.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="last_logon" type="oval-sc:EntityItemIntType" minOccurs="0"> <xsd:annotation> <xsd:documentation>The date and time when the last logon occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =========================== USER RIGHT ITEM ================================= --> <!-- =============================================================================== --> <xsd:element name="userright_item" substitutionGroup="oval-sc:item"> <xsd:complexType> <xsd:annotation> <xsd:documentation>The userright_item allows SIDs that have been granted a user right/privilege to be collected.</xsd:documentation> </xsd:annotation> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="userright" type="win-sc:EntityItemUserRightType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The userright entity holds a string that represents the name of a particular user right/privilege.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The trustee_sid element identifies the SID that has been granted the specified user right/privilege. The trustee_sid element can be included multiple times in a system characteristic item in order to record that a user right/privilege has been granted to a number of SIDs. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like trustee_sid that refer to items that can occur an unbounded number of times.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= VOLUME ITEM =================================== --> <!-- =============================================================================== --> <xsd:element name="volume_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The volume item enumerates various attributes about a particular volume mounted to a machine. This includes the various system flags returned by GetVolumeInformation(). It is important to note that these system flags are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="rootpath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that contains the root directory of the volume to be described. A trailing backslash is required. For example, you would specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\".</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_system" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type of filesystem. For example FAT or NTFS.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the volume.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="drive_type" type="win-sc:EntityItemDriveTypeType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The drive type of the volume.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="volume_max_component_length" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The volume_max_component_length element specifies the maximum length, in TCHARs, of a file name component that a specified file system supports. A file name component is the portion of a file name between backslashes. The value that is stored in the variable that *lpMaximumComponentLength points to is used to indicate that a specified file system supports long names. For example, for a FAT file system that supports long names, the function stores the value 255, rather than the previous 8.3 indicator. Long names can also be supported on systems that use the NTFS file system.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="serial_number" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The volume serial number.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_case_sensitive_search" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports case-sensitive file names.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_case_preserved_names" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system preserves the case of file names when it places a name on disk.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_unicode_on_disk" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports Unicode in file names as they appear on disk.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_persistent_acls" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system preserves and enforces ACLs. For example, NTFS preserves and enforces ACLs, and FAT does not.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_file_compression" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports file-based compression.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_volume_quotas" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports disk quotas.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_sparse_files" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports sparse files.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_reparse_points" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports reparse points.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_remote_storage" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports remote storage.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_volume_is_compressed" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The specified volume is a compressed volume; for example, a DoubleSpace volume.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_object_ids" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports object identifiers.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_encryption" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports the Encrypted File System (EFS).</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_named_streams" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports named streams.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_read_only_volume" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The specified volume is read-only.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_sequential_write_once" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports one time writes in sequential order.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_transactions" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports transaction processing.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_hard_links" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports direct links to other devices and partitions.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_extended_attributes" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports extended attributes.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_open_by_file_id" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports fileID.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_usn_journal" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports update sequence number journals.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= WMI CONTENT ITEM ============================= --> <!-- =============================================================================== --> <xsd:element name="wmi_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The wmi_item outlines information to be checked through Microsoft's WMI interface.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.7</oval:version> <oval:reason>Replaced by the wmi57_item. This item allows for single fields to be selected from WMI. A new item was created to allow more than one field to be selected in one statement. See the wmi57_item.</oval:reason> <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> <sch:pattern id="win-sc_wmi_item_dep"> <sch:rule context="win-sc:wmi_item"> <sch:report test="true()">DEPRECATED ITEM: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="namespace" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The WMI namespaces of the specific object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="wql" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A WQL query used to identify the object(s) specified. Any valid WQL query is allowed with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="result" type="oval-sc:EntityItemAnySimpleType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The result element specifies how to test objects in the result set of the specified WQL statement. Only one comparable field is allowed. So if the WQL statement look like 'SELECT name FROM ...', then a result element with a value of 'Fred' would test that value against the names returned by the WQL statement. If the WQL statement returns more than one instance of the specified field, then multiple result elements should exist to describe each instance.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ============================= WMI CONTENT ITEM (57) ======================== --> <!-- =============================================================================== --> <xsd:element name="wmi57_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The wmi57_item outlines information to be checked through Microsoft's WMI interface.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="namespace" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The WMI namespaces of the specific object.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="wql" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A WQL query used to identify the object(s) specified. Any valid WQL query is allowed with one exception, all fields must be named. For example SELECT name, age FROM ... is valid, but SELECT * FROM ... is not valid. This is because the record entity supports only named fields.</xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="result" type="oval-sc:EntityItemRecordType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The result entity holds the results of the specified WQL statement.</xsd:documentation> <xsd:appinfo> <sch:pattern id="win-sc_wmi57_itemresult"> <sch:rule context="win-sc:wmi57_item/win-sc:result"> <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the result entity of a wmi57_item must be 'record'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- ========================= WUA UPDATE SEARCHER ITEM ========================= --> <!-- =============================================================================== --> <xsd:element name="wuaupdatesearcher_item" substitutionGroup="oval-sc:item"> <xsd:annotation> <xsd:documentation>The wuaupdatesearcher_item outlines information defined through the Search method of the IUpdateSearcher interface as part of Microsoft's WUA (Windows Update Agent) API. This information is related to the current patch level in a Windows environment. The test extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-sc:ItemType"> <xsd:sequence> <xsd:element name="search_criteria" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> </xsd:annotation> </xsd:element> <xsd:element name="update_id" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>The update_id entity specifies a string that represents a revision-independent identifier of an update. This information is part of the IUpdateIdentity interface that is part of the result of the IUpdateSearcher interface's Search method. Note that multiple update identifiers can be associated with a give search criteria and thus multiple entities can exist for this item.</xsd:documentation> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <!-- =============================================================================== --> <!-- =============================================================================== --> <!-- =============================================================================== --> <xsd:complexType name="EntityItemAddrTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemAddrTypeType restricts a string value to a specific set of values that describe the different address types of interfaces. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="MIB_IPADDR_DELETED"> <xsd:annotation> <xsd:documentation>The stated IP address is being deleted. The unsigned short value that this corresponds to is 0x0040</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IPADDR_DISCONNECTED"> <xsd:annotation> <xsd:documentation>The stated IP address is on a disconnected interface. The unsigned short value that this corresponds to is 0x0008.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IPADDR_DYNAMIC"> <xsd:annotation> <xsd:documentation>The stated IP address is a dynamic IP address. The unsigned short value that this corresponds to is 0x0004.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IPADDR_PRIMARY"> <xsd:annotation> <xsd:documentation>The stated IP address is a primary IP address. The unsigned short value that this corresponds to is 0x0001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IPADDR_TRANSIENT"> <xsd:annotation> <xsd:documentation>The stated IP address is a transient IP address. The unsigned short value that this corresponds to is 0x0080</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemAdstypeType"> <xsd:annotation> <xsd:documentation>The EntityItemAdstypeType restricts a string value to a specific set of values that describe the possible types associated with an Active Directory attribute. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="ADSTYPE_INVALID"> <xsd:annotation> <xsd:documentation>The data type is invalid.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_DN_STRING"> <xsd:annotation> <xsd:documentation>The string is of Distinguished Name (path) of a directory service object.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_CASE_EXACT_STRING"> <xsd:annotation> <xsd:documentation>The string is of the case-sensitive type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_CASE_IGNORE_STRING"> <xsd:annotation> <xsd:documentation>The string is of the case-insensitive type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_PRINTABLE_STRING"> <xsd:annotation> <xsd:documentation>The string is displayable on the screen or in print.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_NUMERIC_STRING"> <xsd:annotation> <xsd:documentation>The string is of a numeric value to be interpreted as text.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_BOOLEAN"> <xsd:annotation> <xsd:documentation>The data is of a Boolean value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_INTEGER"> <xsd:annotation> <xsd:documentation>The data is of an integer value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_OCTET_STRING"> <xsd:annotation> <xsd:documentation>The string is of a byte array.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_UTC_TIME"> <xsd:annotation> <xsd:documentation>The data is of the universal time as expressed in Universal Time Coordinate (UTC).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_LARGE_INTEGER"> <xsd:annotation> <xsd:documentation>The data is of a long integer value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_PROV_SPECIFIC"> <xsd:annotation> <xsd:documentation>The string is of a provider-specific string.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_OBJECT_CLASS"> <xsd:annotation> <xsd:documentation>Not used.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_CASEIGNORE_LIST"> <xsd:annotation> <xsd:documentation>The data is of a list of case insensitive strings.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_OCTET_LIST"> <xsd:annotation> <xsd:documentation>The data is of a list of octet strings.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_PATH"> <xsd:annotation> <xsd:documentation>The string is of a directory path.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_POSTALADDRESS"> <xsd:annotation> <xsd:documentation>The string is of the postal address type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_TIMESTAMP"> <xsd:annotation> <xsd:documentation>The data is of a time stamp in seconds.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_BACKLINK"> <xsd:annotation> <xsd:documentation>The string is of a back link.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_TYPEDNAME"> <xsd:annotation> <xsd:documentation>The string is of a typed name.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_HOLD"> <xsd:annotation> <xsd:documentation>The data is of the Hold data structure.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_NETADDRESS"> <xsd:annotation> <xsd:documentation>The string is of a net address.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_REPLICAPOINTER"> <xsd:annotation> <xsd:documentation>The data is of a replica pointer.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_FAXNUMBER"> <xsd:annotation> <xsd:documentation>The string is of a fax number.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_EMAIL"> <xsd:annotation> <xsd:documentation>The data is of an e-mail message.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_NT_SECURITY_DESCRIPTOR"> <xsd:annotation> <xsd:documentation>The data is of Windows NT/Windows 2000 Security Descriptor as represented by a byte array.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_UNKNOWN"> <xsd:annotation> <xsd:documentation>The data is of an undefined type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_DN_WITH_BINARY"> <xsd:annotation> <xsd:documentation>The data is of ADS_DN_WITH_BINARY used for mapping a distinguished name to a non varying GUID. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="ADSTYPE_DN_WITH_STRING"> <xsd:annotation> <xsd:documentation>The data is of ADS_DN_WITH_STRING used for mapping a distinguished name to a non-varying string value.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemAuditType"> <xsd:annotation> <xsd:documentation>The EntityItemAuditType restricts a string value to a specific set of values: AUDIT_NONE, AUDIT_SUCCESS, AUDIT_FAILURE, and AUDIT_SUCCESS_FAILURE. These values describe which audit records should be generated. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="AUDIT_FAILURE"> <xsd:annotation> <xsd:documentation>The audit type AUDIT_FAILURE is used to perform audits on all unsuccessful occurrences of specified events when auditing is enabled.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="AUDIT_NONE"> <xsd:annotation> <xsd:documentation>The audit type AUDIT_NONE is used to cancel all auditing options for the specified events.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="AUDIT_SUCCESS"> <xsd:annotation> <xsd:documentation>The audit type AUDIT_SUCCESS is used to perform audits on all successful occurrences of the specified events when auditing is enabled.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="AUDIT_SUCCESS_FAILURE"> <xsd:annotation> <xsd:documentation>The audit type AUDIT_SUCCESS_FAILURE is used to perform audits on all successful and unsuccessful occurrences of the specified events when auditing is enabled.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemDriveTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemDriveTypeType complex type defines the different values that are valid for the drive_type entity of a win-sc:volume_item. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="DRIVE_UNKNOWN"> <xsd:annotation> <xsd:documentation>The DRIVE_UNKNOWN type means that drive type cannot be determined. The UINT value that this corresponds to is 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_NO_ROOT_DIR"> <xsd:annotation> <xsd:documentation>The DRIVE_NO_ROOT_DIR type means that the root path is not valid. The UINT value that this corresponds to is 1.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_REMOVABLE"> <xsd:annotation> <xsd:documentation>The DRIVE_REMOVABLE type means that the drive contains removable media. The UINT value that this corresponds to is 2.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_FIXED"> <xsd:annotation> <xsd:documentation>The DRIVE_FIXED type means that the drive contains fixed media. The UINT value that this corresponds to is 3.