<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:win-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows" elementFormDefault="qualified" version="5.4">
<xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" schemaLocation="oval-system-characteristics-schema.xsd"/>
<xsd:annotation>
<xsd:documentation>The following is a description of the elements, types, and attributes that compose the Windows specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard item element defined in the Core System Characteristic Schema. Through extension, each item inherits a set of elements and attributes that are shared amongst all OVAL Items. Each item is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core System Characteristic Schema is not outlined here.</xsd:documentation>
<xsd:documentation>The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation>
<xsd:appinfo>
<schema>Windows System Characteristics</schema>
<version>5.4</version>
<date>4/1/2008 10:41:47 AM</date>
<terms_of_use>Copyright (c) 2002-2008, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.</terms_of_use>
<sch:title>schematron validation of the Windows portion of an OVAL System Characteristics file</sch:title>
<sch:ns prefix="oval-sc" uri="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5"/>
<sch:ns prefix="win-sc" uri="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows"/>
</xsd:appinfo>
</xsd:annotation>
<!-- =============================================================================== -->
<!-- ============================= ACCESS TOKEN ITEM ============================= -->
<!-- =============================================================================== -->
<xsd:element name="accesstoken_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The access token item holds information about the individual privileges and rights associated with a specific access token. Each privilege and right in the data section accepts a boolean value signifying whether the privilege is granted or not. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="security_principle" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Security principals include users or groups with either local or domain accounts, and computer accounts created when a computer running Windows NT, Windows 2000, Windows XP, or a member of the Windows Server 2003 family joins a domain. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principals. In a domain environment, security principals should be identified in the form: "domain\trustee name" For local security principals use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in security principals should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecurity_principle">
<sch:rule context="win-sc:accesstoken_item/win-sc:security_principle">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the security_principle entity of an accesstoken_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seassignprimarytokenprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a parent process to replace the access token that is associated with a child process.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseassignprimarytokenprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seassignprimarytokenprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seassignprimarytokenprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seauditprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to generate audit records in the security log. The security log can be used to trace unauthorized system access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseauditprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seauditprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seauditprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sebackupprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsebackupprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sebackupprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sebackupprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sechangenotifyprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to pass through folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsechangenotifyprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sechangenotifyprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sechangenotifyprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreateglobalprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to create named file mapping objects in the global namespace during Terminal Services sessions.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecreateglobalprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:secreateglobalprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secreateglobalprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatepagefileprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to create and change the size of a pagefile.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecreatepagefileprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:secreatepagefileprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secreatepagefileprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatepermanentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to create a directory object in the object manager. It is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode have this privilege inherently.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecreatepermanentprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:secreatepermanentprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secreatepermanentprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatesymboliclinkprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user create a symbolic link. This is new for Vista.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecreatesymboliclinkprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:secreatesymboliclinkprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secreatesymboliclinkprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secreatetokenprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to create an access token by calling NtCreateToken() or other token-creating APIs.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsecreatetokenprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:secreatetokenprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secreatetokenprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedebugprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to attach a debugger to any process. It provides access to sensitive and critical operating system components.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedebugprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedebugprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedebugprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seenabledelegationprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseenabledelegationprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seenabledelegationprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seenabledelegationprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seimpersonateprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to impersonate a client after authentication. It is not supported on Windows XP, Windows 2000 SP3 and earlier, or Windows NT.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseimpersonateprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seimpersonateprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seimpersonateprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seincreasebasepriorityprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to increase the base priority class of a process.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseincreasebasepriorityprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seincreasebasepriorityprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seincreasebasepriorityprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seincreasequotaprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process that has access to a second process to increase the processor quota assigned to the second process.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseincreasequotaprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seincreasequotaprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seincreasequotaprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seincreaseworkingsetprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to increase a process working set. This is new for Vista</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseincreaseworkingsetprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seincreaseworkingsetprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seincreaseworkingsetprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seloaddriverprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to install and remove drivers for Plug and Play devices.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseloaddriverprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seloaddriverprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seloaddriverprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="selockmemoryprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemselockmemoryprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:selockmemoryprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the selockmemoryprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="semachineaccountprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to add a computer to a specific domain.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsemachineaccountprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:semachineaccountprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the semachineaccountprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="semanagevolumeprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a non-administrative or remote user to manage volumes or disks.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsemanagevolumeprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:semanagevolumeprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the semanagevolumeprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seprofilesingleprocessprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of an application process.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseprofilesingleprocessprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seprofilesingleprocessprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seprofilesingleprocessprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="serelabelprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to modify an object label. This user right is new for Vista.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemserelabelprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:serelabelprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the serelabelprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seremoteshutdownprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to shut down a computer from a remote location on the network.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseremoteshutdownprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seremoteshutdownprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seremoteshutdownprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="serestoreprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principal as the owner of an object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemserestoreprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:serestoreprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the serestoreprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesecurityprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. A user who has this privilege can also view and clear the security log from Event Viewer.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsesecurityprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sesecurityprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sesecurityprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seshutdownprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to shut down the local computer.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseshutdownprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seshutdownprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seshutdownprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesyncagentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to read all objects and properties in the directory, regardless of the protection on the objects and properties. It is required in order to use Lightweight Directory Access Protocol (LDAP) directory synchronization (Dirsync) services.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsesyncagentprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sesyncagentprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sesyncagentprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemenvironmentprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows modification of system environment variables either by a process through an API or by a user through System Properties.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsesystemenvironmentprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sesystemenvironmentprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sesystemenvironmentprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemprofileprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to sample the performance of system processes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsesystemprofileprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sesystemprofileprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sesystemprofileprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sesystemtimeprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to adjust the time on the computer's internal clock. It is not required to change the time zone or other display characteristics of the system time.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsesystemtimeprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:sesystemtimeprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sesystemtimeprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="setakeownershipprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to take ownership of any securable object in the system, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsetakeownershipprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:setakeownershipprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the setakeownershipprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="setcbprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsetcbprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:setcbprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the setcbprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="setimezoneprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows a user to change the time zone. This is new for Vista.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsetimezoneprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:setimezoneprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the setimezoneprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seundockprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseundockprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seundockprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seundockprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seunsolicitedinputprivilege" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If this privilege is enabled, it allows the user to read unsolicited data from a terminal device.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseunsolicitedinputprivilege">
<sch:rule context="win-sc:accesstoken_item/win-sc:seunsolicitedinputprivilege">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seunsolicitedinputprivilege entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sebatchlogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the batch logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsebatchlogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sebatchlogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sebatchlogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the interactive logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseinteractivelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:seinteractivelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seinteractivelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="senetworklogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the network logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsenetworklogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:senetworklogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the senetworklogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seremoteinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on to the computer by using a Remote Desktop connection.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseremoteinteractivelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:seremoteinteractivelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seremoteinteractivelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="seservicelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it can log on using the service logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemseservicelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:seservicelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the seservicelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenybatchLogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the batch logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedenybatchLogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedenybatchLogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedenybatchLogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyinteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the interactive logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedenyinteractivelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedenyinteractivelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedenyinteractivelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenynetworklogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the network logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedenynetworklogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedenynetworklogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedenynetworklogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyremoteInteractivelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on through Terminal Services.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedenyremoteInteractivelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedenyremoteInteractivelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedenyremoteInteractivelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sedenyservicelogonright" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>If an account is assigned this right, it is explicitly denied the ability to log on using the service logon type.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="atitemsedenyservicelogonright">
<sch:rule context="win-sc:accesstoken_item/win-sc:sedenyservicelogonright">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the sedenyservicelogonright entity of an accesstoken_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================== ACTIVE DIRECTORY ITEM ============================== -->
<!-- =============================================================================== -->
<xsd:element name="activedirectory_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The active directory item holds information about specific entries in the Windows Active Directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="naming_context" type="win-sc:EntityItemNamingContextType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aditemnaming_context">
<sch:rule context="win-sc:activedirectory_item/win-sc:naming_context">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the naming_context entity of an activedirectory_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="relative_dn" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context. If the nillable attribute is set to true, then the item being represented is the higher level naming context. Using xsi:nil here will result in a status of 'does not exist' for object_class, adstype, and value since these entities are not associated with a naming context by itself. Note that when nil is used for the relative dn element, the attribute element should also be nilled.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aditemrelative_dn">
<sch:rule context="win-sc:activedirectory_item/win-sc:relative_dn">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the relative_dn entity of an activedirectory_item should be 'string'</sch:assert>
<sch:assert test="not(@xsi:nil='true') or ../win-sc:attribute/@xsi:nil='true'"><sch:value-of select="../@id"/> - attribute entity must be nil when relative_dn is nil</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="attribute" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>Specifies a named value contained by the object. If the nillable attribute is set to true, then the item being represented is the higher level relative dn. Using xsi:nil here will result in a status of 'does not exist' for object_class, adstype, and value since these entities are not associated with a relative dn by itself.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aditemattribute">
<sch:rule context="win-sc:activedirectory_item/win-sc:attribute">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the attribute entity of an activedirectory_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="object_class" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aditemobject_class">
<sch:rule context="win-sc:activedirectory_item/win-sc:object_class">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the object_class entity of an activedirectory_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="adstype" type="win-sc:EntityItemAdstypeType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aditemadstype">
<sch:rule context="win-sc:activedirectory_item/win-sc:adstype">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the adstype entity of an activedirectory_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="value" type="oval-sc:EntityItemAnyType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The actual value of the specified active directory attribute.</xsd:documentation>
<xsd:appinfo>
<!-- no schematron restrictions -->
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================= AUDIT EVENT POLICY ITEM ============================= -->
<!-- =============================================================================== -->
<xsd:element name="auditeventpolicy_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The auditeventpolicy item enumerates the different types of events the system should audit. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="account_logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemaccount_logon">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:account_logon">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the account_logon entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemaccount_management">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:account_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the account_management entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="detailed_tracking" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. </xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemdetailed_tracking">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:detailed_tracking">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the detailed_tracking entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="directory_service_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access the directory service.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemdirectory_service_access">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:directory_service_access">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the directory_service_access entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemlogon">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:logon">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the logon entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="object_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to access securable objects, such as files.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemobject_access">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:object_access">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the object_access entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to change Policy object rules. </xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitempolicy_change">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the policy_change entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to use privileges.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemprivilege_use">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:privilege_use">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the privilege_use entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="system" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepitemsystem">
<sch:rule context="win-sc:auditeventpolicy_item/win-sc:system">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the system entity of an auditeventpolicy_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- =================== AUDIT EVENT POLICY SUBCATEGORIES ITEM =================== -->
<!-- =============================================================================== -->
<xsd:element name="auditeventpolicysubcategories_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The auditeventpolicysubcategories item enumerates the different types of subcategories the system should audit. These subcategories are new in Windows Vista. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<!-- Account Logon Audit Policy Subcategories -->
<xsd:element name="credential_validation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemcredentialvalidation">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:credential_validation">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the credential_validation entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="kerberos_ticket_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemkerberosticketevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:kerberos_ticket_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the kerberos_ticket_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_account_logon_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotheraccountlogonevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_account_logon_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_account_logon_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Account Management Audit Policy Subcategories -->
<xsd:element name="application_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemapplicationgroupmanagement">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:application_group_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the application_group_management entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="computer_account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemcomputeraccountmanagement">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:computer_account_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the computer_account_management entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="distribution_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdistributiongroupmanagement">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:distribution_group_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the distribution_group_management entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_account_management_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotheraccountmanagementevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_account_management_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_account_management_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="security_group_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsecuritygroupmanagement">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:security_group_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the security_group_management entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="user_account_management" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemuseraccountmanagement">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:user_account_management">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user_account_management entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Detailed Tracking Audit Policy Subcategories -->
<xsd:element name="dpapi_activity" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdpapiactivity">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:dpapi_activity">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the dpapi_activity entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="process_creation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemprocesscreation">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:process_creation">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the process_creation entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="process_termination" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemprocesstermination">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:process_termination">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the process_termination entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="rpc_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemrpcevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:rpc_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the rpc_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- DS Access Audit Policy Subcategories -->
<xsd:element name="directory_service_access" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdirectoryserviceaccess">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:directory_service_access">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the directory_service_access entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="directory_service_changes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdirectoryservicechanges">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:xxx">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the directory_service_changes entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="directory_service_replication" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdirectoryservicereplication">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:directory_service_replication">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the directory_service_replication entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="detailed_directory_service_replication" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemdetaileddirectoryservicereplication">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:detailed_directory_service_replication">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the detailed_directory_service_replication entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Logon/Logoff Audit Policy Subcategories -->
<xsd:element name="account_lockout" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemaccountlockout">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:account_lockout">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the account_lockout entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="ipsec_extended_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemipsecextendedmode">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:ipsec_extended_mode">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the ipsec_extended_mode entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="ipsec_main_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemipsecmainmode">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:ipsec_main_mode">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the ipsec_main_mode entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="ipsec_quick_mode" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemipsecquickmode">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:ipsec_quick_mode">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the ipsec_quick_mode entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="logoff" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemlogoff">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:logoff">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the logoff entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemlogon">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:logon">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the logon entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_logon_logoff_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotherlogonlogoffevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_logon_logoff_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_logon_logoff_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="special_logon" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemspeciallogon">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:special_logon">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the special_logon entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Object Access Audit Policy Subcategories -->
<xsd:element name="application_generated" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemapplicationgenerated">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:application_generated">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the application_generated entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="certification_services" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemcertificationservices">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:certification_services">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the certification_services entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_share" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemfileshare">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:file_share">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_share entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_system" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemfilesystem">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:file_system">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_system entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filtering_platform_connection" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemfilteringplatformconnection">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:filtering_platform_connection">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filtering_platform_connection entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filtering_platform_packet_drop" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemfilteringplatformpacketdrop">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:filtering_platform_packet_drop">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filtering_platform_packet_drop entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="handle_manipulation" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemhandlemanipulation">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:handle_manipulation">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the handle_manipulation entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="kernel_object" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemkernelobject">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:kernel_object">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the kernel_object entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_object_access_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotherobjectaccessevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_object_access_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_object_access_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="registry" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemregistry">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:registry">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the registry entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sam" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsam">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:sam">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the sam entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Policy Change Audit Policy Subcategories -->
<xsd:element name="audit_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemauditpolicychange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:audit_policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the audit_policy_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="authentication_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemauthenticationpolicychange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:authentication_policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the authentication_policy_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="authorization_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemauthorizationpolicychange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:authorization_policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the authorization_policy_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filtering_platform_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemfilteringplatformpolicychange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:filtering_platform_policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filtering_platform_policy_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="mpssvc_rule_level_policy_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemmpssvcrulelevelpolicychange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:mpssvc_rule_level_policy_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the mpssvc_rule_level_policy_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_policy_change_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotherpolicychangeevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_policy_change_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_policy_change_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Privilege Use Audit Policy Subcategories -->
<xsd:element name="non_sensitive_privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemnonsensitiveprivilegeuse">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:non_sensitive_privilege_use">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the non_sensitive_privilege_use entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_privilege_use_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemotherprivilegeuseevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_privilege_use_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_privilege_use_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="sensitive_privilege_use" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsensitiveprivilegeuse">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:sensitive_privilege_use">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the sensitive_privilege_use entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- System Audit Policy Subcategories -->
<xsd:element name="ipsec_driver" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemipsecdriver">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:ipsec_driver">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the ipsec_driver entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="other_system_events" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemothersystemevents">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:other_system_events">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the other_system_events entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="security_state_change" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsecuritystatechange">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:security_state_change">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the security_state_change entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="security_system_extension" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsecuritysystemextension">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:security_system_extension">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the security_system_extension entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="system_integrity" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation></xsd:documentation>
<xsd:appinfo>
<sch:pattern id="aepsitemsystemintegrity">
<sch:rule context="win-sc:auditeventpolicysubcategories_item/win-sc:system_integrity">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the system_integrity entity of an auditeventpolicysubcategories_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================== FILE ITEM ==================================== -->
<!-- =============================================================================== -->
<xsd:element name="file_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This element describes file metadata. The time information can be retrieved by the _stst function. Development_class and other version information (company, internal name, language, original_filename, product_name, product_version) can be retrieved using the VerQueryValue function.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the absolute path to a file on the machine.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitempath">
<sch:rule context="win-sc:file_item/win-sc:path">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the path entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>The name of the file. If the nillable attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemfilename">
<sch:rule context="win-sc:file_item/win-sc:filename">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filename entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="owner" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string that contains the name of the owner.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemowner">
<sch:rule context="win-sc:file_item/win-sc:owner">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the owner entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="size" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Size of the file in bytes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemsize">
<sch:rule context="win-sc:file_item/win-sc:size">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the size entity of a file_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="a_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Time of last access of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitema_time">
<sch:rule context="win-sc:file_item/win-sc:a_time">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the a_time entity of a file_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="c_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Time of creation of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemc_time">
<sch:rule context="win-sc:file_item/win-sc:c_time">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the c_time entity of a file_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="m_time" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Time of last modification of file. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemm_time">
<sch:rule context="win-sc:file_item/win-sc:m_time">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the m_time entity of a file_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="ms_checksum" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>the md5 checksum of the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemms_checksum">
<sch:rule context="win-sc:file_item/win-sc:ms_checksum">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the ms_checksum entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="version" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The version of the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemversion">
<sch:rule context="win-sc:file_item/win-sc:version">
<sch:assert test="@datatype='version'">item <sch:value-of select="../@id"/> - datatype attribute for the version entity of a file_item should be 'version'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="type" type="win-sc:EntityItemFileTypeType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The type child element marks wether the file item describes a directory, named pipe, standard file, etc. These types are the return values for GetFileType, with the exception of FILE_ATTRIBUTE_DIRECTORY which is obtained by looking at GetFileAttributesEx.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemtype">
<sch:rule context="win-sc:file_item/win-sc:type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the type entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="development_class" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The development_class element allows the distinction to be made between the GDR development environment and the QFE development environment. This field holds the text found in front of the mmmmmm-nnnn version, for example srv03_gdr.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemdevelopment_class">
<sch:rule context="win-sc:file_item/win-sc:development_class">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the development_class entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="company" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the company name held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemcompany">
<sch:rule context="win-sc:file_item/win-sc:company">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the company entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="internal_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the internal name held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileiteminternalname">
<sch:rule context="win-sc:file_item/win-sc:internal_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the internal_name entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="language" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the language held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemlanguage">
<sch:rule context="win-sc:file_item/win-sc:language">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the language entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="original_filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the original filename held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemoriginalfilename">
<sch:rule context="win-sc:file_item/win-sc:original_filename">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the original_filename entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="product_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the product name held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemproductname">
<sch:rule context="win-sc:file_item/win-sc:product_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the product_name entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="product_version" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity defines the product version held within the version-information structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileitemproductversion">
<sch:rule context="win-sc:file_item/win-sc:product_version">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the product_version entity of a file_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================= FILE AUDITED PERMISSIONS ITEM ======================= -->
<!-- =============================================================================== -->
<xsd:element name="fileauditedpermissions_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item stores the audited access rights of a file that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the absolute path to a file on the machine from which the DACL was retrieved.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititempath">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:path">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the path entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>The name of the file. If the nillable attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfilename">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:filename">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filename entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemtrustee_sid">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity has been deprecated and will be removed in version 6.0 of the language.</xsd:documentation>
<xsd:documentation>This element specifies the trustee name associated with this particular SACL. A trustee can be a user, group, or program (such as a Windows service). In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemtrustee_name">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:trustee_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <value-of select="../@id"/> - datatype attribute for the trustee_name entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemstandard_delete">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:standard_delete">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_delete entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemstandard_read_control">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:standard_read_control">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_read_control entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemstandard_write_dac">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:standard_write_dac">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_dac entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemstandard_write_owner">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:standard_write_owner">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_owner entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemstandard_synchronize">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:standard_synchronize">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for thestandard_synchronize entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemaccess_system_security">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:access_system_security">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the access_system_security entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemgeneric_read">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:generic_read">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_read entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemgeneric_write">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:generic_write">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_write entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemgeneric_execute">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:generic_execute">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_execute entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemgeneric_all">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:generic_all">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_all entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read data from the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_read_data">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_read_data">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_data entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write data to the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_write_data">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_write_data">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_data entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_append_data" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to append data to the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_append_data">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_append_data">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_append_data entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_ea" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read extended attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_read_ea">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_read_ea">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_ea entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_ea" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write extended attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_write_ea">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_write_ea">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_ea entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to execute a file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_execute">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_execute">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_execute entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_delete_child" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_delete_child">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_delete_child">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_delete_child entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_attributes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read file attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_read_attributes">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_read_attributes">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_attributes entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_attributes" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to change file attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="fileaudititemfile_write_attributes">
