Specify the 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' for FDVDiscoveryVolumeType
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating ...
Disable: 'Interactive logon: Require smart card' for scforceoption
Microsoft recommends that you use this setting, if appropriate to your environment and your organization's business requirements, to help protect end user computers. This policy setting requires users to log on to a computer with a smart card.
Note: This setting applies to Windows 2000 computers, but it is not available throug ...
Network access: Allow anonymous SID/Name translation
This policy setting determines whether an anonymous user can request security identifier (SID) attributes for another user, or use a SID to obtain its corresponding user name. Disable this policy setting to prevent unauthenticated users from obtaining user names that are associated with their respective SIDs.
Counter Measure:
Configure ...
Ensure No Auditing for 'Audit Policy: Account Logon: Kerberos Service Ticket Operations'
This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory include:
- 4769: A Kerberos service ticket was requested.
- 4770: A Kerberos service ticket was renewed.
- 4773: A Kerberos ser ...