[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-4228-3
Auditing of "Account Management: Computer Account Management" events on failure should be enabled or disabled as appropriate.

CCE-4183-0
Auditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate.

CCE-5137-5
Auditing of "Policy Change: Audit Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-5094-8
Auditing of "Detailed Tracking: Process Creation" events on failure should be enabled or disabled as appropriate.

CCE-5039-3
Auditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate.

CCE-4783-7
Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate.

CCE-5036-9
The 6to4 tunneling protocol for IPv6 should be enabled or disabled as appropriate.

CCE-18220-4
DEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy ...

CCE-5157-3
Auditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate.

CCE-4423-0
Auditing of "Logon/Logoff: Logon" events on failure should be enabled or disabled as appropriate.

CCE-4811-6
The Teredo tunneling protocol for IPv6 should be enabled or disabled as appropriate.

CCE-4879-3
Auditing of "System: Ipsec Driver" events on failure should be enabled or disabled as appropriate.

CCE-4822-3
Auditing of "System: System Integrity" events on failure should be enabled or disabled as appropriate.

CCE-4516-1
Auditing of "Policy Change: Authentication Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-4734-0
Auditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-5087-2
Auditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate.

CCE-2339-0
The behavior surrounding Anonymous SID/Name translation should be correct.

CCE-5097-1
Auditing of "Account Management: User Account Management" events on failure should be enabled or disabled as appropriate.

CCE-4142-6
Auditing of "Account Management: Security Group Management" events on failure should be enabled or disabled as appropriate.

CCE-4910-6
Auditing of "System: Security System Extension" events on failure should be enabled or disabled as appropriate.

CCE-4824-9
Auditing of "Logon/Logoff: Special Logon" events on failure should be enabled or disabled as appropriate.

CCE-2467-9
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-2967-8
The "maximum password age" policy should meet minimum requirements.

CCE-4872-8
The "log on locally" user right should be assigned to the correct accounts.

CCE-3285-4
The "Audit the access of global system objects" policy should be set correctly.

CCE-4107-9
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-2714-4
The built-in Administrator account should be correctly named.

CCE-3199-7
Safe DLL Search Mode should be properly configured.

CCE-4774-6
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-2462-0
The "No auto-restart for scheduled Automatic Updates installations

CCE-3251-6
The "Smart Card Removal Behavior" policy should be set correctly.

CCE-4992-4
Turn on Mapper I/O (LLTDIO) driver This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth e ...

CCE-2398-6
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-4916-3
Auditing of "Account Management: Other Account Management Events" events on success should be enabled or disabled as appropriate.

CCE-4194-7
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.

CCE-4861-1
The "remove computer from docking station" user right should be assigned to the correct accounts.

CCE-3261-5
IP Source Routing should be properly configured.

CCE-2363-0
The "account lockout duration" policy should meet minimum requirements.

CCE-4687-0
The "debug programs" user right should be assigned to the correct accounts.

CCE-4796-9
The "increase scheduling priority" user right should be assigned to the correct accounts.

CCE-5018-7
Auditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate.

CCE-5101-1
IP Source Routing should be properly configured for IPv6.

CCE-4970-0
The "synchronize directory service data" user right should be assigned to the correct accounts.

CCE-2979-3
Hide mechanisms to remove zone information is set correcly.

CCE-18588-4
The 'Audit Credential Validation' setting should be configured correctly.

CCE-3394-4
RPC Endpiont Mapper Client Authentication (SP2 only)

CCE-2858-9
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-3283-9
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-2825-8
The "Remotely accessible registry paths" policy should be set correctly.

CCE-3437-1
Do not preserve zone information in file attachments is set correcly.

CCE-3953-7
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-3500-6
The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly.

CCE-3272-2
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-4761-3
Computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender should be enabled or disabled as appropriate.

CCE-18129-7
The Windows Vista 'Telnet Client' feature should be turned on or off as appropriate.

CCE-4651-6
The "Increase a Process Working Set" setting should be configured correctly.

CCE-5004-7
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.

CCE-4088-1
The "act as part of the operating system" user right should be assigned to the correct accounts.

CCE-3173-2
Display Last User Name in Logon Screen should be properly configured.

CCE-4904-9
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-3380-3
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-3075-9
The "Maximum machine account password age" policy should be set correctly.

CCE-2519-7
The amount of idle time required before disconnecting a session should be set correctly.

CCE-3271-4
The "Turn on session logging" setting should be configured correctly.

CCE-2376-2
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-4991-6
The "Set Safe for Scripting" policy should be set correctly.

CCE-4673-0
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

CCE-4915-5
The "Disable Logging" setting should be configured correctly.

CCE-4382-8
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

CCE-3086-6
Logon - Do not process the run once list

CCE-3220-1
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-3364-7
Turn off Internet download for Web publishing and online ordering wizards

CCE-18715-3
The 'Allow users to connect remotely using Terminal Services' setting should be configured correctly.

CCE-3450-4
Audit: Force audit policy subcategory settings are set correcly.

CCE-4962-7
The "profile single process" user right should be assigned to the correct accounts.

CCE-18388-9
The 'Enable/Disable PerfTrack' setting should be configured correctly.

CCE-3341-5
The "Report Logon Server Not Available During User logon" setting should be configured correctly.

CCE-4201-0
Auditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate.

CCE-5047-6
Auditing of "System: System Integrity" events on success should be enabled or disabled as appropriate.

CCE-18279-0
The Windows Vista 'Internet Information Services' feature should be turned on or off as appropriate.

CCE-2477-8
The "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.

CCE-3001-5
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-3232-6
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-3330-8
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

CCE-3376-1
The "Allow indexing of encrypted files" setting should be configured correctly.

CCE-3168-2
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-4973-4
The "bypass traverse checking" user right should be assigned to the correct accounts.

CCE-3255-7
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

CCE-2838-1
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-4898-3
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-3363-9
The "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" should be set correctly

CCE-4940-3
The "LDAP client signing requirements" policy should be set correctly.

CCE-5048-4
Auditing of "Account Management: Security Group Management" events on success should be enabled or disabled as appropriate.

CCE-4334-9
The "access this computer from the network" user right should be assigned to the correct accounts.

CCE-3954-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-8404-6
The default behavior for AutoRun should be properly configured.

CCE-4093-1
Auditing of "Account Management: Computer Account Management" events on success should be enabled or disabled as appropriate.

CCE-4535-1
Auditing of "System: Security State Change" events on success should be enabled or disabled as appropriate.

CCE-4300-0
Auditing of "Privilege Use: Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-4656-5
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-4213-5
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-3398-5
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-5264-7
The "Screen Saver Executable Name" setting should be configured correctly for the current user.

CCE-4841-3
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-3023-9
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-4083-2
The "log on as a batch job" user right should be assigned to the correct accounts.

CCE-4569-0
The "shut down the system" user right should be assigned to the correct accounts.

CCE-4907-2
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ...

CCE-4851-2
The "Turn off Help Ratings" setting should be configured correctly.

CCE-3045-2
The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.

CCE-3482-7
The "Do not allow Digital Locker to run" setting should be configured correctly.

CCE-4863-7
The "change the system time" user right should be assigned to the correct accounts.

CCE-18913-4
The 'Do not use temporary folders per session' setting should be configured correctly.

CCE-5146-6
The ISATAP tunneling protocol for IPv6 should be enabled or disabled as appropriate.

CCE-18891-2
The Windows Vista 'Games' feature should be turned on or off as appropriate.

CCE-3230-0
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-2785-4
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-3143-5
The "Prevent indexing uncached Exchange folders" setting should be configured correctly.

CCE-5034-4
The "Disable Windows Error Reporting" setting should be configured correctly.

CCE-3120-3
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3429-8
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-2719-3
Autoplay on all Drive Types should be properly configured.

CCE-3240-9
The "minimum password age" policy should meet minimum requirements.

CCE-3177-3
The "account lockout threshold" policy should meet minimum requirements.

CCE-2323-4
The "enforce password history" policy should meet minimum requirements.

CCE-3361-3
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-3033-8
The "password must meet complexity requirments" policy should be set correctly.

CCE-2883-7
The "minimum password length" policy should meet minimum requirements.

CCE-2697-1
The "Turn Off Internet File Association Service" setting should be configured correctly.

CCE-3252-4
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-3460-3
MSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted

CCE-3142-7
The TCP/IP KeepAlive Time should be set correctly .

CCE-4919-7
The "Display Error Notification" setting should be configured correctly.

CCE-3115-3
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.

CCE-18987-8
The 'Turn off game updates' setting should be configured correctly.

CCE-3138-5
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-5043-5
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-3093-2
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-7716-4
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-3311-8
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-18624-7
The Windows Vista 'SimpleTCP Services' feature should be turned on or off as appropriate.

CCE-3259-9
Turn off the Windows Messenger Customer Experience Improvement Program

CCE-3432-2
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-2521-3
The "Turn off the communitication features" setting should be configured correctly.

CCE-4921-3
Auditing of "Object Access: File System" events on success should be enabled or disabled as appropriate.

CCE-4048-5
The "modify firmware environment values" user right should be assigned to the correct accounts.

CCE-3367-0
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-4833-0
Auditing of "Account Management: User Account Management" events on success should be enabled or disabled as appropriate.

CCE-3379-5
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-18700-5
The Windows Vista 'TFTP Client' feature should be turned on or off as appropriate.

CCE-4267-1
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-4955-1
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.

CCE-3125-2
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-3969-3
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-3212-8
The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

CCE-2457-0
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-2359-8
The built-in Guest account should be correctly named.

CCE-3452-0
Group Policy - Registry policy processing

CCE-2754-0
Turn off downloading of print drivers over HTTP

CCE-4757-1
The "create a pagefile" user right should be assigned to the correct accounts.

CCE-4867-8
The "deny logon as a service" user right should be assigned to the correct accounts.

CCE-3486-8
The "Prevent Windows Media DRM Internet Access" setting should be configured correctly.

CCE-3244-1
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-4877-7
Auditing of "Policy Change: Authentication Policy Change" events on success should be enabled or disabled as appropriate.

CCE-4854-6
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

CCE-2962-9
The "Turn off Heap termination on corruption" setting should be configured correctly.

CCE-2380-4
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-4988-2
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

CCE-4612-8
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ...

CCE-4889-2
The "deny logon locally" user right should be assigned to the correct accounts.

CCE-3464-5
The "Do not create system restore point when new device driver installed" setting should be configured correctly.

CCE-4488-3
The "generate security audits" user right should be assigned to the correct accounts.

CCE-4038-6
The "log on as a service" user right should be assigned to the correct accounts.

CCE-4976-7
Auditing of "System: Ipsec Driver" events on success should be enabled or disabled as appropriate.

CCE-4722-5
The "deny logon as a batch job" user right should be assigned to the correct accounts.

CCE-3331-6
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-4866-0
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-2852-2
The "Reschedule Automatic Updates scheduled installations" should be set correctly

CCE-3279-7
IRDP should be properly configured.

CCE-3349-8
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-3303-5
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-4020-4
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.

CCE-4089-9
The "Do not send additional data" setting should be configured correctly.

CCE-18414-3
The 'Do not delete temp folder upon exit' setting should be configured correctly.

CCE-3270-6
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.

CCE-18689-0
The Windows Vista 'Windows Media Center' feature should be turned on or off as appropriate.

CCE-4285-3
The "Modify an object label" user right should be assigned to the appropriate accounts.

CCE-4405-7
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.

CCE-4077-4
The "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile.

CCE-3160-9
Restrictions for Unauthenticated RPC clients (SP2 only)

CCE-4152-5
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

CCE-3469-4
The "Require a Password when a Computer Wakes (Plugged)" setting should be configured correctly.

CCE-3217-7
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ...

CCE-4372-9
The "replace a process-level token" user right should be assigned to the correct accounts.

CCE-2778-9
Turn off Search Companion content file updates

CCE-4792-8
The "Create global objects" user right should be assigned to the correct accounts.

CCE-2755-7
The "Turn Off Downloading of Game Information" setting should be configured correctly.

