[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

153620

 
 

909

 
 

123403

 
 

162

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:9739
The host is missing an important security update according to MS bulletin, MS13-027 and is prone to an privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to properly handle objects in memory. Successful exploitation could allow attackers to run arbitrary co ...

oval:org.secpod.oval:def:9711
The host is missing a critical security update according to Microsoft bulletin, MS13-012 and is prone to multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10743
The host is missing a critical security update according to Microsoft Security bulletin MS13-028. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Succes ...

oval:org.secpod.oval:def:10740
The host is missing an important security update according to Microsoft security bulletin MS13-031. The update is required to fix multiple race condition vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow a ...

oval:org.secpod.oval:def:10734
The host is missing an important security update according to Microsoft security bulletin, MS13-036. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory and crafted files. Successful exploitation al ...

oval:org.secpod.oval:def:8179
The host is missing an important security update according to Microsoft security bulletin, MS12-083. The update is required to fix a security bypass vulnerability. A flaw is present in the IP-HTTPS Component, which fails to properly handle certificates. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:8180
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, Windows 8 or Windows Server 2012 and is prone to remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails ...

oval:org.secpod.oval:def:8181
The host is missing an important security update according to Microsoft bulletin, MS12-082. The update is required to fix remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails to properly handle specially crafted office documents. Successful exploitation allows at ...

oval:org.secpod.oval:def:8183
The host is missing a critical security update according to Microsoft security bulletin, MS12-081. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:8197
The host is missing a critical security update according to Microsoft security bulletin MS12-077. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:10966
The host is installed with Microsoft Windows Vista, Windows Server 2008 or R2 , Windows 7 SP1, Windows 8, Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could al ...

oval:org.secpod.oval:def:10968
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, Windows 7, Windows 8, Windows Server 2012 and is prone to a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Succe ...

oval:org.secpod.oval:def:8334
The host is missing an important security update according to MS bulletin, MS13-005 and is prone to an privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitation could allow attackers to take complete co ...

oval:org.secpod.oval:def:8336
The host is missing an important security update according to Microsoft bulletin, MS13-006. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. Successful exploitation allows at ...

oval:org.secpod.oval:def:39332
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:9239
The host is missing an important security update according to Microsoft bulletin, MS13-017. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successfu ...

oval:org.secpod.oval:def:9241
The host is missing an important security update according to Microsoft security bulletin MS13-018. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Successful exploitation could a ...

oval:org.secpod.oval:def:7929
The host is missing a critical security update according to Microsoft Security Bulletin, MS12-074. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and properly perform validations. Successful exploitation allows ...

oval:org.secpod.oval:def:9297
The host is missing a critical security update according to Microsoft security bulletin, MS13-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:9274
The host is missing an important security update according to Microsoft bulletin, MS13-016. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel-mode driver improperly handles objects in memor ...

oval:org.secpod.oval:def:19405
The Teredo Default Qualified machine setting should be configured correctly. This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Teredo enters a dormant state when not in use. The qualification process brings it out of a dorma ...

oval:org.secpod.oval:def:8843
The Turn off handwriting recognition error reporting machine setting should be configured correctly. Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates e ...

oval:org.secpod.oval:def:19406
The Set PNRP cloud to resolve only machine setting should be configured correctly for IPv6 Global. This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud. This policy setting forces computers to act as clients in peer-to-pe ...

oval:org.secpod.oval:def:8844
The Maximum Log Size (KB) machine setting should be configured correctly for the secirity log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maxim ...

oval:org.secpod.oval:def:19407
The Events.asp program machine setting should be configured correctly. This is the program that will be invoked when the user clicks the events.asp link. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program (2) KEY: HKLM\Software\Polici ...

oval:org.secpod.oval:def:8845
The System cryptography: Force strong key protection for user keys stored on the computer setting should be configured correctly. This policy setting determines whether users private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users m ...

oval:org.secpod.oval:def:19408
The Turn off Real-Time Monitoring machine setting should be configured correctly. Turns off Real-Time Protection prompts for known malware detection. Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer. If you enable this p ...

oval:org.secpod.oval:def:8846
The Turn off Program Inventory machine setting should be configured correctly. This policy controls the state of the Program Inventory collector in the system. The PDU inventories programs and files on the system and sends information about those files to Microsoft. This information is used to help ...

oval:org.secpod.oval:def:19401
The Limit the age of files in the BITS Peercache machine setting should be configured correctly. This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) Peercache. In order to make the most efficient use of disk space, by default BITS removes any fi ...

oval:org.secpod.oval:def:19402
The Turn Off user-installed desktop gadgets machine setting should be configured correctly. This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windows will not run any user-installed gadgets. If you disable or do not configur ...