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_REMOTE"> <xsd:annotation> <xsd:documentation>The DRIVE_REMOTE type means that the drive is a remote drive (i.e. network drive). The UINT value that this corresponds to is 4.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_CDROM"> <xsd:annotation> <xsd:documentation>The DRIVE_CDROM type means that the drive is a CD-ROM drive. The UINT value that this corresponds to is 5.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="DRIVE_RAMDISK"> <xsd:annotation> <xsd:documentation>The DRIVE_RAMDISK type means that the drive is a RAM disk. The UINT value that this corresponds to is 6.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemFileTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemFileTypeType restricts a string value to a specific set of values that describe the different types of files. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="FILE_ATTRIBUTE_DIRECTORY"> <xsd:annotation> <xsd:documentation>The handle identifies a directory.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="FILE_TYPE_CHAR"> <xsd:annotation> <xsd:documentation>The specified file is a character file, typically an LPT device or a console.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="FILE_TYPE_DISK"> <xsd:annotation> <xsd:documentation>The specified file is a disk file.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="FILE_TYPE_PIPE"> <xsd:annotation> <xsd:documentation>The specified file is a socket, a named pipe, or an anonymous pipe.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="FILE_TYPE_REMOTE"> <xsd:annotation> <xsd:documentation>Unused.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="FILE_TYPE_UNKNOWN"> <xsd:annotation> <xsd:documentation>Either the type of the specified file is unknown, or the function failed.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemInterfaceTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemInterfaceTypeType restricts a string value to a specific set of values that describe the different types of interfaces. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="MIB_IF_TYPE_ETHERNET"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_ETHERNET type is used to describe ethernet interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_FDDI"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_FDDI type is used to describe fiber distributed data interfaces (FDDI).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_LOOPBACK"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_LOOPBACK type is used to describe loopback interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_OTHER"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_OTHER type is used to describe unknown interfaces.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_PPP"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_PPP type is used to describe point-to-point protocol interfaces (PPP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_SLIP"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_SLIP type is used to describe serial line internet protocol interfaces (SLIP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="MIB_IF_TYPE_TOKENRING"> <xsd:annotation> <xsd:documentation>The MIB_IF_TYPE_TOKENRING type is used to describe token ring interfaces..</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemNamingContextType"> <xsd:annotation> <xsd:documentation>The EntityItemNamingContextType restricts a string value to a specific set of values: domain, configuration, and schema. These values describe the different naming context found withing Active Directory. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="domain"> <xsd:annotation> <xsd:documentation>The domain naming context contains Active Directory objects present in the specified domain (e.g. users, computers, groups, and other objects).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="configuration"> <xsd:annotation> <xsd:documentation>The configuration naming context contains configuration data that is required for the Active Directory to operate as a directory service.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="schema"> <xsd:annotation> <xsd:documentation>The schema naming context contains all of the Active Directory object definitions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemNTUserAccountTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemNTUserAccountTypeType restricts a string value to a specific set of values that describe the different types of accounts. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="local"> <xsd:annotation> <xsd:documentation>Local accounts are accounts that were created directly on the machine being tested and should be in the form of machinename\username</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="domain"> <xsd:annotation> <xsd:documentation>Domain accounts are accounts that were created on a domain controller and should be in the form of domain\username</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemPeTargetMachineType"> <xsd:annotation> <xsd:documentation>The EntityItemPeTargetMachineType enumeration identifies the valid machine targets that can be specified in the PE file header. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="IMAGE_FILE_MACHINE_UNKNOWN"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_UNKNOWN type is used to indicate an unknown machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_ALPHA"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_ALPHA type is used to indicate an Alpha APX machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_ARM"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_ARM type is used to indicate an ARM little endian machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_ALPHA64"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_ALPHA64 type is used to indicate an 64-bit Alpha APX machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_I386"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_I386 type is used to indicate an Intel 386 machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_IA64"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_IA64 type is used to indicate an Intel Itanium machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_M68K"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_M68K type is used to indicate an M68K machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_MIPS16"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_MIPS16 type is used to indicate a MIPS16 machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_MIPSFPU"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_MIPSFPU type is used to indicate an MIPS machine with FPU.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_MIPSFPU16"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_MIPSFPU16 type is used to indicate a MIPS16 machine with FPU.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_POWERPC"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_POWERPC type is used to indicate an Power PC little endian machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_R3000"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_R3000 type is used to indicate a MIPS little endian, 0x160 big endian machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_R4000"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_R4000 type is used to indicate a MIPS little endian machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_R10000"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_10000 type is used to indicate a MIPS little endian machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_SH3"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_SH3 type is used to indicate a Hitachi SH3 machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_SH4"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_SH4 type is used to indicate a Hitachi SH4 machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_FILE_MACHINE_THUMB"> <xsd:annotation> <xsd:documentation>The IMAGE_FILE_MACHINE_THUMB type is used to indicate an ARM or Thumb ("interworking") machine.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemPeSubsystemType"> <xsd:annotation> <xsd:documentation>The EntityItemPeSubsystemType enumeration identifies the valid subsystem types that can be specified in the PE file header. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="IMAGE_SUBSYSTEM_UNKNOWN"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_UNKNOWN type is used to indicate an unknown subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_NATIVE"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_NATIVE type is used to indicate that no subsystem is required.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_WINDOWS_GUI"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_WINDOWS_GUI type is used to indicate a Windows graphical user interface (GUI) subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_WINDOWS_CUI"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_WINDOWS_CUI type is used to indicate a Windows character-mode user interface (CUI) subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_OS2_CUI"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_OS2_CUI type is used to indicate an OS/2 CUI subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_POSIX_CUI"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_POSIX_CUI type is used to indicate a POSIX CUI subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_WINDOWS_CE_GUI"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_WINDOWS_CE_GUI type is used to indicate a Windows CE system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_EFI_APPLICATION"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_EFI_APPLICATION type is used to indicate an Extensible Firmware Interface (EFI) application.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER type is used to indicate a EFI driver with boot services.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER type is used to indicate a EFI driver with run-time services subsystem.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_EFI_ROM"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_EFI_ROM type is used to indicate an EFI ROM image.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_XBOX"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_XBOX type is used to indicate an Xbox system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION"> <xsd:annotation> <xsd:documentation>The IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION type is used to indicate a boot application.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemProtocolType"> <xsd:annotation> <xsd:documentation>The EntityItemProtocolType restricts a string value to a specific set of values that describe the different available protocols. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="TCP"> <xsd:annotation> <xsd:documentation>The port uses the Transmission Control Protocol (TCP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="UDP"> <xsd:annotation> <xsd:documentation>The port uses the User Datagram Protocol (UDP).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemRegistryHiveType"> <xsd:annotation> <xsd:documentation>The EntityItemRegistryHiveType restricts a string value to a specific set of values that describe the different registry hives. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="HKEY_CLASSES_ROOT"> <xsd:annotation> <xsd:documentation>This registry subtree contains information that associates file types with programs and configuration data for automation (e.g. COM objects and Visual Basic Programs).</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="HKEY_CURRENT_CONFIG"> <xsd:annotation> <xsd:documentation>This registry subtree contains configuration data for the current hardware profile.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="HKEY_CURRENT_USER"> <xsd:annotation> <xsd:documentation>This registry subtree contains the user profile of the user that is currently logged into the system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="HKEY_LOCAL_MACHINE"> <xsd:annotation> <xsd:documentation>This registry subtree contains information about the local system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="HKEY_USERS"> <xsd:annotation> <xsd:documentation>This registry subtree contains user-specific data.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemRegistryTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemRegistryTypeType defines the different values that are valid for the type entity of a registry item. These values describe the possible types of data stored in a registry key. restricts a string value to a specific set of values that describe the different registry types. The empty string is also allowed as a valid value to support empty emlements associated with error conditions. Please note that the values identified are for the type entity and are not valid values for the datatype attribute. For information about how to encode registry data in OVAL for each of the different types, please visit the registry_item documentation.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="reg_binary"> <xsd:annotation> <xsd:documentation>The reg_binary type is used by registry keys that specify binary data in any form.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_dword"> <xsd:annotation> <xsd:documentation>The reg_dword type is used by registry keys that specify an unsigned 32-bit integer.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_dword_little_endian"> <xsd:annotation> <xsd:documentation>The reg_dword_little_endian type is used by registry keys that specify an unsigned 32-bit little-endian integer. It is designed to run on little-endian computer architectures.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11.1:1.1</oval:version> <oval:reason>Defined to have same value as reg_dword.</oval:reason> <oval:comment>This registry type enumeration value has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> </xsd:appinfo> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_dword_big_endian"> <xsd:annotation> <xsd:documentation>The reg_dword_big_endian type is used by registry keys that specify an unsigned 32-bit big-endian integer. It is designed to run on big-endian computer architectures.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_expand_sz"> <xsd:annotation> <xsd:documentation>The reg_expand_sz type is used by registry keys to specify a null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%").</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_link"> <xsd:annotation> <xsd:documentation>The reg_link type is used by the registry keys for null-terminated unicode strings. It is related to target path of a symbolic link created by the RegCreateKeyEx function.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_multi_sz"> <xsd:annotation> <xsd:documentation>The reg_multi_sz type is used by registry keys that specify an array of null-terminated strings, terminated by two null characters.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_none"> <xsd:annotation> <xsd:documentation>The reg_none type is used by registry keys that have no defined value type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_qword"> <xsd:annotation> <xsd:documentation>The reg_qword type is used by registry keys that specify an unsigned 64-bit integer.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_qword_little_endian"> <xsd:annotation> <xsd:documentation>The reg_qword_little_endian type is used by registry keys that specify an unsigned 64-bit integer in little-endian computer architectures.</xsd:documentation> <xsd:appinfo> <oval:deprecated_info> <oval:version>5.11.1:1.1</oval:version> <oval:reason>Defined to have same value as reg_qword.</oval:reason> <oval:comment>This registry type enumeration value has been deprecated and may be removed in a future version of the language.</oval:comment> </oval:deprecated_info> </xsd:appinfo> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_sz"> <xsd:annotation> <xsd:documentation>The reg_sz type is used by registry keys that specify a single null-terminated string.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_resource_list"> <xsd:annotation> <xsd:documentation>The reg_resource_list type is used by registry keys that specify a resource list.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_full_resource_descriptor"> <xsd:annotation> <xsd:documentation>The reg_full_resource_descriptor type is used by registry keys that specify a full resource descriptor.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="reg_resource_requirements_list"> <xsd:annotation> <xsd:documentation>The reg_resource_requirements_list type is used by registry keys that specify a resource requirements list.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemServiceControlsAcceptedType"> <xsd:annotation> <xsd:documentation>The EntityItemServiceAcceptedControlsType complex type defines the different values that are valid for the controls_accepted entity of a service. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SERVICE_ACCEPT_NETBINDCHANGE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_NETBINDCHANGE type means that the service is a network component and can accept changes in its binding without being stopped or restarted. The DWORD value that this corresponds to is 0x00000010.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_PARAMCHANGE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_PARAMCHANGE type means that the service can re-read its startup parameters without being stopped or restarted. The DWORD value that this corresponds to is 0x00000008.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_PAUSE_CONTINUE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_PAUSE_CONTINUE type means that the service can be paused or continued. The DWORD value that this corresponds to is 0x00000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_PRESHUTDOWN"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_PRESHUTDOWN type means that the service can receive pre-shutdown notifications. The DWORD value that this corresponds to is 0x00000100.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_SHUTDOWN"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_SHUTDOWN type means that the service can receive shutdown notifications. The DWORD value that this corresponds to is 0x00000004.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_STOP"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_STOP type means that the service can be stopped. The DWORD value that this corresponds to is 0x00000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_HARDWAREPROFILECHANGE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_HARDWAREPROFILECHANGE type means that the service can receive notifications when the system's hardware profile changes. The DWORD value that this corresponds to is 0x00000020.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_POWEREVENT"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_POWEREVENT type means that the service can receive notifications when the system's power status has changed. The DWORD value that this corresponds to is 0x00000040.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_SESSIONCHANGE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_SESSIONCHANGE type means that the service can receive notifications when the system's session status has changed. The DWORD value that this corresponds to is 0x00000080.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_TIMECHANGE"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_TIMECHANGE type means that the service can receive notifications when the system time changes. The DWORD value that this corresponds to is 0x00000200.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_ACCEPT_TRIGGEREVENT"> <xsd:annotation> <xsd:documentation>The SERVICE_ACCEPT_TRIGGEREVENT type means that the service can receive notifications when an event that the service has registered for occurs on the system. The DWORD value that this corresponds to is 0x00000400.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemServiceCurrentStateType"> <xsd:annotation> <xsd:documentation>The EntityItemServiceCurrentStateType complex type defines the different values that are valid for the current_state entity of a service. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SERVICE_CONTINUE_PENDING"> <xsd:annotation> <xsd:documentation>The SERVICE_CONTINUE_PENDING type means that the service has been sent a command to continue, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000005.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_PAUSE_PENDING"> <xsd:annotation> <xsd:documentation>The SERVICE_PAUSE_PENDING type means that the service has been sent a command to pause, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000006.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_PAUSED"> <xsd:annotation> <xsd:documentation>The SERVICE_PAUSED type means that the service is paused. The DWORD value that this corresponds to is 0x00000007.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_RUNNING"> <xsd:annotation> <xsd:documentation>The SERVICE_RUNNING type means that the service is running. The DWORD value that this corresponds to is 0x00000004.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_START_PENDING"> <xsd:annotation> <xsd:documentation>The SERVICE_START_PENDING type means that the service has been sent a command to start, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_STOP_PENDING"> <xsd:annotation> <xsd:documentation>The SERVICE_STOP_PENDING type means that the service has been sent a command to stop, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_STOPPED"> <xsd:annotation> <xsd:documentation>The SERVICE_STOPPED type means that the service is stopped. The DWORD value that this corresponds to is 0x00000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemServiceStartTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemServiceStartTypeType complex type defines the different values that are valid for the start_type entity of a service. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SERVICE_AUTO_START"> <xsd:annotation> <xsd:documentation>The SERVICE_AUTO_START type means that the service is started automatically by the Service Control Manager (SCM) during startup. The DWORD value that this corresponds to is 0x00000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_BOOT_START"> <xsd:annotation> <xsd:documentation>The SERVICE_BOOT_START type means that the driver service is started by the system loader. The DWORD value that this corresponds to is 0x00000000.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_DEMAND_START"> <xsd:annotation> <xsd:documentation>The SERVICE_DEMAND_START type means that the service is started by the Service Control Manager (SCM) when StartService() is called. The DWORD value that this corresponds to is 0x00000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_DISABLED"> <xsd:annotation> <xsd:documentation>The SERVICE_DISABLED type means that the service cannot be started. The DWORD value that this corresponds to is 0x00000004.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_SYSTEM_START"> <xsd:annotation> <xsd:documentation>The SERVICE_SYSTEM_START type means that the service is a device driver started by IoInitSystem(). The DWORD value that this corresponds to is 0x00000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemServiceTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemServiceTypeType complex type defines the different values that are valid for the service_type entity of a service. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SERVICE_FILE_SYSTEM_DRIVER"> <xsd:annotation> <xsd:documentation>The SERVICE_FILE_SYSTEM_DRIVER type means that the service is a file system driver. The DWORD value that this corresponds to is 0x00000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_KERNEL_DRIVER"> <xsd:annotation> <xsd:documentation>The SERVICE_KERNEL_DRIVER type means that the service is a driver. The DWORD value that this corresponds to is 0x00000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_WIN32_OWN_PROCESS"> <xsd:annotation> <xsd:documentation>The SERVICE_WIN32_OWN_PROCESS type means that the service runs in its own process. The DWORD value that this corresponds to is 0x00000010.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_WIN32_SHARE_PROCESS"> <xsd:annotation> <xsd:documentation>The SERVICE_WIN32_SHARE_PROCESS type means that the service runs in a process with other services. The DWORD value that this corresponds to is 0x00000020.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SERVICE_INTERACTIVE_PROCESS"> <xsd:annotation> <xsd:documentation>The SERVICE_WIN32_SHARE_PROCESS type means that the service runs in a process with other services. The DWORD value that this corresponds to is 0x00000100.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemSharedResourceTypeType"> <xsd:annotation> <xsd:documentation>The EntityItemSharedResourceTypeType complex type defines the different values that are valid for the type entity of a shared resource item. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> <xsd:documentation>It is also important to note that special shared resources are those reserved for remote administration, interprocess communication, and administrative shares.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="STYPE_DISKTREE"> <xsd:annotation> <xsd:documentation>The STYPE_DISKTREE type means that the shared resource is a disk drive. The DWORD value that this corresponds to is 0x00000000.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DISKTREE_SPECIAL"> <xsd:annotation> <xsd:documentation>The STYPE_DISKTREE_SPECIAL type means that the shared resource is a special disk drive. The DWORD value that this corresponds to is 0x80000000.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DISKTREE_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_DISKTREE_TEMPORARY type means that the shared resource is a temporary disk drive. The DWORD value that this corresponds to is 0x40000000.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DISKTREE_SPECIAL_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_DISKTREE_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special disk drive. The DWORD value that this corresponds to is 0xC0000000.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_PRINTQ"> <xsd:annotation> <xsd:documentation>The STYPE_PRINTQ type means that the shared resource is a print queue. The DWORD value that this corresponds to is 0x00000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_PRINTQ_SPECIAL"> <xsd:annotation> <xsd:documentation>The STYPE_PRINTQ_SPECIAL type means that the shared resource is a special print queue. The DWORD value that this corresponds to is 0x80000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_PRINTQ_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_PRINTQ_TEMPORARY type means that the shared resource is a temporary print queue. The DWORD value that this corresponds to is 0x40000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_PRINTQ_SPECIAL_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_PRINTQ_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special print queue. The DWORD value that this corresponds to is 0xC0000001.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DEVICE"> <xsd:annotation> <xsd:documentation>The STYPE_DEVICE type means that the shared resource is a communication device. The DWORD value that this corresponds to is 0x00000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DEVICE_SPECIAL"> <xsd:annotation> <xsd:documentation>The STYPE_DEVICE_SPECIAL type means that the shared resource is a special communication device. The DWORD value that this corresponds to is 0x80000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DEVICE_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_DEVICE_TEMPORARY type means that the shared resource is a temporary communication device. The DWORD value that this corresponds to is 0x40000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_DEVICE_SPECIAL_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_DEVICE_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special communication device. The DWORD value that this corresponds to is 0xC0000002.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_IPC"> <xsd:annotation> <xsd:documentation>The STYPE_IPC type means that the shared resource is a interprocess communication. The DWORD value that this corresponds to is 0x00000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_IPC_SPECIAL"> <xsd:annotation> <xsd:documentation>The STYPE_IPC_SPECIAL type means that the shared resource is a special interprocess communication. The DWORD value that this corresponds to is 0x80000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_IPC_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_IPC_TEMPORARY type means that the shared resource is a temporary interprocess communication. The DWORD value that this corresponds to is 0x40000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="STYPE_IPC_SPECIAL_TEMPORARY"> <xsd:annotation> <xsd:documentation>The STYPE_IPC_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special interprocess communication. The DWORD value that this corresponds to is 0xC0000003.