This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
If you enable this policy setting, the Kerberos client will search the forests in this list if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client will request a referral ticket to the appropriate domain.
If yo ...
Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and passwords.
The Log directory pruning retry events machine setting should be configured correctly.
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a comput ...
If you turn this policy setting on, local users won't be able to set up and use security questions to reset their passwords.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Prevent the use of security questions for local accounts
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System!NoLocalPasswordResetQuestions
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a ...
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.
If you enable this policy setting before turning on BitLocker, you can configure the boot component ...
Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Windows Audio Endpoint Builder
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ ...