Docs for schema windows-schema.xsd in Open Vulnerability and Assessment Language (OVAL®)

The following is a description of the elements, types, and attributes that compose the Windows specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here. The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.

<xsd:schema targetNamespace="http://oval.mitre.org/XMLSchema/oval#windows" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval="http://oval.mitre.org/XMLSchema/oval" xmlns:windows="http://oval.mitre.org/XMLSchema/oval#windows" elementFormDefault="qualified" version="4.2"> <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval" schemaLocation="oval-schema.xsd"/> <xsd:annotation> <xsd:documentation>The following is a description of the elements, types, and attributes that compose the Windows specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.</xsd:documentation> <xsd:documentation>The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation> <xsd:appinfo> <schema>Windows Definition</schema> <version>4.2</version> <date>2 December 2005</date> </xsd:appinfo> </xsd:annotation>    <xsd:element name="accountprivileges_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The account privileges test looks at the individual privileges and rights associated with the specified account. Each privilege in the data section of the test can accept a boolean value signifying whether the privilege is granted or not.</xsd:documentation> <xsd:appinfo> <test_name>Account Privileges Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <accountprivileges_test id="wnt-0" check="all" comment="account has desired privileges" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <account_name>administrator</account_name> </object> <data operation="AND"> <account_domain>mitre.org</account_domain> <sebackupprivilege>true</sebackupprivilege> <selockmemoryprivilege>false</selockmemoryprivilege> <seshutdownprivilege>true</seshutdownprivilege> <seservicelogonright>true</seservicelogonright> </data> </accountprivileges_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="account_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the account to check the privileges and rights of.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="account_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain the specified account belongs to.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="account_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The SID of the specified account.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seassignprimarytokenprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a parent process to replace the access token that is associated with a child process.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seauditprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to generate audit records in the security log. The security log can be used to trace unauthorized system access.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sebackupprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sechangenotifyprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to pass through folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="secreateglobalprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to create named file mapping objects in the global namespace during Terminal Services sessions.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="secreatepagefileprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to create and change the size of a pagefile.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="secreatepermanentprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to create a directory object in the object manager. It is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode have this privilege inherently.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="secreatetokenprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to create an access token by calling NtCreateToken() or other token-creating APIs.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedebugprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to attach a debugger to any process. It provides access to sensitive and critical operating system components.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seenabledelegationprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seimpersonateprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to impersonate a client after authentication. It is not supported on Windows XP, Windows 2000 SP3 and earlier, or Windows NT.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seincreasebasepriorityprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to increase the base priority class of a process.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seincreasequotaprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process that has access to a second process to increase the processor quota assigned to the second process.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seloaddriverprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to install and remove drivers for Plug and Play devices.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="selockmemoryprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="semachineaccountprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to add a computer to a specific domain.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="semanagevolumeprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a non-administrative or remote user to manage volumes or disks.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seprofilesingleprocessprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of an application process.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seremoteshutdownprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to shut down a computer from a remote location on the network. </xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="serestoreprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principal as the owner of an object.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sesecurityprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. A user who has this privilege can also view and clear the security log from Event Viewer.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seshutdownprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to shut down the local computer.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sesyncagentprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to read all objects and properties in the directory, regardless of the protection on the objects and properties. It is required in order to use Lightweight Directory Access Protocol (LDAP) directory synchronization (Dirsync) services.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sesystemenvironmentprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows modification of system environment variables either by a process through an API or by a user through System Properties.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sesystemprofileprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of system processes.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sesystemtimeprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to adjust the time on the computer's internal clock. It is not required to change the time zone or other display characteristics of the system time.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="setakeownershipprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a user to take ownership of any securable object in the system, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="setcbprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seundockprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seunsolicitedinputprivilege" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If this privilege is enabled, it allows the user to read unsolicited data from a terminal device.