Download
| Alert*
CCE-3951-1
The startup type of the Telnet service should be correct. CCE-4751-4 The Uninterruptable Power Supply service should be enabled or disabled as appropriate. CCE-5190-4 The startup type of the Windows Internet Name Service (WINS) service should be correct. CCE-4085-7 TCP/IP SYN Flood Attack Protection should be properly configured. CCE-4688-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security should be assigned. CCE-3899-2 The built-in Administrator account should be correctly named. CCE-3600-4 The TCP/IP KeepAlive Time should be set correctly . CCE-3646-7 Display Last User Name in Logon Screen should be properly configured. CCE-3779-6 Auditing of "privilege use" events on success should be enabled or disabled as appropriate.. CCE-4786-0 The "Disconnect clients when logon hours expire" policy should be set correctly. CCE-4699-5 The startup type of the Windows Management Instrumentation service should be correct. CCE-5379-3 The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned. CCE-5148-2 The "Refuse machine account password change" policy should be set correctly. CCE-5333-0 The required permissions for the file %SystemRoot%\System32\nslookup.exee should be assigned. CCE-3831-5 The required permissions for the directory %SystemRoot%\System32\DTCLog should be assigned. CCE-4096-4 The Smart Card service should be enabled or disabled as appropriate. CCE-3404-1 The required permissions for the directory %SystemRoot%\repair should be assigned. CCE-3864-6 The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned. CCE-4653-2 The startup type of the Windows Management Instrumentation Driver Extensions service should be correct. CCE-4740-7 The startup type of the Network Connections service should be correct. CCE-3962-8 The "Disable Automatic Install of Internet Explorer Components" setting should be configured correctly. CCE-5246-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security should be assigned. CCE-3372-0 The startup type of the Alerter service should be correct. CCE-4326-5 The startup type of the Remote Storage Server service should be correct. CCE-4555-9 The startup type of the File Server For Macintosh service should be correct. CCE-3515-4 The startup type of the Simple TCP/IP service should be correct. CCE-5211-8 The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned. CCE-4520-3 The required permissions for the directory %SystemRoot%\speech should be assigned. CCE-3722-6 The startup type of the World Wide Web Publishing service should be correct. CCE-4108-7 The "Set Safe for Scripting" policy should be set correctly. CCE-5113-6 The Terminal Services remote control configuration is set correctly. CCE-4063-4 The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. CCE-3470-2 The "Decoy Admin Account Not Disabled" policy should be set correctly. CCE-3152-6 The "Always Install with Elevated Privileges" policy should be set correctly. CCE-5159-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais should be assigned. CCE-4773-8 Inheritance of the shadow setting on the terminal server for remote control from another source should be set correctly. CCE-5006-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. CCE-4929-6 The "Named Pipes that can be accessed anonymously" policy should be set correctly. CCE-3973-5 The startup type of the Routing and Remote Access service should be correct. CCE-4531-0 The required permissions for the file %SystemRoot%\explorer.scf should be assigned. CCE-3296-1 The "change the system time" user right should be assigned to the correct accounts. CCE-5268-8 The startup type of the Services for Unix Client for NFS service should be correct. CCE-4993-2 The startup type of the TCP/IP Print Server (aka lpd print server or LPDSVC) service should be correct. CCE-5124-3 The startup type of the File Replication service should be correct. CCE-4762-1 The startup type of the Remote Administration Service service should be correct. CCE-3886-9 The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. CCE-4860-3 The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned. CCE-5222-5 The startup type of the Remote Installation Services Single Instance Storage (SIS) Groveler service should be correct. CCE-4709-2 The "AutoBackupLogFiles" policy for application logs should be set correctly. CCE-4041-0 The startup type of the Computer Browser service should be correct. CCE-5139-1 The OS/2 subsystem should be enabled or disabled as appropriate. CCE-4640-9 The startup type of the Remote Storage Notification service should be correct. CCE-4686-2 The startup type of the Print Server for Macintosh service should be correct. CCE-4392-7 The required permissions for the directory %SystemRoot%\mui should be assigned. CCE-4949-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates should be assigned. CCE-5237-3 The required permissions for the file %SystemRoot%\explorer.exe should be assigned. CCE-5202-7 The required permissions for the file %SystemRoot%\System32\sc.exe should be assigned. CCE-4882-7 The Telephony service should be enabled or disabled as appropriate. CCE-3317-5 The "lock pages in memory" user right should be assigned to the correct accounts. CCE-4697-9 The required permissions for the directory %SystemRoot%\System32\wbem should be assigned. CCE-3185-6 The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. CCE-4381-0 The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned. CCE-5104-5 The required permissions for the directory %SystemRoot%\System32\LogFiles should be assigned. CCE-5248-0 The startup type of the Logical Disk Manager Administrative service should be correct. CCE-4328-1 The startup type of the System Event Notification service should be correct. CCE-3964-4 The "restrict guest access to security log" policy should be set correctly. CCE-3766-3 Use of the built-in Guest account should be enabled or disabled as appropriate. CCE-3052-8 The required permissions for the directory %SystemRoot%\security should be assigned. CCE-3559-2 Automatic Logon should be properly configured. CCE-4065-9 IRDP should be properly configured. CCE-3513-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset002 should be assigned. CCE-4771-2 The startup type of the ATI hotkey poller service should be correct. CCE-3098-1 The "Users Prompted to Change Password Before Expiration" policy should be set correctly. CCE-3877-8 The "log on as a service" user right should be assigned to the correct accounts. CCE-5213-4 The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned. CCE-3524-6 The startup type of the SNMP Service service should be correct. CCE-3657-4 The required permissions for the file %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log should be assigned. CCE-5126-8 The registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2 should exist or not as appropriate. CCE-3392-8 The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly. CCE-3986-7 The correct password filtering DLL should be installed. CCE-4853-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data should be assigned. CCE-3748-1 The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. CCE-3846-3 Auditing of "object access" events on failure should be enabled or disabled as appropriate.. CCE-4646-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. CCE-5133-4 The required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned. CCE-3800-0 The required permissions for the directory %SystemRoot%\System32 should be assigned. CCE-5179-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager should be assigned. CCE-4888-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security should be assigned. CCE-3737-4 The required permissions for the registry key HKEY_CLASSES_ROOT should be assigned. CCE-3835-6 The startup type of the IIS Admin service should be correct. CCE-5013-8 The startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct. CCE-4235-8 The "deny logon as a service" user right should be assigned to the correct accounts. CCE-4039-4 Automatic Execution of the System Debugger should be properly configured. CCE-3408-2 The required permissions for the directory %SystemRoot%\Temp should be assigned. CCE-3966-9 Security Audit log warning level should be properly configured. CCE-3145-0 The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. CCE-3920-6 File System Checker and Popups should be properly configured. CCE-3868-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command should be assigned. CCE-4357-0 The required permissions for the directory %ProgramFiles%\Common Files\SpeechEngines\TTS should be assigned. CCE-5155-7 The startup type of the Net Logon service should be correct. CCE-3726-7 Autoplay on all Drive Types should be properly configured. CCE-3824-0 The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned. CCE-3519-6 The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. CCE-4986-6 The "AutoBackupLogFiles" policy for system logs should be set correctly. CCE-4668-0 The required permissions for the directory %SystemRoot%\System32\attrib.exe should be assigned. CCE-3879-4 The required permissions for the directory %SystemRoot%\SYSVOL should be assigned. CCE-4524-5 The startup type of the Services for Unix Trivial FTP Daemon (TFTP) service should be correct. CCE-3572-5 The startup type of the Remote Registry service should be correct. CCE-5299-3 The startup type of the WinHTTP Web Proxy Auto-Discovery service should be correct. CCE-3931-3 The "Enable User to Browser for Source While Elevated" policy should be set correctly. CCE-4777-9 The License Logging service should be enabled or disabled as appropriate. CCE-5002-1 The startup type of the Client Service for Netware service should be correct. CCE-3942-0 Kerberos and RSVP Traffic Protected by IPSec should be properly configured. CCE-4864-5 The Terminal Services fDisableClip setting should be set correctly. CCE-5037-7 The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. CCE-3670-7 The required permissions for the directory %SystemRoot%\System32\Setup should be assigned. CCE-3813-3 The "Automatically Log Off Users When Logon Time Expires (local)" policy should be set correctly. CCE-4070-9 The "Shut Down system immediately if unable to log security audits" policy should be set correctly. CCE-3167-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned. CCE-4720-9 The Resultant Set of Policy (RSoP) Provider Service should be enabled or disabled as appropriate. CCE-3069-2 The startup type of the Print Services for Unix service should be correct. CCE-4897-5 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies should be assigned. CCE-5342-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. CCE-3957-8 The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned. CCE-3648-3 The "Unsigned Driver Installation Behavior" policy should be set correctly. CCE-4799-3 The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly. CCE-3859-6 Auditing of "account logon" events on success should be enabled or disabled as appropriate.. CCE-3911-5 Auditing of "process tracking" events on failure should be enabled or disabled as appropriate.. CCE-4886-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon should be assigned. CCE-3735-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned. CCE-5331-4 The startup type of the Distributed File System service should be correct. CCE-4094-9 The "Enable User to Use Media Source While Elevated" policy should be set correctly. CCE-5100-3 The "Shares that can be accessed anonymously" policy should be set correctly. CCE-3374-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. CCE-3968-5 If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-4788-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing should be assigned. CCE-3922-2 TCP/IP NetBIOS Name Release on Request Prevented should be properly configured. CCE-3308-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned. CCE-5111-0 The required permissions for the directory %SystemRoot%\security\templates should be assigned. CCE-3517-0 The "Disable Software Update Shell Notifications on Program Launch" setting should be configured correctly. CCE-5046-8 The required permissions for the directory %SystemRoot%\System32\wbem\logs should be assigned. CCE-5364-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS should be assigned. CCE-4457-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. CCE-4061-8 Automatic Reboot After System Crash should be properly configured. CCE-5409-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem should be assigned. CCE-4008-9 The "Screen Saver Executable Name" setting should be configured correctly for the current user. CCE-3419-9 The required permissions for the directory %SystemDrive%\Documents and Settings\All Users should be assigned. CCE-5462-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure should be assigned. CCE-4862-9 The required permissions for the file %SystemRoot%\inf\unregmp2.exe should be assigned. CCE-4117-8 The "Security Zones: Do Not Allow Users to Add/Delete Sites" setting should be configured correctly. CCE-3811-7 The "generate security audits" user right should be assigned to the correct accounts. CCE-4400-8 Safe DLL search mode should be enabled or disabled as appropriate. CCE-5353-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run should be assigned. CCE-3528-7 Autoplay for Default User should be properly configured. CCE-5168-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Secure should be assigned. CCE-4446-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security should be assigned. CCE-4764-7 The startup type of the .NET Framework service should be correct. CCE-4019-6 The "Security Zones: Do Not Allow Users to Change Policies" setting should be configured correctly. CCE-5220-9 The startup type of the Services for Unix Perl Socket service should be correct. CCE-4736-5 The TCPMaxPortsExhausted setting should be properly configured. CCE-4943-7 The startup type of the NTLM Security Support Provider service should be correct. CCE-5306-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech should be assigned. CCE-4989-0 The required permissions for the directory %SystemRoot%\Java should be assigned. CCE-3959-4 The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. CCE-3839-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned. CCE-4823-1 The required permissions for the directory %SystemRoot%\twain_32 should be assigned. CCE-2895-1 The required permissions for the directory %SystemDrive%\Temp should be assigned. CCE-5208-4 The startup type of the Server service should be correct. CCE-4035-2 The startup type of the NetMeeting Remote Desktop Sharing service should be correct. CCE-3149-2 The screen saver should be enabled or disabled as appropriate for the current user. CCE-4954-4 The required permissions for the file %SystemRoot%\Driver Cache should be assigned. CCE-3563-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned. CCE-2929-8 The required permissions for the registry key HKEY_CLASSES_ROOT should be assigned. CCE-3783-8 The "Digitally Sign Server Communication (Always)" policy should be set correctly. CCE-5219-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule should be assigned. CCE-5174-8 The startup type of the Removable Storage service should be correct. CCE-4002-2 The "Cache Transforms in Secure Location" policy should be set correctly. CCE-3890-1 The required permissions for the directory %SystemRoot%\System32\ias should be assigned. CCE-5328-0 The startup type of the Print Spooler service should be correct. CCE-5370-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping should be assigned. CCE-3489-2 The "deny logon locally" user right should be assigned to the correct accounts. CCE-4244-0 The Wireless Zero Configuration service should be enabled or disabled as appropriate. CCE-3900-8 The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. CCE-3772-1 The "debug programs" user right should be assigned to the correct accounts. CCE-3080-9 The required permissions for the file %SystemDrive%\Documents and Settings should be assigned. CCE-3802-6 The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned. CCE-5308-2 The required permissions for the file %SystemRoot%\System32\route.exe should be assigned. CCE-5041-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem should be assigned. CCE-3091-6 The required permissions for the directory %SystemDrive%\NTDS should be assigned. CCE-3915-6 IP Source Routing should be properly configured. CCE-4987-4 The startup type of the Windows System Resource Manager (WSRM) service should be correct. CCE-3704-4 ICMP Redirects should be properly configured. CCE-3596-4 The "Smart Card Removal Behavior" policy should be set correctly. CCE-5298-5 The Terminal Services fDisableCam setting should be set correctly. CCE-4821-5 The startup type of the Message Queuing Down Level Clients service should be correct. CCE-3792-9 Auditing of "system" events on success should be enabled or disabled as appropriate.. CCE-3881-0 Auditing of "account logon" events on failure should be enabled or disabled as appropriate.. CCE-3837-2 The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct. CCE-5165-6 The startup type of the Terminal Services Licensing service should be correct. CCE-2995-9 Auditing of "policy change" events on failure should be enabled or disabled as appropriate.. CCE-4636-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates should be assigned. CCE-3926-3 The "profile single process" user right should be assigned to the correct accounts. CCE-3463-7 The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. CCE-2897-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned. CCE-3990-9 The "restrict guest access to system log" policy should be set correctly. CCE-5176-3 The path to the Microsoft OS/2 version 1.x library should be defined appropriately. CCE-4453-7 The Certificate Services service should be enabled or disabled as appropriate. CCE-5383-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT should be assigned. CCE-4004-8 The "Anonymous access to the registry" policy should be set correctly. CCE-3892-7 The startup type of the ClipBook service should be correct. CCE-5065-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares should be assigned. CCE-3937-0 Auditing of "system" events on failure should be enabled or disabled as appropriate.. CCE-4601-1 The startup type of the IP Version 6 Helper service should be correct. CCE-3476-9 The "Audit the use of backup and restore privilege" policy should be set correctly. CCE-3210-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned. CCE-3815-8 The required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned. CCE-5141-7 The "AutoBackupLogFiles" policy for security logs should be set correctly. CCE-5285-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost should be assigned. CCE-3948-7 Protect Kernel object attributes should be properly configured. CCE-3770-5 The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. CCE-5417-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. CCE-3970-1 The "replace a process-level token" user right should be assigned to the correct accounts. CCE-4684-7 The "Maximum User Renewal Lifetime" policy should be set correctly. CCE-3872-9 The required permissions for the directory %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL should be assigned. CCE-3917-2 The "access this computer from the network" user right should be assigned to the correct accounts. CCE-3763-0 The required permissions for the directory %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson should be assigned. CCE-3798-6 The "load and unload device drivers" user right should be assigned to the correct accounts. CCE-5390-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 should be assigned. CCE-3423-1 The required permissions for the directory %SystemRoot%\System32\repl\import should be assigned. CCE-4729-0 The Network News Transport Protocol (NNTP) service should be enabled or disabled as appropriate. CCE-4782-9 The startup type of the Message Queuing service should be correct. CCE-3521-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned. CCE-4307-5 The startup type of the Workstation service should be correct. CCE-3981-8 Dr. Watson Crash Dumps should be properly configured. CCE-3928-9 The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. CCE-3939-6 TCP/IP PMTU Discovery should be properly configured. CCE-3643-4 The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct. CCE-5422-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole should be assigned. CCE-5411-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion should be assigned. CCE-3776-2 The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned. CCE-4055-0 The "Hide Property Pages" policy should be set correctly for the Task Scheduler. CCE-4803-3 The Distributed Link Tracking Client service should be enabled or disabled as appropriate. CCE-3678-0 Auditing of "logon" events on failure should be enabled or disabled as appropriate.. CCE-5313-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. CCE-3401-7 The "Unsigned Non-Driver Installation Behavior" policy should be set correctly. CCE-5098-9 The startup type of the Utility Manager service should be correct. CCE-4936-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers should be assigned. CCE-3904-0 The "force shutdown from a remote system" user right should be assigned to the correct accounts. CCE-3545-1 The "Number of Previous Logons to Cache" policy should be set correctly. CCE-5196-1 The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned. CCE-5150-8 The startup type of the Cluster Service service should be correct. CCE-5294-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole should be assigned. CCE-4738-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp should be assigned. CCE-3874-5 The "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly. CCE-3554-3 The startup type of the Internet Connection Sharing service should be correct. CCE-3095-7 System File Checker should be properly configured. CCE-3972-7 System File Checker Progress Meter should be properly configured. CCE-4780-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper should be assigned. CCE-3750-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset005 should be assigned. CCE-3105-4 The required permissions for the directory %SystemRoot% should be assigned. CCE-4825-6 The Application Management service should be enabled or disabled as appropriate. CCE-4033-7 Internet access for Windows Messenger should be configured correctly. CCE-3885-1 Auditing of "account management" events on failure should be enabled or disabled as appropriate.. CCE-3238-3 The "log on locally" user right should be assigned to the correct accounts. CCE-4460-2 The required permissions for the directory %SystemRoot%\System32\mui should be assigned. CCE-4812-4 DEPRECATED in favor of CCE-5236-5, CCE-4719-1. CCE-4253-1 The Distributed Link Tracking Server service should be enabled or disabled as appropriate. CCE-3687-1 The "reset account lockout counter after" policy should meet minimum requirements. CCE-4000-6 The "Screen Saver Timeout" setting should be configured correctly for the current user. CCE-3641-8 The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned. CCE-3850-5 The "synchronize directory service data" user right should be assigned to the correct accounts. CCE-4495-8 The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate. CCE-5270-4 The startup type of the Terminal service should be correct. CCE-3896-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset003 should be assigned. CCE-3785-3 The required permissions for the directory %ProgramFiles%\Resource Pro Kit should be assigned. CCE-3994-1 The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. CCE-3589-9 The "when maximum log size is reached" property should be set correctly for the Security log. CCE-4340-6 The startup type of the Performance Logs and Alerts service should be correct. CCE-5183-9 The Terminal Services fDisableLPT setting should be set correctly. CCE-5413-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT should be assigned. CCE-4801-7 The Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate. CCE-3819-0 The startup type of the SNMP Trap Service service should be correct. CCE-3861-2 The "Enable User Control Over Installs" policy should be set correctly. CCE-3630-1 The "increase scheduling priority" user right should be assigned to the correct accounts. CCE-2879-5 The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned. CCE-5281-1 The Distributed Component Object Model (DCOM) should be enabled or disabled as appropriate. CCE-3445-4 The "profile system performance" user right should be assigned to the correct accounts. CCE-5050-0 The startup type of the Remote Server Manager service should be correct. CCE-4749-8 The startup type of the IAS Jet Database Access service should be correct. CCE-5096-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font should be assigned. CCE-5258-9 The required permissions for the directory %SystemDrive%\perflogs should be assigned. CCE-3767-1 The "create permanent shared objects" user right should be assigned to the correct accounts. CCE-3721-8 The startup type of the Background Intelligent Transfer Service (BITS) service should be correct. CCE-3876-0 The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned. CCE-5321-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies should be assigned. CCE-4981-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor should be assigned. CCE-4567-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName should be assigned. CCE-3669-9 The "Message title for users attempting to log on" policy should be set correctly. CCE-2978-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned. CCE-5269-6 The startup type of the Windows Time service should be correct. CCE-2932-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned. CCE-4447-9 The Distributed Transaction Coordinator service should be enabled or disabled as appropriate. CCE-5125-0 The startup type of the Remote Server Monitor service should be correct. CCE-4349-7 The startup type of the Logical Disk Manager service should be correct. CCE-5093-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS should be assigned. CCE-3493-4 The required permissions for the directory %ALL%\Program Files\MQSeries\qmggr should be assigned. CCE-3745-7 The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned. CCE-4750-6 The "Maximum User Ticket Lifetime" policy should be set correctly. CCE-5029-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. CCE-3852-1 The "store password using reversible encryption for all users in the domain" policy should be set correctly. CCE-3898-4 The correct service permissions for the Printer service should be assigned. CCE-4391-9 The startup type of the Event Log service should be correct. CCE-4894-2 The startup type of the Services for Unix Server for PCNFS service should be correct. CCE-4906-4 The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned. CCE-3042-9 The "password must meet complexity requirments" policy should be set correctly. CCE-3734-1 The required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned. CCE-3961-0 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned. CCE-3503-0 The "deny access to this computer from the network" user right should be assigned to the correct accounts. CCE-4785-2 The required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned. CCE-3318-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset009 should be assigned. CCE-3863-8 Unused USB Ports should be enabled or disabled as appropriate. CCE-3908-1 The "Send LanMan compatible password" setting should be configured correctly. CCE-4195-4 The DHCP Server service should be enabled or disabled as appropriate. CCE-4414-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability should be assigned. CCE-4772-0 The location of the OS/2 subsystem should be set correctly. CCE-4719-1 Auditing of "directory service access" events on failure should be enabled or disabled as appropriate.. CCE-3878-6 The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . CCE-3197-1 The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. CCE-4316-6 The startup type of the Remote Installation Services (aka Boot Information Negotiation Layer or BNLSVC) service should be correct. CCE-5421-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services should be assigned. CCE-5214-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility should be assigned. CCE-5225-8 The required permissions for the file %SystemRoot%\system.ini should be assigned. CCE-5312-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions should be assigned. CCE-3393-6 The "back up files and directories" user right should be assigned to the correct accounts. CCE-3656-6 The required permissions for the directory %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL should be assigned. CCE-5127-6 The startup type of the Services for Unix User Name Mapping service service should be correct. CCE-3889-3 The system log maximum size should be configured correctly.. CCE-4937-9 The required permissions for the directory %SystemRoot%\Connection Wizard should be assigned. CCE-5236-5 Auditing of "directory service access" events on success should be enabled or disabled as appropriate.. CCE-4794-4 The startup type of the Indexing service should be correct. CCE-3789-5 The required permissions for the file %SystemDrive%\IO.SYS should be assigned. CCE-3282-1 The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. CCE-4839-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell should be assigned. CCE-5345-4 The startup type of the Kerberos Key Distribution Center service should be correct. CCE-4685-4 The startup type of the Message Queuing Triggers service should be correct. CCE-4892-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security should be assigned. CCE-3229-2 The "account lockout threshold" policy should meet minimum requirements. CCE-5201-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security should be assigned. CCE-3732-5 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider should be assigned. CCE-3830-7 The startup type of the FTP Publishing service should be correct. CCE-5149-0 The startup type of the IPSEC (IPsec Policy Agent) service should be correct. CCE-3634-3 The startup type of the Automatic Update service should be correct. CCE-3865-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset001 should be assigned. CCE-5103-7 The startup type of the TCP/IP NetBIOS Helper service should be correct. CCE-4329-9 The startup type of the Services for Unix Server for NFS service should be correct. CCE-3059-3 The startup type of the Fax service should be correct. CCE-4830-6 The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned. CCE-3680-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset007 should be assigned. CCE-3823-2 If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-4985-8 The required permissions for the file %SystemRoot%\System32\nbtstat.exe should be assigned. CCE-4005-5 The "Allow Server Operators to Schedule Tasks" policy should be set correctly. CCE-3571-7 The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned. CCE-3978-4 The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. CCE-5001-3 The required permissions for the directory %SystemRoot%\System32\drivers should be assigned. CCE-5408-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList should be assigned. CCE-4865-2 The "Maximum Service Ticket Litfetime" policy should be set correctly. CCE-4634-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports should be assigned. CCE-3529-5 The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. CCE-5167-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC should be assigned. CCE-4489-1 TcpMaxConnectResponseRetransmissions should be properly configured. CCE-3943-8 The "create a pagefile" user right should be assigned to the correct accounts. CCE-5385-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx should be assigned. CCE-3242-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned. CCE-3749-9 The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned. CCE-3451-2 The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler. CCE-4645-8 The "Enforce user logon restrictions" policy should be set correctly. CCE-3340-7 The required permissions for the directory %SystemRoot%\System32\repl should be assigned. CCE-3595-6 The required permissions for the directory %SystemRoot%\system32\ReinstallBackups should be assigned. CCE-5230-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager should be assigned. CCE-3507-1 The "manage auditing and security log" user right should be assigned to the correct accounts. CCE-3738-2 The startup type of the Messenger service should be correct. CCE-3836-4 The required permissions for the file %SystemRoot%\regedit.exe should be assigned. CCE-4974-2 The startup type of the Microsoft POP3 Service service should be correct. CCE-5143-3 The required permissions for the directory %SystemRoot%\Help should be assigned. CCE-3560-0 The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned. CCE-4558-3 The required permissions for the directory %SystemRoot%\System32\config\systemprofile should be assigned. CCE-3867-9 The required permissions for the directory %SystemRoot%\Registration should be assigned. CCE-3791-1 The required permissions for the directory %SystemRoot%\Debug should be assigned. CCE-5241-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP should be assigned. CCE-3965-1 The "log on as a batch job" user right should be assigned to the correct accounts. CCE-3516-2 The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned. CCE-3723-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes should be assigned. CCE-4776-1 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. CCE-4874-4 The Smart Card Helper service should be enabled or disabled as appropriate. CCE-4667-2 The startup type of the Task Scheduler service should be correct. CCE-4983-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones should be assigned. CCE-3471-0 The "take ownership of files or other objects" user right should be assigned to the correct accounts. CCE-3418-1 The correct service permissions for the Task Scheduler service should be assigned. CCE-3934-7 The "shut down the system" user right should be assigned to the correct accounts. CCE-5210-0 The required permissions for the directory %SystemRoot%\System32\CatRoot should be assigned. CCE-5112-8 The startup type of the QoS Admission Control (RSVP) service should be correct. CCE-5256-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce should be assigned. CCE-5045-0 The encryption algorithm to be used by EFS should be properly chosen. CCE-3712-7 The required permissions for the file %SystemRoot%\System32\at.exe should be assigned. CCE-4632-6 The startup type of the Services for Netware Service Advertising Protocol (SAP) Agent service should be correct. CCE-5123-5 The POSIX subsystem should be enabled or disabled as appropriate. CCE-5354-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion should be assigned. CCE-4765-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent should be assigned. CCE-5267-0 The required permissions for the directory %SystemRoot%\System32\wbem\repository should be assigned. CCE-4116-0 The "Allow Administrator to Install from Terminal Services Session" policy should be set correctly. CCE-3747-3 The "Digitally Sign Client Communication (Always)" policy should be set correctly. CCE-4545-0 The required permissions for the file %SystemRoot%\System32\subst.exe should be assigned. CCE-4752-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit should be assigned. CCE-5387-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows should be assigned. CCE-4689-6 The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly. CCE-5069-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers should be assigned. CCE-3384-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset006 should be assigned. CCE-4961-9 The TcpMaxDataRetransmissions setting should be properly configured. CCE-4908-0 The required permissions for the directory %SystemRoot%\System32\dhcp should be assigned. CCE-3079-1 The required permissions for the directory %SystemRoot%\Tasks should be assigned. CCE-3858-8 The required auditing for %SystemDrive% directory should be enabled. CCE-4850-4 The required permissions for the directory %SystemRoot%\System32\Export should be assigned. CCE-3956-0 The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. CCE-5232-4 The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. CCE-3505-5 The required permissions for the directory %SystemRoot%\CSC should be assigned. CCE-3736-6 The "act as part of the operating system" user right should be assigned to the correct accounts. CCE-3691-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OS/2 Subsystem for NT should be assigned. CCE-4469-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout should be assigned. CCE-5330-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options should be assigned. CCE-4972-6 The location of the POSIX subsystem should be set correctly. CCE-3869-5 The required permissions for the directory %ProgramFiles%\Resource Kit should be assigned. CCE-3921-4 The amount of idle time required before disconnecting a session should be set correctly. CCE-4787-8 The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. CCE-4145-9 The "Password protect the screen saver" setting should be configured correctly for the current user. CCE-3224-3 The "minimum password age" policy should meet minimum requirements. CCE-3827-3 The "maximum password age" policy should meet minimum requirements. CCE-5382-7 The path to the debugger used for Just-In-Time debugging should be set appropriately. CCE-4496-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. CCE-4966-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help should be assigned. CCE-4506-2 The startup type of the Plug and Play service should be correct. CCE-4398-4 The required permissions for the file %SystemRoot%\System32\net1.exe should be assigned. CCE-3816-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset008 should be assigned. CCE-5371-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups should be assigned. CCE-4012-1 The "Message text for users attempting to log on" policy should be set correctly. CCE-4485-9 The required permissions for the directory %SystemRoot%\addins should be assigned. CCE-5186-2 The startup type of the Remote Procedure Call (RPC) Locator service should be correct. CCE-5318-1 The required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned. CCE-4977-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing should be assigned. CCE-3947-9 Local volumes should be formatted correctly. CCE-4156-6 The "deny logon as a batch job" user right should be assigned to the correct accounts. CCE-5416-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug should be assigned. CCE-3540-2 The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned. CCE-3771-3 The required permissions for the file %SystemDrive%\NTLDR should be assigned. CCE-3805-9 The "when maximum log size is reached" property should be set correctly for the System log. CCE-3344-9 The required permissions for the file %SystemDrive%\BOOT.INI should be assigned. CCE-4025-3 The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. CCE-5151-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows should be assigned. CCE-4528-6 The required permissions for the directory %SystemRoot%\System32\ShellExt should be assigned. CCE-4735-7 The startup type of the Infrared Monitor service service should be correct. CCE-5295-1 The startup type of the DHCP Client service should be correct. CCE-5501-2 The required permissions for the directory %SystemRoot%\Web should be assigned. CCE-5305-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status should be assigned. CCE-3912-3 The "restore files and directories" user right should be assigned to the correct accounts. CCE-5162-3 The startup type of the SSDP Discovery service should be correct. CCE-3466-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned. CCE-5207-6 The required permissions for the file %SystemRoot%\msdfmap.ini should be assigned. CCE-3697-0 The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned. CCE-4637-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security should be assigned. CCE-5109-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security should be assigned. CCE-4463-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility should be assigned. CCE-5033-6 The startup type of the Protected Storage service should be correct. CCE-3333-2 The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. CCE-3651-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned. CCE-3829-9 The "remove computer from docking station" user right should be assigned to the correct accounts. CCE-4539-3 The startup type of the Remote Access Auto connection Manager service should be correct. CCE-5429-6 The startup type of the Services for Unix Windows Cron service should be correct. CCE-4003-0 Membership in the Power Users group should be assigned to the appropriate accounts. CCE-3727-5 The required permissions for the directory %ALL%\Program Files\MQSeries should be assigned. CCE-4049-3 The "Audit the access of global system objects" policy should be set correctly. CCE-3893-5 Administrative Shares should be enabled or disabled as appropriate. CCE-4452-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD should be assigned. CCE-3682-2 Computer Browser ResetBrowser Frames should be properly configured. CCE-4964-3 The startup type of the IAS service should be correct. CCE-3938-8 The "Additional restrictions for anonymous connections" policy should be set correctly. CCE-3366-2 Auditing of "policy change" events on success should be enabled or disabled as appropriate.. CCE-3780-4 The required permissions for the directory %SystemRoot%\System32\repl\export should be assigned. CCE-3629-3 The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. CCE-5064-1 The startup type of the Remote Procedure Call (RPC) service should be correct. CCE-4504-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes should be assigned. CCE-4613-6 The startup type of the Intersite Messaging service should be correct. CCE-4343-0 The startup type of the Security Accounts Manager service should be correct. CCE-3716-8 The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned. CCE-5373-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography should be assigned. CCE-5286-0 The Terminal Services fDisableCdm setting should be set correctly. CCE-4014-7 The "LAN Manager Authentication Level" policy should be set correctly. CCE-3903-2 The "modify firmware environment values" user right should be assigned to the correct accounts. CCE-5153-2 The setting determining the location of the key and password for the Syskey Encryption Key is correct. CCE-4332-3 The "Impersonate a client after authentication" user right should be assigned to the correct accounts. CCE-3849-7 The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. CCE-5360-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog should be assigned. CCE-3342-3 The required permissions for any of the %SystemRoot%\$NtUninstall* directories should be assigned. CCE-4027-9 The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . CCE-4430-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS should be assigned. CCE-4733-2 The Terminal Services fDisableCcm setting should be set correctly. CCE-5405-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control should be assigned. CCE-4125-1 The "Make Proxy Settings Per-Machine (Rather Then Per-User)" setting should be configured correctly. CCE-4779-5 The Remote Access Connection Manager service should be enabled or disabled as appropriate. CCE-5251-4 The startup type of the Windows Installer service should be correct. CCE-3607-9 The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. CCE-5209-2 The startup type of the Web Element Manager service should be correct. CCE-3793-7 The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned. CCE-4590-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing should be assigned. CCE-4820-7 The required permissions for the file %SystemRoot%\System32\ipconfig.exe should be assigned. CCE-3838-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset004 should be assigned. CCE-3880-2 The "restrict guest access to application log" policy should be set correctly. CCE-5262-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions should be assigned. CCE-3925-5 Auditing of "privilege use" events on failure should be enabled or disabled as appropriate.. CCE-4999-9 The "Remotely accessible registry