Download
| Alert*
oval:org.secpod.oval:def:18322
This policy setting for the DS Access audit category enables reports to result when replication between two domain controllers starts and ends. oval:org.secpod.oval:def:18320 Remote Desktop Configuration service (RDCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. oval:org.secpod.oval:def:18335 The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE. oval:org.secpod.oval:def:18478 This setting determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It targets application generated events. oval:org.secpod.oval:def:18345 This audit category generates events that record the creation and destruction of logon sessions. oval:org.secpod.oval:def:18434 Creates, manages, and removes X.509 certificates for applications such as S/MIME and SSL. oval:org.secpod.oval:def:18466 Active Directory Web Services oval:org.secpod.oval:def:18259 This setting applies to the Non Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights. oval:org.secpod.oval:def:18195 ASP.NET State Service provides support for out-of-process session states for Microsoft ASP.NET, a unified Web development platform. oval:org.secpod.oval:def:18203 Provides four management services: Catalog Database Service, Protected Root Service, Automatic Root Certificate Update Service, and Key Service. oval:org.secpod.oval:def:18255 Allows UPnP devices to be hosted on this computer. oval:org.secpod.oval:def:18193 The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. oval:org.secpod.oval:def:18489 This security setting determines which users and groups have the authority to synchronize all directory service data. oval:org.secpod.oval:def:18362 Enables scanned documents to be sent from scanners to the scan server and routes them to the correct destinations. oval:org.secpod.oval:def:18452 Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. oval:org.secpod.oval:def:18354 When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. oval:org.secpod.oval:def:18218 The WebClient service allows Win32 applications to access documents on the Internet. oval:org.secpod.oval:def:18368 This policy setting in the DS Access audit category enables reports to result when changes to create, modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS). oval:org.secpod.oval:def:18189 Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. oval:org.secpod.oval:def:18468 Manages and implements Volume Shadow Copies used for backup and other purposes. oval:org.secpod.oval:def:18226 Control Event Log behavior when the log file reaches its maximum size for Application (KB) oval:org.secpod.oval:def:18487 Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. oval:org.secpod.oval:def:18463 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. oval:org.secpod.oval:def:18376 This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights. oval:org.secpod.oval:def:18461 The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly. oval:org.secpod.oval:def:18231 Manages access to smart cards read by this computer. oval:org.secpod.oval:def:18179 Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network. oval:org.secpod.oval:def:18457 This setting controls which groups has the right to install printer drivers. oval:org.secpod.oval:def:18182 This policy setting determines how network logons that use local accounts are authenticated. oval:org.secpod.oval:def:18405 do not process the run once list oval:org.secpod.oval:def:18240 Manages shadow copy of file shares taken by the VSS file server agent. If this service is stopped, file share shadow copies cannot be managed. oval:org.secpod.oval:def:18432 Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. oval:org.secpod.oval:def:18238 Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. oval:org.secpod.oval:def:18209 The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE. oval:org.secpod.oval:def:18406 Enables installation, modification, and removal of Windows updates and optional components. oval:org.secpod.oval:def:18243 Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. oval:org.secpod.oval:def:18358 This policy setting audits Other Account Management events. oval:org.secpod.oval:def:18347 This policy setting audits logon events other than credential validation and Kerberos Ticket Events. oval:org.secpod.oval:def:18411 Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer. oval:org.secpod.oval:def:18202 Enables the detection, download, and installation of updates for Windows and other programs. oval:org.secpod.oval:def:18318 Enables DNS clients to resolve DNS names by answering DNS queries and dynamic DNS update requests. oval:org.secpod.oval:def:18210 Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. oval:org.secpod.oval:def:18380 The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. oval:org.secpod.oval:def:18250 The IIS Admin Service allows administration of IIS components such as FTP, application pools, Web sites, Web service extensions, and both Network News Transfer Protocol (NNTP) and Simple Mail Transfer Protocol (SMTP) virtual servers. oval:org.secpod.oval:def:18351 This policy setting allows the user of a portable computer to click Eject PC on the Start menu to undock the computer. oval:org.secpod.oval:def:18343 Manages the assignment of remoteApp and desktop connection resources to users oval:org.secpod.oval:def:18412 Provides administrative services for IIS, for example configuration history and Application Pool account mapping. oval:org.secpod.oval:def:18188 Processes installation, removal, and enumeration requests for software deployed through Group Policy. oval:org.secpod.oval:def:18488 This service logs unique client access requests in the form of IP addresses and user names of installed products and roles on the local server. oval:org.secpod.oval:def:18483 This option determines if this computer can receive unicast responses to multicast or broadcast messages that it initiates. Unsolicited unicast responses are blocked regardless of this setting. oval:org.secpod.oval:def:18428 The policy setting for this audit category determines whether to audit Filtering Platform Policy changes on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18284 The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications. oval:org.secpod.oval:def:18370 Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. oval:org.secpod.oval:def:18232 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings. oval:org.secpod.oval:def:18287 This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. This setting is targeted to File Share access operations. oval:org.secpod.oval:def:18356 Control Event Log behavior when the log file reaches its maximum size for Security (KB) oval:org.secpod.oval:def:18234 Require a Password when a Computer Wakes (Plugged in) oval:org.secpod.oval:def:18317 This service hosts the DS Role Server used for DC promotion, demotion, and cloning. oval:org.secpod.oval:def:18408 This policy setting audits Application Group Management events. oval:org.secpod.oval:def:18331 The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18274 Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. oval:org.secpod.oval:def:18339 Provides a platform for communication between the virtual machine and the operating system running on the physical computer. oval:org.secpod.oval:def:18486 This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. oval:org.secpod.oval:def:18395 This setting controls whether local administrators are allowed to create local firewall rules that apply with other firewall rules enforced by Group Policy. oval:org.secpod.oval:def:18185 This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. oval:org.secpod.oval:def:18477 This policy setting determines whether members of the Server Operators group are allowed to submit jobs by means of the AT schedule facility. oval:org.secpod.oval:def:18211 Synchronizes the system time of this virtual machine with the system time of the physical computer. oval:org.secpod.oval:def:18294 This service is used to protect data through the Group Data Protection API. oval:org.secpod.oval:def:18325 The 'Accounts: Guest account status' setting should be configured correctly. oval:org.secpod.oval:def:18217 Enables identity revocation services for PKI (certificate) based services such as secure e-mail smartcard logon, secure web servers, etc as an online request and response query process. oval:org.secpod.oval:def:18305 This policy setting controls whether application write failures are redirected to defined registry and file system locations. oval:org.secpod.oval:def:18353 Data Deduplication VSS writer guided backup applications to back up volumes with deduplication. oval:org.secpod.oval:def:18360 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting. oval:org.secpod.oval:def:18286 Provides infrastructure support for Windows Store. oval:org.secpod.oval:def:18324 Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. oval:org.secpod.oval:def:18369 This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network. oval:org.secpod.oval:def:18404 This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service you won't be able to see printer extensions or notifications. oval:org.secpod.oval:def:18295 This policy setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. It affects the SMB component. oval:org.secpod.oval:def:18429 The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE. oval:org.secpod.oval:def:18212 This policy setting audits Computer Account Management events. oval:org.secpod.oval:def:18235 Manages audio devices for the Windows Audio service. oval:org.secpod.oval:def:18261 Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately. oval:org.secpod.oval:def:18270 This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. oval:org.secpod.oval:def:18304 Enables client computers to print to the Line Printer Daemon (LPD) service on this server using TCP/IP and the Line Printer Remote (LPR) protocol. oval:org.secpod.oval:def:18424 Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. oval:org.secpod.oval:def:18291 Enables remote and delegated management capabilities for administrators to manage the Web server, sites, and applications present on this machine. oval:org.secpod.oval:def:18397 Allows the redirection of Printers/Drives/Ports for RDP connections oval:org.secpod.oval:def:18296 Restrict Unauthenticated RPC clients oval:org.secpod.oval:def:18480 Provides services for configuration, scheduling, and generation of storage reports. oval:org.secpod.oval:def:18289 The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). oval:org.secpod.oval:def:18197 This policy setting specifies which users can add computer workstations to a specific domain. oval:org.secpod.oval:def:18258 KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network. oval:org.secpod.oval:def:18239 The Intersite Messaging service enables message exchanges between computers that run Windows Server sites. oval:org.secpod.oval:def:18394 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. oval:org.secpod.oval:def:18482 This service manages events and event logs. oval:org.secpod.oval:def:18267 Setting displays notifications to the user when a program is blocked from receiving inbound connections. oval:org.secpod.oval:def:18493 The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation. oval:org.secpod.oval:def:18336 This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to File System object access processes. oval:org.secpod.oval:def:18492 The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly. oval:org.secpod.oval:def:18379 Verifies potential file system corruptions. oval:org.secpod.oval:def:18222 This audit category generates events that record the creation and destruction of logon sessions. This setting targets IPsec Quick Mode settings. oval:org.secpod.oval:def:18414 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings. oval:org.secpod.oval:def:18187 Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. oval:org.secpod.oval:def:18476 Core Windows Service that manages local user sessions. oval:org.secpod.oval:def:18341 This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup. oval:org.secpod.oval:def:18427 Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. oval:org.secpod.oval:def:18420 The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key oval:org.secpod.oval:def:18244 Control Event Log behavior when the log file reaches its maximum size for System (KB) oval:org.secpod.oval:def:18219 This policy setting determines whether the LDAP server requires a signature before it will negotiate with LDAP clients. oval:org.secpod.oval:def:18299 Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. oval:org.secpod.oval:def:18497 Default behavior for AutoRun oval:org.secpod.oval:def:18410 Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. oval:org.secpod.oval:def:18455 Provides secure storage and retrieval of credentials to users, applications and security service packages. oval:org.secpod.oval:def:18363 Enables this computer to serve as an iSCSI target. oval:org.secpod.oval:def:18382 Allows files to be automatically copied and maintained simultaneously on multiple servers. oval:org.secpod.oval:def:18306 This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Other Object Access events. oval:org.secpod.oval:def:18199 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. oval:org.secpod.oval:def:18462 Maintains date and time synchronization on all clients and servers in the network. oval:org.secpod.oval:def:18446 Controls whether computer receives unicast responses to its outgoing multicast or broadcast messages. oval:org.secpod.oval:def:18329 This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. oval:org.secpod.oval:def:18192 This policy setting determines whether services can be launched in the context of the specified account. oval:org.secpod.oval:def:18293 This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. oval:org.secpod.oval:def:18378 Provides internal relational database services for use by Windows Server features and roles oval:org.secpod.oval:def:18449 This policy setting audits Account Management events. oval:org.secpod.oval:def:18349 Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer. oval:org.secpod.oval:def:18400 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. oval:org.secpod.oval:def:18330 Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. oval:org.secpod.oval:def:18372 Enables a user to configure and schedule automated tasks on this computer. oval:org.secpod.oval:def:18297 This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader. oval:org.secpod.oval:def:18435 The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself. oval:org.secpod.oval:def:18475 Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. oval:org.secpod.oval:def:18392 Facilitates the running of interactive applications with additional administrative privileges. oval:org.secpod.oval:def:18421 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. oval:org.secpod.oval:def:18183 This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy. oval:org.secpod.oval:def:18371 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. oval:org.secpod.oval:def:18230 This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. oval:org.secpod.oval:def:18229 This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Kernal Object access processes. oval:org.secpod.oval:def:18484 This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista. oval:org.secpod.oval:def:18303 The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. oval:org.secpod.oval:def:18228 This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC. oval:org.secpod.oval:def:18194 This policy determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to the certification services processes. oval:org.secpod.oval:def:18498 Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Termination. oval:org.secpod.oval:def:18364 This is an advanced security setting for the Windows Firewall that you can use to allow unicast responses on computers running Windows Vista or later. oval:org.secpod.oval:def:18456 The policy setting for this audit category determines whether to audit Other Policy Change events on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18272 This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed. oval:org.secpod.oval:def:18445 The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE. oval:org.secpod.oval:def:18441 Performs TCP/IP configuration for DHCP clients, including dynamic assignments of IP addresses, specification of the WINS and DNS servers, and connection-specific DNS names. oval:org.secpod.oval:def:18458 This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18224 This policy setting in the DS Access audit category enables domain controllers to report detailed information about information that replicates between domain controllers. oval:org.secpod.oval:def:18236 This policy setting determines if the server side SMB service is required to perform SMB packet signing. oval:org.secpod.oval:def:18366 This policy setting determines the strength of the default discretionary access control list (DACL) for objects. oval:org.secpod.oval:def:18221 Manages the RPC name service database. oval:org.secpod.oval:def:18491 Management service for Hyper-V, provides service to run multiple virtual machines. oval:org.secpod.oval:def:18251 Provides ordered execution for a group of threads within a specific period of time. oval:org.secpod.oval:def:18470 Serves as the endpoint mapper and COM Service Control Manager. oval:org.secpod.oval:def:18200 Logs, monitors, and manages DirectAccess and VPN connections to the server. oval:org.secpod.oval:def:18280 The WcsPlugInService service hosts third-party Windows Color System color device module and gamut map model plug-in modules. oval:org.secpod.oval:def:18278 This policy setting determines whether the system shuts down if it is unable to log Security events. oval:org.secpod.oval:def:18393 This service is responsible for loading and unloading user profiles. oval:org.secpod.oval:def:18398 Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). oval:org.secpod.oval:def:18301 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide. oval:org.secpod.oval:def:18314 The CNG key isolation service is hosted in the LSA process. oval:org.secpod.oval:def:18459 Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). oval:org.secpod.oval:def:18214 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. oval:org.secpod.oval:def:18499 Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. oval:org.secpod.oval:def:18387 Removes validated remote access clients from the quarantine network. oval:org.secpod.oval:def:18316 Determines and verifies the identity of an application. oval:org.secpod.oval:def:18279 Registers and updates IP addresses and DNS records for this computer. oval:org.secpod.oval:def:18262 This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid. oval:org.secpod.oval:def:18326 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Extended Mode settings. oval:org.secpod.oval:def:18381 This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to connections to the Filtering Platform. oval:org.secpod.oval:def:18426 Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer. oval:org.secpod.oval:def:18399 This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to dropped packet events by the Filtering Pl oval:org.secpod.oval:def:18384 This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. oval:org.secpod.oval:def:18285 Install AppX Packages for all authorized users oval:org.secpod.oval:def:18308 Provides Web connectivity and administration through the Internet Information Services Manager. oval:org.secpod.oval:def:18433 The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with the DPAPI Activity. oval:org.secpod.oval:def:18281 The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly. oval:org.secpod.oval:def:18431 Optimizes performance of applications by caching commonly used font data. oval:org.secpod.oval:def:18389 Provides management services for disks, volumes, file systems, and storage arrays. oval:org.secpod.oval:def:18277 Provides the interface to backup and restore Windows Internal Database through the Windows VSS infrastructure. oval:org.secpod.oval:def:18374 Propagates certificates from smart cards. oval:org.secpod.oval:def:18241 Enables a user connection request to be routed to the appropriate Remote Desktop Session Host server in a cluster. oval:org.secpod.oval:def:18438 Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. oval:org.secpod.oval:def:18252 Manages software-based volume shadow copies taken by the Volume Shadow Copy service. oval:org.secpod.oval:def:18334 Resolves RPC interfaces identifiers to transport endpoints. oval:org.secpod.oval:def:18327 This policy setting determines which users or groups have the right to log on as a Terminal Services client. oval:org.secpod.oval:def:18216 The Detailed Tracking audit category determines whether to audit detailed tracking information for events, such as program activation, process exit, handle duplication, and indirect object access. This setting is focused on RPC events. oval:org.secpod.oval:def:18440 The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. oval:org.secpod.oval:def:18460 This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows. oval:org.secpod.oval:def:18242 Transfers files in the background using idle network bandwidth. oval:org.secpod.oval:def:18196 Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. oval:org.secpod.oval:def:18283 Allows administrators to remotely access a command prompt using Emergency Management Services. oval:org.secpod.oval:def:18418 Provides secure remote connectivity to remote computers on your corporate network, from anywhere on the Internet. oval:org.secpod.oval:def:18402 Provides services for quota and file screen management. oval:org.secpod.oval:def:18416 Enables Network Access Protection (NAP) functionality on client computers. oval:org.secpod.oval:def:18474 Provides support for 3rd party protocol plug-ins for Internet Connection Sharing oval:org.secpod.oval:def:18256 Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. oval:org.secpod.oval:def:18337 Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. oval:org.secpod.oval:def:18313 Provides launch functionality for DCOM services. oval:org.secpod.oval:def:18319 Processes application compatibility cache requests for applications as they are launched oval:org.secpod.oval:def:18315 Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. oval:org.secpod.oval:def:18207 This service performs IEEE 802.1X authentication on Ethernet interfaces. oval:org.secpod.oval:def:18220 Enables remote users to modify registry settings on this computer. oval:org.secpod.oval:def:18205 Provides user experience theme management. oval:org.secpod.oval:def:18309 The policy setting for this audit category determines whether to audit MPSSVC Rule-Level Policy changes on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18357 This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Main Mode settings. oval:org.secpod.oval:def:18375 Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings. oval:org.secpod.oval:def:18264 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates. oval:org.secpod.oval:def:18403 Provides notifications for AutoPlay hardware events. oval:org.secpod.oval:def:18249 Allows users to connect interactively to a remote computer. oval:org.secpod.oval:def:18184 Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. oval:org.secpod.oval:def:18346 This policy setting controls the behavior of application installation detection for the computer. oval:org.secpod.oval:def:18323 Allows the system to be configured to lock the user desktop upon smart card removal. oval:org.secpod.oval:def:18361 This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Handle Manipulation on Windows objects. oval:org.secpod.oval:def:18443 This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista. oval:org.secpod.oval:def:18311 Specify the maximum log file size for Application (KB) oval:org.secpod.oval:def:18186 Supports file, print, and named-pipe sharing over the network for this computer. oval:org.secpod.oval:def:18355 Specify the maximum log file size for Security (KB) oval:org.secpod.oval:def:18442 The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials. oval:org.secpod.oval:def:18288 Offers routing services to businesses in local area and wide area network environments. oval:org.secpod.oval:def:18246 Manages authentication, authorization, auditing, and accounting for virtual private network (VPN), dial-up, 802.1x wireless or Ethernet switch connection attempts sent by access servers that are compatible with the IETF RADIUS protocol. oval:org.secpod.oval:def:18496 This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. oval:org.secpod.oval:def:18451 Enables relative prioritization of work based on system-wide task priorities. oval:org.secpod.oval:def:18282 Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. oval:org.secpod.oval:def:18386 Creates and maintains client network connections to remote servers using the SMB protocol. oval:org.secpod.oval:def:18333 The policy setting controls whether to audit users who have accessed the Security Accounts Manager (SAM) object on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18344 Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. oval:org.secpod.oval:def:18494 Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. oval:org.secpod.oval:def:18450 Helps the computer run more efficiently by optimizing files on storage drives. oval:org.secpod.oval:def:18454 The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. oval:org.secpod.oval:def:18437 Maintains a secure channel between this computer and the domain controller for authenticating users and services. oval:org.secpod.oval:def:18225 This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Registry Object access events. oval:org.secpod.oval:def:18245 Host process for Function Discovery providers. oval:org.secpod.oval:def:18448 This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. oval:org.secpod.oval:def:18377 Monitors system events and notifies subscribers to COM+ Event System of these events. oval:org.secpod.oval:def:18473 This policy setting makes the Recovery Console SET command available. oval:org.secpod.oval:def:18198 The Kerberos Key Distribution Center service enables users to log on to the network and be authenticated by the Kerberos version 5 (v5) authentication protocol. oval:org.secpod.oval:def:18328 Specify the maximum log file size for System (KB) oval:org.secpod.oval:def:18233 Enables pairing between the system and wired or wireless devices. oval:org.secpod.oval:def:18453 Collects and stores configuration information for the network and notifies programs when this information is modified. oval:org.secpod.oval:def:18367 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. oval:org.secpod.oval:def:18423 This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. oval:org.secpod.oval:def:18213 This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. oval:org.secpod.oval:def:18273 This policy setting audits Security Group Management events. oval:org.secpod.oval:def:18275 Manages the configuration and tracking of Component Object Model (COM)+-based components. oval:org.secpod.oval:def:18269 This subcategory is not used. oval:org.secpod.oval:def:18415 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. oval:org.secpod.oval:def:18201 Provides DirectAccess status notification for UI components oval:org.secpod.oval:def:18332 AD DS Domain Controller service. oval:org.secpod.oval:def:18247 Manages audio for Windows-based programs. oval:org.secpod.oval:def:18444 This policy setting determines whether a computer can be shut down when a user is not logged on. oval:org.secpod.oval:def:18263 Maintains and improves system performance over time. oval:org.secpod.oval:def:18190 Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. oval:org.secpod.oval:def:18206 Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. oval:org.secpod.oval:def:18413 Maintains links between NTFS files within a computer or across computers in a network. oval:org.secpod.oval:def:18292 The Data Deduplication service enables the deduplication and compression of data on selected volumes in order to optimize disk space used. oval:org.secpod.oval:def:18312 Manages user-mode driver host processes. oval:org.secpod.oval:def:18310 This policy setting determines whether a user can log on to a Windows domain using cached account information. oval:org.secpod.oval:def:18479 Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. oval:org.secpod.oval:def:18260 This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows. oval:org.secpod.oval:def:18348 This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows. oval:org.secpod.oval:def:18465 This policy setting determines who is allowed to format and eject removable media. oval:org.secpod.oval:def:18268 Always install with elevated privileges oval:org.secpod.oval:def:18359 Determines if an anonymous user can request security identifier (SID) attributes for another user. oval:org.secpod.oval:def:18340 This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted. oval:org.secpod.oval:def:18396 This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. oval:org.secpod.oval:def:18385 This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. oval:org.secpod.oval:def:18321 This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. oval:org.secpod.oval:def:18248 This policy setting determines what additional permissions are assigned for anonymous connections to the computer oval:org.secpod.oval:def:18409 Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive. oval:org.secpod.oval:def:18266 This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths. oval:org.secpod.oval:def:18495 The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly. oval:org.secpod.oval:def:18490 This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions. oval:org.secpod.oval:def:18401 This policy setting determines the length of time before the Account lockout threshold resets to zero. oval:org.secpod.oval:def:18481 Select On to allow Windows Firewall to filter network traffic. Select Off to prevent Windows Firewall from using any firewall rules or connection security rules for this profile. oval:org.secpod.oval:def:18191 This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). oval:org.secpod.oval:def:18469 This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests. oval:org.secpod.oval:def:18430 This policy setting determines whether packet signing is required by the SMB client component. oval:org.secpod.oval:def:18223 Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic. oval:org.secpod.oval:def:18265 Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic. oval:org.secpod.oval:def:18388 This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen. oval:org.secpod.oval:def:18307 This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories. oval:org.secpod.oval:def:18390 This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. oval:org.secpod.oval:def:18513 The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. oval:org.secpod.oval:def:18512 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates. oval:org.secpod.oval:def:18511 Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. oval:org.secpod.oval:def:18510 Integrates disparate file shares into a single, logical namespace and manages these logical volumes. oval:org.secpod.oval:def:18517 The Net.Tcp Port Sharing Service provides the ability for multiple user processes to share TCP ports over the net.tcp protocol. oval:org.secpod.oval:def:18516 The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. oval:org.secpod.oval:def:18515 When this policy setting is enabled, a domain controller must authenticate the domain account used to unlock the computer. oval:org.secpod.oval:def:18514 Management Service for Remote Desktop Services oval:org.secpod.oval:def:18508 Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. oval:org.secpod.oval:def:18524 Provides automatic IPv6 connectivity over an IPv4 network. oval:org.secpod.oval:def:18523 Windows infrastructure service that controls which background tasks can run on the system. oval:org.secpod.oval:def:18522 This policy setting audits Distribution Group Management events. oval:org.secpod.oval:def:18521 Loads files to memory for later printing. oval:org.secpod.oval:def:18526 When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network. oval:org.secpod.oval:def:18525 Provides a common interface and object model to access management information about operating system, devices, applications and services. oval:org.secpod.oval:def:18520 WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. oval:org.secpod.oval:def:18519 The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. oval:org.secpod.oval:def:18518 The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18502 This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems. oval:org.secpod.oval:def:18500 This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. oval:org.secpod.oval:def:18506 This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy. oval:org.secpod.oval:def:18504 Allow NTLM to fall back to NULL session when used with LocalSystem. oval:org.secpod.oval:def:18503 Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. oval:org.secpod.oval:def:82799 This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM. if you disable this policy setting, responsiveness ... oval:org.secpod.oval:def:82794 This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Fix: (1) GPO: Computer Configuration\Ad ... oval:org.secpod.oval:def:82793 This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows. If you enable this policy setting, DEP for HTML Help Executable will be ... oval:org.secpod.oval:def:82792 This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to ... oval:org.secpod.oval:def:82791 Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\W ... oval:org.secpod.oval:def:82798 Antivirus programs are mandatory in many environments and provide a strong defense against attack. The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the reg ... oval:org.secpod.oval:def:82797 Turns off Real-Time Protection prompts for known malware detection. Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer. If you enable this policy setting, Windows Defender will not prompt users to take actions on malware ... oval:org.secpod.oval:def:82796 By default, all administrator accounts are displayed when you attempt to elevate a running application. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface!Enumerate administrator accounts on elevation (2) REG: HKEY_LOCAL_MACHINE\Software\Mic ... oval:org.secpod.oval:def:82795 This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format: \\TSClient\<driveletter>$ If local drives are shared they are left vulne ... oval:org.secpod.oval:def:82790 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Wi ... oval:org.secpod.oval:def:82789 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Use this option to log when Windows Firewall with Advanced Security allows ... oval:org.secpod.oval:def:82788 This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ... oval:org.secpod.oval:def:82783 This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server ... oval:org.secpod.oval:def:82782 Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error rep ... oval:org.secpod.oval:def:82781 The Windows Customer Experience Improvement Program will collect information about your hardware configuration and how you use our software and services to identify trends and usage patterns. We will not collect your name, address, or any other personally identifiable information. There are no surve ... oval:org.secpod.oval:def:82780 This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SM ... oval:org.secpod.oval:def:82787 Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. If you disable or do not configure this ... oval:org.secpod.oval:def:82786 This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. Note this does not affect the availability of user input methods on the lock screen or ... oval:org.secpod.oval:def:82785 This policy setting turns off toast notifications on the lock screen. If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen. If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can ... oval:org.secpod.oval:def:82784 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. If you enable this policy setting, the WinRM service will accept Basic authentication from a remote client. If you disable or do not configure this poli ... oval:org.secpod.oval:def:82779 This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the Users can?t add Microsoft accounts option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account t ... oval:org.secpod.oval:def:82778 This policy setting prohibits access to Windows Connect Now (WCN) wizards. If this policy setting is enabled, the wizards are disabled and users will have no access to any of the wizard tasks. All the configuration related tasks, including ?Set up a wireless router or access point? and ?Add a wirele ... oval:org.secpod.oval:def:82777 This policy setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings!Setting controls whether Windows ... oval:org.secpod.oval:def:82772 This policy setting determines which subsystems are used to support applications in your environment. Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, that is, type the first object on the l ... oval:org.secpod.oval:def:82771 This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-j ... oval:org.secpod.oval:def:82770 This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications on the ... oval:org.secpod.oval:def:82776 Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain ... oval:org.secpod.oval:def:82775 Turns off Windows Defender Real-Time Protection, and no more scans are scheduled. If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software. If you disable or do not configure this policy setting, by defau ... oval:org.secpod.oval:def:82774 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any pl ... oval:org.secpod.oval:def:82773 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:82769 This policy setting allows you to manage whether or not screen savers run. If the Screen Saver setting is disabled screen savers do not run and the screen saver section of the Screen Saver tab in Display in Control Panel is disabled. If this setting is enabled a screen saver will run if the followin ... oval:org.secpod.oval:def:82956 This policy setting allows users to manage the systems volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either lo ... oval:org.secpod.oval:def:82955 This policy setting determines which users who are logged on locally to the computers in your environment can shut down the operating system with the Shut Down command. Misuse of this user right can result in a denial of service condition. When configuring a user right in the SCM enter a comma deli ... oval:org.secpod.oval:def:82954 This policy setting determines which users can change the auditing options for files and directories and clear the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, ... oval:org.secpod.oval:def:82953 This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components. Developers who are debugging their own applications do not need to be assigned this user ... oval:org.secpod.oval:def:82959 This policy setting determines which users can use tools to monitor the performance of non-system processes. Typically, you do not need to configure this user right to use the Microsoft Management Console (MMC) Performance snap-in. However, you do need this user right if System Monitor is configured ... oval:org.secpod.oval:def:82958 This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users ... oval:org.secpod.oval:def:82957 This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they c ... oval:org.secpod.oval:def:82952 This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel mode have this user right inherently. Therefore, it is typically not necessary to specifically assign this user right. When configuring a user right in the SCM enter a comma ... oval:org.secpod.oval:def:82951 This policy setting allows a user to adjust the maximum amount of memory that is available to a process. The ability to adjust memory quotas is useful for system tuning, but it can be abused. In the wrong hands, it could be used to launch a denial of service (DoS) attack. When configuring a user ri ... oval:org.secpod.oval:def:82950 This policy setting determines which users can interactively log on to computers in your environment. Logons that are initiated by pressing the CTRL+ALT+DEL key sequence on the client computer keyboard require this user right. Users who attempt to log on through Terminal Services or IIS also require ... oval:org.secpod.oval:def:82945 This policy setting determines whether users can increase the base priority class of a process. (It is not a privileged operation to increase relative priority within a priority class.) This user right is not required by administrative tools that are supplied with the operating system but might be r ... oval:org.secpod.oval:def:82944 This policy setting allows accounts to log on using the task scheduler service. Because the task scheduler is often used for administrative purposes, it may be needed in enterprise environments. However, its use should be restricted in high security environments to prevent misuse of system resources ... oval:org.secpod.oval:def:82943 This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB) based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). When configuring a user right i ... oval:org.secpod.oval:def:82942 This setting determines which users can change the time zone of the computer. This ability holds no great danger for the computer and may be useful for mobile workers. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Activ ... oval:org.secpod.oval:def:82949 This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network. When configuring a user right in the SCM enter a comma delimited list of accounts ... oval:org.secpod.oval:def:82948 This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Scheduler to schedule jobs need this user right. The Deny log on as a batch job user right o ... oval:org.secpod.oval:def:82947 This policy setting allows users who do not have the Traverse Folder access permission to pass through folders when they browse an object path in the NTFS file system or the registry. This user right does not allow users to list the contents of a folder. When configuring a user right in the SCM ent ... oval:org.secpod.oval:def:82946 This policy setting allows users to dynamically load a new device driver on a system. An attacker could potentially use this capability to install malicious code that appears to be a device driver. This user right is required for users to add local printers or printer drivers in Windows Vista. When ... oval:org.secpod.oval:def:82941 This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. When configu ... oval:org.secpod.oval:def:82940 This policy setting allows users to shut down Windows based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft recommends ... oval:org.secpod.oval:def:82960 This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. If this user right is assigned, significant degradation of system performance can occur. When configuring a user right in the SCM enter a comma delimited l ... oval:org.secpod.oval:def:82919 Encryption Oracle Remediation This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable ... oval:org.secpod.oval:def:82918 This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications fr ... oval:org.secpod.oval:def:82917 This policy setting allows you to restrict remote RPC connections to SAM. The recommended state for this setting is: Administrators: Remote Access: Allow . Note: A Windows 10 R1607, Server 2016 or newer OS is required to access and set this value in Group Policy. Note 2: If your organiza ... oval:org.secpod.oval:def:82912 System-wide Address Space Layout Randomization setting Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\EMET\System ASLR (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings!ASLR oval:org.secpod.oval:def:82911 Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ... oval:org.secpod.oval:def:82910 Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ... oval:org.secpod.oval:def:82916 This subcategory reports events generated by the Kerberos Authentication Server. These events occur on the computer that is authoritative for the credentials. Events for this subcategory include: - 4768: A Kerberos authentication ticket (TGT) was requested. - 4771: Kerberos pre-authentication failed ... oval:org.secpod.oval:def:82915 This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this policy setting, users are not gi ... oval:org.secpod.oval:def:82914 This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1,024 kilobytes) and 2 terabytes (2,147,483,647 kilobytes) in kilobyte increments. If you disable or do not c ... oval:org.secpod.oval:def:82913 System-wide Structured Exception Handler Overwrite Protection setting Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\EMET\System SEHOP (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings!SEHOP oval:org.secpod.oval:def:82909 This settings determine if EMET mitigations are applied to Internet Explorer. The recommended state for this setting is: Enabled. Applying EMET mitigations to Internet Explorer will help reduce the reliability of exploits that target it. Fix: (1) GPO: Computer Configuration\Policies\Administrativ ... oval:org.secpod.oval:def:82908 Configure default action after detection and advanced ROP mitigation settings Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\EMET\Default Action and Mitigation Settings (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings!DeepHooks (2) REG: ... oval:org.secpod.oval:def:82907 This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ... oval:org.secpod.oval:def:82906 Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. Note: This policy does not apply to Windows RT. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enable ... oval:org.secpod.oval:def:82901 This security setting determines whether a different account name is associated with the security identifier (SID) for the account Guest Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Default: Guest. ... oval:org.secpod.oval:def:82900 This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Counter Measure: Assign the Deny ... oval:org.secpod.oval:def:82905 This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Win ... oval:org.secpod.oval:def:82904 This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through a ... oval:org.secpod.oval:def:82903 This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to respond to potential threats. The community also helps stop the spread of new malicious software infections. You can choose to send basic or additional information about detec ... oval:org.secpod.oval:def:82902 This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resour ... oval:org.secpod.oval:def:82939 This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ... oval:org.secpod.oval:def:82934 This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories on computers that run Windows Vista in your environment. This user right also determines which users can set valid security principa ... oval:org.secpod.oval:def:82933 This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user. When configuring a user right in the SCM enter a comma delimited list of ... oval:org.secpod.oval:def:82932 This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of servic ... oval:org.secpod.oval:def:82931 This privilege determines which user accounts can increase or decrease the size of a process's working set. The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an application to use without trigge ... oval:org.secpod.oval:def:82938 The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect, fo ... oval:org.secpod.oval:def:82937 This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ... oval:org.secpod.oval:def:82936 This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges. When configuring a user right in the SCM enter a comma ... oval:org.secpod.oval:def:82935 This policy setting allows users to circumvent file and directory permissions to back up the system. This user right is enabled only when an application (such as NTBACKUP) attempts to access a file or directory through the NTFS file system backup application programming interface (API). Otherwise, t ... oval:org.secpod.oval:def:82930 This policy setting determines which users or processes can generate audit records in the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. This poli ... oval:org.secpod.oval:def:82929 This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment. Users who are assigned this user right can affect the appearance of event logs. When a computer's time setting is changed, logged events reflect the new time ... oval:org.secpod.oval:def:82928 This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ... oval:org.secpod.oval:def:82923 Configures password parameters Password complexity: which characters are used when generating a new password Default: Large letters + small letters + numbers + special characters Password length Minimum: 8 characters Maximum: 64 characters Default: 14 characters Passw ... oval:org.secpod.oval:def:82922 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. If you enable this policy setting, the WinRM client will use Basic authentication. If WinRM is configured to use HTTP transport, then the user name and password are sent over the ... oval:org.secpod.oval:def:82921 Disabling this setting disables server-side processing of the SMBv1 protocol. (Recommended.) Enabling this setting enables server-side processing of the SMBv1 protocol. (Default.) Changes to this setting require a reboot to take effect. For more information, see https://support.microsoft.com/kb/2 ... oval:org.secpod.oval:def:82920 Configures the SMB v1 client driver's start type. To disable client-side processing of the SMBv1 protocol, select the "Enabled" radio button, then select "Disable driver" from the dropdown. WARNING: DO NOT SELECT THE "DISABLED" RADIO BUTTON UNDER ANY CIRCUMSTANCES! For Windows 7 and Servers 2008, ... oval:org.secpod.oval:def:82927 This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or c ... oval:org.secpod.oval:def:82926 This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or extremely small, an attacker could easily affect the performance of a compromised computer. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can ... oval:org.secpod.oval:def:82925 This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share ... oval:org.secpod.oval:def:82924 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the users computer. If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download s ... oval:org.secpod.oval:def:10940 The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ... oval:org.secpod.oval:def:10925 The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) in the SCE. oval:org.secpod.oval:def:10926 This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. oval:org.secpod.oval:def:10927 Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications. oval:org.secpod.oval:def:10928 Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications. oval:org.secpod.oval:def:10929 This setting requires if users need to maintain certain complexity or not. oval:org.secpod.oval:def:10920 This forces users to change their passwords regularly. oval:org.secpod.oval:def:10921 Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. oval:org.secpod.oval:def:10922 This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. oval:org.secpod.oval:def:10923 This setting requires users to wait for a certain number of days before changing their password again. oval:org.secpod.oval:def:10924 This policy setting determines the least number of characters that make up a password for a user account. oval:org.secpod.oval:def:10939 This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. oval:org.secpod.oval:def:10930 The Password protect the screen saver setting should be configured correctly. oval:org.secpod.oval:def:10931 This setting holds if we need to store passwords using reversible encryption. oval:org.secpod.oval:def:10932 Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ... oval:org.secpod.oval:def:10933 The Screen Saver timeout setting should be configured correctly. oval:org.secpod.oval:def:10914 The "Domain Controller: Refuse machine account password changes" setting should be configured correctly. oval:org.secpod.oval:def:10915 The "Domain member: Disable machine account password changes" setting should be configured correctly. oval:org.secpod.oval:def:10917 The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly. oval:org.secpod.oval:def:10918 This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. oval:org.secpod.oval:def:10919 The "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly oval:org.secpod.oval:def:10913 The "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly. oval:org.secpod.oval:def:82879 This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. If you disable this setting, scanning for all downloaded files and attachments will be d ... oval:org.secpod.oval:def:82878 Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates. If you disable or do not configure this setting, access to the Store application is allowed. Fix: (1) GPO: Computer ... oval:org.secpod.oval:def:82877 Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application will not offer updates to the latest version of Windows. If you disable or do not configure this setting the Store application will offer updates to the latest version ... oval:org.secpod.oval:def:82876 Enables or disables the automatic download and installation of app updates. If you enable this setting, the automatic download and installation of app updates is turned off. If you disable this setting, the automatic download and installation of app updates is turned on. If you do not configure t ... oval:org.secpod.oval:def:82871 This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ... oval:org.secpod.oval:def:82870 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ... oval:org.secpod.oval:def:82875 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you enable this policy setting, the PC network connectivity state cannot be changed without signing into Windows. If you disable or do not configure this policy setting, any use ... oval:org.secpod.oval:def:82874 This policy setting prevents computers from establishing multiple simultaneous connections to either the Internet or to a Windows domain. If this policy setting is enabled, when the computer has at least one active connection to the Internet, a new automatic connection attempt to the Internet ... oval:org.secpod.oval:def:82873 This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings di ... oval:org.secpod.oval:def:82872 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Digest authentication. If you enable this policy setting, the WinRM client will not use Digest authentication. If you disable or do not configure this policy setting, the WinRM client will us ... oval:org.secpod.oval:def:82868 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. If you disable or do not configure ... oval:org.secpod.oval:def:82867 This policy setting determines whether to require domain users to elevate when setting a network location. If you enable this policy setting, domain users must elevate when setting a network location. If you disable or do not configure this policy setting, domain users can set a network location w ... oval:org.secpod.oval:def:82866 This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate tem ... oval:org.secpod.oval:def:82865 Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Privat ... oval:org.secpod.oval:def:82869 Specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders. The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online. If you enable this setting, the task Order Prints Online is removed from Picture Tasks i ... oval:org.secpod.oval:def:82860 This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to shar ... oval:org.secpod.oval:def:82864 This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it is connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health analys ... oval:org.secpod.oval:def:82863 Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users will be able to use MSDT to collect and send diagnostic data to a support professional to resolve a problem. By default, the support provider is s ... oval:org.secpod.oval:def:82862 This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentication. If you enable this policy setting, the Stored User Names and Passwords feature of Windows does not store passwords and credentials. ... oval:org.secpod.oval:def:82861 This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server. Note: It can be very dangerous to add other s ... oval:org.secpod.oval:def:82899 This security setting determines which users can use performance monitoring tools to monitor the performance of system processes. Default: Administrators. Counter Measure: Ensure that only the local Administrators group is assigned the Profile system performance user right. Potential Impact: ... oval:org.secpod.oval:def:82898 This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ... oval:org.secpod.oval:def:82893 This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. If you disable or do not configure this policy setting, KMS client activation data w ... oval:org.secpod.oval:def:82892 Enables management of password for local administrator account If you enable this setting, local administrator password is managed If you disable or not configure this setting, local administrator password is NOT managed Counter Measure: Enable this setting. Potential Impact: Lo ... oval:org.secpod.oval:def:82891 When you enable this setting, planned password expiration longer than password age dictated by Password Settings policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. When you disable or not configure this se ... oval:org.secpod.oval:def:82890 This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconn ... oval:org.secpod.oval:def:82897 This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop- ... oval:org.secpod.oval:def:82896 This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - Good: T ... oval:org.secpod.oval:def:82895 This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabl ... oval:org.secpod.oval:def:82894 Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as op ... oval:org.secpod.oval:def:82889 This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy sett ... oval:org.secpod.oval:def:82888 This policy setting allows you to configure script scanning. If you enable or do not configure this setting, script scanning will be enabled. If you disable this setting, script scanning will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microso ... oval:org.secpod.oval:def:82887 Specifies if the DNS client will perform name resolution over DNS over HTTPS (DoH). By default, the DNS client will do classic DNS name resolution (over UDP or TCP). This setting can enhance the DNS client to use DoH protocol to resolve domain names. To use this policy setting, click Enabled, and ... oval:org.secpod.oval:def:82882 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port. If you enable this policy setting, the WinRM service automatically listens on the network for requests o ... oval:org.secpod.oval:def:82881 When WDigest authentication is enabled, Lsass.exe retains a copy of the user plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed. If this setting is not configured, WDigest authentication is disabled in Windows 8. ... oval:org.secpod.oval:def:82880 This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. If you enable this setting, removable drives will be scanned during any type of scan. If you disable ... oval:org.secpod.oval:def:82886 This policy setting allows you to control whether a domain user can sign in using a convenience PIN. In Windows 10, convenience PIN was replaced with Passport, which has stronger security properties. To configure Passport for domain users, use the policies under Computer configuration\Administrative ... oval:org.secpod.oval:def:82885 This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting, behavior monitoring will be enabled. If you disable this setting, behavior monitoring will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Component ... oval:org.secpod.oval:def:82884 This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. If yo ... oval:org.secpod.oval:def:82883 This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this setting, Watson events will be sent. If you disable this setting, Watson events will not be sent. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Compon ... oval:org.secpod.oval:def:82835 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is ... oval:org.secpod.oval:def:82834 This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it. If you enable this policy setting, users cannot participate in ... oval:org.secpod.oval:def:82833 This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. If you disable or do not confi ... oval:org.secpod.oval:def:82832 This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows t ... oval:org.secpod.oval:def:82839 Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Ser ... oval:org.secpod.oval:def:82838 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. ... oval:org.secpod.oval:def:82837 This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time. If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances: Auto ... oval:org.secpod.oval:def:82836 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Pri ... oval:org.secpod.oval:def:82831 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:82830 Microsoft recommends that you use this setting, if appropriate to your environment and your organization business requirements, to help protect end user computers. This policy setting allows text to be specified in the title bar of the window that users see when they log on to the system. This poli ... oval:org.secpod.oval:def:82829 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Sett ... oval:org.secpod.oval:def:82824 This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook? Express with information about their zone of origin (such as restricted, Internet, intranet, or local). This policy setting requires that files be downloaded to NTFS disk part ... oval:org.secpod.oval:def:82823 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Use this option to log when Windows Firewall with Advanced Security allows ... oval:org.secpod.oval:def:82822 This policy controls whether the print spooler will accept client connections. When the policy is unconfigured, the spooler will not accept client connections until a user shares out a local printer or opens the print queue on a printer connection, at which point spooler will begin accepting client ... oval:org.secpod.oval:def:82821 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in t ... oval:org.secpod.oval:def:82828 This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ... oval:org.secpod.oval:def:82827 This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the M ... oval:org.secpod.oval:def:82826 Local Link Multicast Name Resolution (LLMNR) is a secondary name resolution protocol. Queries are sent over the Local Link, a single subnet, from a client machine using Multicast to which another client on the same link, which also has LLMNR enabled, can respond. LLMNR provides name resolution in sc ... oval:org.secpod.oval:def:82825 This policy setting allows you to prevent Windows Media Player from downloading codecs. If you enable this policy setting, the Player is prevented from automatically downloading codecs to your computer. In addition, the Download codecs automatically check box on the Player tab in the Player is not ... oval:org.secpod.oval:def:82820 This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process. If ... oval:org.secpod.oval:def:82857 Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ... oval:org.secpod.oval:def:82856 The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE. Internet Control M ... oval:org.secpod.oval:def:82855 This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over H ... oval:org.secpod.oval:def:82854 This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ... oval:org.secpod.oval:def:82859 The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to Do ... oval:org.secpod.oval:def:82858 Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication pro ... oval:org.secpod.oval:def:82853 This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature. If you disable or do not configure ... oval:org.secpod.oval:def:82852 This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connecti ... oval:org.secpod.oval:def:82851 Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ... oval:org.secpod.oval:def:82850 This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file type or protocol association. When a user opens a file type or protocol that is not associated with any applications on the computer, the user is given the choice to selec ... oval:org.secpod.oval:def:82846 Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\File Explorer!Turn off Data Execution Prevention for Explorer (2) REG: HKEY_LOCAL_MACHINE\So ... oval:org.secpod.oval:def:82845 Specifies whether Remote Desktop Services retains a user per-session temporary folders at logoff. You can use this setting to maintain a user session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user tempora ... oval:org.secpod.oval:def:82844 Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services ... oval:org.secpod.oval:def:82843 This policy setting allows you to set the encryption types that Kerberos is allowed to use. This policy is supported on at least Windows 7 or Windows Server 2008 R2. This policy setting allows you to set the encryption types that Kerberos is allowed to use. Fix: (1) GPO: Computer Configuration\W ... oval:org.secpod.oval:def:82849 Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You may want to disable this service if you decide to use a third-party time provider. Fix: (1) GPO: Computer Configuration\Administra ... oval:org.secpod.oval:def:82848 This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers. If you disable or do not configure this policy setting, connected users will be enumerat ... oval:org.secpod.oval:def:82847 This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user cannot set up or sign in with a picture password. If you disable or do not configure this policy setting, a domain user can set up and use a pictur ... oval:org.secpod.oval:def:82842 Prevents Group Policy from being updated while the computer is in use. This setting applies to Group Policy for computers, users, and domain controllers. If you enable this setting, the system waits until the current user logs off the system before updating the computer and user settings. If you d ... oval:org.secpod.oval:def:82841 This policy setting allows you to restrict users to a single remote Remote Desktop Services session. If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves t ... oval:org.secpod.oval:def:82840 This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ... oval:org.secpod.oval:def:82819 Specifies whether the Windows NTP Server is enabled. Enabling the Windows NTP Server allows your computer to service NTP requests from other machines. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers!Enable Windows NTP Server (2) REG: HKEY_L ... oval:org.secpod.oval:def:82818 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this ... oval:org.secpod.oval:def:82813 Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the Choose a list of Internet Service Providers path in the Internet Connection Wizard will cause the wizard to exit. This prevents users fr ... oval:org.secpod.oval:def:82812 This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders. This policy setting specifies whether the tasks Publish this file to the Web, Publish ... oval:org.secpod.oval:def:82811 This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C$, etc.). Local accounts are at high risk for credential theft when the same account and password is configured on multiple systems. Enabling this policy significantly ... oval:org.secpod.oval:def:82810 This policy setting specifies that Automatic Updates will wait for computers to be restarted by the users who are logged on to them to complete a scheduled installation. If you enable the No auto-restart for scheduled Automatic Updates installations setting, Automatic Updates does not restart compu ... oval:org.secpod.oval:def:82817 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Sett ... oval:org.secpod.oval:def:82816 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:82815 Microsoft recommends that you use this setting, if appropriate to your environment and your organization business requirements, to help protect end user computers. This policy setting specifies a text message that displays to users when they log on. This policy setting specifies a text message that ... oval:org.secpod.oval:def:82814 This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used. With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used. This informati ... oval:org.secpod.oval:def:82809 This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (O ... oval:org.secpod.oval:def:82808 This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy w ... oval:org.secpod.oval:def:82807 This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users can?t access OneDrive from the OneDrive app and file picker. * Windows Store apps can?t access OneDrive using the WinRT API. * OneDrive doesn?t appear in the navig ... oval:org.secpod.oval:def:82802 The registry value entry KeepAliveTime was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended) in the SCE. This ... oval:org.secpod.oval:def:82801 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ... oval:org.secpod.oval:def:82800 Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\File Explorer!Turn ... oval:org.secpod.oval:def:82806 This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in pla ... oval:org.secpod.oval:def:82805 This policy setting allows you to disable the client computer?s ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet. This policy setting allows you to disable the client computer?s ability to print over HTTP, which allows the computer t ... oval:org.secpod.oval:def:82804 This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. Fix: (1) GPO: Computer ... oval:org.secpod.oval:def:82803 The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\ Parameters\ registry key. The entry appears as MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS ser ... |