CCE-2525-4
The "Turn off Windows Mail application" setting should be configured correctly.

CCE-3325-8
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-5170-6
Auditing of "System: Security System Extension" events on success should be enabled or disabled as appropriate.

CCE-4902-3
The "Create a token object" user right should be assigned to the correct accounts.

CCE-4925-4
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.

CCE-3348-0
The "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.

CCE-3314-2
The "Message title for users attempting to log on" policy should be set correctly.

CCE-2975-1
The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.

CCE-3292-0
The "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.

CCE-4618-5
The "profile system performance" user right should be assigned to the correct accounts.

CCE-4694-6
The "Enable Error Reporting" policy should be set correctly.

CCE-3239-1
ICMP Redirects should be properly configured.

CCE-4813-2
Use Classic Logon should be properly configured.

CCE-4629-2
The "Enable User Control Over Installs" policy should be set correctly.

CCE-3456-1
The "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.

CCE-4922-1
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-3072-6
Automatic Logon should be properly configured.

CCE-5007-0
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-2821-7
The "Require a Password when a Computer Wakes (On Battery)" setting should be configured correctly.

CCE-4166-5
Auditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate.

CCE-3336-5
The "Message text for users attempting to log on" policy should be set correctly.

CCE-4264-8
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-4704-3
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

CCE-3421-5
Turn off printing over HTTP

CCE-18284-0
The Windows Vista 'Telnet Server' feature should be turned on or off as appropriate.

CCE-3181-5
Security Audit log warning level should be properly configured.

CCE-4956-9
Auditing of "Logon/Logoff: Special Logon" events on success should be enabled or disabled as appropriate.

CCE-2471-1
Enumerate administrator accounts on elevation

CCE-5008-8
The "Change the time zone" user right should be assigned to the appropriate accounts.

CCE-4583-1
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-5061-7
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).

CCE-4046-9
The "manage auditing and security log" user right should be assigned to the correct accounts.

CCE-2868-8
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.

CCE-3323-3
Configure Solicited Remote Assistance This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messag ...

CCE-3248-2
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-3300-1
Notify antivirus programs when opening attachments is set correcly.

CCE-4594-8
Auditing of "Object Access: Registry" events on success should be enabled or disabled as appropriate.

CCE-4011-3
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

CCE-3358-9
The "Configure Automatic Updates" should be set correctly

CCE-4703-5
Auditing of "Logon/Logoff: Logoff" events on success should be enabled or disabled as appropriate.

CCE-3082-5
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-3214-4
The "Override the More Gadgets Link" setting should be configured correctly.

CCE-3468-6
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.

CCE-9487-0
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9301-3
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

CCE-5070-8
The "Prevent users from sharing files within their profile" setting should be configured correctly.

CCE-4016-2
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most co ...

CCE-4969-2
The "Behavior of the elevation prompt for standard users" setting should be configured correctly.

CCE-4184-8
The "create permanent shared objects" user right should be assigned to the correct accounts.

CCE-4317-4
The "lock pages in memory" user right should be assigned to the correct accounts.

CCE-4071-7
The "perform volume maintenance tasks" user right should be assigned to the correct accounts.

CCE-4827-2
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-4948-6
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-4034-5
The "load and unload device drivers" user right should be assigned to the correct accounts.

CCE-3307-6
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CCE-3164-1
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-3233-4
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3032-0
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-2715-1
The "reset account lockout counter after" policy should meet minimum requirements.

CCE-4290-3
The "Password protect the screen saver" setting should be configured correctly for the current user.

CCE-3050-2
The "Screen Saver Timeout" setting should be configured correctly for the current user.

CCE-4781-1
The "Remotely accessible registry paths and subpaths" policy should be set correctly.

CPE    1
cpe:/o:microsoft:windows_vista
*XCCDF
xccdf_gov.nist_benchmark_USGCB-Windows-Vista
OVAL    230
oval:gov.nist.usgcb.vista:def:8034
oval:gov.nist.usgcb.vista:def:8020
oval:gov.nist.usgcb.vista:def:8008
oval:gov.nist.usgcb.vista:def:10010
...

© SecPod Technologies