<sch:rule context="win-sc:fileauditedpermissions_item/win-sc:file_write_attributes">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_attributes entity of a fileauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================== FILE EFFECTIVE RIGHTS ITEM ========================= -->
<!-- =============================================================================== -->
<xsd:element name="fileeffectiverights_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item stores the effective rights of a file that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the absolute path to a file on the machine from which the DACL was retrieved.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritempath">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:path">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the path entity of a fileeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="filename" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>The name of the file. If the nillable attribute is set to true, then the item being represented is the higher directory represented by the path entity. The other items associated with this item would then reflect the values associated with the directory.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfilename">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:filename">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the filename entity of a fileeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemtrustee_sid">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a fileeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity has been deprecated and will be removed in version 6.0 of the language.</xsd:documentation>
<xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemtrustee_name">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:trustee_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <value-of select="../@id"/> - datatype attribute for the trustee_name entity of a fileeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemstandard_delete">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:standard_delete">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_delete entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemstandard_read_control">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:standard_read_control">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_read_control entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemstandard_write_dac">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:standard_write_dac">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_dac entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemstandard_write_owner">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:standard_write_owner">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_owner entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemstandard_synchronize">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:standard_synchronize">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_synchronize entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemaccess_system_security">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:access_system_security">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the access_system_security entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemgeneric_read">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:generic_read">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_read entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemgeneric_write">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:generic_write">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_write entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemgeneric_execute">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:generic_execute">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_execute entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemgeneric_all">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:generic_all">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_all entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read data from the file</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_read_data">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_read_data">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_data entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write data to the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_write_data">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_write_data">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_data entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_append_data" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to append data to the file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_append_data">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_append_data">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_append_data entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_ea" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read extended attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_read_ea">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_read_ea">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_ea entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_ea" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to write extended attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_write_ea">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_write_ea">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_ea entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to execute a file.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_execute">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_execute">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_execute entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_delete_child" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Right to delete a directory and all the files it contains (its children), even if the files are read-only.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_delete_child">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_delete_child">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_delete_child entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_attributes" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to read file attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_read_attributes">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_read_attributes">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_attributes entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_write_attributes" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Grants the right to change file attributes.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="feritemfile_write_attributes">
<sch:rule context="win-sc:fileeffectiverights_item/win-sc:file_write_attributes">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_write_attributes entity of a fileeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================== GROUP ITEM ================================== -->
<!-- =============================================================================== -->
<xsd:element name="group_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The windows group item allows the different users that belong to specific groups (identified by name) be collected. Note that the user element can appear an unlimited number of times. If no user is found in the specified group, then a single user element should exist with a status of 'does not exist'. If there is an error determining the users of a group, then a single user element should exist with a status of 'error'.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="group" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string the represents the name of a particular group. In a domain environment, groups should be identified in the form: "domain\group name" For local groups use: "computer name\group name" For built-in accounts on the system, use the group name without a domain. For example: ADMINISTRATORS, etc. Note that the built-in group names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="groupitemgroup">
<sch:rule context="win-sc:group_item/win-sc:group">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the group entity of a group_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="user" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>A string that represents the name of a particular user. In a domain environment, users should be identified in the form: "domain\user name" For local users use: "computer name\user name" For built-in accounts on the system, use the user name without a domain. For example: ADMINISTRATOR, SYSTEM, etc. Note that the built-in user names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:documentation>If the specified group has more than one user as a member, then multiple user elements should exist. If the specified group does not contain a single user, then a single user element should exist with a status of 'does not exist'. If there is an error determining the userss that are members of the group, then a single user element should be included with a status of 'error'.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="groupitemuser">
<sch:rule context="win-sc:group_item/win-sc:user">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user entity of a group_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ GROUP SID ITEM ================================ -->
<!-- =============================================================================== -->
<xsd:element name="group_sid_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The windows group_sid_item allows the different users that belong to specific groups (identified by SID) be collected. Note that the user element can appear an unlimited number of times. If no user is found in the specified group, then a single user element should exist with a status of 'does not exist'. If there is an error determining the users of a group, then a single user element should exist with a status of 'error'.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="group_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string the represents the SID of a particular group.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="groupsiditemgroup">
<sch:rule context="win-sc:group_sid_item/win-sc:group_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the group_sid entity of a group_sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="user_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>A string that represents the SID of a particular user. If the specified group has more than one user as a member, then multiple user_sid entities should exist. If the specified group does not contain a single user, then a single user_sid entity should exist with a status of 'does not exist'. If there is an error determining the userss that are members of the group, then a single user_sid entity should be included with a status of 'error'.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="groupsiditemuser">
<sch:rule context="win-sc:group_sid_item/win-sc:user_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user_sid entity of a group_sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ INTERFACE ITEM ================================= -->
<!-- =============================================================================== -->
<xsd:element name="interface_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>Enumerate various attributes about the interfaces on a system.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the name of an interface.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemname">
<sch:rule context="win-sc:interface_item/win-sc:name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the name entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="index" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies index that identifies the interface.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemindex">
<sch:rule context="win-sc:interface_item/win-sc:index">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the index entity of an interface_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="type" type="win-sc:EntityItemInterfaceTypeType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the type of interface which is limited to certain set of values.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemtype">
<sch:rule context="win-sc:interface_item/win-sc:type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the type entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="hardware_addr" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the the physical address of the adapter for this interface.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemhardware_addr">
<sch:rule context="win-sc:interface_item/win-sc:hardware_addr">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the hardware_addr entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="inet_addr" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the IP address.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceiteminet_addr">
<sch:rule context="win-sc:interface_item/win-sc:inet_addr">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the inet_addr entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="broadcast_addr" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the broadcast address. A broadcast address is typically the IP address with the host portion set to either all zeros or all ones.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitembroadcast_addr">
<sch:rule context="win-sc:interface_item/win-sc:broadcast_addr">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the broadcast_addr entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="netmask" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the subnet mask for the IP address.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemnetmask">
<sch:rule context="win-sc:interface_item/win-sc:netmask">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the netmask entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="addr_type" type="win-sc:EntityItemAddrTypeType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>This element specifies the address type or state of a specific interface. Each interface can be associated with more than one value meaning the addr_type element can occur multiple times.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wininterfaceitemaddr_type">
<sch:rule context="win-sc:interface_item/win-sc:addr_type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the addr_type entity of an interface_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ========================= LOCKOUT POLICY ITEM =============================== -->
<!-- =============================================================================== -->
<xsd:element name="lockoutpolicy_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The lockoutpolicy item enumerates various attributes associated with lockout information for users and global groups in the security database.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="force_logoff" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies, in seconds, the amount of time between the end of the valid logon time and the time when the user is forced to log off the network. A value of TIMEQ_FOREVER indicates that the user is never forced to log off. A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires. See the USER_MODALS_INFO_0 structure returned by a call to NetUserModalsGet().</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="lpitemforce_logoff">
<sch:rule context="win-sc:lockoutpolicy_item/win-sc:force_logoff">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the force_logoff entity of a lockoutpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="lockout_duration" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies, in seconds, how long a locked account remains locked before it is automatically unlocked. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="lpitemlockout_duration">
<sch:rule context="win-sc:lockoutpolicy_item/win-sc:lockout_duration">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the lockout_duration entity of a lockoutpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="lockout_observation_window" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the maximum time, in seconds, that can elapse between any two failed logon attempts before lockout occurs. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="lpitemlockout_observation_window">
<sch:rule context="win-sc:lockoutpolicy_item/win-sc:lockout_observation_window">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the lockout_observation_window entity of a lockoutpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="lockout_threshold" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the number of invalid password authentications that can occur before an account is marked "locked out." See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="lpitemlockout_threshold">
<sch:rule context="win-sc:lockoutpolicy_item/win-sc:lockout_threshold">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the lockout_threshold entity of a lockoutpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ METABASE ITEM ================================== -->
<!-- =============================================================================== -->
<xsd:element name="metabase_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item gathers information from the specified metabase keys.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element describes a metabase key to be gathered.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemkey">
<sch:rule context="win-sc:metabase_item/win-sc:key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key entity of a metabase_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="id" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>The id element specifies a particular object under the metabase key. If the nillable attribute is set to true, then the item being represented is the higher level metabase key. Using xsi:nil here will result in a status of 'does not exist' for the other entities associated with this item since these entities are not associated with a key by itself.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemid">
<sch:rule context="win-sc:metabase_item/win-sc:id">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the id entity of a metabase_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element describes the name of the specified metabase object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemname">
<sch:rule context="win-sc:metabase_item/win-sc:name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the name entity of a metabase_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="user_type" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The user_type element is a DWORD that specifies the user type of the data. See the METADATA_RECORD structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemuser_type">
<sch:rule context="win-sc:metabase_item/win-sc:user_type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user_type entity of a metabase_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="data_type" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The data_type element identifies the type of data in the metabase entry. See the METADATA_RECORD structure.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemdata_type">
<sch:rule context="win-sc:metabase_item/win-sc:data_type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the data_type entity of a metabase_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="data" type="oval-sc:EntityItemAnyType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The actual data of the named item under the specified metabase key. If the specified metabase key is of type multi string, then multiple value elements should exist to describe the array of strings.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="metabaseitemdata">
<sch:rule context="win-sc:metabase_item/win-sc:data">
<sch:assert test="(@datatype='int' and (floor(.) = number(.))) or not(@datatype='int') or not(node())"><sch:value-of select="../@id"/> - The datatype has been set to 'int' but the value is not an integer.</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================== PASSWORD POLICY ITEM =============================== -->
<!-- =============================================================================== -->
<xsd:element name="passwordpolicy_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>Specific policy items associated with passwords. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_item and activedirectory_item are of no use. If this can be figured out, then the password_policy item is not needed.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="max_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER (-1) indicates that the password never expires. The minimum valid value for this element is ONE_DAY (86400).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitemmax_passwd_age">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:max_passwd_age">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the max_passwd_age entity of a passwordpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="min_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again. A value of zero indicates that no delay is required between password updates.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitemmin_passwd_age">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:min_passwd_age">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the min_passwd_age entity of a passwordpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="min_passwd_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitemmin_passwd_len">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:min_passwd_len">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the min_passwd_len entity of a passwordpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="password_hist_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the length of password history maintained. A new password cannot match any of the previous usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitempassword_hist_len">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:password_hist_len">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the password_hist_len entity of a passwordpolicy_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="password_complexity" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A boolean value that signifies whether passwords must meet the complexity requirements put forth by the operating system.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitempassword_complexity">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:password_complexity">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the password_complexity entity of a passwordpolicy_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="reversible_encryption" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Determines whether Windows 2000 Server, Windows 2000 Professional, and Windows XP Professional store passwords using reversible encryption.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="ppitemreversible_encryption">
<sch:rule context="win-sc:passwordpolicy_item/win-sc:reversible_encryption">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the reversible_encryption entity of a passwordpolicy_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================== PORT ITEM ==================================== -->
<!-- =============================================================================== -->
<xsd:element name="port_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>Information about open listening ports.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="local_address" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the local IP address the listening port is bound to.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="winportitemlocal_address">
<sch:rule context="win-sc:port_item/win-sc:local_address">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the local_address entity of a port_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="local_port" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the number assigned to the local listening port.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="winportitemlocal_port">
<sch:rule context="win-sc:port_item/win-sc:local_port">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the local_port entity of a port_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="protocol" type="win-sc:EntityItemProtocolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the type of listening port. It is restricted to either TCP or UDP.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="winportitemprotocol">
<sch:rule context="win-sc:port_item/win-sc:protocol">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the protocol entity of a port_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="pid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The id given to the process that is associated with the specified listening port.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="winportitempid">
<sch:rule context="win-sc:port_item/win-sc:pid">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the pid entity of a port_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ======================= PRINTER EFFECTIVE RIGHTS ITEM ======================= -->
<!-- =============================================================================== -->
<xsd:element name="printereffectiverights_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item stores the effective rights of a printer that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="printer_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The printer_name enitity specifies the name of the printer.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemprinter_name">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:printer_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the printer_name entity of a printereffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemtrustee_sid">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a printereffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemstandard_delete">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:standard_delete">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_delete entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemstandard_read_control">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:standard_read_control">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_read_control entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemstandard_write_dac">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:standard_write_dac">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_dac entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemstandard_write_owner">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:standard_write_owner">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_owner entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemstandard_synchronize">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:standard_synchronize">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_synchronize entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemaccess_system_security">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:access_system_security">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the access_system_security entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemgeneric_read">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:generic_read">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_read entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemgeneric_write">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:generic_write">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_write entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemgeneric_execute">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:generic_execute">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_execute entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="peritemgeneric_all">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:generic_all">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_all entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="printer_access_administer" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="peritemprinter_access_administer">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:printer_access_administer">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the printer_access_administer entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="printer_access_use" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="peritemprinter_access_use">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:printer_access_use">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the printer_access_use entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="job_access_administer" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="peritemjob_access_administer">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:job_access_administer">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the job_access_administer entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="job_access_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="peritemjob_access_read">
<sch:rule context="win-sc:printereffectiverights_item/win-sc:job_access_read">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the job_access_read entity of a printereffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ PROCESS ITEM =================================== -->
<!-- =============================================================================== -->
<xsd:element name="process_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>Information about running processes.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="command_line" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitemcommand_line">
<sch:rule context="win-sc:process_item/win-sc:command_line">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the command_line entity of a process_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="pid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The id given to the process that is created for a specified command line.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitempid">
<sch:rule context="win-sc:process_item/win-sc:pid">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the pid entity of a process_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="ppid" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The id given to the parent of the process that is created for the specified command line</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitemppid">
<sch:rule context="win-sc:process_item/win-sc:ppid">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the ppid entity of a process_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="priority" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The base priority of the process.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitempriority">
<sch:rule context="win-sc:process_item/win-sc:priority">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the priority entity of a process_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="image_path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The image_path entity contains the name of the executable file in question.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitemimage_path">
<sch:rule context="win-sc:process_item/win-sc:image_path">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the image_path entity of a process_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="current_dir" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The current_directory entity represents the current path to the executable.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="processitemcurrent_dir">
<sch:rule context="win-sc:process_item/win-sc:current_dir">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the current_dir entity of a process_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ REGISTRY ITEM ================================== -->
<!-- =============================================================================== -->
<xsd:element name="registry_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The windows registry item specifies information that can be collected about a particular registry key.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The hive that the registry key belongs to.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regitemhive">
<sch:rule context="win-sc:registry_item/win-sc:hive">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the hive entity of a registry_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>This element describes a registry key to be gathered. Note that the hive portion of the string should not be inclueded, as this data can be found under the hive element. If the nillable attribute is set to true, then the item being represented is the higher level hive. Using xsi:nil here will result in a status of 'does not exist' for the type, and value entities since these entities are not associated with a hive by itself. Note that when nil is used for the key element, the name element should also be nilled.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regitemkey">
<sch:rule context="win-sc:registry_item/win-sc:key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key entity of a registry_item should be 'string'</sch:assert>
<sch:assert test="not(@xsi:nil='true') or ../win-sc:name/@xsi:nil='true'"><sch:value-of select="../@id"/> - name entity must be nil when key is nil</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1" nillable="true">
<xsd:annotation>
<xsd:documentation>This element describes the name of a registry key. If the nillable attribute is set to true, then the item being represented is the higher level key. Using xsi:nil here will result in a status of 'does not exist' for the type, and value entities since these entities are not associated with a key by itself.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regitemname">
<sch:rule context="win-sc:registry_item/win-sc:name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the name entity of a registry_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="type" type="win-sc:EntityItemRegistryTypeType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Specifies the type of data stored by the registry key. Please refer to the EntityItemRegistryTypeType for more information about the different possible types.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regitemtype">
<sch:rule context="win-sc:registry_item/win-sc:type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the type entity of a registry_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="value" type="oval-sc:EntityItemAnyType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The value entity holds the actual value of the specified registry key. The representation of the value as well as the associated datatype attribute depends on type of data stored in the registry key. If the specified registry key is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the registry key is of type REG_DWORD or REG_QWORD, then the datatype attribute should be set to 'int' and the value entity should represent the data as an integer. If the specified registry key is of type REG_EXPAND_SZ, then the datatype attribute should be set to 'string' and the pre-expanded string should be represented by the value entity. If the specified registry key is of type REG_MULTI_SZ, then multiple value entities should exist to describe the array of strings, with each value element holds a single string. In the end, there should be the same number of value entities as there are strings in the reg_multi_sz array. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regitemvalue">
<sch:rule context="win-sc:registry_item/win-sc:value">
<sch:assert test="(@datatype='int' and (floor(.) = number(.))) or not(@datatype='int') or not(node())"><sch:value-of select="../@id"/> - The datatype has been set to 'int' but the value is not an integer.</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- =================== REGISTRY KEY AUDITED PERMISSIONS ITEM =================== -->
<!-- =============================================================================== -->
<xsd:element name="regkeyauditedpermissions_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item stores the audited access rights of a registry key that a system access control list (SACL) structure grants to a specified trustee. The trustee's audited access rights are determined checking all access control entries (ACEs) in the SACL. For help with this test see the GetAuditedPermissionsFromAcl() api.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the hive of a registry key on the machine from which the SACL was retrieved.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemhive">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:hive">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the hive entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies a registry key on the machine from which the SACL was retrieved. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemkey">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemtrustee_sid">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity has been deprecated and will be removed in version 6.0 of the language.</xsd:documentation>
<xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemtrustee_name">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:trustee_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <value-of select="../@id"/> - datatype attribute for the trustee_name entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemstandard_delete">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_delete">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_delete entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemstandard_read_control">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_read_control">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_read_control entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemstandard_write_dac">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_write_dac">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_dac entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemstandard_write_owner">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_write_owner">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_owner entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemstandard_synchronize">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:standard_synchronize">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_synchronize entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemaccess_system_security">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:access_system_security">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the access_system_security entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemgeneric_read">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:generic_read">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_read entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemgeneric_write">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:generic_write">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_write entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemgeneric_execute">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:generic_execute">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_execute entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="rapitemgeneric_all">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:generic_all">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_all entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_query_value" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_query_value">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_query_value">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_query_value entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_set_value" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_set_value">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_set_value">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_set_value entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_sub_key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_create_sub_key">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_create_sub_key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_create_sub_key entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_enumerate_sub_keys" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_enumerate_sub_keys">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_enumerate_sub_keys">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_enumerate_sub_keys entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_notify" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_notify">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_notify">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_notify entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_link" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_create_link">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_create_link">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_create_link entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_64key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_wow64_64key">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_wow64_64key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_64key entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_32key" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_wow64_32key">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_wow64_32key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_32key entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_res" type="win-sc:EntityItemAuditType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="rapitemkey_wow64_res">
<sch:rule context="win-sc:regkeyauditedpermissions_item/win-sc:key_wow64_res">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_res entity of a regkeyauditedpermissions_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ==================== REGISTRY KEY EFFECTIVE RIGHTS ITEM ===================== -->
<!-- =============================================================================== -->
<xsd:element name="regkeyeffectiverights_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>This item stores the effective rights of a registry key that a discretionary access control list (DACL) structure grants to a specified trustee. The trustee's effective rights are determined checking all access-allowed and access-denied access control entries (ACEs) in the DACL. For help with this test see the GetEffectiveRightsFromAcl() api.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="hive" type="win-sc:EntityItemRegistryHiveType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The hive that the registry key belongs to.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemhive">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:hive">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the hive entity of a regkeyeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element describes a registry key to be gathered. Note that the hive portion of the string should not be inclueded, as this data can be found under the hive element.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemkey">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the key entity of a regkeyeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The trustee_sid entity specifies the SID that associated a user, group, system, or program (such as a Windows service).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemtrustee_sid">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a regkeyeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This entity has been deprecated and will be removed in version 6.0 of the language.</xsd:documentation>
<xsd:documentation>This element specifies the trustee name associated with this particular DACL. A trustee can be a user, group, or program (such as a Windows service). In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemtrustee_name">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:trustee_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <value-of select="../@id"/> - datatype attribute for the trustee_name entity of a regkeyeffectiverights_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_delete" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to delete the object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemstandard_delete">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_delete">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_delete entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_read_control" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to read the information in the object's security descriptor, not including the information in the SACL.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemstandard_read_control">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_read_control">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_read_control entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_dac" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to modify the DACL in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemstandard_write_dac">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_write_dac">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_dac entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_write_owner" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The right to change the owner in the object's security descriptor.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemstandard_write_owner">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_write_owner">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_write_owner entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="standard_synchronize" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Windows NT/2000: The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemstandard_synchronize">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:standard_synchronize">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the standard_synchronize entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_system_security" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Indicates access to a system access control list (SACL).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemaccess_system_security">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:access_system_security">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the access_system_security entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_read" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemgeneric_read">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:generic_read">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_read entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_write" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Write access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemgeneric_write">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:generic_write">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_write entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_execute" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemgeneric_execute">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:generic_execute">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_execute entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="generic_all" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Read, write, and execute access.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="reritemgeneric_all">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:generic_all">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the generic_all entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_query_value" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_query_value">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_query_value">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_query_value entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_set_value" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_set_value">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_set_value">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_set_value entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_sub_key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_create_sub_key">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_create_sub_key">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_create_sub_key entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_enumerate_sub_keys" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_enumerate_sub_keys">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_enumerate_sub_keys">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_enumerate_sub_keys entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_notify" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_notify">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_notify">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_notify entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_create_link" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_create_link">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_create_link">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_create_link entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_64key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_wow64_64key">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_wow64_64key">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_64key entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_32key" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_wow64_32key">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_wow64_32key">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_32key entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key_wow64_res" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation/>
<xsd:appinfo>
<sch:pattern id="reritemkey_wow64_res">
<sch:rule context="win-sc:regkeyeffectiverights_item/win-sc:key_wow64_res">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the key_wow64_res entity of a regkeyeffectiverights_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- =========================== SHARED RESOURCE ITEM =========================== -->
<!-- =============================================================================== -->
<xsd:element name="sharedresource_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation/>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="netname" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The share name of the resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemnetname">
<sch:rule context="win-sc:sharedresource_item/win-sc:netname">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the netname entity of a sharedresource_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="shared_type" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The type of the shared resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemshared_type">
<sch:rule context="win-sc:sharedresource_item/win-sc:shared_type">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the shared_type entity of a sharedresource_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="max_uses" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The maximum number of concurrent connections that the shared resource can accommodate.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemmax_uses">
<sch:rule context="win-sc:sharedresource_item/win-sc:max_uses">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the max_uses entity of a sharedresource_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="current_uses" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The number of current connections to the shared resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemcurrent_uses">
<sch:rule context="win-sc:sharedresource_item/win-sc:current_uses">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the current_uses entity of a sharedresource_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="local_path" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The local path for the shared resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemlocal_path">
<sch:rule context="win-sc:sharedresource_item/win-sc:local_path">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the local_path entity of a sharedresource_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_read_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to read data from a resource and, by default, to execute the resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_read_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_read_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_read_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_write_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to write data to the resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_write_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_write_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_write_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_create_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to create an instance of the resource (such as a file); data can be written to the resource as the resource is created.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_create_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_create_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_create_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_exec_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to execute the resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_exec_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_exec_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_exec_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_delete_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to delete the resource.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_delete_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_delete_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_delete_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_atrib_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to modify the resource's attributes (such as the date and time when a file was last modified).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_atrib_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_atrib_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_atrib_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_perm_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to modify the permissions (read, write, create, execute, and delete) assigned to a resource for a user or application.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_perm_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_perm_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_perm_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="access_all_permission" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Permission to read, write, create, execute, and delete resources, and to modify their attributes and permissions.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="sritemaccess_all_permission">
<sch:rule context="win-sc:sharedresource_item/win-sc:access_all_permission">
<sch:assert test="not(@datatype) or @datatype='bool'">item <sch:value-of select="../@id"/> - datatype attribute for the access_all_permission entity of a sharedresource_item should be 'bool'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ================================= SID ITEM ================================= -->
<!-- =============================================================================== -->
<xsd:element name="sid_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation/>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="trustee_name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>This element specifies the trustee name associated with a particular SID. In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="siditemtrustee_name">
<sch:rule context="win-sc:sid_item/win-sc:trustee_name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_name entity of a sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The security identifier (SID) of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="siditemtrustee_sid">
<sch:rule context="win-sc:sid_item/win-sc:trustee_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_sid entity of a sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="trustee_domain" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The domain of the specified trustee name.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="siditemtrustee_domain">
<sch:rule context="win-sc:sid_item/win-sc:trustee_domain">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the trustee_domain entity of a sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ========================= USER ACCESS CONTROL ITEM ========================== -->
<!-- =============================================================================== -->
<xsd:element name="uac_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The volume item enumerates various attributes about a particular volume mounted to a machine. This includes the various system flags returned by GetVolumeInformation().</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="admin_approval_mode" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Admin Approval Mode for the Built-in Administrator account.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemadminapprovalmode">
<sch:rule context="win-sc:uac_item/win-sc:admin_approval_mode">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the admin_approval_mode entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="elevation_prompt_admin" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Behavior of the elevation prompt for administrators in Admin Approval Mode.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemelevationpromptadmin">
<sch:rule context="win-sc:uac_item/win-sc:elevation_prompt_admin">
<sch:assert test="@not(@datatype) or datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the elevation_prompt_admin entity of a uac_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="elevation_prompt_standard" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Behavior of the elevation prompt for standard users.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemelevationpromptstandard">
<sch:rule context="win-sc:uac_item/win-sc:elevation_prompt_standard">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the elevation_prompt_standard entity of a uac_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="detect_installations" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Detect application installations and prompt for elevation.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemdetectinstallations">
<sch:rule context="win-sc:uac_item/win-sc:detect_installations">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the detect_installations entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="elevate_signed_executables" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Only elevate executables that are signed and validated.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemelevatesignedexecutables">
<sch:rule context="win-sc:uac_item/win-sc:elevate_signed_executables">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the elevate_signed_executables entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="elevate_uiaccess" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Only elevate UIAccess applications that are installed in secure locations.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemelevateuiaccess">
<sch:rule context="win-sc:uac_item/win-sc:elevate_uiaccess">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the elevate_uiaccess entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="run_admins_aam" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Run all administrators in Admin Approval Mode.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemrunadminsaam">
<sch:rule context="win-sc:uac_item/win-sc:run_admins_aam">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the run_admins_aam entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="secure_desktop" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Switch to the secure desktop when prompting for elevation.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemsecuredesktop">
<sch:rule context="win-sc:uac_item/win-sc:secure_desktop">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the secure_desktop entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="virtualize_write_failures" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>Virtualize file and registry write failures to per-user locations.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="uacitemvirtualizewritefailures">
<sch:rule context="win-sc:uac_item/win-sc:virtualize_write_failures">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the virtualize_write_failures entity of a uac_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================== USER ITEM ==================================== -->
<!-- =============================================================================== -->
<xsd:element name="user_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The windows user_item allows the different groups (identified by name) that a user belongs to be collected.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="user" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string the represents the name of a particular user. In a domain environment, users should be identified in the form: "domain\user name" For local users use: "computer_name\user_name" For built-in accounts on the system, use the user name without a domain. For example: ADMINISTRATOR, SYSTEM, etc. Note that the built-in user names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="useritemuser">
<sch:rule context="win-sc:user_item/win-sc:user">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user entity of a user_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A boolean that represents whether the particular user is enabled or not.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="useritemenabled">
<sch:rule context="win-sc:user_item/win-sc:enabled">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the enabled entity of a user_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="group" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>A string that represents the name of a particular group. In a domain environment, groups should be identified in the form: "domain\group name" For local groups use: "computer name\group name" For built-in accounts on the system, use the group name without a domain. For example: ADMINISTRATORS, etc. Note that the built-in group names should be all caps as that is how the windows apis return them.</xsd:documentation>
<xsd:documentation>If the specified user belongs to more than one group, then multiple group elements should exist. If the specified user is not a member of a single group, then a single group element should exist with a status of 'does not exist'. If there is an error determining the groups that the user belongs to, then a single group element should be included with a status of 'error'.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="useritemgroup">
<sch:rule context="win-sc:user_item/win-sc:group">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for a group entity of a user_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================ USER SID ITEM ================================== -->
<!-- =============================================================================== -->
<xsd:element name="user_sid_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The windows user_sid_item allows the different groups (identified by SID) that a user belongs to be collected.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="user_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string the represents the SID of a particular user.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="usersiditemuser">
<sch:rule context="win-sc:user_sid_item/win-sc:user_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the user_sid entity of a user_sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="enabled" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A boolean that represents whether the particular user is enabled or not.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="usersiditemenabled">
<sch:rule context="win-sc:user_sid_item/win-sc:enabled">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the enabled entity of a user_sid_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="group_sid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>A string that represents the SID of a particular group. If the specified user belongs to more than one group, then multiple group_sid elements should exist. If the specified user is not a member of a single group, then a single group_sid element should exist with a status of 'does not exist'. If there is an error determining the groups that the user belongs to, then a single group_sid element should be included with a status of 'error'.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="usersiditemgroup">
<sch:rule context="win-sc:user_sid_item/win-sc:group_sid">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for a group_sid entity of a user_sid_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================= VOLUME ITEM =================================== -->
<!-- =============================================================================== -->
<xsd:element name="volume_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The volume item enumerates various attributes about a particular volume mounted to a machine. This includes the various system flags returned by GetVolumeInformation().</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="rootpath" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A string that contains the root directory of the volume to be described. A trailing backslash is required. For example, you would specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\".</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemrootpath">
<sch:rule context="win-sc:volume_item/win-sc:rootpath">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the rootpath entity of a volume_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_system" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The type of filesystem. For example FAT or NTFS.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_system">
<sch:rule context="win-sc:volume_item/win-sc:file_system">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the file_system entity of a volume_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="name" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The name of the volume.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemname">
<sch:rule context="win-sc:volume_item/win-sc:name">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the name entity of a volume_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="volume_max_component_length" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The volume_max_component_length element specifies the maximum length, in TCHARs, of a file name component that a specified file system supports. A file name component is the portion of a file name between backslashes. The value that is stored in the variable that *lpMaximumComponentLength points to is used to indicate that a specified file system supports long names. For example, for a FAT file system that supports long names, the function stores the value 255, rather than the previous 8.3 indicator. Long names can also be supported on systems that use the NTFS file system.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemvolume_max_component_length">
<sch:rule context="win-sc:volume_item/win-sc:volume_max_component_length">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the volume_max_component_length entity of a volume_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="serial_number" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The volume serial number.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemserial_number">
<sch:rule context="win-sc:volume_item/win-sc:serial_number">
<sch:assert test="@datatype='int'">item <sch:value-of select="../@id"/> - datatype attribute for the serial_number entity of a volume_item should be 'int'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_case_sensitive_search" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports case-sensitive file names.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_case_sensitive_search">
<sch:rule context="win-sc:volume_item/win-sc:file_case_sensitive_search">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_case_sensitive_search entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_case_preserved_names" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system preserves the case of file names when it places a name on disk.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_case_preserved_names">
<sch:rule context="win-sc:volume_item/win-sc:file_case_preserved_names">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_case_preserved_names entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_unicode_on_disk" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports Unicode in file names as they appear on disk.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_unicode_on_disk">
<sch:rule context="win-sc:volume_item/win-sc:file_unicode_on_disk">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_unicode_on_disk entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_persistent_acls" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system preserves and enforces ACLs. For example, NTFS preserves and enforces ACLs, and FAT does not.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_persistent_acls">
<sch:rule context="win-sc:volume_item/win-sc:file_persistent_acls">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_persistent_acls entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_file_compression" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports file-based compression.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_file_compression">
<sch:rule context="win-sc:volume_item/win-sc:file_file_compression">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_file_compression entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_volume_quotas" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports disk quotas.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_volume_quotas">
<sch:rule context="win-sc:volume_item/win-sc:file_volume_quotas">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_volume_quotas entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_supports_sparse_files" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports sparse files.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_supports_sparse_files">
<sch:rule context="win-sc:volume_item/win-sc:file_supports_sparse_files">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_supports_sparse_files entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_supports_reparse_points" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports reparse points.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_supports_reparse_points">
<sch:rule context="win-sc:volume_item/win-sc:file_supports_reparse_points">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_supports_reparse_points entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_supports_remote_storage" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The specified volume is a compressed volume; for example, a DoubleSpace volume.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_supports_remote_storage">
<sch:rule context="win-sc:volume_item/win-sc:file_supports_remote_storage">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_supports_remote_storage entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_volume_is_compressed" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The specified volume is a compressed volume; for example, a DoubleSpace volume.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_volume_is_compressed">
<sch:rule context="win-sc:volume_item/win-sc:file_volume_is_compressed">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_volume_is_compressed entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_supports_object_ids" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports object identifiers.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_supports_object_ids">
<sch:rule context="win-sc:volume_item/win-sc:file_supports_object_ids">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_supports_object_ids entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_supports_encryption" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports the Encrypted File System (EFS).</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_supports_encryption">
<sch:rule context="win-sc:volume_item/win-sc:file_supports_encryption">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_supports_encryption entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_named_streams" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The file system supports named streams.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_named_streams">
<sch:rule context="win-sc:volume_item/win-sc:file_named_streams">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_named_streams entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="file_read_only_volume" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The specified volume is read-only. This flag was added in Windows XP.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="volitemfile_read_only_volume">
<sch:rule context="win-sc:volume_item/win-sc:file_read_only_volume">
<sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id"/> - datatype attribute for the file_read_only_volume entity of a volume_item should be 'boolean'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- ============================= WMI CONTENT ITEM ============================= -->
<!-- =============================================================================== -->
<xsd:element name="wmi_item" substitutionGroup="oval-sc:item">
<xsd:annotation>
<xsd:documentation>The wmi_item outlines information to be checked through Microsoft's WMI interface.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-sc:ItemType">
<xsd:sequence>
<xsd:element name="namespace" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>The WMI namespaces of the specific object.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wmiitemnamespace">
<sch:rule context="win-sc:wmi_item/win-sc:namespace">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the namespace entity of a wmi_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="wql" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>A WQL query used to identify the object(s) specified. Any valid WQL query is allowed with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wmiitemwql">
<sch:rule context="win-sc:wmi_item/win-sc:wql">
<sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id"/> - datatype attribute for the wql entity of a wmi_item should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="result" type="oval-sc:EntityItemAnyType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>The result element specifies how to test objects in the result set of the specified WQL statement. Only one comparable field is allowed. So if the WQL statement look like 'SELECT name FROM ...', then a result element with a value of 'Fred' would test that value against the names returned by the WQL statement. If the WQL statement returns more than one instance of the specified field, then multiple result elements should exist to describe each instance.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="wmiitemresult">
<sch:rule context="win-sc:wmi_item/win-sc:result">
<sch:assert test="(@datatype='int' and (floor(.) = number(.))) or not(@datatype='int') or not(node())"><sch:value-of select="../@id"/> - The datatype has been set to 'int' but the value is not an integer.</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<!-- =============================================================================== -->
<!-- =============================================================================== -->
<!-- =============================================================================== -->
<xsd:complexType name="EntityItemAddrTypeType">
<xsd:annotation>
<xsd:documentation>The EntityItemAddrTypeType restricts a string value to a specific set of values that describe the different address types of interfaces. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="MIB_IPADDR_DELETED"/>
<xsd:enumeration value="MIB_IPADDR_DISCONNECTED"/>
<xsd:enumeration value="MIB_IPADDR_DYNAMIC"/>
<xsd:enumeration value="MIB_IPADDR_PRIMARY"/>
<xsd:enumeration value="MIB_IPADDR_TRANSIENT"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemAdstypeType">
<xsd:annotation>
<xsd:documentation>The EntityItemAdstypeType restricts a string value to a specific set of values that describe the possible types associated with an Active Directory attribute. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="ADSTYPE_INVALID"/>
<xsd:enumeration value="ADSTYPE_DN_STRING"/>
<xsd:enumeration value="ADSTYPE_CASE_EXACT_STRING"/>
<xsd:enumeration value="ADSTYPE_CASE_IGNORE_STRING"/>
<xsd:enumeration value="ADSTYPE_PRINTABLE_STRING"/>
<xsd:enumeration value="ADSTYPE_NUMERIC_STRING"/>
<xsd:enumeration value="ADSTYPE_BOOLEAN"/>
<xsd:enumeration value="ADSTYPE_INTEGER"/>
<xsd:enumeration value="ADSTYPE_OCTET_STRING"/>
<xsd:enumeration value="ADSTYPE_UTC_TIME"/>
<xsd:enumeration value="ADSTYPE_LARGE_INTEGER"/>
<xsd:enumeration value="ADSTYPE_PROV_SPECIFIC"/>
<xsd:enumeration value="ADSTYPE_OBJECT_CLASS"/>
<xsd:enumeration value="ADSTYPE_CASEIGNORE_LIST"/>
<xsd:enumeration value="ADSTYPE_OCTET_LIST"/>
<xsd:enumeration value="ADSTYPE_PATH"/>
<xsd:enumeration value="ADSTYPE_POSTALADDRESS"/>
<xsd:enumeration value="ADSTYPE_TIMESTAMP"/>
<xsd:enumeration value="ADSTYPE_BACKLINK"/>
<xsd:enumeration value="ADSTYPE_TYPEDNAME"/>
<xsd:enumeration value="ADSTYPE_HOLD"/>
<xsd:enumeration value="ADSTYPE_NETADDRESS"/>
<xsd:enumeration value="ADSTYPE_REPLICAPOINTER"/>
<xsd:enumeration value="ADSTYPE_FAXNUMBER"/>
<xsd:enumeration value="ADSTYPE_EMAIL"/>
<xsd:enumeration value="ADSTYPE_NT_SECURITY_DESCRIPTOR"/>
<xsd:enumeration value="ADSTYPE_UNKNOWN"/>
<xsd:enumeration value="ADSTYPE_DN_WITH_BINARY"/>
<xsd:enumeration value="ADSTYPE_DN_WITH_STRING"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemAuditType">
<xsd:annotation>
<xsd:documentation>The EntityItemAuditType restricts a string value to a specific set of values: AUDIT_NONE, AUDIT_SUCCESS, AUDIT_FAILURE, and AUDIT_SUCCESS_FAILURE. These values describe which audit records should be generated. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="AUDIT_FAILURE"/>
<xsd:enumeration value="AUDIT_NONE"/>
<xsd:enumeration value="AUDIT_SUCCESS"/>
<xsd:enumeration value="AUDIT_SUCCESS_FAILURE"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemFileTypeType">
<xsd:annotation>
<xsd:documentation>The EntityItemFileTypeType restricts a string value to a specific set of values that describe the different types of files. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="FILE_ATTRIBUTE_DIRECTORY"/>
<xsd:enumeration value="FILE_TYPE_CHAR"/>
<xsd:enumeration value="FILE_TYPE_DISK"/>
<xsd:enumeration value="FILE_TYPE_PIPE"/>
<xsd:enumeration value="FILE_TYPE_REMOTE"/>
<xsd:enumeration value="FILE_TYPE_UNKNOWN"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemInterfaceTypeType">
<xsd:annotation>
<xsd:documentation>The EntityItemInterfaceTypeType restricts a string value to a specific set of values that describe the different types of interfaces. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="MIB_IF_TYPE_ETHERNET"/>
<xsd:enumeration value="MIB_IF_TYPE_FDDI"/>
<xsd:enumeration value="MIB_IF_TYPE_LOOPBACK"/>
<xsd:enumeration value="MIB_IF_TYPE_OTHER"/>
<xsd:enumeration value="MIB_IF_TYPE_PPP"/>
<xsd:enumeration value="MIB_IF_TYPE_SLIP"/>
<xsd:enumeration value="MIB_IF_TYPE_TOKENRING"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemNamingContextType">
<xsd:annotation>
<xsd:documentation>The EntityItemNamingContextType restricts a string value to a specific set of values: domain, configuration, and schema. These values describe the different naming context found withing Active Directory. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="domain"/>
<xsd:enumeration value="configuration"/>
<xsd:enumeration value="schema"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemProtocolType">
<xsd:annotation>
<xsd:documentation>The EntityItemProtocolType restricts a string value to a specific set of values that describe the different available protocols. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="TCP"/>
<xsd:enumeration value="UDP"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemRegistryHiveType">
<xsd:annotation>
<xsd:documentation>The EntityItemRegistryHiveType restricts a string value to a specific set of values that describe the different registry hives. The empty string is also allowed to support empty emlement associated with error conditions.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="HKEY_CLASSES_ROOT"/>
<xsd:enumeration value="HKEY_CURRENT_CONFIG"/>
<xsd:enumeration value="HKEY_CURRENT_USER"/>
<xsd:enumeration value="HKEY_LOCAL_MACHINE"/>
<xsd:enumeration value="HKEY_USERS"/>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
<xsd:complexType name="EntityItemRegistryTypeType">
<xsd:annotation>
<xsd:documentation>The EntityItemRegistryTypeType defines the different values that are valid for the type entity of a registry item. These values describe the possible types of data stored in a registry key. restricts a string value to a specific set of values that describe the different registry types. The empty string is also allowed as a valid value to support empty emlements associated with error conditions. Please note that the values identified are for the type entity and are not valid values for the datatype attribute. For information about how to encode registry data in OVAL for each of the different types, please visit the registry_item documentation.</xsd:documentation>
</xsd:annotation>
<xsd:simpleContent>
<xsd:restriction base="oval-sc:EntityItemStringType">
<xsd:enumeration value="reg_binary">
<xsd:annotation>
<xsd:documentation>The reg_binary type is used by registry keys that specify binary data in any form.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_dword">
<xsd:annotation>
<xsd:documentation>The reg_dword type is used by registry keys that specify a 32-bit number.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_expand_sz">
<xsd:annotation>
<xsd:documentation>The reg_expand_sz type is used by registry keys to specify a null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%").</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_multi_sz">
<xsd:annotation>
<xsd:documentation>The reg_multi_sz type is used by registry keys that specify an array of null-terminated strings, terminated by two null characters.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_none">
<xsd:annotation>
<xsd:documentation>The reg_none type is used by registry keys that have no defined value type.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_qword">
<xsd:annotation>
<xsd:documentation>The reg_qword type is used by registry keys that specify a 64-bit number.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="reg_sz">
<xsd:annotation>
<xsd:documentation>The reg_sz type is used by registry keys that specify a single null-terminated string.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="">
<xsd:annotation>
<xsd:documentation>The empty string value is permitted here to allow for detailed error reporting.</xsd:documentation>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleContent>
</xsd:complexType>
</xsd:schema>
|
XSD Schema Code: