[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-3492-6
The startup type of the World Wide Web Publishing service should be correct.

CCE-2790-4
The "Message title for users attempting to log on" policy should be set correctly.

CCE-8479-8
The Security Audit log warning level should be properly configured.

CCE-3635-0
The startup type of the Alerter service should be correct.

CCE-3658-2
The "Do Not Allow Windows Messenger to be Run" policy should be set correctly.

CCE-3612-9
The startup type of the Remote Registry service should be correct.

CCE-8544-9
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-3591-5
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-3757-2
Disable saving of dial-up passwords should be properly configured.

CCE-3526-1
The "Screensaver Executable Name" setting should be configured correctly for the current user.

CCE-3711-9
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-3428-0
The startup type of the Remote Access Auto connection Manager service should be correct.

CCE-3613-7
The "Allow undock without having to logon" policy should be set correctly.

CCE-3659-0
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-3558-4
The startup type of the Task Scheduler service should be correct.

CCE-2946-2
The "restrict guest access to security log" policy should be set correctly.

CCE-3621-0
The startup type of the Routing and Remote Access service should be correct.

CCE-3512-1
If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-5026-0
Administrative Shares should be enabled or disabled as appropriate.

CCE-2671-6
The startup type of the Automatic Update service should be correct.

CCE-3295-3
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-3731-7
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

CCE-3370-4
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-3448-8
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-8380-8
System availability to Master Browser should be properly configured.

CCE-3536-0
The startup type of the SNMP Trap Service service should be correct.

CCE-3778-8
Safe DLL Search Mode should be properly configured.

CCE-8534-0
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-8151-3
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate.

CCE-3484-3
The "when maximum log size is reached" property should be set correctly for the Security log.

CCE-3506-3
The system log maximum size should be configured correctly..

CCE-3714-3
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-3353-0
The startup type of the IIS Admin service should be correct.

CCE-3582-4
The startup type of the FTP Publishing service should be correct.

CCE-3497-5
The startup type of the Simple TCP/IP service should be correct.

CCE-3801-8
The "LDAP server signing requirements" policy should be set correctly.

CCE-3386-0
The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct.

CCE-3703-6
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-3715-0
The screensaver should be enabled or disabled as appropriate for the default user.

CCE-3693-9
The "screensaver timeout" policy should be set correctly for the default user.

CCE-3494-2
The startup type of the Messenger service should be correct.

CCE-3746-5
The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.

CCE-3769-7
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-3602-0
The startup type of the Remote Shell service should be correct.

CCE-3592-3
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-3758-0
The "Enable Error Reporting" policy should be set correctly.

CCE-3690-5
Automatic Logon should be properly configured.

CCE-3614-5
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-10633-6
The "Display user information when the session is locked" setting should be configured correctly.

CCE-9994-5
The "Change Password" option in the Ctrl+Alt+Del dialog should be enabled or disabled as appropriate.

CCE-3593-1
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-3759-8
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-3350-6
The startup type of the ClipBook service should be correct.

CCE-3298-7
Background Refresh of Group Policy should be properly configured.

CCE-3552-7
The startup type of the Print Services for Unix service should be correct.

CCE-3586-5
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

CCE-3488-4
The "restrict guest access to system log" policy should be set correctly.

CCE-3200-3
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

CCE-3190-6
The "Enable User to Browser for Source While Elevated" policy should be set correctly.

CCE-3478-5
The "Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

CCE-3817-4
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-3719-2
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-7936-8
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

CCE-3541-0
The startup type of the SSDP Discovery service should be correct.

CCE-3475-1
The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct.

CCE-2908-2
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-3343-1
The security log maximum size should be configured correctly..

CCE-8462-4
The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate.

CCE-3550-1
The application log maximum size should be configured correctly..

CCE-3694-7
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-3618-6
The startup type of the Indexing service should be correct.

CCE-2678-1
The startup type of the Internet Connection Sharing service should be correct.

CCE-8508-4
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-3728-3
The "Hide Property Pages" policy should be set correctly for the Task Scheduler.

CCE-2909-0
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-8561-3
This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this Group Policy setting to grant access to all the computers to particular ...

CCE-3597-2
Autoplay on all Drive Types should be properly configured.

CCE-3672-3
The "Message text for users attempting to log on" policy should be set correctly.

CCE-3441-3
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-3556-8
The startup type of the Remote Desktop Help Session Manager service should be correct.

CCE-8091-1
Anonymous access to Named Pipes and Shares via the network should be enabled or disabled as appropriate.

CCE-3281-3
The "restrict guest access to application log" policy should be set correctly.

CCE-3567-5
If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-3631-9
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-3764-8
The "screensaver timeout" policy should be set correctly for the current user.

CCE-3799-4
The screensaver should be enabled or disabled as appropriate for the current user.

CCE-3632-7
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-3640-0
The startup type of the .NET Framework service should be correct.

CCE-3479-3
The "Allow Server Operators to Schedule Tasks" policy should be set correctly.

CCE-3565-9
The startup type of the Fax service should be correct.

CCE-3698-8
The "Password protect the screensaver" setting should be set correctly for the default user.

CCE-3652-5
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-3796-0
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-2832-4
The startup type of the Terminal Services service should be correct.

CCE-3532-9
The startup type of the SNMP Service service should be correct.

CCE-2822-5
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-3422-3
The "when maximum log size is reached" property should be set correctly for the System log.

CCE-3127-8
If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-3676-4
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-10688-0
User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for PS/2 keyboards as appropriate.

CCE-3383-7
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..

CCE-3548-5
The "minimum password age" policy should meet minimum requirements.

CCE-7611-7
Automatic Reboot After System Crash should be enabled or disabled as appropriate.

CCE-3480-1
The "Security Zones: Do Not Allow Users to Change Policies" setting should be configured correctly.

CCE-3427-2
Auditing of "account management" events on success should be enabled or disabled as appropriate..

CCE-3710-1
The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services.

CCE-3306-8
The "Do Not Automatically Start Windows Messenger" policy should be set correctly.

CCE-3175-7
The startup type of the Print Services for Unix service should be correct.

CCE-3549-3
Always Wait for the Network at Computer Startup and Logon should be properly configured.

CCE-3250-8
The TCPMaxPortsExhausted setting should be properly configured.

CCE-2812-6
The TCP/IP KeepAlive Time should be set correctly .

CCE-3788-7
The startup type of the Removable Storage service should be correct.

CCE-3523-8
The startup type of the Remote Access Auto connection Manager service should be correct.

CCE-3546-9
Auditing of "policy change" events on success should be enabled or disabled as appropriate..

CCE-2947-0
The "Default owner for objects created by members of the Administrators group" policy should be set correctly.

CCE-3720-0
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-3547-7
The "Enable User Control Over Installs" policy should be set correctly.

CCE-3611-1
Auditing of "system" events on failure should be enabled or disabled as appropriate..

CCE-3449-6
Auditing of "account management" events on failure should be enabled or disabled as appropriate..

CCE-2837-3
The "Allow Administrator to Install from Terminal Services Session" policy should be set correctly.

CCE-3594-9
Auditing of "system" events on success should be enabled or disabled as appropriate..

CCE-3725-9
ICMP Redirects should be properly configured.

CCE-2827-4
Auditing of "directory service access" events on success should be enabled or disabled as appropriate..

CCE-3627-7
The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services.

CCE-10710-2
User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for USB keyboards as appropriate.

CCE-3812-5
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-3616-0
TCP/IP SYN Flood Attack Protection should be properly configured.

CCE-3605-3
The "Refuse machine account password change" policy should be set correctly.

CCE-3617-8
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2870-4
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-3810-9
The "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly.

CCE-3504-8
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-3527-9
Display Last User Name in Logon Screen should be properly configured.

CCE-2817-5
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-8601-7
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-3286-2
Auditing of "object access" events on success should be enabled or disabled as appropriate..

CCE-8527-4
Authentication requirements for RPC clients should be configured appropriately.

CCE-3603-8
Auditing of "logon" events on success should be enabled or disabled as appropriate..

CCE-3713-5
The "Make Proxy Settings Per-Machine (Rather Then Per-User)" setting should be configured correctly.

CCE-3638-4
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

CCE-3804-2
The "Users Prompted to Change Password Before Expiration" policy should be set correctly.

CCE-8592-8
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

CCE-3661-6
The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate.

CCE-3598-0
The "Disable Automatic Install of Internet Explorer Components" setting should be configured correctly.

CCE-3608-7
The "Automatic Updates detection frequency" should be set correctly.