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sebatchlogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the batch logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seinteractivelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the interactive logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="senetworklogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the network logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seremoteinteractivelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on to the computer by using a Remote Desktop connection.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="seservicelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it can log on using the service logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedenybatchLogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the batch logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedenyinteractivelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the interactive logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedenynetworklogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the network logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedenyremoteInteractivelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on through Terminal Services.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="sedenyservicelogonright" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the service logon type.</xsd:documentation> <xsd:appinfo> <parent_test>Account Privileges Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="activedirectory_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test gathers information about specified entries in active directory.</xsd:documentation> <xsd:appinfo> <test_name>Active Directory Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <activedirectory_test id="wat-0" check="all" comment="allow execute permissions to HTTP virtual dir" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <naming_context>configuration</naming_context> <relative_dn operator="pattern match">^CN=[^,]+,CN=[^,]+,CN=HTTP,CN=Protocols,CN=[^,]*,CN=Servers,CN=[^,]*,CN=Administrative Groups,CN=[^,]*,CN=Microsoft Exchange,CN=Services$</relative_dn> <attribute>msExchAccessFlags</attribute> </object> <data operation="AND"> <adstype>ADSTYPE_INTEGER</adstype> <value operator="bitwise and">512</value> </data> </activedirectory_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="naming_context" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="domain"/> <xsd:enumeration value="configuration"/> <xsd:enumeration value="schema"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> <xsd:element name="relative_dn" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="attribute" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies a named value contained by the object.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="object_class" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="adstype" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="ADSTYPE_INVALID"/> <xsd:enumeration value="ADSTYPE_DN_STRING"/> <xsd:enumeration value="ADSTYPE_CASE_EXACT_STRING"/> <xsd:enumeration value="ADSTYPE_CASE_IGNORE_STRING"/> <xsd:enumeration value="ADSTYPE_PRINTABLE_STRING"/> <xsd:enumeration value="ADSTYPE_NUMERIC_STRING"/> <xsd:enumeration value="ADSTYPE_BOOLEAN"/> <xsd:enumeration value="ADSTYPE_INTEGER"/> <xsd:enumeration value="ADSTYPE_OCTET_STRING"/> <xsd:enumeration value="ADSTYPE_UTC_TIME"/> <xsd:enumeration value="ADSTYPE_LARGE_INTEGER"/> <xsd:enumeration value="ADSTYPE_PROV_SPECIFIC"/> <xsd:enumeration value="ADSTYPE_OBJECT_CLASS"/> <xsd:enumeration value="ADSTYPE_CASEIGNORE_LIST"/> <xsd:enumeration value="ADSTYPE_OCTET_LIST"/> <xsd:enumeration value="ADSTYPE_PATH"/> <xsd:enumeration value="ADSTYPE_POSTALADDRESS"/> <xsd:enumeration value="ADSTYPE_TIMESTAMP"/> <xsd:enumeration value="ADSTYPE_BACKLINK"/> <xsd:enumeration value="ADSTYPE_TYPEDNAME"/> <xsd:enumeration value="ADSTYPE_HOLD"/> <xsd:enumeration value="ADSTYPE_NETADDRESS"/> <xsd:enumeration value="ADSTYPE_REPLICAPOINTER"/> <xsd:enumeration value="ADSTYPE_FAXNUMBER"/> <xsd:enumeration value="ADSTYPE_EMAIL"/> <xsd:enumeration value="ADSTYPE_NT_SECURITY_DESCRIPTOR"/> <xsd:enumeration value="ADSTYPE_UNKNOWN"/> <xsd:enumeration value="ADSTYPE_DN_WITH_BINARY"/> <xsd:enumeration value="ADSTYPE_DN_WITH_STRING"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> <xsd:element name="value" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The actual value of the specified active directory attribute.</xsd:documentation> <xsd:appinfo> <parent_test>Active Directory Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>binary, boolean, float, int, string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, bitwise and, bitwise or, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="auditeventpolicy_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The auditeventpolicy test enumerates the different types of events the system should audit. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation.</xsd:documentation> <xsd:appinfo> <test_name>Audit Event Policy Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, data</valid_sections> <example> <auditeventpolicy_test id="wbt-0" check="all" comment="test certain event policies" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <data operation="AND"> <account_logon>AUDIT_FAILURE</account_logon> <directory_service_access>AUDIT_SUCCESS_FAILURE</directory_service_access> </data> </auditeventpolicy_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="account_logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="account_management" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="detailed_tracking" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="directory_service_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to access the directory service.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="logon" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="object_access" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="policy_change" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="privilege_use" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to use privileges.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="system" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation> <xsd:appinfo> <parent_test>Audit Event Policy Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="file_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test checks file metadata. The time information can be retrieved by the _stat function.</xsd:documentation> <xsd:appinfo> <test_name>File Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <file_test id="wft-0" check="at least one" comment="the version of mshtml.dll is less than 5.1.2600.128" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <path datatype="component"> <component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component> <component type="literal">\system32\mshtml.dll</component> </path> </object> <data> <version datatype="version" operator="less than"> <major>5</major> <minor>1</minor> <build>2600</build> <private>128</private> </version> </data> </file_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="owner" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that contains the name of the owner.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="size" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Size of the file in bytes.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="a_time" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of last access of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="c_time" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of creation of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="m_time" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Time of last modification of file. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="ms_checksum" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>the md5 checksum of the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="md5" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The md5 hash of the file</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="version" type="windows:subtestFileVersionType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The version of the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>none</content> <valid_datatypes>version</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="type" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type child element marks wether the file test describes a directory, named pipe, standard file, etc. These types are the return values for GetFileType, with the exception of FILE_ATTRIBUTE_DIRECTORY which is obtained by looking at GetFileAttributesEx.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="FILE_ATTRIBUTE_DIRECTORY"/> <xsd:enumeration value="FILE_TYPE_CHAR"/> <xsd:enumeration value="FILE_TYPE_DISK"/> <xsd:enumeration value="FILE_TYPE_PIPE"/> <xsd:enumeration value="FILE_TYPE_REMOTE"/> <xsd:enumeration value="FILE_TYPE_UNKNOWN"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> <xsd:element name="development_class" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The development_class element allows the distinction to be made between the GDR development environment and the QFE development environment. This field holds the text found in front of the mmmmmm-nnnn version, for example srv03_gdr.</xsd:documentation> <xsd:appinfo> <parent_test>File Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="fileauditedpermissions_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test looks at the audited access rights of a given file that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation> <xsd:appinfo> <test_name>File Audited Permissions Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <fileauditedpermissions_test id="wht-0" check="at least one" comment="a file exists with the specified audit rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <path> <component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component> <component type="literal">\system32\mshtml.dll</component> </path> <trustee_name>SYSTEM</trustee_name> </object> <data operation="AND"> <trustee_domain>NT AUTHORITY</trustee_domain> <trustee_sid>S-1-5-18</trustee_sid> <standard_delete datatype="string">AUDIT_SUCCESS</standard_delete> <standard_read_control datatype="string">AUDIT_FAILURE</standard_read_control> <file_read_attributes datatype="string">AUDIT_SUCCESS_FAILURE</file_read_attributes> <file_write_attributes datatype="string">AUDIT_NONE</file_write_attributes> </data> </fileauditedpermissions_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular SACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read data from the file</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write data to the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_append_data" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to append data to the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_ea" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read extended attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_ea" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write extended attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to execute a file.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_delete_child" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_attributes" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read file attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_attributes" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to change file attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="fileeffectiverights_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test looks at the effective rights of a given file that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined by checking all access-allowed and access-denied access control entries (ACEs) in the DACL. Note that the rights expressed in this test correspond to the diffent bits allocated to access mask for a file. This means that certain rights that represent combinations of other rights are not expressed. For example STANDARD_RIGHTS_ALL and FILE_ALL_ACCESS. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> <xsd:appinfo> <test_name>File Effective Rights Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <fileeffectiverights_test id="wet-0" check="at least one" comment="a file exists with the specified rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <path> <component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component> <component type="literal">\system32\mshtml.dll</component> </path> <trustee_name>SYSTEM</trustee_name> </object> <data operation="AND"> <trustee_domain>NT AUTHORITY</trustee_domain> <trustee_sid>S-1-5-18</trustee_sid> <standard_delete datatype="boolean">0</standard_delete> <standard_read_control datatype="boolean">1</standard_read_control> <file_read_attributes datatype="boolean">true</file_read_attributes> <file_write_attributes datatype="boolean">false</file_write_attributes> </data> </fileeffectiverights_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular DACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Execute access.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read, write, and execute access.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read data from the file</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write data to the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_append_data" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to append data to the file.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_ea" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read extended attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_ea" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to write extended attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_execute" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to execute a file.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_delete_child" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_attributes" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to read file attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_write_attributes" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Grants the right to change file attributes.</xsd:documentation> <xsd:appinfo> <parent_test>File Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="group_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The windows group test allows the different users that belong to specific groups be tested. Note that the user element can appear an unlimited number of times. In such cases, the test is wether the specified user belongs to ALL the included groups (data operator is AND) or that the user belongs to one of the included groups (data operator is OR).</xsd:documentation> <xsd:appinfo> <test_name>Group Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <group_test id="wgt-0" check="all" comment="dave and jon are members of the Administrators group" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <group>Administrators</group> </object> <data operation="AND"> <enabled>true</enabled> <user>dave</user> <user>jon</user> </data> </group_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="group" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular group.</xsd:documentation> <xsd:appinfo> <parent_test>Group Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="enabled" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element holds a boolean value that specifies whether the particular group is enabled or not.</xsd:documentation> <xsd:appinfo> <parent_test>Group Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="user" type="oval:subtestStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular user. This element can be included multiple times in order to test that a group contains a number of different users.</xsd:documentation> <xsd:appinfo> <parent_test>Group Test</parent_test> <cardinality>0-n</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="interface_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>Enumerate various attributes about the interfaces on a system. Each interface is uniquely identified by either its name or an index number. For help with this test see the MIB_IFROW and MIB_IPADDRROW structures.</xsd:documentation> <xsd:appinfo> <test_name>Interface Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <interface_test id="wit-0" check="all" comment="the interface exists with the specified properties" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <name>Intel(R) PRO/1000 MTW Network Connection - Packet Scheduler Miniport</name> </object> <data operation="AND"> <type>MIB_IF_TYPE_ETHERNET</type> <hardware_addr>33-22-11-AA-CC-BB</hardware_addr> <inet_addr>123.45.67.89</inet_addr> </data> </interface_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the name of an interface.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="index" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies index that identifies the interface.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="type" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the type of interface which is limited to certain set of values.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="MIB_IF_TYPE_ETHERNET"/> <xsd:enumeration value="MIB_IF_TYPE_FDDI"/> <xsd:enumeration value="MIB_IF_TYPE_LOOPBACK"/> <xsd:enumeration value="MIB_IF_TYPE_OTHER"/> <xsd:enumeration value="MIB_IF_TYPE_PPP"/> <xsd:enumeration value="MIB_IF_TYPE_SLIP"/> <xsd:enumeration value="MIB_IF_TYPE_TOKENRING"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> <xsd:element name="hardware_addr" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the the physical address of the adapter for this interface.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="inet_addr" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the IP address.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="broadcast_addr" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the broadcast address. A broadcast address is typically the IP address with the host portion set to either all zeros or all ones.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="netmask" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the subnet mask for the IP address.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="addr_type" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>This element specifies the address type or state of a specific interface. Each interface can be associated with more than one value meaning the addr_type element can occur multiple times.</xsd:documentation> <xsd:appinfo> <parent_test>Interface Test</parent_test> <cardinality>0-n</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="MIB_IPADDR_DELETED"/> <xsd:enumeration value="MIB_IPADDR_DISCONNECTED"/> <xsd:enumeration value="MIB_IPADDR_DYNAMIC"/> <xsd:enumeration value="MIB_IPADDR_PRIMARY"/> <xsd:enumeration value="MIB_IPADDR_TRANSIENT"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="lockoutpolicy_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The lockoutpolicy test enumerates various attributes associated with lockout information for users and global groups in the security database.</xsd:documentation> <xsd:appinfo> <test_name>Lockout Policy Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, data</valid_sections> <example> <lockoutpolicy_test id="wlt-0" check="all" comment="specific lockout policies are set" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <data operation="AND"> <force_logoff datatype="int">60</force_logoff> <lockout_duration datatype="int">30</lockout_duration> <lockout_observation_window datatype="int">5</lockout_observation_window> <lockout_threshold datatype="int">3</lockout_threshold> </data> </lockoutpolicy_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="force_logoff" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds, the amount of time between the end of the valid logon time and the time when the user is forced to log off the network. A value of TIMEQ_FOREVER indicates that the user is never forced to log off. A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires. See the USER_MODALS_INFO_0 structure returned by a call to NetUserModalsGet().</xsd:documentation> <xsd:appinfo> <parent_test>Lockout Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="lockout_duration" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds, how long a locked account remains locked before it is automatically unlocked. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> <xsd:appinfo> <parent_test>Lockout Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="lockout_observation_window" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the maximum time, in seconds, that can elapse between any two failed logon attempts before lockout occurs. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> <xsd:appinfo> <parent_test>Lockout Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="lockout_threshold" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the number of invalid password authentications that can occur before an account is marked "locked out." See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation> <xsd:appinfo> <parent_test>Lockout Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="metabase_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test gathers information from the specified metabase keys.</xsd:documentation> <xsd:appinfo> <test_name>Metabase Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <metabase_test id="wmt-0" check="all" comment="HTTP is enabled" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <key operator="pattern match">^LM\\W3SVC\\.*$</key> <id datatype="int">1016</id> </object> <data> <data datatype="int" operator="not equal">4</data> </data> </metabase_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="key" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes a metabase key to be tested.</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="id" type="oval:subtestIntType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The id element specifies a particular object under the metabase key. If nillable is set to true, then the id element should be ignored during analysis.</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="name" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes the name of the specified metabase object.</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="user_type" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A DWORD that specifies the user type of the data. See the METADATA_RECORD structure.</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="data_type" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Identifies the type of data in the metabase entry. See the METADATA_RECORD structure.</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="data" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The actual data of the named item under the specified metabase key</xsd:documentation> <xsd:appinfo> <parent_test>Metabase Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>binary, boolean, float, int, string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, bitwise and, bitwise or, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="passwordpolicy_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>Test specific policy associated with passwords. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_test and activedirectory_test are of no use. If this can be figured out, then the password_policy test is not needed.