paths" policy should be set correctly. CCE-5031-0 The required permissions for the file %SystemRoot%\_default.plf should be assigned. CCE-4768-8 The "Interactive logon: Requre smart card" setting should be configured correctly. CCE-3533-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned. CCE-5325-6 The required permissions for the file %SystemRoot%\clock.avi should be assigned. CCE-3688-9 The "adjust memory quotas for a process" user right should be assigned to the correct accounts. CCE-5118-5 The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned. CCE-4394-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile should be assigned. CCE-3228-4 The "minimum password length" policy should meet minimum requirements. CCE-5062-5 The startup type of the Interix Subsystem Startup service should be correct. CCE-3775-4 The application log maximum size should be configured correctly.. CCE-3544-4 The required permissions for the directory %SystemRoot%\SYSVOL\domain\Policies should be assigned. CCE-5227-4 The required permissions for the file %SystemRoot%\mib.bin should be assigned. CCE-4804-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG should be assigned. CCE-5314-0 The required permissions for the directory %SystemRoot%\appPatch should be assigned. CCE-3860-4 The "Create a token object" user right should be assigned to the correct accounts. CCE-4619-3 The required permissions for the file %SystemRoot%\System32\reg.exe should be assigned. CCE-5051-8 The required permissions for the directory %SystemRoot%\msagent should be assigned. CCE-4383-6 The required permissions for the directory %SystemRoot%\System32\wbem\mof should be assigned. CCE-4585-6 The required permissions for the file %SystemRoot%\system\stdole.tlb should be assigned. CCE-3809-1 The required permissions for the directory %ProgramFiles% should be assigned. CCE-4067-5 The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. CCE-3871-1 Autoplay for Current User should be properly configured. CCE-3620-2 System availability to Master Browser should be properly configured. CCE-4890-0 The "Delete Cached Copies of Roaming Profiles" policy should be set correctly. CCE-3096-5 The security log maximum size should be configured correctly.. CCE-3980-0 The "Enable User to Patch Elevated Products" policy should be set correctly. CCE-5105-2 The startup type of the COM+ Event System service should be correct. CCE-3882-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset010 should be assigned. CCE-3753-1 Auditing of "account management" events on success should be enabled or disabled as appropriate.. CCE-5218-3 The startup type of the Windows Media Services service should be correct. CCE-3784-6 The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned. CCE-3995-8 The startup type of the Remote Shell service should be correct. CCE-3686-3 The required permissions for the directory %SystemDrive%\My Download Files should be assigned. CCE-5173-0 The startup type of the Secondary Logon service should be correct. CCE-4045-1 The built-in Guest account should be correctly named. CCE-4859-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell should be assigned. CCE-5060-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security should be assigned. CCE-5271-2 The required permissions for the directory %SystemDrive%\i386 should be assigned. CCE-4715-9 The "Maximum tolerance for computer clock synchronization" policy should be set correctly. CCE-5184-7 The environment variable "Os2LibPath" should exist or not as appropriate. CCE-3960-2 The "account lockout duration" policy should meet minimum requirements. CCE-3215-1 Auditing of "process tracking" events on success should be enabled or disabled as appropriate.. CCE-3542-8 The "add workstations to domain" user right should be assigned to the correct accounts. CCE-3313-4 Auditing of "object access" events on success should be enabled or disabled as appropriate.. CCE-4010-5 Disable saving of dial-up passwords should be properly configured. CCE-3862-0 The required permissions for the directory %SystemRoot%\Offline Web Pages should be assigned. CCE-4848-8 Use of the Recycle Bin on file deletion should be enabled or disabled as appropriate. CCE-3444-7 If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-3083-3 The required permissions for the file %SystemDrive%\System Volume Information should be assigned. CCE-3675-6 The "Prevent Users from Installing Printer Drivers" policy should be set correctly. CCE-3907-3 Auditing of "logon" events on success should be enabled or disabled as appropriate.. CCE-3588-1 The "enforce password history" policy should meet minimum requirements. CCE-5095-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex should be assigned. CCE-5282-9 The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. CCE-3807-5 The required permissions for the directory %SystemDrive% should be assigned. CCE-4374-5 The required permissions for the file %SystemRoot%\system\setup.inf should be assigned. CCE-4069-1 The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. CCE-4790-2 The "Create global objects" user right should be assigned to the correct accounts. CCE-4946-0 The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger should exist or not as appropriate. CCE-3873-7 The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned. CCE-4681-3 The required permissions for the file %SystemRoot%\System32\net.exe should be assigned. CCE-3192-2 The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned. CCE-3555-0 CD-ROM Autorun should be properly configured. CCE-3971-9 The "Security Zones: Use Only Machine Settings" setting should be configured correctly. CCE-5293-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 should be assigned. CCE-3797-8 The "when maximum log size is reached" property should be set correctly for the Application log. CCE-3653-3 The "bypass traverse checking" user right should be assigned to the correct accounts. CCE-3335-7 The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned. CCE-3884-4 TCP/IP Dead Gateway Detection should be properly configured. CCE-5338-9 The required permissions for the directory %SystemRoot%\System32\cacls.exe should be assigned. CCE-3520-4 The required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned. CCE-3982-6 The "Anonymous access to the security event log" policy should be set correctly. CCE-5073-2 The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate. |