[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:18107
Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com

oval:org.secpod.oval:def:18079
This definition tests the maximum allowed size of the setup log is equal to or greater than the supplied value.

oval:org.secpod.oval:def:18178
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:18086
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:org.secpod.oval:def:18093
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:org.secpod.oval:def:18088
Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider

oval:org.secpod.oval:def:18101
No one is allowed to logon to the computer using Remote Desktop Services

oval:org.secpod.oval:def:18140
Turn Off Internet File Association Service

oval:org.secpod.oval:def:18148
The location service on mobile devices may allow sensitive data to be used by applications on the system. This should be turned off unless explicitly allowed for approved systems/applications.

oval:org.secpod.oval:def:18098
Do not create system restore point when new device driver installed

oval:org.secpod.oval:def:18097
Prevent the computer from joining a HomeGroup

oval:org.secpod.oval:def:18160
This policy setting determines the number of days that you must use a password before you can change it.

oval:org.secpod.oval:def:18089
Do not send a Windows Error Report when a generic driver is installed on a device

oval:org.secpod.oval:def:18110
Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS)

oval:org.secpod.oval:def:18126
This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user.

oval:org.secpod.oval:def:18076
Turn off shell protocol protected mode

oval:org.secpod.oval:def:18109
Enabling trusted app installation allows for enterprise line of business Windows 8 type apps. A trusted app package is one that is signed with a certificate chain that can be successfully validated in the enterprise. Configuring this ensures enterprise line of business apps are accessible.

oval:org.secpod.oval:def:18162
This policy setting helps prevent Terminal Services clients from saving passwords on a computer.

oval:org.secpod.oval:def:18085
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS)

oval:org.secpod.oval:def:18122
Requiring warning text to display when allowing helpdesk personnel to connect to a system with remote assistance ensures personnel are aware of the activity and enforces the need to monitor the activity.

oval:org.secpod.oval:def:18077
Require domain users to elevate when setting a network's location

oval:org.secpod.oval:def:18136
Default behavior for AutoRun

oval:org.secpod.oval:def:18159
Visible passwords may be seen by nearby persons, compromising them. The password reveal button can be used to display an entered password and must not be allowed.

oval:org.secpod.oval:def:18158
Turn Off Handwriting Reconition Error Reporting

oval:org.secpod.oval:def:18139
Multiple network connections can provide additional attack vectors to a system and should be limited. When connected to a domain, communication must go through the domain connection.

oval:org.secpod.oval:def:18125
Turn Off Microsoft Peer-to-Peer Networking Services

oval:org.secpod.oval:def:18138
Prohibit installation and configuration of Network Bridge on your DNS domain network

oval:org.secpod.oval:def:18149
No one is allowed to logon as a service

oval:org.secpod.oval:def:18114
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network.

oval:org.secpod.oval:def:18092
Users must be aware of attempted program installations. This setting ensures users are notified if a web-based program attempts to install software.

oval:org.secpod.oval:def:18120
Allowing different input methods for sign-in could open different avenues of attack. User input methods must be restricted to those enabled for the system account at sign-in.

oval:org.secpod.oval:def:18135
Verify that the failure audit setting for 'Audit File System' has been set appropriately.

oval:org.secpod.oval:def:18143
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes

oval:org.secpod.oval:def:18134
Extend Point and Print connection to search Windows Update and use alternate cooection if needed

oval:org.secpod.oval:def:18145
Remote Desktop Services is configured to allow an idle session limit no greater than 15 minutes

oval:org.secpod.oval:def:18156
Teredo State

oval:org.secpod.oval:def:18082
If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user.

oval:org.secpod.oval:def:18127
Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system. This setting will pre ...

oval:org.secpod.oval:def:18152
Verify that the failure audit setting for 'Audit: Audit Policy Change' has been set appropriately.

oval:org.secpod.oval:def:18090
If this setting is enabled Windows Error Reporting events will not be logged to the system event log.

oval:org.secpod.oval:def:18165
This policy setting determines whether a domain member can periodically change its computer account password.

oval:org.secpod.oval:def:18141
Uncontrolled installation of applications can introduce various issues, including system instability and allow access to sensitive information. Installation of applications must be controlled by the enterprise. Turning off access to the Windows Store will limit access to publicly available applicati ...

oval:org.secpod.oval:def:18151
When Windows Defender detects software or changes by software not yet classified for risks, you see how other members responded to the alert. In turn, the action you apply help other members choose how to respond. Your actions also help Microsoft choose which software to investigate for potential th ...

oval:org.secpod.oval:def:18154
Disable the Mapper I/O Driver AllowLLTDIOOnDomain, AllowLLTDIOOnPublicNet, EnableLLTDIO, and ProhibitLLTDIOOnPrivateNet settings

oval:org.secpod.oval:def:18096
Remote Desktop Services is not configured to use a common temporary folder for all sessions

oval:org.secpod.oval:def:18113
Uncontrolled installation of applications can introduce various issues including system instability, and provide access to sensitive information. Installation of applications must be controlled by the enterprise. Turning off access to the Windows Store will limit access to publicly available applica ...

oval:org.secpod.oval:def:18177
do not process the run once list

oval:org.secpod.oval:def:18095
Turning off an inactive display supports energy saving initiatives. It may also extend availability on systems running on a battery.

oval:org.secpod.oval:def:18081
IPSec exemptions are limited

oval:org.secpod.oval:def:18164
Specifies whether or not the user is prompted for a password when the system resumes from sleep.

oval:org.secpod.oval:def:18111
Prohibit Access of the Windows Connect Now Wizards

oval:org.secpod.oval:def:18115
Allow remote access to the PnP interface

oval:org.secpod.oval:def:18171
This policy setting determines the least number of characters that make up a password for a user account.

oval:org.secpod.oval:def:18091
Always Use Classic Logon

oval:org.secpod.oval:def:18155
Network security: Force logoff when logon hours expire

oval:org.secpod.oval:def:18080
Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Services or Remote Desktop

oval:org.secpod.oval:def:18118
Uncontrolled system updates can introduce issues to a system. Obtaining update components from an outside source may also potentially allow sensitive information outside of the enterprise. Application updates must be obtained from an internal source.

oval:org.secpod.oval:def:18075
Multiple network connections can provide additional attack vectors to a system and must be limited.

oval:org.secpod.oval:def:18117
Prevent indexing uncached Exchange folders

oval:org.secpod.oval:def:18144
Turn Off the "Order Prints" Picture Task

oval:org.secpod.oval:def:18084
Installation options for applications are typically controlled by administrators. This setting prevents users from changing installation options that may bypass security features.

oval:org.secpod.oval:def:18168
The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) in the SCE.

oval:org.secpod.oval:def:18174
Allow NTLM to fall back to NULL session when used with LocalSystem.

oval:org.secpod.oval:def:18100
Network access: Do not allow storage of credentials or .NET Passports for network authentication

oval:org.secpod.oval:def:18087
No one is allowed to logon as a batch job

oval:org.secpod.oval:def:18137
Turn off game updates

oval:org.secpod.oval:def:18173
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection.

oval:org.secpod.oval:def:18112
App notifications that are displayed on the lock screen could display sensitive information to unauthorized personnel. Turning off this feature will limit access to the information to a logged on user.

oval:org.secpod.oval:def:18105
Turn off handwriting personalization data sharing

oval:org.secpod.oval:def:18132
Turn on session logging

oval:org.secpod.oval:def:18124
Turn Off Registration if URL Connection is Referring to Microsoft.com

oval:org.secpod.oval:def:18146
Root certificates will not be updated automatically from Microsoft

oval:org.secpod.oval:def:18119
MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds

oval:org.secpod.oval:def:18147
Enable/Disable PerfTrack

oval:org.secpod.oval:def:18123
Windows Customer Experience Improvement Program is disabled

oval:org.secpod.oval:def:18102
The system is configured to prevent name-release attacks

oval:org.secpod.oval:def:18121
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:org.secpod.oval:def:18170
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password.

oval:org.secpod.oval:def:18131
Route all traffic through the internal network

oval:org.secpod.oval:def:18128
6to4 State

oval:org.secpod.oval:def:18153
MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)

oval:org.secpod.oval:def:18142
Turning off an inactive display supports energy saving initiatives. It may also extend availability on systems running on a battery.

oval:org.secpod.oval:def:18175
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console

oval:org.secpod.oval:def:18116
Remote Desktop Services is configured to set a time limit for disconnected sessions

oval:org.secpod.oval:def:18176
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:18103
Audit the access of global system objects is disabled

oval:org.secpod.oval:def:18129
This forces users to change their passwords regularly.

oval:org.secpod.oval:def:18099
Uncontrolled system updates can introduce issues to a system. Obtaining update components from an outside source may also potentially provide sensitive information outside of the enterprise. Optional component installation or repair must be obtained from an internal source.

oval:org.secpod.oval:def:18104
Prevent device metadata retrieval from internet

oval:org.secpod.oval:def:18094
Disable the Responder network protocol driver AllowRspndrOnDomain, AllowRspndrOnPublicNet, EnableRspndr, and ProhibitRspndrOnPrivateNet settings

oval:org.secpod.oval:def:18133
Allowing biometrics may bypass required authentication methods. Biometrics may only be used as an additional authentication factor where an enhanced strength of identity credential is necessary or desirable. Additional factors must be met per DoD policy.

oval:org.secpod.oval:def:18108
Media Player is configured to allow automatic checking for updates

oval:org.secpod.oval:def:18167
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

oval:org.secpod.oval:def:18163
This policy setting determines how far in advance users are warned that their password will expire.

oval:org.secpod.oval:def:18161
This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity.

oval:org.secpod.oval:def:18130
Allowing unsecure RPC communication exposes the system to man in the middle attacks and data disclosure attacks. A man in the middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will mo ...

oval:org.secpod.oval:def:18150
Network access: Shares that can be accessed anonymously

oval:org.secpod.oval:def:13907
This setting determines the behavior for outbound connections that do not match an outbound firewall rule.

oval:org.secpod.oval:def:13906
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands.

oval:org.secpod.oval:def:13909
This policy setting audits logon events other than credential validation and Kerberos Ticket Events.

oval:org.secpod.oval:def:13908
The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key

oval:org.secpod.oval:def:13901
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.

oval:org.secpod.oval:def:13900
This setting determines which users can change the time zone of the computer. This ability holds no great danger for the computer and may be useful for mobile workers.

oval:org.secpod.oval:def:13903
This policy setting determines whether the system shuts down if it is unable to log Security events.

oval:org.secpod.oval:def:13902
This policy setting allows you to set the encryption types that Kerberos is allowed to use.

oval:org.secpod.oval:def:13905
This policy setting specifies whether Windows will search Windows Update for device drivers when no local drivers for a device are present.

oval:org.secpod.oval:def:13904
Require additional authentication at startup

oval:org.secpod.oval:def:14001
This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:14000
When this policy setting is enabled, a domain controller must authenticate the domain account used to unlock the computer.

oval:org.secpod.oval:def:14003
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access.

oval:org.secpod.oval:def:14002
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with the DPAPI Activity.

oval:org.secpod.oval:def:14005
This policy setting audits Distribution Group Management events.

oval:org.secpod.oval:def:14004
Select On to allow Windows Firewall to filter network traffic. Select Off to prevent Windows Firewall from using any firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:14007
The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:14006
The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE.

oval:org.secpod.oval:def:14034
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:14033
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:14036
This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista.

oval:org.secpod.oval:def:14035
The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:14038
When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network.

oval:org.secpod.oval:def:14037
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:14039
Configure use of passwords for removable data drives

oval:org.secpod.oval:def:14030
This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.

oval:org.secpod.oval:def:14032
This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories on computers that run Windows Vista in your environment.

oval:org.secpod.oval:def:14031
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

oval:org.secpod.oval:def:10903
Password must meet complexity requirements.

oval:org.secpod.oval:def:10904
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:10906
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when t ...

oval:org.secpod.oval:def:10907
Reversible Password Encryption

oval:org.secpod.oval:def:10908
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:10909
The Screen Saver timeout setting should be configured correctly.

oval:org.secpod.oval:def:14045
Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Termination.

oval:org.secpod.oval:def:14044
Choose how BitLocker-protected operating system drives can be recovered

oval:org.secpod.oval:def:14046
Allow access to BitLocker-protected removable data drives from earlier versions of Windows

oval:org.secpod.oval:def:14041
This setting determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It targets application generated events.

oval:org.secpod.oval:def:14040
This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista.

oval:org.secpod.oval:def:14043
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.

oval:org.secpod.oval:def:14042
This policy setting allows users who do not have the Traverse Folder access permission to pass through folders when they browse an object path in the NTFS file system or the registry.

oval:org.secpod.oval:def:14012
Disallow Digest authentication

oval:org.secpod.oval:def:14011
This policy setting allows users to configure the system-wide environment variables that affect hardware configuration.

oval:org.secpod.oval:def:14014
This policy setting allows users to dynamically load a new device driver on a system.

oval:org.secpod.oval:def:14013
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:14016
This policy setting determines who is allowed to format and eject removable media.

oval:org.secpod.oval:def:14015
This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.

oval:org.secpod.oval:def:14018
This option determines if this computer can receive unicast responses to multicast or broadcast messages that it initiates. Unsolicited unicast responses are blocked regardless of this setting.

oval:org.secpod.oval:def:14017
The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials.

oval:org.secpod.oval:def:14010
This policy setting makes the Recovery Console SET command available.

oval:org.secpod.oval:def:14009
Turn off Data Execution Prevention for Explorer

oval:org.secpod.oval:def:14008
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:14023
This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network.

oval:org.secpod.oval:def:14022
This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.

oval:org.secpod.oval:def:14025
This policy setting allows users to circumvent file and directory permissions to back up the system.

oval:org.secpod.oval:def:14024
This policy setting determines which users can interactively log on to computers in your environment.

oval:org.secpod.oval:def:14027
Allow unencrypted traffic (Service)

oval:org.secpod.oval:def:14026
Configure Solicited Remote Assistance

oval:org.secpod.oval:def:14029
Boot-Start Driver Initialization Policy

oval:org.secpod.oval:def:14028
This policy setting audits Application Group Management events.

oval:org.secpod.oval:def:14021
The Account Logon audit category generates events for credential validation.

oval:org.secpod.oval:def:14020
This setting controls whether local administrators are allowed to create local firewall rules that apply with other firewall rules enforced by Group Policy.

oval:org.secpod.oval:def:14019
Specify the search server for device driver updates

oval:org.secpod.oval:def:13899
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.

oval:org.secpod.oval:def:13898
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:13880
This subcategory is not used.

oval:org.secpod.oval:def:13882
This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel mode have this user right inherently. Therefore, it is typically not necessary to specifically assign this user right.

oval:org.secpod.oval:def:13881
This policy setting controls whether application write failures are redirected to defined registry and file system locations.

oval:org.secpod.oval:def:13884
Setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards.

oval:org.secpod.oval:def:13883
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.

oval:org.secpod.oval:def:13886
This policy setting determines which users can create symbolic links.

oval:org.secpod.oval:def:13885
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to File System object access processes.

oval:org.secpod.oval:def:13998
This policy setting audits Other Account Management events.

oval:org.secpod.oval:def:13877
This policy setting determines whether a user can log on to a Windows domain using cached account information.

oval:org.secpod.oval:def:13876
Setting controls the auto-restart functionality of the operating system

oval:org.secpod.oval:def:13997
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:13879
Configure use of hardware-based encryption for operating system drives

oval:org.secpod.oval:def:13999
This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used.

oval:org.secpod.oval:def:13878
Always install with elevated privileges

oval:org.secpod.oval:def:13891
This policy setting specifies whether computers in your environment will receive security updates from Windows Update or WSUS

oval:org.secpod.oval:def:13890
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Kernal Object access processes.

oval:org.secpod.oval:def:13893
This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Other Object Access events.

oval:org.secpod.oval:def:13892
The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13895
Control Event Log behavior when the log file reaches its maximum size (System)

oval:org.secpod.oval:def:13894
The policy setting for this audit category determines whether to audit Filtering Platform Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13897
Choose how BitLocker-protected fixed drives can be recovered

oval:org.secpod.oval:def:13896
This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:13888
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:13887
This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.

oval:org.secpod.oval:def:13889
This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.

oval:org.secpod.oval:def:13820
This policy setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. It affects the SMB component.

oval:org.secpod.oval:def:13940
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings.

oval:org.secpod.oval:def:13819
This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.

oval:org.secpod.oval:def:13939
Do not enumerate connected users on domain-joined computers

oval:org.secpod.oval:def:13818
This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths.

oval:org.secpod.oval:def:13932
Specify the maximum log file size (KB) (System)

oval:org.secpod.oval:def:13811
This policy setting determines the amount of time before previously scheduled Automatic Update installations will proceed after system startup.

oval:org.secpod.oval:def:13931
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:13810
This policy setting determines which users who are logged on locally to the computers in your environment can shut down the operating system with the Shut Down command.

oval:org.secpod.oval:def:13934
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.

oval:org.secpod.oval:def:13813
This policy setting determines whether users can create global objects that are available to all sessions.

oval:org.secpod.oval:def:13812
Configure use of passwords for operating system drives

oval:org.secpod.oval:def:13933
This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed.

oval:org.secpod.oval:def:13936
This policy setting determines the length of time before the Account lockout threshold resets to zero.

oval:org.secpod.oval:def:13815
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.

oval:org.secpod.oval:def:13814
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.

oval:org.secpod.oval:def:13935
This policy setting allows you to disable the client computers ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet.

oval:org.secpod.oval:def:13817
This policy setting in the DS Access audit category enables domain controllers to report detailed information about information that replicates between domain controllers.

oval:org.secpod.oval:def:13938
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to dropped packet events by the Filtering Pl

oval:org.secpod.oval:def:13937
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.

oval:org.secpod.oval:def:13816
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:13950
The policy setting for this audit category determines whether to audit MPSSVC Rule-Level Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13952
Control Event Log behavior when the log file reaches its maximum size (Security)

oval:org.secpod.oval:def:13831
Configure Windows SmartScreen

oval:org.secpod.oval:def:13951
Specify the maximum log file size (KB) (Application)

oval:org.secpod.oval:def:13830
Turn on PIN sign-in

oval:org.secpod.oval:def:13829
This policy setting determines whether users can log on as Terminal Services clients.

oval:org.secpod.oval:def:13822
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.

oval:org.secpod.oval:def:13943
The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:13821
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:13942
This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to connections to the Filtering Platform.

oval:org.secpod.oval:def:13824
Configure use of passwords for fixed data drives

oval:org.secpod.oval:def:13945
Specify the maximum log file size (KB) (Security)

oval:org.secpod.oval:def:13944
Configure use of hardware-based encryption for removable data drives

oval:org.secpod.oval:def:13823
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).

oval:org.secpod.oval:def:13947
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates.

oval:org.secpod.oval:def:13826
This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or extremely small, an attacker could easily affect the performance of a compromised computer.

oval:org.secpod.oval:def:13825
Choose how BitLocker-protected removable drives can be recovered

oval:org.secpod.oval:def:13946
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares.

oval:org.secpod.oval:def:13828
Allow Standby States (S1-S3) When Sleeping (On Battery)

oval:org.secpod.oval:def:13949
This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:13827
Enumerate local users on domain-joined computers

oval:org.secpod.oval:def:13948
This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen.

oval:org.secpod.oval:def:13918
This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid.

oval:org.secpod.oval:def:13917
This policy setting determines whether packet signing is required by the SMB client component.

oval:org.secpod.oval:def:13919
This policy setting for the DS Access audit category enables reports to result when replication between two domain controllers starts and ends.

oval:org.secpod.oval:def:13910
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Main Mode settings.

oval:org.secpod.oval:def:13912
This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup.

oval:org.secpod.oval:def:13911
This policy setting audits Security Group Management events.

oval:org.secpod.oval:def:13914
This setting determines the behavior for inbound connections that do not match an inbound firewall rule.

oval:org.secpod.oval:def:13913
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.

oval:org.secpod.oval:def:13916
Choose drive encryption method and cipher strength

oval:org.secpod.oval:def:13915
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again.

oval:org.secpod.oval:def:13930
Allow Basic authentication (Client)

oval:org.secpod.oval:def:13808
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:13929
Allow Basic authentication (Server)

oval:org.secpod.oval:def:13807
Configure Offer Remote Assistance

oval:org.secpod.oval:def:13928
This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges.

oval:org.secpod.oval:def:13809
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:13921
Configure use of hardware-based encryption for fixed data drives

oval:org.secpod.oval:def:13920
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings.

oval:org.secpod.oval:def:13923
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:13922
This policy setting determines what additional permissions are assigned for anonymous connections to the computer

oval:org.secpod.oval:def:13925
This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Handle Manipulation on Windows objects.

oval:org.secpod.oval:def:13924
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:13806
Allow unencrypted traffic (Client)

oval:org.secpod.oval:def:13927
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.

oval:org.secpod.oval:def:13926
This policy setting controls the behavior of application installation detection for the computer.

oval:org.secpod.oval:def:13981
The policy setting controls whether to audit users who have accessed the Security Accounts Manager (SAM) object on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13980
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation.

oval:org.secpod.oval:def:13862
This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders.

oval:org.secpod.oval:def:13983
This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy.

oval:org.secpod.oval:def:13982
This policy setting determines whether a computer can be shut down when a user is not logged on.

oval:org.secpod.oval:def:13861
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

oval:org.secpod.oval:def:13985
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down.

oval:org.secpod.oval:def:13864
This policy setting controls the level of validation a computer with shared folders or printers performs on the service principal name provided by the client computer when it establishes a session using the server message block (SMB) protocol

oval:org.secpod.oval:def:13984
This policy setting determines which accounts will not be able to log on to the computer as a batch job.

oval:org.secpod.oval:def:13863
This policy setting in the DS Access audit category enables reports to result when changes to create, modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS).

oval:org.secpod.oval:def:13855
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing.

oval:org.secpod.oval:def:13976
This policy setting allows users to shut down Windows Vistabased computers from remote locations on the network.

oval:org.secpod.oval:def:13975
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:13854
This audit category generates events that record the creation and destruction of logon sessions. This setting targets IPsec Quick Mode settings.

oval:org.secpod.oval:def:13857
This privilege determines which user accounts can increase or decrease the size of a processs working set.

oval:org.secpod.oval:def:13978
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Extended Mode settings.

oval:org.secpod.oval:def:13856
This policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user.

oval:org.secpod.oval:def:13977
This policy setting audits Account Management events.

oval:org.secpod.oval:def:13859
This policy setting audits Computer Account Management events.

oval:org.secpod.oval:def:13858
This policy setting determines which users can use tools to monitor the performance of non-system processes.

oval:org.secpod.oval:def:13979
This policy setting allows users to manage the systems volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition.

oval:org.secpod.oval:def:13990
This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+).

oval:org.secpod.oval:def:13992
Configure use of smart cards on removable data drives

oval:org.secpod.oval:def:13871
Setting displays notifications to the user when a program is blocked from receiving inbound connections.

oval:org.secpod.oval:def:13870
This is an advanced security setting for the Windows Firewall that you can use to allow unicast responses on computers running Windows Vista or later.

oval:org.secpod.oval:def:13991
This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions.

oval:org.secpod.oval:def:13873
Allow enhanced PINs for startup

oval:org.secpod.oval:def:13994
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason.

oval:org.secpod.oval:def:13993
Controls whether computer receives unicast responses to its outgoing multicast or broadcast messages.

oval:org.secpod.oval:def:13875
This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.

oval:org.secpod.oval:def:13996
This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows.

oval:org.secpod.oval:def:13874
The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE.

oval:org.secpod.oval:def:13995
Restrict Unauthenticated RPC clients

oval:org.secpod.oval:def:13987
Configure registry policy processing

oval:org.secpod.oval:def:13866
This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components.

oval:org.secpod.oval:def:13865
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:13986
This policy setting determines whether users can increase the base priority class of a process. (It is not a privileged operation to increase relative priority within a priority class.)

oval:org.secpod.oval:def:13868
This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. If this user right is assigned, significant degradation of system performance can occur.

oval:org.secpod.oval:def:13989
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.

oval:org.secpod.oval:def:13988
Configure minimum PIN length for startup

oval:org.secpod.oval:def:13867
This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment.

oval:org.secpod.oval:def:13869
This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Registry Object access events.

oval:org.secpod.oval:def:13961
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes.

oval:org.secpod.oval:def:13840
This policy setting determines how network logons that use local accounts are authenticated.

oval:org.secpod.oval:def:13960
This audit category generates events that record the creation and destruction of logon sessions.

oval:org.secpod.oval:def:13963
Allow Secure Boot for integrity validation

oval:org.secpod.oval:def:13842
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.

oval:org.secpod.oval:def:13962
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.

oval:org.secpod.oval:def:13841
This policy setting determines which users or processes can generate audit records in the Security log.

oval:org.secpod.oval:def:18172
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key.

oval:org.secpod.oval:def:13954
Configure use of smart cards on fixed data drives

oval:org.secpod.oval:def:13833
By default, all administrator accounts are displayed when you attempt to elevate a running application.

oval:org.secpod.oval:def:13832
This policy setting prevents users from adding new Microsoft accounts on this computer.

oval:org.secpod.oval:def:13953
This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network.

oval:org.secpod.oval:def:13835
Disallow WinRM from storing RunAs credentials

oval:org.secpod.oval:def:13956
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:13834
Prevent installation of devices using drivers that match these device setup classes

oval:org.secpod.oval:def:13955
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.

oval:org.secpod.oval:def:13958
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.

oval:org.secpod.oval:def:13837
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:13836
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:13957
This policy setting allows a user to adjust the maximum amount of memory that is available to a process.

oval:org.secpod.oval:def:13839
Control Event Log behavior when the log file reaches its maximum size (Application)

oval:org.secpod.oval:def:13959
This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted.

oval:org.secpod.oval:def:13838
This policy determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to the certification services processes.

oval:org.secpod.oval:def:13970
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:13851
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:13972
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting.

oval:org.secpod.oval:def:13850
The Detailed Tracking audit category determines whether to audit detailed tracking information for events, such as program activation, process exit, handle duplication, and indirect object access. This setting is focused on RPC events.

oval:org.secpod.oval:def:13971
The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself.

oval:org.secpod.oval:def:13853
This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. This setting is targeted to File Share access operations.

oval:org.secpod.oval:def:13974
This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13852
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely.

oval:org.secpod.oval:def:13973
Enable RPC Endpoint Mapper Client Authentication

oval:org.secpod.oval:def:13844
This policy setting determines if the server side SMB service is required to perform SMB packet signing.

oval:org.secpod.oval:def:13965
Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.

oval:org.secpod.oval:def:13843
This policy setting determines which users can change the auditing options for files and directories and clear the Security log.

oval:org.secpod.oval:def:13964
This policy setting determines the strength of the default discretionary access control list (DACL) for objects.

oval:org.secpod.oval:def:13846
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.

oval:org.secpod.oval:def:13967
The policy setting for this audit category determines whether to audit Other Policy Change events on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:13966
Allow Standby States (S1-S3) When Sleeping (Plugged In)

oval:org.secpod.oval:def:13845
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide.

oval:org.secpod.oval:def:13848
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection.

oval:org.secpod.oval:def:13969
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7.

oval:org.secpod.oval:def:13847
Deny write access to removable drives not protected by BitLocker

oval:org.secpod.oval:def:13968
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ...

oval:org.secpod.oval:def:13849
This setting applies to the Non Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:18106
Accounts: Rename Administrator Account

oval:org.secpod.oval:def:18078
The 'Accounts: Rename guest account' setting should be configured correctly.

oval:org.secpod.oval:def:18083
Domain member: Maximum machine account password age

oval:org.secpod.oval:def:18166
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption.

oval:org.secpod.oval:def:18169
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:18157
Network access: Named Pipes that can be accessed anonymously

CPE    1
cpe:/o:microsoft:windows_8
CCE    348
CCE-22873-4
CCE-22206-7
CCE-22850-2
CCE-21820-6
...
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_8

© SecPod Technologies