</xsd:documentation> <xsd:appinfo> <test_name>Password Policy Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, data</valid_sections> <example> <passwordpolicy_test id="wdt-0" check="all" comment="specific password policies are set" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <data operation="AND"> <max_passwd_age datatype="int">-1</max_passwd_age> <min_passwd_age datatype="int">3600</min_passwd_age> <min_passwd_len datatype="int">8</min_passwd_len> <password_hist_len datatype="int">5</password_hist_len> </data> </passwordpolicy_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="max_passwd_age" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER (-1) indicates that the password never expires. The minimum valid value for this element is ONE_DAY (86400).</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="min_passwd_age" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again. A value of zero indicates that no delay is required between password updates.</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="min_passwd_len" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="password_hist_len" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the length of password history maintained. A new password cannot match any of the previous usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="password_complexity" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A boolean value that signifies whether passwords must meet the complexity requirements put forth by the operating system.</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="reversible_encryption" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Determines whether Windows 2000 Server, Windows 2000 Professional, and Windows XP Professional store passwords using reversible encryption.</xsd:documentation> <xsd:appinfo> <parent_test>Password Policy Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="port_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>Information about listening ports ports.</xsd:documentation> <xsd:appinfo> <test_name>Port Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <port_test id="wqt-0" check="all" comment="TCP port 443 is open for listening by the process with an id of 3796" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <local_address operator="pattern match">^.*$</local_address> <local_port datatype="int">443</local_port> <protocol>TCP</protocol> </object> <data> <pid datatype="int">3796</pid> </data> </port_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="local_address" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the local IP address the listening port is bound to.</xsd:documentation> <xsd:appinfo> <parent_test>Port Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="local_port" type="oval:subtestIntType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the number assigned to the local listening port.</xsd:documentation> <xsd:appinfo> <parent_test>Port Test</parent_test> <cardinality>1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="protocol" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the type of listening port. It is restricted to either TCP or UDP.</xsd:documentation> <xsd:appinfo> <parent_test>Port Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="TCP"/> <xsd:enumeration value="UDP"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="pid" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the process that is associated with the specified listening port.</xsd:documentation> <xsd:appinfo> <parent_test>Port Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="process_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>Information about running processes.</xsd:documentation> <xsd:appinfo> <test_name>Process Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <process_test id="wct-0" check="all" comment="there exists an inetinfo process with a pid of 1680" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <command_line>C:\WINDOWS\System32\inetsrv\inetinfo.exe</command_line> </object> <data> <pid datatype="int">1680</pid> </data> </process_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="command_line" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The command line used to start the process.</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="pid" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the process that is created for a specified command line.</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="ppid" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The id given to the parent of the process that is created for the specified command line</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="priority" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The base priority of the process</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="image_path" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This field contains the DOS Path of the image file.</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="current_dir" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This field has the current path in DOS format ("C:\WINDOWS")</xsd:documentation> <xsd:appinfo> <parent_test>Process Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="registry_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The windows registry test specifies a particular registry key (or keys) to test</xsd:documentation> <xsd:appinfo> <test_name>Registry Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <registry_test id="wrt-0" check="all" comment="Windows XP is installed" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <hive>HKEY_LOCAL_MACHINE</hive> <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> <name>CurrentVersion</name> </object> <data operation="AND"> <value operator="equals">5.1</value> </data> </registry_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="hive" type="windows:subtestHiveType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The hive that the registry key belongs to.</xsd:documentation> <xsd:appinfo> <parent_test>Registry Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element describes a registry key to be tested. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation> <xsd:appinfo> <parent_test>Registry Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element describes the name of a value of a registry key. If the nillable attribute is set to true, then the name element should not be used in analysis.</xsd:documentation> <xsd:appinfo> <parent_test>Registry Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="type" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the type of data stored by the registry key.</xsd:documentation> <xsd:appinfo> <parent_test>Registry Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="reg_binary"/> <xsd:enumeration value="reg_dword"/> <xsd:enumeration value="reg_expand_sz"/> <xsd:enumeration value="reg_multi_sz"/> <xsd:enumeration value="reg_qword"/> <xsd:enumeration value="reg_sz"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> </xsd:element> <xsd:element name="value" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The actual value of the specified registry key.</xsd:documentation> <xsd:appinfo> <parent_test>Registry Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>binary, boolean, float, int, string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, bitwise and, bitwise or, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="regkeyauditedpermissions_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test looks at the audited access rights of a given registry key that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation> <xsd:appinfo> <test_name>Regkey Audited Permissions Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <regkeyauditedpermissions_test id="wyt-0" check="at least one" comment="a registry key exists with the specified audit rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <hive>HKEY_LOCAL_MACHINE</hive> <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> <trustee_name>SYSTEM</trustee_name> </object> <data operation="AND"> <trustee_domain>NT AUTHORITY</trustee_domain> <trustee_sid>S-1-5-18</trustee_sid> <standard_delete datatype="string">AUDIT_SUCCESS</standard_delete> <standard_read_control datatype="string">AUDIT_FAILURE</standard_read_control> <key_query_value datatype="string">AUDIT_SUCCESS_FAILURE</key_query_value> <key_set_value datatype="string">AUDIT_NONE</key_set_value> </data> </regkeyauditedpermissions_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="hive" type="windows:subtestHiveType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the hive of a registry key on the machine from which to retrieve the SACL.