About Shavlik  /  Careers  /  Contact  /  News  
Products Solutions Training Support Partners Downloads Federal Blogs Shop

Resources

FDCC Resources

PCI Resources

Already a customer?

Shavlik Optimizer Series

Shavlik NetChk Configure

Shavlik NetChk Configure

Simplify and Automate Configuration Management

Shavlik NetChk Configure simplifies and automates configuration management and compliance auditing. NetChk Configure provides a centralized management interface that allows you to continuously scan the network to validate configuration settings against corporate security policy and allows you to directly map those controls to regulatory frameworks.
Policy Templates
  • Overview
  • Features
  • Design Principles
  • Requirements

Simplify and Automate Configuration Management and Compliance Auditing

Shavlik NetChk Configure is a powerful configuration management solution that simplifies and automates the critical to perform tasks of auditing configurations. It enables you to keep up with changes brought by dynamic networks, meet your compliance objectives, lower your costs, and reduce your risk of exposure.

With Shavlik NetChk Configure you can effectively control and manage highly distributed systems that are operating in mission-critical environments and manage both physical systems and virtual machines, eliminating pain points of using multiple tools as you migrate from physical to virtual worlds.

Multi-Use Tool

Shavlik NetChk Configure provides management and control over configuration settings, as well as compliance auditing for Microsoft-based machines. It enables you to understand, check, assess, audit, and enforce configuration checks on the machines in your networks. It is also an excellent tool for streamlining your understanding of conformance with internal policies and regulatory compliance requirements.

Fastest Time to Value

Shavlik NetChk Configure provides the most direct route to achieving, proving, and sustaining conformance with internal mandates or external regulations. In a matter of hours, not days or weeks, you’ll have a solution in place and operational to find and fix gaps in your security and compliance status.

Simplify Configuration Management

Shavlik NetChk Configure is a cost-effective method for taking control of your configuration settings and improving your security posture. By taking the complexity out of the security configuration task, it provides the fastest route to improved security and compliance readiness. Operational efficiencies are improved so you can do more with fewer resources and free up IT resources to do things that drive business growth.

Automatically Enforce Corporate Policies

Shavlik NetChk Configure detects systems that have drifted out of compliance with your corporate policy, and then quickly and automatically enforces the existing policies by returning the affected systems to their desired state. It does this through continuous assessment, remediation, and management of all physical and virtual machines.

Prove You Are In Compliance

It is easy to create reports about your security posture that map back to internal policies and external regulations, thus demonstrating to auditors that you are in compliance. Reports are available daily, weekly, and monthly on the degree of compliance policies and standards.

Shavlik NetChk Configure contains a large number of product features. In addition to reviewing the following list, you can also see several of the product features in action by viewing the product tutorials available by clicking here.

  • Ease of Use: Go from install to scanning in 30 minutes or less, leveraging Shavlik’s easy to use, industry-standard user interface. Offers a robust user experience, all from a single console.
  • Automated policy baseline development and enforcement: Shavlik NetChk Configure uses policies to define the products and the configuration settings checks to evaluate during a particular scan. There are three predefined baseline policies. In addition, you can create your own custom policies that define the specific configuration checks required by your organization.
  • Manage Migration from Physical to Virtual Machines: Shavlik NetChk Configure offers a tight coupling with VMware’s vSphere or Virtual infrastructure to more closely manage virtual machines hosted on ESX or ESXi servers to contain configuration drift and to quickly distinguish physical versus virtual machines.
  • Policy Cloning & Distribution: Offers advanced "Gold Standard" scanning automation that saves time and increases accuracy. You quickly and easily clone a new policy using the configuration checks configured on a machine that represents your organization’s gold standard. This enables you to leverage existing, approved system configurations. It also makes it very easy to create a security IT infrastructure that can be measured against a pre-defined industry configuration baseline.
  • SCAP Processor support: Allows for interaction with the Shavlik NetChk SCAP Processor, a conversion tool that enables you to convert Security Content Automation Protocol (SCAP) profiles into policies that can be imported into Shavlik NetChk Configure. The policies can then be used to perform compliance scans of machines in your network.
  • Policy Mapping and Regulatory Audit: Addresses current regulations like PCI, SOX, GLBA, HIPAA, FDCC and FISMA that place new demands on information security. Audit systems using the links between best practices content and auditing standards such as ISO 27002 and NIST 800-53. Use these standards to develop powerful security standards to drive an overall security policy.
  • Downloadable PCI DSS Template: NetChk Configure and the downloadable PCI DSS template work together to assist retailers and financial institutions to comply with industry regulations. We gather the proof points for many of the 12 PCI DSS requirements including performing age checking.
  • Policy Dashboard: Gives you the ability to quickly determine the compliance status of the machines in your organization. It does so by providing summary information in an easy-to-read graphical display.
  • Audit-Ready Reporting: Easily create a variety of "audit ready" reports that will demonstrate that the proper configuration controls are in place and operational. These reports can also provide alignment between the various regulations (PCI, SOX, HIPAA, etc.) and the requirements of either internal or external auditors who utilize industry standard policy frameworks to measure compliance and prove "due care" has been taken.
  • Scheduled scanning and policy enforcement: You can use the Schedule feature to specify when and how often a scan should be run. You can regularly run scans at a specific time using a specified recurrence pattern. For example, using this option, a scan could be run every night at midnight, or every Saturday at 9 PM, or on the first day of every month at 11 PM, or at any other user selected time and interval.

