How do I customize File Baseline scans using the console?

Article:HOWTO6762  |  Created: 2007-02-20  |  Updated: 2008-03-19  |  Article URL http://www.symantec.com/docs/HOWTO6762
Article Type
How To



Question

I would like to set up a file baseline for a specific folder. How do I accomplish this?

Answer

File baselines consists of three different components, each dealing with a different stage of the baseline process. The first component is the baseline configuration. The configuration (.bls) file specifies the directory and the file extensions the scan will target. The second component is compiling the .bls. The baseline contains file property information for each file extension specified in the configuration. The final component is comparison scanning. After the scan is complete, Application Management reports are used to view the results of the scan.

Creating a custom Baseline Configuration

A baseline requires a target directory and files to scan. Multiple directories and files can be set in the configuration. The following steps walk you through setting up a sample file baseline for '\Windows\system32'.

  1. On the Notification Server, browse to Start > Programs > Altiris > Solutions > Application Management > Files > Configuration Editor.
  2. In the file menu, select File > Open.
  3. Select default.bls, located in \NSCap\Bin\Win32\X86\Application Mgmt Solution\Programs.
  4. Edit the "Baseline" name and "Comments" sections to identify the baseline, that is "Windows XP System32 Baseline".
  5. Click the Extension tab and type the file extensions the scan will examine (without using the period) By default EXE, DLL and OCX are included.
  6. In the Directories tab under the Include these directories, remove all the directories removing the %windir% directory as the last one.
  7. In the Scan only these directories section type %windir%\system32.
  8. Click Add.
  9. Review the default file properties, these will be contained in the baseline.
  10. Save the baseline file with the new name, system32.bls.
  11. Save a copy of the baseline within \NSCap\Bin\Win32\X86\Application Mgmt Solution\FileBaselinePackage.

The baseline configuration now contains the directory, the file types and their respective file properties to examine.        

Compiling a Baseline Snapshot

After the baseline configuration has been created, the snapshot needs to be complied from a clean machine. The baseline snapshot contains the expected files and file properties.
  1. Browse to Configuration > Software Management > Application Management > Windows > Baseline Agents > File baseline client
  2. Select the Programs tab and click New.
  3. Configure the program as follows:
    • Type in a name and description, for example, "Windows XP System32 baseline".
    • Type in the following command line: baseline.exe /hidden /baseline system32.bls /output xml /generatebaseline /nserver /collect.
    • Set Estimated disk space to 1200 KB.
    • Set Estimated run time to 10 minutes.
    • Set Terminate after 90 minutes.
    • In the Starting window pull-down, select Hidden.
    • In the Run with rights pull-down, select System Account.
    • In the Program can run pull down, select Whether or not a user is logged in.
    • Click Apply to save.
  4. Right-click Create local file baseline.
  5. Select Clone.
  6. Type in a new task name such as "Create Windows XP System32 baseline".
  7. In the program pull-down, select the baseline created in step 3.
  8. In the collections, choose the appropriate computer the snapshot should be compiled from.
  9. Disable the Schedule check box.
  10. Click Apply.

When the computer checks in, this task will compile the snapshot. A compiled snapshot contains the directory, the file types, and the respective file properties to compare against on other computers or the client computer it was taken from (over time comparison). This file is saved in C:\Program Files\Altiris\eXpress\Baseline and contain the same name as the baseline that is sent to the client. Save this file on the Notification Server in order for the next step to deploy the baseline. For example, save it in \NSCap\Bin\Win32\X86\Application Mgmt Solution\Custom baseline snapshots.

Setting up a Comparison scan

The last part of gathering data is to execute the scan on a single computer or collections.
  1. Browse to Tasks > Software Management > Application Management  > Baseline Compliance Scan Wizard.
  2. Launch the wizard by clicking Run Baseline Compliance Scan Wizard.
  3. Browse to the baseline snapshot from Creating a custom baseline configuration, step 11, then click Next.
  4. Set the collection that the comparison scan will execute on.
  5. Set the schedule you want this task to run on, and then click Next.
  6. Review the task and then click Finish.
  7. Click close to return to the console. If you marked the check box to view the new task then the console will open the task. However the navigation pane will need to be manually refreshed.

When the clients check in with Notification Server they will pick up this task. The baseline client will then scan the target directory, Windows\System32, and compare the files and their properties to the ones gathered in the snapshot.

Viewing Results

The application management reports are used to view the results of the baseline comparison results. The report will show if files are missing, different, or added. The most useful ones are Summary of all File Baselines, Different Version Files by Product, and Missing Files by Product.


Legacy ID



32884


Article URL http://www.symantec.com/docs/HOWTO6762


Terms of use for this information are found in Legal Notices