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular SACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to delete the object.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Read access.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Write access.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_query_value" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_set_value" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_create_sub_key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_enumerate_sub_keys" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_notify" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_create_link" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_64key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_32key" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_res" type="windows:subtestAuditType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Audited Permissions Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="regkeyeffectiverights_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test looks at the effective rights of a given registry key that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. Note that the rights expressed in this test correspond to the diffent bits allocated to access mask for a registry key. This means that certain rights that represent combinations of other rights are not expressed. For example STANDARD_RIGHTS_ALL and KEY_ALL_ACCESS. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation> <xsd:appinfo> <test_name>Regkey Effective Rights Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <regkeyeffectiverights_test id="wzt-0" check="at least one" comment="a registry key exists with the specified rights" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <hive>HKEY_LOCAL_MACHINE</hive> <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key> <trustee_name>SYSTEM</trustee_name> </object> <data operation="AND"> <trustee_domain>NT AUTHORITY</trustee_domain> <trustee_sid>S-1-5-18</trustee_sid> <standard_delete datatype="boolean">0</standard_delete> <standard_read_control datatype="boolean">1</standard_read_control> <key_query_value datatype="boolean">true</key_query_value> <key_set_value datatype="boolean">false</key_set_value> </data> </regkeyeffectiverights_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="hive" type="windows:subtestHiveType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies the hive of a registry key on the machine from which to retrieve the DACL.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element specifies a registry key on the machine from which to retrieve the DACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>This element specifies the trustee name associated with a particular DACL. A trustee can be a user, group, or program (such as a Windows service)</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="trustee_domain" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The domain of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_sid" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_delete" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_read_control" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_dac" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_write_owner" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="standard_synchronize" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="access_system_security" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_read" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_write" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_execute" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="generic_all" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_query_value" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_set_value" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_create_sub_key" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_enumerate_sub_keys" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_notify" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_create_link" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_64key" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_32key" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key_wow64_res" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation></xsd:documentation> <xsd:appinfo> <parent_test>Regkey Effective Rights Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="textfilecontent_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test has been deprecated in version 4.1 of the windows-schema and will be removed completely in version 5. It is recommended that all future OVAL Content use the textfilecontent_test found in the independent-schema.</xsd:documentation> <xsd:documentation>The textfilecontent test looks at the contents of a text file (aka a configuration file) by looking at individual lines.</xsd:documentation> <xsd:appinfo> <test_name>Text File Content Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <textfilecontent_test id="wtt-0" check="all" comment="the enable parameter in helpctr.txt is set to true" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <path> <component type="registry_value">HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot</component> <component type="literal">\system32\helpctr.txt</component> </path> <line operator="pattern match">enable = (true|false)</line> </object> <data operation="AND"> <subexpression operator="equals">true</subexpression> </data> </textfilecontent_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation> <xsd:appinfo> <parent_test>Text File Content Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="line" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>The line element represents a line in the file and is represented using a regular expression.</xsd:documentation> <xsd:appinfo> <parent_test>Text File Content Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="subexpression" type="oval:subtestStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>Each subexpression in the regular expression of the line element is then tested against the value specified in the subexpression element.</xsd:documentation> <xsd:appinfo> <parent_test>Text File Content Test</parent_test> <cardinality>0-n</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="user_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The windows user test allows the different groups that a user belongs to be tested. Note that the group element can appear an unlimited number of times. In such cases, the test is wether the specified group contains ALL the included users (data operator is AND) or that the group contains at least one of the included users (data operator is OR).</xsd:documentation> <xsd:appinfo> <test_name>User Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <user_test id="wut-0" check="all" comment="drew is member of the Administrators group" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <user>drew</user> </object> <data> <enabled>true</enabled> <group>Administrators</group> </data> </user_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="user" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that represents the name of a particular user.