    In addition, by enabling the Auto Enforce option you can automatically enforce the policy by correcting any discrepancies found on the scanned machines. The enforcement is performed immediately after the scan.
  • Extremely flexible and robust scanning options: Provides users with both simple and flexible scanning options. The home page provides a simple 1 – 2 – 3 step process to begin a scan. Or, you can begin scans from within a machine group or within a policy. Scans can also be performed by domain, organizational unit, machine name, IP address or IP range.
  • Exporting and importing policies: Allows you to export an existing policy to an XML file. This makes the policy available to be imported by other installations of Shavlik NetChk Configure.
  • Custom Check Wizard: Enables you to expand upon the numerous out-of-box checks by creating your own custom compliance checks. This allows you to track items that are unique to your organization. The custom checks are added to a custom policy and referenced whenever that policy is used in a compliance scan.
  • Change management: Provides the mechanisms needed to track changes you make to your policies and track policy enforcements you perform on the machines in your organization.
  • Machine Groups: Shavlik NetChk Configure uses machine groups to keep track of the machines that are included in a particular scan. There are several predefined machine groups (My Machine, My Domain, My Test Machines, and Entire Network). In addition, you can also create your own unique machine groups.
  • Shares: A share is any resource that can be accessed by other users or computers on a network. Shavlik NetChk Configure can scan for and collect information about shares it identifies on scanned machines.
  • Group Membership: Shavlik NetChk Configure can scan for and collect information about groups it identifies on scanned machines. A group is typically granted certain privileges on a machine. By extension, the members of a group are afforded the same privileges granted to the group. Understanding who is a member of a group can help you limit the number of people able to perform certain functionality.

All products created by Shavlik Technologies are built upon the following product principles. There are a number of examples of each principle evident in Shavlik NetChk Configure.

  • Simplicity: If a product is difficult to use, chances are it won’t get used, no matter how many bells and whistles it may have. Our interface takes the complexity out of managing security.
    • Easy to deploy and manage, meaning your less technical staff can be utilized to manage the product
    • Centralized management interface that simplifies and automates configuration management
    • Operationalizes security, freeing up critical IT staff
    • Direct route to compliance
    • Fully automates the vulnerability lifecycle
    • Facilitates gains in operational efficiency and delivers cost savings by simplifying complex network security
  • Thoroughness: A product is worthless if you can’t trust it to produce accurate results. Shavlik Technologies is the leader in accuracy, depth, and breadth of status on patches, configurations and unapproved software.
    • Best in class scanning
    • Used to audit other solutions for mistakes
    • Validates that policy settings, distributed through GPO or other, were actually implemented
    • Built-in support for industry standard frameworks
  • Architectural Flexibility: When working with rapidly changing technologies, flexibility is key. You don’t want a product that is locked in and that can’t adapt to changes. Shavlik NetChk Configure is extremely flexible because it:
    • Provides multiple deployment options
    • Is non-intrusive
    • Contains the industry’s most flexible and granular remediation options
    • Works with multiple products: Windows 2000 Professional Gold or later, Windows XP Professional SP1 or later, Windows 2000 Server Gold or later,
      Windows Server 2003 Family, Windows Server 2008 Gold or later and Vista SP1
    • Works with multiple machine types: servers, desktops, laptops, virtual machines
    • Uses XML-based files that are constantly being updated to reflect ever-changing software environments.
    • Supports open standards such as Security Content Automation Protocol (SCAP)
  • Scalability: You want a product that is able to grow with your company. Shavlik NetChk Configure has the ability to accommodate ever increasing numbers of machines and software products. Here’s why:
    • Distributed architecture
    • Centralized management
    • Can manage thousands of machines from a single console
  • Time-to-Value: You want to be able to immediately begin using your investment. With its easy to use and intuitive interface, Shavlik NetChk Configure has you scanning, assessing, and remediating your network in no time. Because there are very few setup tasks needed before using the product, the “time-to-value” payoff with Shavlik NetChk Configure is extremely high.

Configure 4

Console

Processor:

  • Minimum: 500 MHz CPU
  • Recommended: 2.0 GHz CPU (multi-processor machine if more than 1000 seat license)

Memory:

  • Minimum: 256 MB of RAM
  • Recommended: 2 GB of RAM (4 GB if more than 1000 seat license)

Video:

  • 1024 x 768 screen resolution or higher (1280 x 1024 or higher recommended)

Disk Space:

  • 60 MB for application

Operating System (any of the following):

Minimum:

  • Windows XP Professional, SP3 or later (SP2 or later if using 64-bit version)
  • Windows Vista, SP2 or later, Business, Enterprise, or Ultimate Edition
  • Windows 7, Professional, Enterprise, or Ultimate Edition

Recommended:

  • Windows Server 2003 Family, SP2 or later
  • Windows Server 2008 Family, excluding Server Core
  • Windows Server 2008 Family R2, excluding Server Core

    Note: Shavlik NetChk Configure supports 32- and 64-bit versions of the listed operating systems for both console and target systems.

Database:

  • Use of SQL Server database ( SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2008, or SQL Server 2008 Express Edition) is required. If you do not have a SQL Server database, the option to install SQL Server 2008 Express Edition will be provided during the prerequisite software installation process.
  • Size: 1.5 GB

Prerequisite Software:

  • Internet Explorer 6.0 or later
  • Windows Installer 4.5 (only required if installing SQL Express 2008 during the installation)
  • Use of Microsoft SQL Server 2005, SQL Server 2005 Express Edition, SQL Server 2008, or SQL Server 2008 Express
  • SQL Server Management Objects (SMO)
  • SQL Native Client or SQL 2008 Native Client (if using SQL Server 2008)
  • Microsoft .NET Framework 3.5, SP1 or later
  • IIS common files (for IIS-related checks)
  • Shavlik NetChk Protect (if you want to use patch and spyware policy checks)

System Configuration:

  • Workstation Service
  • Server Service
  • Remote Registry Service
  • Simple File Sharing disabled
  • An administrative share is required (will be temporarily added if missing)
  • When scanning the console machine, Windows Management Instrumentation (WMI) service must be running and the protocol allowed to the machine (in Windows Firewall, on Windows XP/Windows 2003 machines this is called Remote Administration, and on Windows Vista/Windows Server 2008 machines this is called Windows Management Instrumentation (WMI)/Remote Administration)

Clients

Browser:

  • Internet Explorer 4.0 or later

Disk Space:

  • A minimal amount needed for log files

Operating Systems (any of the following):

  • Windows NT Workstation 4.0 SP6a or later
  • Windows NT Server 4.0 SP6a or later
  • Windows NT Server 4.0, Enterprise Edition SP6a or later
  • Windows NT Server 4.0, Terminal Server Edition SP6a or later
  • Windows 2000 Professional
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
  • Windows 2000 Small Business Server
  • Windows XP Professional
  • Windows XP Tablet PC Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Web Edition
  • Windows Server 2003 for Small Business Server
  • Windows Server 2003, Datacenter Edition
  • Windows Vista, Home Basic Edition
  • Windows Vista, Home Premium Edition
  • Windows Vista, Business Edition
  • Windows Vista, Enterprise Edition
  • Windows Vista, Ultimate Edition
  • Windows 7, Professional Edition
  • Windows 7, Enterprise Edition
  • Windows 7, Ultimate Edition
  • Windows Server 2008, Standard
  • Windows Server 2008, Enterprise
  • Windows Server 2008, Datacenter
  • Windows Server 2008, Standard - Core
  • Windows Server 2008, Enterprise - Core
  • Windows Server 2008, Datacenter – Core
  • Windows Server 2008 R2, Standard
  • Windows Server 2008 R2, Enterprise
  • Windows Server 2008 R2, Datacenter
  • Windows Server 2008 R2, Standard - Core
  • Windows Server 2008 R2, Enterprise - Core
  • Windows Server 2008 R2, Datacenter – Core

    Note: Shavlik NetChk Configure supports 32- and 64-bit versions of the listed operating systems for both console and client systems.

Virtual Machines (online virtual images created by any of the following):

  • VMware ESX Server 3.0 or later
  • VMware VirtualCenter 2.0 or later
  • VMware Server
  • VMware Workstation 4.0 or later
  • VMware Player

System Configuration:

  • Workstation Service
  • Server Service
  • Remote Registry Service
  • Simple File Sharing disabled
  • File Sharing must be installed (default admin shares used)
  • NetBIOS (tcp139) or Direct Host (tcp445) ports must be accessible
  • Windows Management Instrumentation (WMI) service must be running and the protocol allowed to the machine (in Windows Firewall, on Windows XP/Windows 2003 machines this is called Remote Administration, and on Windows Vista/Windows Server 2008 machines this is called Windows Management Instrumentation (WMI)/Remote Administration)
  • In order to perform SQL Server checks on client machines, the credentials associated with the scan must have access to your SQL Server