CCE-2884-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-3442-1
The "password must meet complexity requirments" policy should be set correctly.

CCE-2819-1
The "LDAP client signing requirements" policy should be set correctly.

CCE-3357-1
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-3599-8
The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-3321-7
Auditing of "account logon" events on success should be enabled or disabled as appropriate..

CCE-2919-9
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3530-3
The "maximum password age" policy should meet minimum requirements.

CCE-3039-5
The "Security Zones: Do Not Allow Users to Add/Delete Sites" setting should be configured correctly.

CCE-3674-9
The "Smart Card Removal Behavior" policy should be set correctly.

CCE-3443-9
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

CCE-8472-3
The number of SYN-ACK retransmissions sent when attempting to respond to a SYN request should be configured correctly.

CCE-3420-7
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-3587-3
The "Enable User to Use Media Source While Elevated" policy should be set correctly.

CCE-2984-3
The "Maximum machine account password age" policy should be set correctly.

CCE-2863-9
The "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer.

CCE-3211-0
Auditing of "privilege use" events on success should be enabled or disabled as appropriate..

CCE-3739-0
TCP/IP PMTU Discovery should be properly configured.

CCE-3814-1
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-3101-3
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate..

CCE-3551-9
The "account lockout threshold" policy should meet minimum requirements.

CCE-3430-6
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-3803-4
The "Enable User to Patch Elevated Products" policy should be set correctly.

CCE-3683-0
The "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services.

CCE-3112-0
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-3453-8
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..

CCE-3354-8
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-3509-7
IRDP should be properly configured.

CCE-2644-3
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-2875-3
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-3510-5
Auditing of "process tracking" events on success should be enabled or disabled as appropriate..

CCE-3808-3
The "Do Not Allow Local Administrators to Customize Permissions" policy should be set correctly for Terminal Services.

CCE-2963-7
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

CCE-3665-7
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-3786-1
The "Limit Number of Connections" policy should be set correctly for Terminal Services.

CCE-3654-1
The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services.

CCE-3446-2
The "enforce password history" policy should meet minimum requirements.

CCE-3391-0
Auditing of "logon" events on failure should be enabled or disabled as appropriate..

CCE-3787-9
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-3413-2
The "Security Zones: Use Only Machine Settings" setting should be configured correctly.

CCE-3666-5
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-3227-6
IP Source Routing should be properly configured.

CCE-3730-9
The "Specify intranet Microsoft update service location" setting should be enabled or disabled as appropriate.

CCE-3424-9
The "minimum password length" policy should meet minimum requirements.

CCE-3806-7
The "Allow automatic updates immediate installation" setting should be enabled or disabled as appropriate.

CCE-3577-4
The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.

CCE-3708-5
Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured.

CCE-3761-4
The amount of idle time required before disconnecting a session should be set correctly.

CCE-3773-9
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-7613-3
The number of retransmissions sent of TCP data segments before the connection is dropped should be set correctly.

CCE-3467-8
Auditing of "account logon" events on failure should be enabled or disabled as appropriate..

CCE-3709-3
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-8542-3
The "Interactive logon: Requre smart card" setting should be configured correctly.

CCE-3774-7
The "Audit the access of global system objects" policy should be set correctly.

CCE-3290-4
Auditing of "object access" events on failure should be enabled or disabled as appropriate..

CCE-3312-6
Auditing of "policy change" events on failure should be enabled or disabled as appropriate..

CCE-2869-6
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-3465-2
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-3794-5
The "Always Install with Elevated Privileges" policy should be set correctly.

CCE-3514-7
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3189-8
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-8049-9
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-3078-3
The startup type of the Telnet service should be correct.

CCE-2627-8
The "account lockout duration" policy should meet minimum requirements.

CCE-3277-1
The "No auto-restart with logged on users for scheduled automatic updates installations" setting should be enabled or disabled as appropriate.

CCE-3574-1
The "reset account lockout counter after" policy should meet minimum requirements.

CCE-3511-3
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3060-1
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CPE    1
cpe:/o:microsoft:windows_server_2003
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_2003
OVAL    213
oval:org.secpod.oval:def:8454
oval:org.secpod.oval:def:8482
oval:org.secpod.oval:def:8492
oval:org.secpod.oval:def:8461
...

© SecPod Technologies