Download
| Alert*
CCE-4228-3
Auditing of "Account Management: Computer Account Management" events on failure should be enabled or disabled as appropriate. CCE-4183-0 Auditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate. CCE-5137-5 Auditing of "Policy Change: Audit Policy Change" events on failure should be enabled or disabled as appropriate. CCE-5094-8 Auditing of "Detailed Tracking: Process Creation" events on failure should be enabled or disabled as appropriate. CCE-8458-2 The "Access credential Manager as a trusted caller" user right should be assigned to the correct accounts. CCE-4662-3 The "Enforce user logon restrictions" policy should be set correctly. CCE-5039-3 Auditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate. CCE-4081-6 The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly. CCE-4755-5 The "Maximum User Renewal Lifetime" policy should be set correctly. CCE-8188-5 The Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Standard Profile. CCE-4666-4 The "Maximum Service Ticket Litfetime" policy should be set correctly. CCE-5157-3 Auditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate. CCE-4579-9 The 'Approved Installation Sites for ActiveX Controls' security mechanism should be enabled or disabled as appropriate. CCE-4627-6 The required permissions for the WLAN AutoConfig service should be assigned. CCE-4516-1 Auditing of "Policy Change: Authentication Policy Change" events on failure should be enabled or disabled as appropriate. CCE-4734-0 Auditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. CCE-5087-2 Auditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate. CCE-3508-9 The "IPv6 Block of UDP 3544" setting should be configured correctly. CCE-2339-0 The behavior surrounding Anonymous SID/Name translation should be correct. CCE-4142-6 Auditing of "Account Management: Security Group Management" events on failure should be enabled or disabled as appropriate. CCE-4910-6 Auditing of "System: Security System Extension" events on failure should be enabled or disabled as appropriate. CCE-18938-1 The 'Specify the System Hibernate Timeout (On Battery)' setting should be configured correctly. CCE-4783-7 Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate. CCE-5036-9 The 6to4 tunneling protocol for IPv6 should be enabled or disabled as appropriate. CCE-18220-4 DEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy ... CCE-8470-7 The Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. CCE-4423-0 Auditing of "Logon/Logoff: Logon" events on failure should be enabled or disabled as appropriate. CCE-4811-6 The Teredo tunneling protocol for IPv6 should be enabled or disabled as appropriate. CCE-3936-2 The "Maximum User Ticket Lifetime" policy should be set correctly. CCE-4702-7 The "Maximum tolerance for computer clock synchronization" policy should be set correctly. CCE-4879-3 Auditing of "System: Ipsec Driver" events on failure should be enabled or disabled as appropriate. CCE-4822-3 Auditing of "System: System Integrity" events on failure should be enabled or disabled as appropriate. CCE-2874-6 The "Do not allow drive redirection" setting should be configured correctly for Terminal Services. CCE-2865-4 The "IPv6 Block of Protocols 41" setting should be configured correctly. CCE-5097-1 Auditing of "Account Management: User Account Management" events on failure should be enabled or disabled as appropriate. CCE-4824-9 Auditing of "Logon/Logoff: Special Logon" events on failure should be enabled or disabled as appropriate. CCE-3187-2 Domain Profile: Do not allow exceptions (SP2 only) CCE-2363-0 The "account lockout duration" policy should meet minimum requirements. CCE-3328-2 The "Turn on Windows Meeting Space audting" setting should be configured correctly. CCE-18589-2 The 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly. CCE-2781-3 The "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly. CCE-3387-8 Standard Profile: Allow Remote Desktop exception (SP2 only) CCE-2839-9 The "restrict guest access to system log" policy should be set correctly. CCE-3352-2 Standard Profile: Allow remote administration exception (SP2 only) CCE-3121-1 The "restrict guest access to application log" policy should be set correctly. CCE-3385-2 The "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly. CCE-18356-6 The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly. CCE-8516-7 The Windows Firewall inbound program exceptions list should be set appropriately for the Domain Profile. CCE-3334-0 Standard Profile: Allow local program exceptions (SP2 only) CCE-7629-9 The Windows Firewall "Define inbound program exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. CCE-3356-3 Standard Profile: Allow local port exceptions (SP2 only) CCE-18386-3 The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly. CCE-3452-0 Group Policy - Registry policy processing CCE-3158-3 Domain Profile: Allow remote administration CCE-2557-7 The "Turn off Windows Meeting Space" setting should be configured correctly. CCE-3458-7 Domain Profile: Allow Remote Desktop exception (SP2 only) CCE-4077-4 The "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile. CCE-2964-5 Domain Profile: Allow UPnP framework exception (SP2 only) CCE-3347-2 Standard Profile: Do not allow exceptions (SP2 only) CCE-4166-5 Auditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate. CCE-3369-6 Standard Profile: Allow file and printer sharing exception (SP2 only) CCE-2659-1 The "restrict guest access to security log" policy should be set correctly. CCE-3180-7 Domain Profile: Allow local port exceptions (SP2 only) CCE-3297-9 The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly. CCE-3329-0 Standard Profile: Protect all network connections (SP2 only) CCE-18115-6 The 'Configure Windows NTP Client\Type' option should be configured correctly. CCE-5018-7 Auditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate. CCE-3405-8 Domain Profile: Allow local program exceptions CCE-18324-4 The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly. CCE-3327-4 Deny all add-ons unless specifically allowed in the Add-on List CCE-3316-7 The startup type of the Messenger service should be correct. CCE-3403-3 The "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly. CCE-4201-0 Auditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate. CCE-3288-8 The "Prevent IIS Installation" setting should be configured correctly. CCE-2914-0 The "Turn off Windows Calendar" setting should be configured correctly. CCE-3046-0 The "Turn off Untrusted Content" setting should be configured correctly. CCE-3409-0 The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile. CCE-3462-9 Standard Profile: Define port exceptions (SP2 only) CCE-18320-2 The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly. CCE-4919-7 The "Display Error Notification" setting should be configured correctly. CCE-3431-4 Domain Profile: Allow file and printer sharing exception (SP2 only) CCE-5020-3 The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly. CCE-3268-0 Standard Profile: Allow UPnP framework exception (SP2 only) CCE-8387-3 The "Unsigned Driver Installation Behavior" policy should be set correctly. CCE-3440-5 Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile. CCE-3949-5 TCP/IP PMTU Discovery should be properly configured. CCE-18594-2 The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly. CCE-3388-6 The startup type of the Windows Search service should be configured correctly. CCE-3202-9 Domain Profile: Define port exceptions (SP2 only) |