[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-3525-3
The "Anonymous access to the security event log" policy should be set correctly.

CCE-3832-3
The "Disable Software Update Shell Notifications on Program Launch" setting should be configured correctly.

CCE-3569-1
The correct service permissions for the WWW Publishing service should be assigned.

CCE-3402-5
The behavior surrounding Anonymous SID/Name translation should be correct.

CCE-3496-7
The correct service permissions for the Messenger service should be assigned.

CCE-3461-1
The correct service permissions for the SMTP service should be assigned.

CCE-2695-5
The correct service permissions for the Alerter service should be assigned.

CCE-3474-4
The correct service permissions for the Indexing service should be assigned.

CCE-3254-0
The correct service permissions for the Printer service should be assigned.

CCE-3583-2
The correct service permissions for the Telnet service should be assigned.

CCE-3700-2
The "Enforce user logon restrictions" policy should be set correctly.

CCE-2687-2
The correct service permissions for the SNMP Trap service should be assigned.

CCE-3580-8
The correct service permissions for the IIS Admin service should be assigned.

CCE-3637-6
The correct service permissions for the Automatic Updates service should be assigned.

CCE-3483-5
The correct service permissions for the NetMeeting service should be assigned.

CCE-3396-9
The "Maximum tolerance for computer clock synchronization" policy should be set correctly.

CCE-3673-1
The correct service permissions for the Remote Desktop Help Session Manager service should be assigned.

CCE-3355-5
The correct service permissions for the SNMP service should be assigned.

CCE-3642-6
The correct service permissions for the ClipBook service should be assigned.

CCE-3435-5
The correct service permissions for the FTP Publishing service should be assigned.

CCE-2853-0
The built-in Administrator account should be correctly named.

CCE-3182-3
The "Password protect the screen saver" setting should be configured correctly for the current user.

CCE-3193-0
The correct service permissions for the Remote Registry service should be assigned.

CCE-3226-8
The correct service permissions for the Terminal Services service should be assigned.

CCE-3664-0
The correct service permissions for the Fax service should be assigned.

CCE-3237-5
The "Maximum Service Ticket Litfetime" policy should be set correctly.

CCE-3499-1
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-3848-9
The "Remote Control Settings" policy should be set correctly for Terminal Services.

CCE-3397-7
This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment. Users who are assigned this user right can affect the appearance of event logs. When a computer's time setting is changed, logged events reflect the new time ...

CCE-3729-1
The "Remotely accessible registry paths" policy should be set correctly.

CCE-3332-4
The "log on as a service" user right should be assigned to the correct accounts.

CCE-8325-3
The "Remotely accessible registry paths and subpaths" policy should be set correctly.

CCE-2861-3
The "profile single process" user right should be assigned to the correct accounts.

CCE-3531-1
The "deny logon locally" user right should be assigned to the correct accounts.

CCE-3543-6
The "deny logon as a service" user right should be assigned to the correct accounts.

CCE-7604-2
The "Create global objects" user right should be assigned to the correct accounts.

CCE-3740-8
Automatic updates should be enabled or disabled as appropriate.

CCE-3147-6
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

CCE-3346-4
The "shut down the system" user right should be assigned to the correct accounts.

CCE-3539-4
The "increase scheduling priority" user right should be assigned to the correct accounts.

CCE-2663-3
The "remove computer from docking station" user right should be assigned to the correct accounts.

CCE-8013-5
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

CCE-3538-6
The "create a pagefile" user right should be assigned to the correct accounts.

CCE-3218-5
The "modify firmware environment values" user right should be assigned to the correct accounts.

CCE-7773-5
This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this Group Policy setting to grant access to all the computers to particular ...

CCE-2848-0
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

CCE-3359-7
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

CCE-3490-0
The "act as part of the operating system" user right should be assigned to the correct accounts.

CCE-3575-8
The "manage auditing and security log" user right should be assigned to the correct accounts.

CCE-3002-3
The "profile system performance" user right should be assigned to the correct accounts.

CCE-2576-7
The "debug programs" user right should be assigned to the correct accounts.

CCE-3375-3
The "bypass traverse checking" user right should be assigned to the correct accounts.

CCE-3557-6
The "log on locally" user right should be assigned to the correct accounts.

CCE-2649-2
The "deny logon as a batch job" user right should be assigned to the correct accounts.

CCE-3743-2
The built-in Guest account should be correctly named.

CCE-3438-9
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-3447-0
The "replace a process-level token" user right should be assigned to the correct accounts.

CCE-3191-4
The "log on as a batch job" user right should be assigned to the correct accounts.

CCE-3062-7
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

CCE-3368-8
The "synchronize directory service data" user right should be assigned to the correct accounts.

CCE-3498-3
The "Create a token object" user right should be assigned to the correct accounts.

CCE-3322-5
The "access this computer from the network" user right should be assigned to the correct accounts.

CCE-3491-8
The "generate security audits" user right should be assigned to the correct accounts.

CCE-2790-4
The "Message title for users attempting to log on" policy should be set correctly.

CCE-8479-8
The Security Audit log warning level should be properly configured.

CCE-8544-9
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-3591-5
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-3757-2
Disable saving of dial-up passwords should be properly configured.

CCE-3526-1
The "Screensaver Executable Name" setting should be configured correctly for the current user.

CCE-3711-9
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-3613-7
The "Allow undock without having to logon" policy should be set correctly.

CCE-3659-0
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-2946-2
The "restrict guest access to security log" policy should be set correctly.

CCE-3512-1
If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-3295-3
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-3731-7
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

CCE-3370-4
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-3448-8
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-8380-8
System availability to Master Browser should be properly configured.

CCE-3778-8
Safe DLL Search Mode should be properly configured.

CCE-8534-0
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-8151-3
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate.

CCE-3484-3
The "when maximum log size is reached" property should be set correctly for the Security log.

CCE-3506-3
The system log maximum size should be configured correctly..

CCE-3714-3
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-3801-8
The "LDAP server signing requirements" policy should be set correctly.

CCE-3703-6
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-3715-0
The screensaver should be enabled or disabled as appropriate for the default user.

CCE-3693-9
The "screensaver timeout" policy should be set correctly for the default user.

CCE-3746-5
The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.

CCE-3769-7
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-3592-3
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-3690-5
Automatic Logon should be properly configured.

CCE-3614-5
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-3593-1
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-3759-8
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-3298-7
Background Refresh of Group Policy should be properly configured.

CCE-3586-5
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

CCE-3488-4
The "restrict guest access to system log" policy should be set correctly.

CCE-3190-6
The "Enable User to Browser for Source While Elevated" policy should be set correctly.

CCE-3478-5
The "Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

CCE-3817-4
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-3719-2
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-7936-8
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

CCE-2908-2
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-3343-1
The security log maximum size should be configured correctly..

CCE-8462-4
The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate.

CCE-3550-1
The application log maximum size should be configured correctly..

CCE-3694-7
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-8508-4
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-8561-3
This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this Group Policy setting to grant access to all the computers to particular ...

CCE-3597-2
Autoplay on all Drive Types should be properly configured.

CCE-3672-3
The "Message text for users attempting to log on" policy should be set correctly.

CCE-3441-3
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-3281-3
The "restrict guest access to application log" policy should be set correctly.

CCE-3567-5
If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-3631-9
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-3764-8
The "screensaver timeout" policy should be set correctly for the current user.

CCE-3799-4
The screensaver should be enabled or disabled as appropriate for the current user.

CCE-3632-7
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-3479-3
The "Allow Server Operators to Schedule Tasks" policy should be set correctly.

CCE-3698-8
The "Password protect the screensaver" setting should be set correctly for the default user.

CCE-3652-5
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-3796-0
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-2822-5
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-3422-3
The "when maximum log size is reached" property should be set correctly for the System log.

CCE-3127-8
If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-3676-4
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-3383-7
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..

CCE-3548-5
The "minimum password age" policy should meet minimum requirements.

CCE-7611-7
Automatic Reboot After System Crash should be enabled or disabled as appropriate.

CCE-3480-1
The "Security Zones: Do Not Allow Users to Change Policies" setting should be configured correctly.

CCE-3427-2
Auditing of "account management" events on success should be enabled or disabled as appropriate..

CCE-3549-3
Always Wait for the Network at Computer Startup and Logon should be properly configured.

CCE-3250-8
The TCPMaxPortsExhausted setting should be properly configured.

CCE-2812-6
The TCP/IP KeepAlive Time should be set correctly .

CCE-3788-7
The startup type of the Removable Storage service should be correct.

CCE-3546-9
Auditing of "policy change" events on success should be enabled or disabled as appropriate..

CCE-2947-0
The "Default owner for objects created by members of the Administrators group" policy should be set correctly.

CCE-3720-0
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-3547-7
The "Enable User Control Over Installs" policy should be set correctly.

CCE-3611-1
Auditing of "system" events on failure should be enabled or disabled as appropriate..

CCE-3449-6
Auditing of "account management" events on failure should be enabled or disabled as appropriate..

CCE-3594-9
Auditing of "system" events on success should be enabled or disabled as appropriate..

CCE-3725-9
ICMP Redirects should be properly configured.

CCE-2827-4
Auditing of "directory service access" events on success should be enabled or disabled as appropriate..

CCE-3812-5
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-3616-0
TCP/IP SYN Flood Attack Protection should be properly configured.

CCE-3605-3
The "Refuse machine account password change" policy should be set correctly.

CCE-3617-8
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2870-4
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-3810-9
The "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly.

CCE-3504-8
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-3527-9
Display Last User Name in Logon Screen should be properly configured.

CCE-2817-5
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-8601-7
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-3286-2
Auditing of "object access" events on success should be enabled or disabled as appropriate..

CCE-8527-4
Authentication requirements for RPC clients should be configured appropriately.

CCE-3603-8
Auditing of "logon" events on success should be enabled or disabled as appropriate..

CCE-3713-5
The "Make Proxy Settings Per-Machine (Rather Then Per-User)" setting should be configured correctly.

CCE-3804-2
The "Users Prompted to Change Password Before Expiration" policy should be set correctly.

CCE-8592-8
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

CCE-3661-6
The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate.

CCE-3598-0
The "Disable Automatic Install of Internet Explorer Components" setting should be configured correctly.

CCE-3608-7
The "Automatic Updates detection frequency" should be set correctly.

CCE-2884-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-3442-1
The "password must meet complexity requirments" policy should be set correctly.

CCE-2819-1
The "LDAP client signing requirements" policy should be set correctly.

CCE-3357-1
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-3321-7
Auditing of "account logon" events on success should be enabled or disabled as appropriate..

CCE-2919-9
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3530-3
The "maximum password age" policy should meet minimum requirements.

CCE-3039-5
The "Security Zones: Do Not Allow Users to Add/Delete Sites" setting should be configured correctly.

CCE-8472-3
The number of SYN-ACK retransmissions sent when attempting to respond to a SYN request should be configured correctly.

CCE-3420-7
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-3587-3
The "Enable User to Use Media Source While Elevated" policy should be set correctly.

CCE-2984-3
The "Maximum machine account password age" policy should be set correctly.

CCE-2863-9
The "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer.

CCE-3211-0
Auditing of "privilege use" events on success should be enabled or disabled as appropriate..

CCE-3739-0
TCP/IP PMTU Discovery should be properly configured.

CCE-3814-1
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-3101-3
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate..

CCE-3551-9
The "account lockout threshold" policy should meet minimum requirements.

CCE-3430-6
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-3803-4
The "Enable User to Patch Elevated Products" policy should be set correctly.

CCE-3112-0
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-3453-8
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..

CCE-3354-8
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-3509-7
IRDP should be properly configured.

CCE-2644-3
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-2875-3
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-3808-3
The "Do Not Allow Local Administrators to Customize Permissions" policy should be set correctly for Terminal Services.

CCE-3510-5
Auditing of "process tracking" events on success should be enabled or disabled as appropriate..

CCE-3665-7
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-3786-1
The "Limit Number of Connections" policy should be set correctly for Terminal Services.

CCE-3654-1
The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services.

CCE-3446-2
The "enforce password history" policy should meet minimum requirements.

CCE-3391-0
Auditing of "logon" events on failure should be enabled or disabled as appropriate..

CCE-3787-9
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-3413-2
The "Security Zones: Use Only Machine Settings" setting should be configured correctly.

CCE-3666-5
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-3227-6
IP Source Routing should be properly configured.

CCE-3424-9
The "minimum password length" policy should meet minimum requirements.

CCE-3806-7
The "Allow automatic updates immediate installation" setting should be enabled or disabled as appropriate.

CCE-3577-4
The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.

CCE-3761-4
The amount of idle time required before disconnecting a session should be set correctly.

CCE-3773-9
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-7613-3
The number of retransmissions sent of TCP data segments before the connection is dropped should be set correctly.

CCE-3467-8
Auditing of "account logon" events on failure should be enabled or disabled as appropriate..

CCE-3709-3
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-8542-3
The "Interactive logon: Requre smart card" setting should be configured correctly.

CCE-3774-7
The "Audit the access of global system objects" policy should be set correctly.

CCE-3290-4
Auditing of "object access" events on failure should be enabled or disabled as appropriate..

CCE-3312-6
Auditing of "policy change" events on failure should be enabled or disabled as appropriate..

CCE-2936-3
The "lock pages in memory" user right should be assigned to the correct accounts.

CCE-3319-1
The "perform volume maintenance tasks" user right should be assigned to the correct accounts.

CCE-3293-8
The "load and unload device drivers" user right should be assigned to the correct accounts.

CCE-3473-6
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts.

CCE-3269-8
The "create permanent shared objects" user right should be assigned to the correct accounts.

CCE-2869-6
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-3465-2
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-3514-7
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3189-8
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-8049-9
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-2627-8
The "account lockout duration" policy should meet minimum requirements.

CCE-3277-1
The "No auto-restart with logged on users for scheduled automatic updates installations" setting should be enabled or disabled as appropriate.

CCE-3574-1
The "reset account lockout counter after" policy should meet minimum requirements.

CCE-3511-3
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3060-1
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CPE    1
cpe:/o:microsoft:windows_server_2003
*XCCDF
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_2003
OVAL    215
oval:org.secpod.oval:def:8454
oval:org.secpod.oval:def:7688
oval:org.secpod.oval:def:8384
oval:org.secpod.oval:def:8364
...

© SecPod Technologies