Download
| Alert*
oval:gov.nist.usgcb.xp:def:6132
Background Intelligent Transfer Service (a.k.a. BITS) oval:gov.nist.usgcb.xp:def:6121 Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. oval:gov.nist.usgcb.xp:def:6120 Disable IE security prompt for Windows Installer scripts oval:gov.nist.usgcb.xp:def:6122 This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. oval:gov.nist.usgcb.xp:def:6596 Do not allow passwords to be saved oval:gov.nist.usgcb.xp:def:6119 Turn off shell protocol protected mode oval:gov.nist.usgcb.xp:def:6572 Turn off downloading of print drivers over HTTP oval:gov.nist.usgcb.xp:def:6571 Turn off printing over HTTP oval:gov.nist.usgcb.xp:def:6570 Turn off Search Companion content file updates oval:gov.nist.usgcb.xp:def:6563 Offer Remote Assistance oval:gov.nist.usgcb.xp:def:6564 Solicited Remote Assistance oval:gov.nist.usgcb.xp:def:6567 Turn off the "Publish to Web" task for files and folders oval:gov.nist.usgcb.xp:def:6566 RPC Endpoint Mapper Client Authentication oval:gov.nist.usgcb.xp:def:6569 Turn off the Windows Messenger Customer Experience Improvement Program oval:gov.nist.usgcb.xp:def:6568 Turn off Internet download for Web publishing and online ordering wizards oval:gov.nist.usgcb.xp:def:6503 Hide mechanisms to remove zone information oval:gov.nist.usgcb.xp:def:6502 Do not preserve zone information in file attachments oval:gov.nist.usgcb.xp:def:6504 Notify antivirus programs when opening attachments oval:gov.nist.usgcb.xp:def:6725 This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min) oval:gov.nist.usgcb.xp:def:6726 You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Terminal Services allows users to disconnect from a remote session without logging off and ending the session. (1 min) oval:gov.nist.usgcb.xp:def:6719 WMI Performance Adapter should be configured to start "Manual" oval:gov.nist.usgcb.xp:def:6714 Prompt for password on resume from hibernate / suspend oval:gov.nist.usgcb.xp:def:6708 Screen Saver timeout oval:gov.nist.usgcb.xp:def:6707 Password protect the screen saver oval:gov.nist.usgcb.xp:def:6022 Accounts: Rename Administrator Account oval:gov.nist.usgcb.xp:def:6027 Audit: Shut down system immediately if unable to log security audits oval:gov.nist.usgcb.xp:def:6029 Devices: Allowed to format and eject removable media oval:gov.nist.usgcb.xp:def:7796 MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering oval:gov.nist.usgcb.xp:def:6682 Turn Off the "Order Prints" Picture Task oval:gov.nist.usgcb.xp:def:6681 Turn Off Registration if URL Connection is Referring to Microsoft.com oval:gov.nist.usgcb.xp:def:6683 Turn off Windows Error Reporting oval:gov.nist.usgcb.xp:def:6686 Always Use Classic Logon oval:gov.nist.usgcb.xp:def:6680 Turn Off Internet File Association Service oval:gov.nist.usgcb.xp:def:6672 Registry Policy Processing oval:gov.nist.usgcb.xp:def:6675 Turn Off Event Views "Events.asp" Links oval:gov.nist.usgcb.xp:def:6679 Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com oval:gov.nist.usgcb.xp:def:6662 Turn Off Microsoft Peer-to-Peer Networking Services oval:gov.nist.usgcb.xp:def:100212 do not display install updates and shut down oval:gov.nist.usgcb.xp:def:100214 reschedule automatic updates oval:gov.nist.usgcb.xp:def:100213 no auto restart with logged on users oval:gov.nist.usgcb.xp:def:100208 configure automatic updates oval:gov.nist.usgcb.xp:def:6600 Set client connection encryption level oval:org.secpod.oval:def:15289 The 'DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax' setting should be configured correctly. oval:org.secpod.oval:def:15287 The Human Interface Device Access service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15281 The 'enable computer and user accounts to be trusted for delegation' user right should be assigned to the correct accounts. oval:org.secpod.oval:def:15282 The startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct. oval:org.secpod.oval:def:15280 The correct service permissions for the Printer service should be assigned. oval:org.secpod.oval:def:15285 The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly. oval:org.secpod.oval:def:15286 The 'Do not Use Temp folders per Session' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15283 The Upload Manager service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15284 The correct service permissions for the Remote Desktop Help Session Manager service should be assigned. oval:org.secpod.oval:def:15298 The 'Do Not Allow New Client Connections' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15299 The correct service permissions for the Universal Plug and Play service should be assigned. oval:org.secpod.oval:def:15292 The startup type of the IIS Admin service should be correct. oval:org.secpod.oval:def:15293 TCP/IP PMTU Discovery should be properly configured. oval:org.secpod.oval:def:15290 The 'Enable User to Use Media Source While Elevated' policy should be set correctly. oval:org.secpod.oval:def:15291 The 'Delete Cached Copies of Roaming Profiles' policy should be set correctly. oval:org.secpod.oval:def:15296 The correct service permissions for the Remote Registry service should be assigned. oval:org.secpod.oval:def:15297 The correct service permissions for the Background Intelligent Transfer service should be assigned. oval:org.secpod.oval:def:15294 If the Application log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep. oval:org.secpod.oval:def:15295 The 'Allow Administrator to Install from Terminal Services Session' policy should be set correctly. oval:org.secpod.oval:def:15267 The startup type of the Task Scheduler service should be correct. oval:org.secpod.oval:def:15268 The startup type of the Automatic Update service should be correct. oval:org.secpod.oval:def:15265 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned. oval:org.secpod.oval:def:15266 CD-ROM Autorun should be properly configured. oval:org.secpod.oval:def:15269 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned. oval:org.secpod.oval:def:15260 The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned. oval:org.secpod.oval:def:15263 The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned. oval:org.secpod.oval:def:15264 The 'Display user information when the session is locked' setting should be configured correctly. oval:org.secpod.oval:def:15261 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned. oval:org.secpod.oval:def:15262 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned. oval:org.secpod.oval:def:15278 If the Security log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep. oval:org.secpod.oval:def:15279 The 'Allow Server Operators to Schedule Tasks' policy should be set correctly. oval:org.secpod.oval:def:15277 The 'Terminate session when time limits are reached' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15270 Auditing of 'process tracking' events on failure should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15271 The startup type of the Remote Access Auto connection Manager service should be correct. oval:org.secpod.oval:def:15275 The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned. oval:org.secpod.oval:def:15272 The correct service permissions for the SNMP service should be assigned. oval:org.secpod.oval:def:15273 The correct service permissions for the SNMP Trap service should be assigned. oval:org.secpod.oval:def:15089 The required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned. oval:org.secpod.oval:def:7718 The Password protect the screen saver setting should be configured correctly. oval:org.secpod.oval:def:15083 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned. oval:org.secpod.oval:def:7719 The Screen Saver Executable Name setting should be configured correctly for the current user. oval:org.secpod.oval:def:15084 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned. oval:org.secpod.oval:def:15081 The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned. oval:org.secpod.oval:def:15082 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned. oval:org.secpod.oval:def:15087 The startup type of the .NET Framework service should be correct. oval:org.secpod.oval:def:7715 The Screen Saver Executable Name setting should be configured correctly for the current user. oval:org.secpod.oval:def:15088 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned. oval:org.secpod.oval:def:7716 The "Screen Saver Timeout" setting should be configured correctly for the default user. oval:org.secpod.oval:def:15085 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned. oval:org.secpod.oval:def:7717 The settings of screen saver should be enabled or disabled as appropriate for the current user. oval:org.secpod.oval:def:15086 If the System log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep. oval:org.secpod.oval:def:15080 The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned. oval:org.secpod.oval:def:7720 The settings of screen saver should be enabled or disabled as appropriate for the current user. oval:org.secpod.oval:def:15094 The required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned. oval:org.secpod.oval:def:15095 The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned. oval:org.secpod.oval:def:15092 The required permissions for the directory %SystemDrive% should be assigned. oval:org.secpod.oval:def:15093 The required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned. oval:org.secpod.oval:def:15098 The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned. oval:org.secpod.oval:def:15099 The correct service permissions for the Routing and Remote Access service should be assigned. oval:org.secpod.oval:def:15096 The 'restrict guest access to application log' policy should be set correctly. oval:org.secpod.oval:def:15097 The correct service permissions for the NetMeeting service should be assigned. oval:org.secpod.oval:def:15090 The startup type of the Net Logon service should be correct. oval:org.secpod.oval:def:15091 The correct service permissions for the Alerter service should be assigned. oval:org.secpod.oval:def:15072 The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. oval:org.secpod.oval:def:15073 The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned. oval:org.secpod.oval:def:15071 The required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned. oval:org.secpod.oval:def:15076 The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned. oval:org.secpod.oval:def:15074 The required permissions for the directory %AllUsersProfile% should be assigned. oval:org.secpod.oval:def:15201 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. oval:org.secpod.oval:def:15202 The required permissions for the directory %SystemRoot%\Tasks should be assigned. oval:org.secpod.oval:def:15200 The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. oval:org.secpod.oval:def:15205 The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned. oval:org.secpod.oval:def:15206 The required permissions for the file %SystemDrive%\IO.SYS should be assigned. oval:org.secpod.oval:def:15203 The required permissions for the directory %SystemRoot%\security should be assigned. oval:org.secpod.oval:def:15204 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. oval:org.secpod.oval:def:15212 The DHCP Client service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15213 The required permissions for the file %SystemRoot%\Offline Web Pages should be assigned. oval:org.secpod.oval:def:15210 The required permissions for the file %SystemRoot%\Installer should be assigned. oval:org.secpod.oval:def:15211 The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned. oval:org.secpod.oval:def:15216 The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned. oval:org.secpod.oval:def:15217 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned. oval:org.secpod.oval:def:15214 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned. oval:org.secpod.oval:def:15215 The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned. oval:org.secpod.oval:def:15209 The required permissions for the file %SystemDrive%\System Volume Information should be assigned. oval:org.secpod.oval:def:15207 The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned. oval:org.secpod.oval:def:15208 The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned. oval:org.secpod.oval:def:15245 The Network Connections service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15246 The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned. oval:org.secpod.oval:def:15243 The System Event Notification service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15244 The correct service permissions for the Indexing service should be assigned. oval:org.secpod.oval:def:15249 The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned. oval:org.secpod.oval:def:15247 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned. oval:org.secpod.oval:def:15248 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned. oval:org.secpod.oval:def:15241 The Smart Card Helper service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15240 The Secondary Logon service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15256 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. oval:org.secpod.oval:def:15257 The 'Anonymous access to the system event log' policy should be set correctly. oval:org.secpod.oval:def:15254 The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned. oval:org.secpod.oval:def:15255 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned. oval:org.secpod.oval:def:15258 The 'Do not Delete Temp folder on exit' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15259 Background Refresh of Group Policy should be properly configured. oval:org.secpod.oval:def:15252 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned. oval:org.secpod.oval:def:15253 The required permissions for the directory %SystemRoot%\System32\Setup should be assigned. oval:org.secpod.oval:def:15250 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned. oval:org.secpod.oval:def:15251 Membership in the Power Users group should be assigned to the appropriate accounts. oval:org.secpod.oval:def:15223 The startup type of the SNMP Service service should be correct. oval:org.secpod.oval:def:15224 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned. oval:org.secpod.oval:def:15221 Show Shared Internet Connection Access UI should be properly configured. oval:org.secpod.oval:def:15222 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned. oval:org.secpod.oval:def:15227 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned. oval:org.secpod.oval:def:15228 The 'restrict guest access to security log' policy should be set correctly. oval:org.secpod.oval:def:15225 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned. oval:org.secpod.oval:def:15226 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned. oval:gov.nist.usgcb.xp:def:3366994 Display Error Notification oval:gov.nist.usgcb.xp:def:3366993 Prohibit use of Internet Connection Sharing on your DNS domain network oval:org.secpod.oval:def:15220 The correct service permissions for the SMTP service should be assigned. oval:gov.nist.usgcb.xp:def:3366992 Prohibit use of Internet Connection Firewall on your DNS domain network oval:gov.nist.usgcb.xp:def:3366991 Prohibit installation and configuration of Network Bridge on your DNS domain network oval:org.secpod.oval:def:15218 The required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned. oval:org.secpod.oval:def:15219 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. oval:org.secpod.oval:def:15234 The 'Remote Control Settings' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15235 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. oval:org.secpod.oval:def:15232 The 'Maximum User Ticket Lifetime' policy should be set correctly. oval:org.secpod.oval:def:15233 The required permissions for the directory %SystemRoot%\repair should be assigned. oval:org.secpod.oval:def:15238 The correct service permissions for the ClipBook service should be assigned. oval:org.secpod.oval:def:15239 Auditing of 'process tracking' events on success should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15236 The Telephony service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15237 The required permissions for the directory %SystemRoot%\System32\ias should be assigned. oval:org.secpod.oval:def:15230 The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. oval:org.secpod.oval:def:15231 The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned. oval:org.secpod.oval:def:15229 Local volumes should be formatted correctly. oval:gov.nist.usgcb.xp:def:198 This definition tests the maximum allowed size of the security log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:197 This definition tests the maximum allowed size of the application log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:199 This definition tests the maximum allowed size of the system log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:118 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers oval:gov.nist.usgcb.xp:def:119 MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames oval:gov.nist.usgcb.xp:def:110 MSS: (AutoAdminLogon) Enable Automatic Logon disabled oval:gov.nist.usgcb.xp:def:112 MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways oval:gov.nist.usgcb.xp:def:111 MSS: (DisableIPSourceRouting) IP source routing protection level oval:gov.nist.usgcb.xp:def:113 MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes disabled oval:gov.nist.usgcb.xp:def:115 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds oval:gov.nist.usgcb.xp:def:107 System objects: Require case insensitivity for non-Windows subsystems oval:gov.nist.usgcb.xp:def:106 System objects: Default owner for objects created by members of the Administrators group oval:gov.nist.usgcb.xp:def:109 System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) oval:gov.nist.usgcb.xp:def:101 Recovery console: Allow automatic administrative logon oval:gov.nist.usgcb.xp:def:103 Shutdown: Allow system to be shut down without having to log on disabled oval:gov.nist.usgcb.xp:def:102 Recovery console: Allow floppy copy and access to all drives and all folders disabled oval:gov.nist.usgcb.xp:def:105 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing oval:gov.nist.usgcb.xp:def:104 Shutdown: Clear virtual memory pagefile oval:gov.nist.usgcb.xp:def:139 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net1.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:132 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/debug.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:131 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/cacls.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:134 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventcreate.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:133 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/edlin.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:135 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventtriggers.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:138 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:130 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/attrib.exe file oval:gov.nist.usgcb.xp:def:129 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/at.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:128 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/arp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:121 MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses oval:gov.nist.usgcb.xp:def:123 MSS (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires oval:gov.nist.usgcb.xp:def:122 MSS: (SafeDllSearchMode) Enable Safe DLL search mode oval:gov.nist.usgcb.xp:def:127 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning oval:gov.nist.usgcb.xp:def:154 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/secedit.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:153 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/sc.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:156 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/systeminfo.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:155 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/subst.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:158 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tftp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:159 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tlntsvr.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:150 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rexec.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:152 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rsh.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:151 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/route.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:145 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/reg.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:144 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rcp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:147 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regedt32.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:146 The Administrators group and the System user should have full access to the SYSTEMROOT/regedit.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:149 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regsvr32.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:148 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regini.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:140 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/netsh.exe file and all other users should have no file access privileges oval:org.secpod.oval:def:15168 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned. oval:org.secpod.oval:def:15169 The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned. oval:org.secpod.oval:def:15166 The Windows Time service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15167 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned. oval:org.secpod.oval:def:15160 The correct service permissions for the Computer Browser service should be assigned. oval:org.secpod.oval:def:15161 The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned. oval:org.secpod.oval:def:15164 The required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned. oval:org.secpod.oval:def:15165 The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned. oval:org.secpod.oval:def:15162 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. oval:org.secpod.oval:def:15163 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned. oval:org.secpod.oval:def:15179 The Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15177 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned. oval:org.secpod.oval:def:15178 The required permissions for the directory %SystemRoot%\Temp should be assigned. oval:org.secpod.oval:def:15171 The required permissions for the directory %AllUsersProfile%\Application Data should be assigned. oval:org.secpod.oval:def:15172 The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned. oval:org.secpod.oval:def:15170 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned. oval:org.secpod.oval:def:15175 The correct service permissions for the Automatic Updates service should be assigned. oval:org.secpod.oval:def:15176 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned. oval:org.secpod.oval:def:15173 The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned. oval:org.secpod.oval:def:15174 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned. oval:org.secpod.oval:def:15146 The correct service permissions for the Messenger service should be assigned. oval:org.secpod.oval:def:15147 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. oval:org.secpod.oval:def:15144 The required permissions for the file %SystemRoot%\System32\services.msc should be assigned. oval:org.secpod.oval:def:15145 The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned. oval:org.secpod.oval:def:15148 The correct service permissions for the Net Logon service should be assigned. oval:org.secpod.oval:def:15149 The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned. oval:org.secpod.oval:def:15380 Access to registry editing tools should be set correctly. oval:org.secpod.oval:def:15381 The 'Windows Firewall: Define program exceptions' policy should be configured correctly for the Domain Profile. oval:org.secpod.oval:def:15142 The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . oval:org.secpod.oval:def:15143 The 'Do Not Automatically Start Windows Messenger' policy should be set correctly. oval:org.secpod.oval:def:15382 The 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' setting should be configured correctly. oval:org.secpod.oval:def:15383 The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. oval:org.secpod.oval:def:15141 The startup type of the Simple TCP/IP service should be correct. oval:org.secpod.oval:def:15157 The correct service permissions for the IIS Admin service should be assigned. oval:org.secpod.oval:def:15158 The required permissions for the file %SystemDrive%\Documents and Settings should be assigned. oval:org.secpod.oval:def:15155 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned. oval:org.secpod.oval:def:15156 The required permissions for the directory %AllUsersProfile%\DRM should be assigned. oval:org.secpod.oval:def:15159 The Removable Storage service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15150 The startup type of the SNMP Trap Service service should be correct. oval:org.secpod.oval:def:15153 The 'LDAP server signing requirements' policy should be set correctly. oval:org.secpod.oval:def:15154 The 'Always Install with Elevated Privileges' policy should be set correctly. oval:org.secpod.oval:def:15151 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned. oval:org.secpod.oval:def:15152 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned. oval:org.secpod.oval:def:15188 Membership in the Backup Operators group should be assigned to the appropriate accounts. oval:org.secpod.oval:def:15189 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned. oval:org.secpod.oval:def:15182 The required permissions for the directory %SystemRoot%\System32 should be assigned. oval:org.secpod.oval:def:15183 The 'DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax' security option should be set correctly. oval:org.secpod.oval:def:15180 The 'Anonymous access to the security event log' policy should be set correctly. oval:org.secpod.oval:def:15181 The required permissions for the directory %SystemRoot%\CSC should be assigned. oval:org.secpod.oval:def:15186 The required auditing for %SystemDrive% directory should be enabled. oval:org.secpod.oval:def:15187 The 'Do Not Allow Windows Messenger to be Run' policy should be set correctly. oval:org.secpod.oval:def:15184 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned. oval:org.secpod.oval:def:15185 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned. oval:org.secpod.oval:def:15199 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned. oval:org.secpod.oval:def:15193 The 'Log Successful Connections' option for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15194 The 'Maximum Service Ticket Litfetime' policy should be set correctly. oval:org.secpod.oval:def:15191 The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned. oval:org.secpod.oval:def:15192 The required permissions for the directory %ProgramFiles% should be assigned. oval:org.secpod.oval:def:15197 the 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices' setting should be configured correctly. oval:org.secpod.oval:def:15198 The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned. oval:org.secpod.oval:def:15195 The 'Prohibit New Task Creation' policy should be set correctly for the Task Scheduler. oval:org.secpod.oval:def:15196 The IMAPI CD-Burning COM service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15190 The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned. oval:org.secpod.oval:def:15322 The Cryptographic Services service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15323 The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . oval:org.secpod.oval:def:15320 The correct service permissions for the Telnet service should be assigned. oval:org.secpod.oval:def:15321 The 'Enable Keep-Alive Messages' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15326 The 'Refuse machine account password change' policy should be set correctly. oval:org.secpod.oval:def:15327 The Remote Procedure Call (RPC) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15324 The 'Prevent Codec Download' policy should be set correctly for Windows MediaPlayer. oval:org.secpod.oval:def:15325 The 'Anonymous access to the application event log' policy should be set correctly. oval:org.secpod.oval:def:15319 The Remote Access Connection Manager service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15317 Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured. oval:org.secpod.oval:def:15318 Always Wait for the Network at Computer Startup and Logon should be properly configured. oval:org.secpod.oval:def:15333 The Performance Logs and Alerts service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15334 The Volume Shadow Copy service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15331 Administrative Shares should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15332 The Event Log service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15337 The Windows Installer service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15338 The Windows Management Instrumentation service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15335 The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15336 The Distributed Link Tracking Client service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15330 Membership in the Remote Desktop Users group should be assigned to the appropriate accounts. oval:org.secpod.oval:def:15328 The 'Limit Number of Connections' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15329 The correct service permissions for the Terminal Services service should be assigned. oval:org.secpod.oval:def:15300 The startup type of the Remote Registry service should be correct. oval:org.secpod.oval:def:15301 Automatic Execution of the System Debugger should be properly configured. oval:org.secpod.oval:def:15304 The correct service permissions for the WWW Publishing service should be assigned. oval:org.secpod.oval:def:15305 The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15302 The startup type of the Internet Connection Firewall service should be correct. oval:org.secpod.oval:def:15303 The Application Management service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15311 The 'Cache Transforms in Secure Location' policy should be set correctly. oval:org.secpod.oval:def:15312 Computer Browser ResetBrowser Frames should be properly configured. oval:org.secpod.oval:def:15310 Dr. Watson Crash Dumps should be properly configured. oval:org.secpod.oval:def:15315 The Security Accounts Manager service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15316 The correct service permissions for the Task Scheduler service should be assigned. oval:org.secpod.oval:def:15313 The correct service permissions for the Fax service should be assigned. oval:org.secpod.oval:def:15314 The Logical Disk Manager Administrative service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15308 The 'Maximum User Renewal Lifetime' policy should be set correctly. oval:org.secpod.oval:def:15309 The MS Software Shadow Copy Provider service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15306 The startup type of the NTLM Security Support Provider service should be correct. oval:org.secpod.oval:def:15307 The correct service permissions for the FTP Publishing service should be assigned. oval:org.secpod.oval:def:15124 The 'restrict guest access to system log' policy should be set correctly. oval:org.secpod.oval:def:15366 The 'Turn Off Windows Movie Maker Online Web Links' setting should be configured correctly. oval:org.secpod.oval:def:15125 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned. oval:org.secpod.oval:def:15122 The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned. oval:org.secpod.oval:def:15364 The 'Turn off downloading of enclosures' setting should be configured correctly. oval:org.secpod.oval:def:15123 The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned. oval:org.secpod.oval:def:15365 The 'Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection' setting should be configured correctly. oval:org.secpod.oval:def:15128 The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. oval:org.secpod.oval:def:15129 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned. oval:org.secpod.oval:def:15126 The 'Limit Users to One Remote Session' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15368 The 'Turn Off Windows Movie Maker Saving to Online Video Hosting Provider' setting should be configured correctly. oval:org.secpod.oval:def:15127 The 'add workstations to domain' user right should be assigned to the correct accounts. oval:org.secpod.oval:def:15362 The 'Prevent IIS Installation' setting should be configured correctly. oval:org.secpod.oval:def:15120 The System Restore service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15121 The required permissions for the directory %SystemRoot%\Registration should be assigned. oval:org.secpod.oval:def:15363 The 'Prevent Desktop Shortcut Creation' setting for Windows Media Player should be configured correctly. oval:org.secpod.oval:def:15360 The Logical Disk Manager service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15361 The 'Turn Off Windows Movies Maker Automatic Codec Downloads' setting should be configured correctly. oval:org.secpod.oval:def:15119 The Help and Support service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15378 The 'CD Burning features in Windows Explorer' should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15136 Autoplay for Default User should be properly configured. oval:org.secpod.oval:def:15375 The 'Do not allow drive redirection' setting should be configured correctly for Terminal Services. oval:org.secpod.oval:def:15134 The required permissions for the directory %SystemRoot%\Debug should be assigned. oval:org.secpod.oval:def:15376 The 'Remove Security tab' setting should be configured correctly. oval:org.secpod.oval:def:15139 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned. oval:org.secpod.oval:def:15137 The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned. oval:org.secpod.oval:def:15138 The startup type of the Remote Shell service should be correct. oval:org.secpod.oval:def:15370 The 'Turn Off Automatic Root Certificates Update' setting should be configured correctly. oval:org.secpod.oval:def:15131 The Workstation service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15132 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned. oval:org.secpod.oval:def:15371 The 'Don't Display the Getting Started Welcome Screen at Logon' setting should be configured correctly. oval:org.secpod.oval:def:15130 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. oval:org.secpod.oval:def:15102 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. oval:org.secpod.oval:def:15344 The Themes service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15103 The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned. oval:org.secpod.oval:def:15345 The Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15100 Autoplay for Current User should be properly configured. oval:org.secpod.oval:def:15101 The required permissions for the directory %SystemRoot% should be assigned. oval:org.secpod.oval:def:15343 Domain Profile: Do not allow exceptions (SP2 only) oval:org.secpod.oval:def:15348 The 'Maximum tolerance for computer clock synchronization' policy should be set correctly. oval:org.secpod.oval:def:15106 The 'Allow Reconnection from Original Client Only' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15107 The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. oval:org.secpod.oval:def:15349 The Server service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15104 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned. oval:org.secpod.oval:def:15346 The Protected Storage service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15105 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned. oval:org.secpod.oval:def:15347 The QoS RSVP service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15340 The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15341 The Distributed Transaction Coordinator service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15339 The Application Layer Gateway service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15113 The required permissions for the file %SystemRoot%\Prefetch should be assigned. oval:org.secpod.oval:def:15355 The Windows Audio service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15114 The startup type of the Print Services for Unix service should be correct. oval:org.secpod.oval:def:15356 The Network Location Awareness (NLA) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15111 The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned. oval:org.secpod.oval:def:15353 The Smart Card service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15112 The startup type of the Remote Desktop Help Session Manager service should be correct. oval:org.secpod.oval:def:15354 The IPSEC Services service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15117 The 'Enable User to Patch Elevated Products' policy should be set correctly. oval:org.secpod.oval:def:15359 The Portable Media Serial Number Service service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15118 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned. oval:org.secpod.oval:def:15115 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned. oval:org.secpod.oval:def:15357 The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15116 The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned. oval:org.secpod.oval:def:15358 The 'Log Dropped Packets' option for the Windows Firewall should be configured correctly for the Standard Profile. oval:org.secpod.oval:def:15351 The Infrared Monitor service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15352 Standard Profile: Define port exceptions (SP2 only) oval:org.secpod.oval:def:15110 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned. oval:org.secpod.oval:def:15350 The Uninterruptable Power Supply service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:15108 The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct. oval:org.secpod.oval:def:15109 The required permissions for the file %SystemDrive%\NTLDR should be assigned. oval:gov.nist.usgcb.xp:def:217 NetMeeting Remote Desktop Sharing Service should be disabled oval:gov.nist.usgcb.xp:def:216 Messenger Service should be disabled oval:gov.nist.usgcb.xp:def:219 Routing and Remote Access Service should be disabled oval:gov.nist.usgcb.xp:def:211 Computer Browser Service should be disabled oval:gov.nist.usgcb.xp:def:210 ClipBook Service should be disabled oval:gov.nist.usgcb.xp:def:213 FTP Publishing Service should be disabled oval:gov.nist.usgcb.xp:def:212 Fax Service should be disabled oval:gov.nist.usgcb.xp:def:215 Indexing Service should be disabled oval:gov.nist.usgcb.xp:def:205 Retention method for system log oval:gov.nist.usgcb.xp:def:209 Alerter Service should be disabled oval:gov.nist.usgcb.xp:def:204 Retention method for security log oval:gov.nist.usgcb.xp:def:203 This definition tests the retention method for the application log. Possible methods are - overwrite as necessary, do not overwrite, or overwrite events older than X seconds. oval:gov.nist.usgcb.xp:def:238 No one may synchronize directory service data oval:gov.nist.usgcb.xp:def:228 World Wide Web Publishing Service should be disabled oval:gov.nist.usgcb.xp:def:227 Universal Plug and Play Device Host Service should be disabled oval:gov.nist.usgcb.xp:def:223 Simple Service Discovery Protocol (SSDP) Discovery Service should be disabled oval:gov.nist.usgcb.xp:def:226 Telnet Services Service should be disabled oval:gov.nist.usgcb.xp:def:225 Telnet Service should be disabled oval:gov.nist.usgcb.xp:def:242 This definition verifies that the Administrator account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.xp:def:246 Network DDE Share Database Manager (DSDM) Service should be disabled oval:gov.nist.usgcb.xp:def:245 Network Dynamic Data Exchange (DDE) Service should be disabled oval:gov.nist.usgcb.xp:def:6626 Administrators, SERVICE, Local Service and Network Service may Create Global Objects oval:gov.nist.usgcb.xp:def:182 Administrators may increase scheduling priority oval:gov.nist.usgcb.xp:def:186 LOGON SERVICE and NETWORK SERVICE may log on as a service oval:org.secpod.oval:def:15372 The 'Windows Firewall: Outbound connections' policy should be configured correctly for the Domain profile. oval:org.secpod.oval:def:15379 The 'Windows Firewall: Apply local firewall rules' policy should be configured correctly for the Domain profile. oval:org.secpod.oval:def:15274 The 'Always Prompt Client for Password upon Connection' policy should be set correctly for Terminal Services. oval:gov.nist.usgcb.xp:def:170 Administrators may create a pagefile oval:org.secpod.oval:def:15377 Processing of the legacy run list on logon should be enabled or disabled as appropriate. oval:gov.nist.usgcb.xp:def:100 Network security: Minimum session security for NTLM SSP based (including secure RPC) servers oval:gov.nist.usgcb.xp:def:164 Administrators, LOCAL SERVICE, NETWORK SERVICE may adjust memory quotas for a process oval:org.secpod.oval:def:15373 The 'Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)' policy should be set correctly. oval:gov.nist.usgcb.xp:def:125 MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged oval:gov.nist.usgcb.xp:def:100205 do not process the run once list oval:org.secpod.oval:def:15288 The 'Allow undock without having to logon' policy should be set correctly. oval:gov.nist.usgcb.xp:def:677 No one is denied logon as a service oval:gov.nist.usgcb.xp:def:190 Administrators may profile a single process oval:gov.nist.usgcb.xp:def:243 This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.xp:def:185 No one may log on as a batch job oval:gov.nist.usgcb.xp:def:175 Guests and SUPPORT_388945a0 are denied access to this computer from the network. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:244 Network security: Force logoff when logon hours expire oval:gov.nist.usgcb.xp:def:169 Administrators may change the system time oval:gov.nist.usgcb.xp:def:6640 Administrators and SERVICE may Impersonate a Client after Authentication oval:gov.nist.usgcb.xp:def:6565 Restrictions for Unauthenticated RPC clients oval:org.secpod.oval:def:15342 The 'Interactive logon: Requre smart card' setting should be configured correctly. oval:gov.nist.usgcb.xp:def:124 MSS: (SynAttackProtect) Syn attack protection level oval:gov.nist.usgcb.xp:def:162 No one has the right to act as part of the operating system oval:gov.nist.usgcb.xp:def:126 (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted oval:org.secpod.oval:def:15276 System availability to Master Browser should be properly configured. oval:gov.nist.usgcb.xp:def:174 Administrators are allowed to debug programs oval:gov.nist.usgcb.xp:def:180 Administrators may force shutdown from a remote system oval:gov.nist.usgcb.xp:def:196 Administrators may take ownership of files or other objects oval:gov.nist.usgcb.xp:def:165 Administrators and Users are allowed to log on locally oval:gov.nist.usgcb.xp:def:176 Guests and SUPPORT_388945a0 are denied logon as a batch job. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:161 Administrators may access this computer from the network. NOTE: This can break IPSec see Microsoft Knowledge Base article 823659 for further guidance oval:gov.nist.usgcb.xp:def:192 Users and Administrators may remove the computer from its docking station oval:gov.nist.usgcb.xp:def:171 No one is allowed to create a token object oval:gov.nist.usgcb.xp:def:188 Administrators may modify firmware environment variables oval:gov.nist.usgcb.xp:def:187 Administrators may manage the auditing and security log oval:gov.nist.usgcb.xp:def:195 Administrators and Users may shut down the system oval:org.secpod.oval:def:15369 Turn off Windows Update device driver searching oval:gov.nist.usgcb.xp:def:117 MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives oval:org.secpod.oval:def:15374 The 'Windows Firewall: Inbound connections' policy should be configured correctly for the Domain Profile. oval:gov.nist.usgcb.xp:def:191 Administrators may profile the system performance oval:gov.nist.usgcb.xp:def:168 Administrators and Users may bypass traverse checking oval:gov.nist.usgcb.xp:def:181 LOCAL SERVICE and NETWORK SERVICE may generate security audits oval:org.secpod.oval:def:15133 The 'Do Not Allow Local Administrators to Customize Permissions' policy should be set correctly for Terminal Services. oval:org.secpod.oval:def:15140 Disable saving of dial-up passwords should be properly configured. oval:org.secpod.oval:def:15135 Automatic Reboot After System Crash should be properly configured. oval:gov.nist.usgcb.xp:def:194 Administrators may restore files and directories oval:gov.nist.usgcb.xp:def:167 Administrators are allowed to back up files and directories oval:gov.nist.usgcb.xp:def:183 Administrators may load and unload device drivers oval:gov.nist.usgcb.xp:def:177 Guests, SUPPORT_388945a0, and any service accounts are denied logon locally. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:172 No one is allowed to create permanent shared objects oval:gov.nist.usgcb.xp:def:184 No one may lock pages in memory oval:gov.nist.usgcb.xp:def:193 LOCAL SERVICE and NETWORK SERVICE may replace a process level token oval:gov.nist.usgcb.xp:def:189 Administrators may perform volume maintenance tasks oval:gov.nist.usgcb.xp:def:6023 Accounts: Rename Guest Account oval:gov.nist.usgcb.xp:def:2121 oval:gov.nist.usgcb.xp:def:2111 Error Reporting Service should be disabled oval:gov.nist.usgcb.xp:def:1662 No one but Administrators and Remote Desktop Users may logon through Terminal Services oval:gov.nist.usgcb.xp:def:2271 oval:gov.nist.usgcb.xp:def:30 Audit Directory Service Access oval:gov.nist.usgcb.xp:def:32 Audit logon events oval:gov.nist.usgcb.xp:def:35 Audit policy changes oval:gov.nist.usgcb.xp:def:34 Audit object access oval:gov.nist.usgcb.xp:def:37 Audit system events oval:gov.nist.usgcb.xp:def:36 Audit privilege use oval:gov.nist.usgcb.xp:def:22 Passwords must be stored using reversible encryption for all users in the domain oval:gov.nist.usgcb.xp:def:21 Passwords must meet complexity requirements oval:gov.nist.usgcb.xp:def:24 The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ... oval:gov.nist.usgcb.xp:def:23 This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked. oval:gov.nist.usgcb.xp:def:26 Reset account lockout counters after the profile defined number of minutes oval:gov.nist.usgcb.xp:def:27 Audit account logon events oval:gov.nist.usgcb.xp:def:29 Audit account management oval:gov.nist.usgcb.xp:def:17 Maximum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:16 Password history enforcement is enabled and the profile defined number of passwords are remembered oval:gov.nist.usgcb.xp:def:19 Minimum password length is the profile defined number of characters oval:gov.nist.usgcb.xp:def:18 Minimum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:612261221 Do Not Show First Use Dialog Boxes This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options f ... oval:gov.nist.usgcb.xp:def:612261222 Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in the ... oval:gov.nist.usgcb.xp:def:1351 The Administrators group and the System user should have full access and the Users group has read access to the SYSTEMROOT/system32/mshta.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:93 Network access: Shares that can be accessed anonymously oval:gov.nist.usgcb.xp:def:92 Network access: Remotely accessible registry paths oval:gov.nist.usgcb.xp:def:95 Network security: Do not store LAN Manager hash value on next password change oval:gov.nist.usgcb.xp:def:94 Network access: Sharing and security model for local accounts oval:gov.nist.usgcb.xp:def:96 Network security: LAN Manager authentication level oval:gov.nist.usgcb.xp:def:99 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients oval:gov.nist.usgcb.xp:def:98 Network security: LDAP client signing requirements oval:gov.nist.usgcb.xp:def:2881 Disabling this setting will prevent all wireless wi-fi interfaces from working unless a third party management software is used to manage the device. This will not be an issue on managed desktops but will impact mobile devices. oval:gov.nist.usgcb.xp:def:91 Network access: Named Pipes that can be accessed anonymously oval:gov.nist.usgcb.xp:def:90 Network access: Let Everyone permissions apply to anonymous users oval:gov.nist.usgcb.xp:def:82 Microsoft network client: Send unencrypted password to third-party SMB servers disabled oval:gov.nist.usgcb.xp:def:81 Microsoft network client: Digitally sign communications oval:gov.nist.usgcb.xp:def:84 Microsoft network server: Digitally sign communications (always) oval:gov.nist.usgcb.xp:def:83 Microsoft network server: Amount of idle time required before suspending session oval:gov.nist.usgcb.xp:def:86 Microsoft network server: Disconnect clients when logon hours expire oval:gov.nist.usgcb.xp:def:85 Microsoft network server: Digitally sign communications (if client agrees) oval:gov.nist.usgcb.xp:def:88 Network access: Do not allow anonymous enumeration of SAM accounts and shares oval:gov.nist.usgcb.xp:def:87 Network access: Do not allow anonymous enumeration of SAM accounts oval:gov.nist.usgcb.xp:def:89 Network access: Do not allow storage of credentials or .NET Passports for network authentication oval:gov.nist.usgcb.xp:def:1781 Guests are denied logon through Terminal Services oval:gov.nist.usgcb.xp:def:71 Set message title for users attempting to log on oval:gov.nist.usgcb.xp:def:70 Set message text for users attempting to log on oval:gov.nist.usgcb.xp:def:72 Number of previous logons to cache (in case domain controller is not available) is profile defined oval:gov.nist.usgcb.xp:def:75 Require Domain Controller authentication to unlock workstation oval:gov.nist.usgcb.xp:def:74 Prompt user to change password before expiration oval:gov.nist.usgcb.xp:def:77 Determines if an anonymous user can request security identifier (SID) attributes for another user. oval:gov.nist.usgcb.xp:def:79 Microsoft network client: Digitally sign communications (always) oval:gov.nist.usgcb.xp:def:78 Smart card removal behavior for interactive logon oval:gov.nist.usgcb.xp:def:60 Warn for unsigned driver installation oval:gov.nist.usgcb.xp:def:62 Digitally encrypt secure channel data (when possible) oval:gov.nist.usgcb.xp:def:61 Digitally encrypt or sign secure channel data (always) oval:gov.nist.usgcb.xp:def:64 Disable machine account password changes oval:gov.nist.usgcb.xp:def:63 Digitally sign secure channel data (when possible) oval:gov.nist.usgcb.xp:def:66 Require strong (Windows 2000 or later) session key oval:gov.nist.usgcb.xp:def:65 Maximum machine account password age is profile defined number of days oval:gov.nist.usgcb.xp:def:68 Do not display last user name logged on oval:gov.nist.usgcb.xp:def:69 Do not require CTRL+ALT+DEL for logon oval:gov.nist.usgcb.xp:def:52 Audit the use of Backup and Restore privileges oval:gov.nist.usgcb.xp:def:56 Prevent users from installing printer drivers oval:gov.nist.usgcb.xp:def:59 Restrict floppy access to locally logged-on users only oval:gov.nist.usgcb.xp:def:58 Restrict CD-ROM access to locally logged-on user only oval:gov.nist.usgcb.xp:def:42 oval:gov.nist.usgcb.xp:def:45 Audit the access of global system objects is disabled oval:org.secpod.oval:def:15242 The 'Network access: Restrict anonymous access to named pipes and shares' setting should be configured correctly. oval:gov.nist.USGCB.xpfirewall:def:5111 The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ... oval:gov.nist.USGCB.xpfirewall:def:5113 The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ... oval:gov.nist.USGCB.xpfirewall:def:5100 The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ... oval:gov.nist.USGCB.xpfirewall:def:5103 The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ... oval:gov.nist.USGCB.xpfirewall:def:5101 The Windows Firewall: Do not allow exceptions setting specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages. If you enable this policy setting in the Windows Firewall component of Co ... oval:gov.nist.USGCB.xpfirewall:def:5108 The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ... oval:gov.nist.USGCB.xpfirewall:def:5107 Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ... oval:gov.nist.USGCB.xpfirewall:def:5106 The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ... oval:gov.nist.USGCB.xpfirewall:def:5105 This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ... oval:gov.nist.USGCB.xpfirewall:def:5109 Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ... oval:gov.nist.USGCB.xpfirewall:def:6008 The Windows Firewall port exceptions list should be defined by Group Policy, which allows you to centrally manage and deploy your port exceptions and ensure that local administrators do not create less secure settings. The Windows Firewall: Define port exceptions policy setting allows you to central ... oval:gov.nist.USGCB.xpfirewall:def:51041 Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ... oval:gov.nist.USGCB.xpfirewall:def:5011 The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ... oval:gov.nist.USGCB.xpfirewall:def:5016 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5015 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5014 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5013 The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ... oval:gov.nist.USGCB.xpfirewall:def:5017 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ... oval:gov.nist.USGCB.xpfirewall:def:5000 The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ... oval:gov.nist.USGCB.xpfirewall:def:5005 This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ... oval:gov.nist.USGCB.xpfirewall:def:5004 Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ... oval:gov.nist.USGCB.xpfirewall:def:5003 The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ... oval:gov.nist.USGCB.xpfirewall:def:5009 Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ... oval:gov.nist.USGCB.xpfirewall:def:5008 The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ... oval:gov.nist.USGCB.xpfirewall:def:5007 Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ... oval:gov.nist.USGCB.xpfirewall:def:5006 The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ... |