</xsd:documentation> <xsd:appinfo> <parent_test>User Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="enabled" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>This element holds a boolean value that specifies whether the particular user account is enabled or not.</xsd:documentation> <xsd:appinfo> <parent_test>User Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="group" type="oval:subtestStringType" minOccurs="0" maxOccurs="unbounded"> <xsd:annotation> <xsd:documentation>A string the represents the name of a particular group. This element can be included multiple times in order to test that a user is a member of a number of different groups.</xsd:documentation> <xsd:appinfo> <parent_test>User Test</parent_test> <cardinality>0-n</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="volume_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The volume test enumerates various attributes about a particular volume mounted to a machine. This includes the various system flags returned by GetVolumeInformation().</xsd:documentation> <xsd:appinfo> <test_name>Volume Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <volume_test id="wvt-0" check="all" comment="the OVAL volume supports named streams" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <rootpath> <component type="literal">\\MyServer\MyShare\</component> </rootpath> </object> <data operation="AND"> <file_system>NTFS</file_system> <name>OVAL</name> <file_named_streams datatype="boolean">true</file_named_streams> </data> </volume_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="rootpath" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A string that contains the root directory of the volume to be described. A trailing backslash is required. For example, you would specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\".</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="file_system" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The type of filesystem. For example FAT or NTFS.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="name" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The name of the volume.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="serial_number" type="oval:subtestIntType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The volume serial number.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>integer</content> <valid_datatypes>integer</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_named_streams" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports named streams.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_read_only_volume" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The specified volume is read-only.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_object_ids" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports object identifiers.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_reparse_points" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports reparse points.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_supports_sparse_files" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports sparse files.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="file_volume_quotas" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports disk quotas.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_case_is_preserved" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system preserves the case of file names when it places a name on disk.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_case_sensitive" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports case-sensitive file names.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_file_compression" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports file-based compression.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_file_encryption" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports the Encrypted File System (EFS).</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_persistent_acls" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system preserves and enforces ACLs. For example, NTFS preserves and enforces ACLs, and FAT does not.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_unicode_stored_on_disk" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The file system supports Unicode in file names as they appear on disk.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="fs_vol_is_compressed" type="oval:subtestBoolType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The specified volume is a compressed volume; for example, a DoubleSpace volume.</xsd:documentation> <xsd:appinfo> <parent_test>Volume Test</parent_test> <cardinality>0-1</cardinality> <content>boolean</content> <valid_datatypes>boolean</valid_datatypes> <valid_operators>equals, not equal</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="wmi_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>The wmi_test outlines information to be checked through Microsoft's WMI interface. WMI is a layer on top of the actual data and many times, the information being collected can also be retrieved using a registry test, active directory test, etc. It is recommended that the lowest level approach to data collection and analysis be taken to avoid any possible corruption that might exist on the machine.</xsd:documentation> <xsd:appinfo> <test_name>WMI Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <wmi_test id="wwt-0" check="at least one" comment="correct permission is assigned" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <namespace operator="pattern match">^root\\sms\\site_.*\\SMS_SiteControlItem$</namespace> <wql>SELECT SMS_Query.name FROM SMS_UserInstancePermissionNames, SMS_Query WHERE SMS_UserInstancePermissionNames.instancekey = SMS_query.queryid AND SMS_UserInstancePermissionNames.objectkey = 7</wql> </object> <data> <result datatype="string" operator="equals">Fred</result> </data> </wmi_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="namespace" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies which WMI namespace to look under. Each WMI provider normally registers its own WMI namespace and then all its classes within that namespace. For example, all Win32 WMI classes can be found in the namespace "root\cimv2", all IIS WMI classes can be found at "root\microsoftiisv2", and all LDAP WMI classes can be found at "root\directory\ldap".</xsd:documentation> <xsd:appinfo> <parent_test>WMI Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="wql" type="oval:subtestStringType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>A WQL query used to identify the object(s) to test against. Any valid WQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.</xsd:documentation> <xsd:appinfo> <parent_test>WMI Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="result" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The result element specifies how to test objects in the result set of the specified WQL statement. Only one comparable field is allowed. So if the WQL statement look like 'SELECT name FROM ...', then a result element with a value of 'Fred' would test that value against the names returned by the WQL statement.</xsd:documentation> <xsd:appinfo> <parent_test>WMI Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>binary, boolean, float, int, string</valid_datatypes> <valid_operators>equals, not equal, greater than, less than, greater than or equal, less than or equal, bitwise and, bitwise or, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:element name="xmlfilecontent_test" substitutionGroup="oval:test"> <xsd:annotation> <xsd:documentation>This test has been deprecated in version 4.1 of the windows-schema and will be removed completely in version 5. It is recommended that all future OVAL Content use the xmlfilecontent_test found in the independent-schema.</xsd:documentation> <xsd:documentation>The xmlfilecontent test uses Xpath to explore the contents of an xml file. The value element checks the value of the nodes found.</xsd:documentation> <xsd:appinfo> <test_name>XML File Content Test</test_name> <extends>standardTestType</extends> <valid_sections>notes, object, data</valid_sections> <example> <xmlfilecontent_test id="wxt-0" check="none exist" comment="there does not exists an Andrew object in fred.xml" xmlns="http://oval.mitre.org/XMLSchema/oval#windows"> <oval:notes> <oval:note>This is an example test written under version 4 of the OVAL schema. It is meant to give a short overview of the test and might not contain every possible child element.</oval:note> </oval:notes> <object> <path> <component type="literal">c:\fred.xml</component> </path> <xpath>/people/name</xpath> </object> <data operation="AND"> <value_of operator="equals">Andrew</value_of> </data> </xmlfilecontent_test> </example> </xsd:appinfo> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:standardTestType"> <xsd:sequence> <xsd:element name="object" minOccurs="1" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:objectType"> <xsd:sequence> <xsd:element name="path" type="windows:componentType" minOccurs="1" maxOccurs="1"> <xsd:annotation> <xsd:documentation>Specifies the absolute path to a file on the machine. This path can be created from multiple components that are added together. When a pattern match operator is used, the corresponding regular expression is matched against the set of absolute path strings. These string would not include the '.' and '..' notations. This means that a '.*' component of a regular expression will not only match all files in the specified directories, but all subdirectories, their subdirectories, etc.</xsd:documentation> <xsd:appinfo> <parent_test>XML File Content Test</parent_test> <cardinality>1</cardinality> <content>none</content> <valid_datatypes>component</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="xpath" type="oval:subtestStringType" minOccurs="1" maxOccurs="1" nillable="true"> <xsd:annotation> <xsd:documentation>Specifies an Xpath expression describing the nodes to look at.</xsd:documentation> <xsd:appinfo> <parent_test>XML File Content Test</parent_test> <cardinality>1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> <xsd:element name="data" minOccurs="0" maxOccurs="1"> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval:dataType"> <xsd:sequence> <xsd:element name="value_of" type="oval:subtestStringType" minOccurs="0" maxOccurs="1"> <xsd:annotation> <xsd:documentation>The value element checks the value of the nodes found.</xsd:documentation> <xsd:appinfo> <parent_test>XML File Content Test</parent_test> <cardinality>0-1</cardinality> <content>string</content> <valid_datatypes>string</valid_datatypes> <valid_operators>equals, not equal, pattern match</valid_operators> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>    <xsd:complexType name="subtestAuditType"> <xsd:annotation> <xsd:documentation>The subtestAuditType restricts a string value to a specific set of values: AUDIT_NONE, AUDIT_SUCCESS, AUDIT_FAILURE, and AUDIT_SUCCESS_FAILURE. These values describe which audit records should be generated.</xsd:documentation> <xsd:appinfo> <extends>oval:subtestStringType</extends> <attributes>(includes oval:subtestAttributes)</attributes> <content>string</content> <child_elements>none</child_elements> </xsd:appinfo> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="AUDIT_FAILURE"/> <xsd:enumeration value="AUDIT_NONE"/> <xsd:enumeration value="AUDIT_SUCCESS"/> <xsd:enumeration value="AUDIT_SUCCESS_FAILURE"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType> <xsd:complexType name="componentType"> <xsd:annotation> <xsd:documentation>The componentType allows a value to be obtained by combining pieces from different sources. Each string defined by the different component elements is concatenated together to form the final string used. Each child component element has an attribute called type. The value of this attribute determines where to get the string used to build the file path. A type of literal means to use the value of the child component element as is, and to just concatenated it to the other strings. If a pattern match operator has been specified with a componentType, then the final string should be thought of as the pattern to test. As of Version 4 of the OVAL schema, pattern match can not be specified for the idividual components.</xsd:documentation> <xsd:appinfo> <extends>oval:subtestBaseType</extends> <attributes>(includes oval:subtestAttributes)</attributes> <content>none</content> <child_elements>component</child_elements> </xsd:appinfo> </xsd:annotation> <xsd:complexContent> <xsd:extension base="oval:subtestBaseType"> <xsd:sequence> <xsd:element name="component" minOccurs="1" maxOccurs="unbounded"> <xsd:complexType> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute name="type" use="required"> <xsd:simpleType> <xsd:restriction base="xsd:string"> <xsd:enumeration value="environment_variable"/> <xsd:enumeration value="literal"/> <xsd:enumeration value="registry_value"/> </xsd:restriction> </xsd:simpleType> </xsd:attribute> </xsd:extension> </xsd:simpleContent> </xsd:complexType> </xsd:element> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> <xsd:complexType name="subtestFileVersionType"> <xsd:annotation> <xsd:documentation>The subtestFileVersionType allows the different portions of a windows file version to be represented. A windows file version is made up of for distinct parts: a major version, a minor version, a build number, and a private number. Each part is an integer</xsd:documentation> <xsd:appinfo> <extends>oval:subtestBaseType</extends> <attributes>(includes oval:subtestAttributes)</attributes> <content>none</content> <child_elements>major, minor, build, private</child_elements> </xsd:appinfo> </xsd:annotation> <xsd:complexContent> <xsd:extension base="oval:subtestBaseType"> <xsd:all> <xsd:element name="major" type="xsd:integer"/> <xsd:element name="minor" type="xsd:integer"/> <xsd:element name="build" type="xsd:integer"/> <xsd:element name="private" type="xsd:integer"/> </xsd:all> </xsd:extension> </xsd:complexContent> </xsd:complexType> <xsd:complexType name="subtestHiveType"> <xsd:annotation> <xsd:documentation>The subtestHiveType restricts a string value to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS. These values describe the possible hives in the registry.</xsd:documentation> <xsd:appinfo> <extends>oval:subtestStringType</extends> <attributes>(includes oval:subtestAttributes)</attributes> <content>string</content> <child_elements>none</child_elements> </xsd:appinfo> </xsd:annotation> <xsd:simpleContent> <xsd:restriction base="oval:subtestStringType"> <xsd:enumeration value="HKEY_CLASSES_ROOT"/> <xsd:enumeration value="HKEY_CURRENT_CONFIG"/> <xsd:enumeration value="HKEY_CURRENT_USER"/> <xsd:enumeration value="HKEY_LOCAL_MACHINE"/> <xsd:enumeration value="HKEY_USERS"/> </xsd:restriction> </xsd:simpleContent> </xsd:complexType>    <xsd:element name="platform" substitutionGroup="oval:platformBase"> <xsd:annotation> <xsd:documentation>The valid platforms for the Microsoft Windows Family.</xsd:documentation> </xsd:annotation> <xsd:simpleType> <xsd:restriction base="xsd:string"> <xsd:enumeration value="Microsoft Windows 95"/> <xsd:enumeration value="Microsoft Windows 98"/> <xsd:enumeration value="Microsoft Windows ME"/> <xsd:enumeration value="Microsoft Windows NT"/> <xsd:enumeration value="Microsoft Windows 2000"/> <xsd:enumeration value="Microsoft Windows XP"/> <xsd:enumeration value="Microsoft Windows Server 2003"/> </xsd:restriction> </xsd:simpleType> </xsd:element> </xsd:schema>

Schema Name:	windows-schema.xsd
Target Namespace:	http://oval.mitre.org/XMLSchema/oval#windows
Documentation:	The following is a description of the elements, types, and attributes that compose the Windows specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here. The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.

ComplexTypes:
	componentType subtestAuditType subtestFileVersionType subtestHiveType