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemSystemMetricIndexType"> <xsd:annotation> <xsd:documentation>The EntityItemSystemMetricIndexType complex type defines the different values that are valid for the index entity of a system_metric item. These values describe the system metric or configuration setting to be retrieved. The empty string is also allowed to support empty elements associated with error conditions. Please note that the values identified are for the index entity and are not valid values for the datatype attribute.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SM_ARRANGE"> <xsd:annotation> <xsd:documentation>The flags that specify how the system arranged minimized windows.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CLEANBOOT"> <xsd:annotation> <xsd:documentation>The value that specifies how the system is started.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CMONITORS"> <xsd:annotation> <xsd:documentation>The number of display monitors on a desktop.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CMOUSEBUTTONS"> <xsd:annotation> <xsd:documentation>The number of buttons on a mouse, or zero if no mouse is installed.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXBORDER"> <xsd:annotation> <xsd:documentation>The width of a window border, in pixels. This is equivalent to the SM_CXEDGE value for windows with the 3-D look.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXCURSOR"> <xsd:annotation> <xsd:documentation>The width of a cursor, in pixels. The system cannot create cursors of other sizes.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXDLGFRAME"> <xsd:annotation> <xsd:documentation>This value is the same as SM_CXFIXEDFRAME.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXDOUBLECLK"> <xsd:annotation> <xsd:documentation>The width of the rectangle around the location of a first click in a double-click sequence, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXDRAG"> <xsd:annotation> <xsd:documentation>The number of pixels on either side of a mouse-down point that the mouse pointer can move before a drag operation begins.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXEDGE"> <xsd:annotation> <xsd:documentation>The width of a 3-D border, in pixels. This metric is the 3-D counterpart of SM_CXBORDER.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXFIXEDFRAME"> <xsd:annotation> <xsd:documentation>The thickness of the frame around the perimeter of a window that has a caption but is not sizable, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXFOCUSBORDER"> <xsd:annotation> <xsd:documentation>The width of the left and right edges of the focus rectangle that the DrawFocusRect draws.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXFRAME"> <xsd:annotation> <xsd:documentation>This value is the same as SM_CXSIZEFRAME.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXFULLSCREEN"> <xsd:annotation> <xsd:documentation>The width of the client area for a full-screen window on the primary display monitor, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXHSCROLL"> <xsd:annotation> <xsd:documentation>The width of the arrow bitmap on a horizontal scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXHTHUMB"> <xsd:annotation> <xsd:documentation>The width of the thumb box in a horizontal scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXICON"> <xsd:annotation> <xsd:documentation>The default width of an icon, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXICONSPACING"> <xsd:annotation> <xsd:documentation>The width of a grid cell for items in large icon view, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMAXIMIZED"> <xsd:annotation> <xsd:documentation>The default width, in pixels, of a maximized top-level window on the primary display monitor.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMAXTRACK"> <xsd:annotation> <xsd:documentation>The default maximum width of a window that has a caption and sizing borders, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMENUCHECK"> <xsd:annotation> <xsd:documentation>The width of the default menu check-mark bitmap, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMENUSIZE"> <xsd:annotation> <xsd:documentation>The width of menu bar buttons, such as the child window close button that is used in the multiple document interface, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMIN"> <xsd:annotation> <xsd:documentation>The minimum width of a window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMINIMIZED"> <xsd:annotation> <xsd:documentation>The width of a minimized window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMINSPACING"> <xsd:annotation> <xsd:documentation>The width of a grid cell for a minimized window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXMINTRACK"> <xsd:annotation> <xsd:documentation>The minimum tracking width of a window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXPADDEDBORDER"> <xsd:annotation> <xsd:documentation>The amount of border padding for captioned windows, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXSCREEN"> <xsd:annotation> <xsd:documentation>The width of the screen of the primary display monitor, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXSIZE"> <xsd:annotation> <xsd:documentation>The width of a button in a window caption or title bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXSIZEFRAME"> <xsd:annotation> <xsd:documentation>The thickness of the sizing border around the perimeter of a window that can be resized, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXSMICON"> <xsd:annotation> <xsd:documentation>The recommended width of a small icon, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXSMSIZE"> <xsd:annotation> <xsd:documentation>The width of small caption buttons, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXVIRTUALSCREEN"> <xsd:annotation> <xsd:documentation>The width of the virtual screen, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CXVSCROLL"> <xsd:annotation> <xsd:documentation>The width of a vertical scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYBORDER"> <xsd:annotation> <xsd:documentation>The height of a window border, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYCAPTION"> <xsd:annotation> <xsd:documentation>The height of a caption area, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYCURSOR"> <xsd:annotation> <xsd:documentation>The height of a cursor, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYDLGFRAME"> <xsd:annotation> <xsd:documentation>This value is the same as SM_CYFIXEDFRAME.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYDOUBLECLK"> <xsd:annotation> <xsd:documentation>The height of the rectangle around the location of a first click in a double-click sequence, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYDRAG"> <xsd:annotation> <xsd:documentation>The number of pixels above and below a mouse-down point that the mouse pointer can move before a drag operation begins.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYEDGE"> <xsd:annotation> <xsd:documentation>The height of a 3-D border, in pixels. This is the 3-D counterpart of SM_CYBORDER.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYFIXEDFRAME"> <xsd:annotation> <xsd:documentation>The thickness of the frame around the perimeter of a window that has a caption but is not sizable, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYFOCUSBORDER"> <xsd:annotation> <xsd:documentation>The height of the top and bottom edges of the focus rectangle drawn by DrawFocusRect. This value is in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYFRAME"> <xsd:annotation> <xsd:documentation>This value is the same as SM_CYSIZEFRAME.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYFULLSCREEN"> <xsd:annotation> <xsd:documentation>The height of the client area for a full-screen window on the primary display monitor, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYHSCROLL"> <xsd:annotation> <xsd:documentation>The height of a horizontal scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYICON"> <xsd:annotation> <xsd:documentation>The default height of an icon, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYICONSPACING"> <xsd:annotation> <xsd:documentation>The height of a grid cell for items in large icon view, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYKANJIWINDOW"> <xsd:annotation> <xsd:documentation>For double byte character set versions of the system, this is the height of the Kanji window at the bottom of the screen, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMAXIMIZED"> <xsd:annotation> <xsd:documentation>The default height, in pixels, of a maximized top-level window on the primary display monitor.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMAXTRACK"> <xsd:annotation> <xsd:documentation>The default maximum height of a window that has a caption and sizing borders, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMENU"> <xsd:annotation> <xsd:documentation>The height of a single-line menu bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMENUCHECK"> <xsd:annotation> <xsd:documentation>The height of the default menu check-mark bitmap, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMENUSIZE"> <xsd:annotation> <xsd:documentation>The height of menu bar buttons, such as the child window close button that is used in the multiple document interface, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMIN"> <xsd:annotation> <xsd:documentation>The minimum height of a window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMINIMIZED"> <xsd:annotation> <xsd:documentation>The height of a minimized window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMINSPACING"> <xsd:annotation> <xsd:documentation>The height of a grid cell for a minimized window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYMINTRACK"> <xsd:annotation> <xsd:documentation>The minimum tracking height of a window, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSCREEN"> <xsd:annotation> <xsd:documentation>The height of the screen of the primary display monitor, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSIZE"> <xsd:annotation> <xsd:documentation>The height of a button in a window caption or title bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSIZEFRAME"> <xsd:annotation> <xsd:documentation>The thickness of the sizing border around the perimeter of a window that can be resized, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSMCAPTION"> <xsd:annotation> <xsd:documentation>The height of a small caption, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSMICON"> <xsd:annotation> <xsd:documentation>The recommended height of a small icon, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYSMSIZE"> <xsd:annotation> <xsd:documentation>The height of small caption buttons, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYVIRTUALSCREEN"> <xsd:annotation> <xsd:documentation>The height of the virtual screen, in pixels. The virtual screen is the bounding rectangle of all display monitors.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYVSCROLL"> <xsd:annotation> <xsd:documentation>The height of the arrow bitmap on a vertical scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_CYVTHUMB"> <xsd:annotation> <xsd:documentation>The height of the thumb box in a vertical scroll bar, in pixels.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_DBCSENABLED"> <xsd:annotation> <xsd:documentation>Nonzero if User32.dll supports DBCS; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_DEBUG"> <xsd:annotation> <xsd:documentation>Nonzero if the debug version of User.exe is installed; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_DIGITIZER"> <xsd:annotation> <xsd:documentation>Nonzero if the current operating system is Windows 7 or Windows Server 2008 R2 and the Tablet PC Input service is started; otherwise, 0. The return value is a bitmask that specifies the type of digitizer input supported by the device.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_IMMENABLED"> <xsd:annotation> <xsd:documentation>Nonzero if Input Method Manager/Input Method Editor features are enabled; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MAXIMUMTOUCHES"> <xsd:annotation> <xsd:documentation>Nonzero if there are digitizers in the system; otherwise, 0. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MEDIACENTER"> <xsd:annotation> <xsd:documentation>Nonzero if the current operating system is the Windows XP, Media Center Edition, 0 if not.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MENUDROPALIGNMENT"> <xsd:annotation> <xsd:documentation>Nonzero if drop-down menus are right-aligned with the corresponding menu-bar item; 0 if the menus are left-aligned.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MIDEASTENABLED"> <xsd:annotation> <xsd:documentation>Nonzero if the system is enabled for Hebrew and Arabic languages, 0 if not.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MOUSEPRESENT"> <xsd:annotation> <xsd:documentation>Nonzero if a mouse is installed; otherwise, 0. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MOUSEHORIZONTALWHEELPRESENT"> <xsd:annotation> <xsd:documentation>Nonzero if a mouse with a horizontal scroll wheel is installed; otherwise 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_MOUSEWHEELPRESENT"> <xsd:annotation> <xsd:documentation>Nonzero if a mouse with a vertical scroll wheel is installed; otherwise 0. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_NETWORK"> <xsd:annotation> <xsd:documentation>The least significant bit is set if a network is present; otherwise, it is cleared.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_PENWINDOWS"> <xsd:annotation> <xsd:documentation>Nonzero if the Microsoft Windows for Pen computing extensions are installed; zero otherwise.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_REMOTECONTROL"> <xsd:annotation> <xsd:documentation>This system metric is used in a Terminal Services environment to determine if the current Terminal Server session is being remotely controlled. Its value is nonzero if the current session is remotely controlled; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_REMOTESESSION"> <xsd:annotation> <xsd:documentation>This system metric is used in a Terminal Services environment. If the calling process is associated with a Terminal Services client session, the return value is nonzero. If the calling process is associated with the Terminal Services console session, the return value is 0. </xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SAMEDISPLAYFORMAT"> <xsd:annotation> <xsd:documentation>Nonzero if all the display monitors have the same color format, otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SECURE"> <xsd:annotation> <xsd:documentation>This system metric should be ignored; it always returns 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SERVERR2"> <xsd:annotation> <xsd:documentation>The build number if the system is Windows Server 2003 R2; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SHOWSOUNDS"> <xsd:annotation> <xsd:documentation>Nonzero if the user requires an application to present information visually in situations where it would otherwise present the information only in audible form; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SHUTTINGDOWN"> <xsd:annotation> <xsd:documentation>Nonzero if the current session is shutting down; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SLOWMACHINE"> <xsd:annotation> <xsd:documentation>Nonzero if the computer has a low-end (slow) processor; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_STARTER"> <xsd:annotation> <xsd:documentation>Nonzero if the current operating system is Windows 7 Starter Edition, Windows Vista Starter, or Windows XP Starter Edition; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_SWAPBUTTON"> <xsd:annotation> <xsd:documentation>Nonzero if the meanings of the left and right mouse buttons are swapped; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_TABLETPC"> <xsd:annotation> <xsd:documentation>Nonzero if the current operating system is the Windows XP Tablet PC edition or if the current operating system is Windows Vista or Windows 7 and the Tablet PC Input service is started; otherwise, 0.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_XVIRTUALSCREEN"> <xsd:annotation> <xsd:documentation>The coordinates for the left side of the virtual screen.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SM_YVIRTUALSCREEN"> <xsd:annotation> <xsd:documentation>The coordinates for the top of the virtual screen.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemGUIDType"> <xsd:annotation> <xsd:documentation>The EntityItemGUIDType restricts a string value to a representation of a GUID, used for module ID. The empty string is also allowed to support empty element associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:pattern value="(\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\}){0,}"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemCmdletVerbType"> <xsd:annotation> <xsd:documentation>The EntityItemCmdletVerbType restricts a string value to a set of allow cmdlet verbs. The empty string is also allowed to support empty element associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="Approve"> <xsd:annotation> <xsd:documentation>The Approve verb confirms or agrees to the status of a resource or process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Assert"> <xsd:annotation> <xsd:documentation>The Assert verb affirms the state of a resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Compare"> <xsd:annotation> <xsd:documentation>The Compare verb evaluates the data from one resource against the data from another resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Confirm"> <xsd:annotation> <xsd:documentation>The Confirm verb acknowledges, verifies, or validates, the state of a resource or process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Find"> <xsd:annotation> <xsd:documentation>The Find verb looks for an object in a container that is unknown, implied, optional, or specified.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Get"> <xsd:annotation> <xsd:documentation>The Get verb specifies an action that retrieves a resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Import"> <xsd:annotation> <xsd:documentation>The Import verb creates a resource from data that is stored in a persistent data store (such as a file) or in an interchange format.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Measure"> <xsd:annotation> <xsd:documentation>The Measure verb identifies resources that are consumed by a specified operation, or retrieves statistics about a resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Read"> <xsd:annotation> <xsd:documentation>The Read verb acquires information from a source.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Request"> <xsd:annotation> <xsd:documentation>The Request verb asks for a resource or asks for permissions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Resolve"> <xsd:annotation> <xsd:documentation>The Resolve verb maps a shorthand representation of a resource to a more complete representation.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Search"> <xsd:annotation> <xsd:documentation>The Search verb creates a reference to a resource in a container.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Select"> <xsd:annotation> <xsd:documentation>The Select verb locates a resource in a container.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Show"> <xsd:annotation> <xsd:documentation>The Show verb makes a resource visible to the user.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Test"> <xsd:annotation> <xsd:documentation>The Test verb verifies the operation or consistency of a resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Trace"> <xsd:annotation> <xsd:documentation>The Trace verb tracks the activities of a resource.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="Watch"> <xsd:annotation> <xsd:documentation>The Watch verb continually inspects or monitors a resource for changes.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemWindowsViewType"> <xsd:annotation> <xsd:documentation>The EntityItemWindowsViewType restricts a string value to a specific set of values: 32-bit and 64-bit. These values describe the different values possible for the windows view behavior.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="32_bit"> <xsd:annotation> <xsd:documentation>Indicates the 32_bit windows view.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="64_bit"> <xsd:annotation> <xsd:documentation>Indicates the 64_bit windows view.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="EntityItemUserRightType"> <xsd:annotation> <xsd:documentation>The EntityItemUserRightType restricts a string value to a specific set of values that describe the different user rights/privileges. The empty string is also allowed to support empty elements associated with error conditions.</xsd:documentation> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval-sc:EntityItemStringType"> <xsd:enumeration value="SE_ASSIGNPRIMARYTOKEN_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to assign the primary token of a process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_AUDIT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to generate audit-log entries.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_BACKUP_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to perform backup operations.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CHANGE_NOTIFY_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to receive notifications of changes to files or directories.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CREATE_GLOBAL_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create named file mapping objects in the global namespace during Terminal Services sessions.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CREATE_PAGEFILE_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create a paging file.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CREATE_PERMANENT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create a permanent object.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CREATE_SYMBOLIC_LINK_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create a symbolic link.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_CREATE_TOKEN_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create a primary token.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DEBUG_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to debug and adjust the memory of a process owned by another account.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_ENABLE_DELEGATION_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to mark user and computer accounts as trusted for delegation.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_IMPERSONATE_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to impersonate.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_INC_BASE_PRIORITY_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to increase the base priority of a process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_INCREASE_QUOTA_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to increase the quota assigned to a process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_INC_WORKING_SET_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to allocate more memory for applications that run in the context of users.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_LOAD_DRIVER_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to load or unload a device driver.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_LOCK_MEMORY_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to lock physical pages in memory.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_MACHINE_ACCOUNT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to create a computer account.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_MANAGE_VOLUME_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to enable volume management privileges.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_PROF_SINGLE_PROCESS_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to gather profiling information for a single process.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_RELABEL_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to modify the mandatory integrity level of an object.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_REMOTE_SHUTDOWN_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to shut down a system using a network request.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_RESTORE_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to perform restore operations.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SECURITY_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to perform a number of security-related functions, such as controlling and viewing audit messages.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SHUTDOWN_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to shut down a local system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SYNC_AGENT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required for a domain controller to use the Lightweight Directory Access Protocol directory synchronization services.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SYSTEM_ENVIRONMENT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to modify the nonvolatile RAM of systems that use this type of memory to store configuration information.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SYSTEM_PROFILE_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to gather profiling information for the entire system.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SYSTEMTIME_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to modify the system time.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_TAKE_OWNERSHIP_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to take ownership of an object without being granted discretionary access.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_TCB_NAME"> <xsd:annotation> <xsd:documentation>This privilege identifies its holder as part of the trusted computer base.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_TIME_ZONE_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to adjust the time zone associated with the computer's internal clock.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_TRUSTED_CREDMAN_ACCESS_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to access Credential Manager as a trusted caller.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_UNDOCK_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to undock a laptop.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_UNSOLICITED_INPUT_NAME"> <xsd:annotation> <xsd:documentation>This privilege is required to read unsolicited input from a terminal device.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_BATCH_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right is required for an account to log on using the batch logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DENY_BATCH_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right explicitly denies an account the right to log on using the batch logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DENY_INTERACTIVE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right explicitly denies an account the right to log on using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DENY_NETWORK_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right explicitly denies an account the right to log on using the network logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right explicitly denies an account the right to log on remotely using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_DENY_SERVICE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right explicitly denies an account the right to log on using the service logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_INTERACTIVE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right is required for an account to log on using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_NETWORK_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right is required for an account to log on using the network logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_REMOTE_INTERACTIVE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right is required for an account to log on remotely using the interactive logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value="SE_SERVICE_LOGON_NAME"> <xsd:annotation> <xsd:documentation>This account right is required for an account to log on using the service logon type.</xsd:documentation> </xsd:annotation> </xsd:enumeration> <xsd:enumeration value=""> <xsd:annotation> <xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation> </xsd:annotation> </xsd:enumeration> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:schema>
Close