oval:org.secpod.oval:def:8840
The MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning setting should be configured correctly. The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\\ SYSTEM\\CurrentControlSet\\Services\\Eventlog\ ...

oval:org.secpod.oval:def:19403
The Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery) machine setting should be configured correctly. Enables applications and services to prevent the system from sleeping. If you enable this policy setting, an application or service may prevent the system from sleeping ...

oval:org.secpod.oval:def:8841
The User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting should be configured correctly. This policy setting controls the behavior of the elevation prompt for administrators. The options are: * Elevate without prompting: Allows privileged accounts ...

oval:org.secpod.oval:def:19404
The Time (in seconds) to force reboot machine setting should be configured correctly. Set the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in access rights to removable storage devices. If you enable this setting, set the amount of seconds you want th ...

oval:org.secpod.oval:def:8842
The User Account Control: Admin Approval Mode for the Built-in Administrator account setting should be configured correctly. This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses A ...

oval:org.secpod.oval:def:19400
The Turn off System Restore machine setting should be configured correctly. Allows you to disable System Restore. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for t ...

oval:org.secpod.oval:def:8847
The Prevent Windows Media DRM Internet Access machine setting should be configured correctly. Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisit ...

oval:org.secpod.oval:def:8848
The Reset account lockout counter after setting should be configured correctly. This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset ti ...

oval:org.secpod.oval:def:8849
The Turn off Registration if URL connection is referring to Microsoft.com machine setting should be configured correctly. Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users from connecting to Microsoft.com ...

oval:org.secpod.oval:def:19416
The Turn off tracking of last play time of games in the Games folder machine setting should be configured correctly. Tracks the last play time of games in the Games folder. If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the G ...

oval:org.secpod.oval:def:8854
The ISATAP State machine setting should be configured correctly. This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unic ...

oval:org.secpod.oval:def:19417
The Prevent installation of devices that match any of these device IDs machine setting should be configured correctly. This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes p ...

oval:org.secpod.oval:def:8855
The Maximum Log Size (KB) machine setting should be configured correctly for the application log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the ma ...

oval:org.secpod.oval:def:19418
The Prevent Video Smoothing machine setting should be configured correctly. Prevents video smoothing from occurring. This policy prevents video smoothing, which can improve video playback on computers with limited resources, from occurring. In addition, the Use Video Smoothing check box in the Vide ...

oval:org.secpod.oval:def:8856
The Prohibit Access of the Windows Connect Now wizards machine setting should be configured correctly. This policy setting prohibits access to Windows Connect Now (WCN) wizards. If this policy setting is enabled, the wizards are disabled and users will have no access to any of the wizard tasks. All ...

oval:org.secpod.oval:def:19419
The Windows Scaling Heuristics State machine setting should be configured correctly. Windows Scaling Heuristics is a algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly. If this setting ...

oval:org.secpod.oval:def:8857
The Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) machine setting should be configured correctly. This policy setting allows users who are connected to the Int ...

oval:org.secpod.oval:def:19412
The Override print driver execution compatibility setting reported by print driver machine setting should be configured correctly. This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print dri ...

oval:org.secpod.oval:def:8850
The Set time limit for disconnected sessions machine setting should be configured correctly. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session ...

oval:org.secpod.oval:def:19413
The Teredo Refresh Rate machine setting should be configured correctly. This policy setting allows you to configure the Teredo refresh rate. Note: On a periodic basis (by default, every 30 seconds), Teredo clients send a single Router Solicitation packet to the Teredo server. The Teredo server send ...

oval:org.secpod.oval:def:8851
The "Turn off Autoplay" machine setting should be configured correctly.

oval:org.secpod.oval:def:19414
The Automatic Updates detection frequency machine setting should be configured correctly. Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait time is determined by using the hours specified here minus zero to twenty percent o ...

oval:org.secpod.oval:def:8852
The Do not allow supported Plug and Play device redirection machine setting should be configured correctly. This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By ...

oval:org.secpod.oval:def:19415
The All Removable Storage classes: Deny all access machine setting should be configured correctly. Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes, use the policy settings ava ...

oval:org.secpod.oval:def:8853
The Turn off Internet download for Web publishing and online ordering wizards machine setting should be configured correctly. Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a list of companie ...

oval:org.secpod.oval:def:19410
The Disallow Negotiate authentication machine setting should be configured correctly for the WinRM client. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. If you enable this policy setting, the WinRM client will use Basic auth ...

oval:org.secpod.oval:def:19411
The Turn off Program Compatibility Assistant machine setting should be configured correctly. This policy controls the state of the Program Compatibility Assistant in the system. The PCA monitors user initiated programs for known compatibility issues at run time. Whenever a potential issue with an a ...

oval:org.secpod.oval:def:8858
The Maximum Log Size (KB) machine setting should be configured correctly for the system log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum ...

oval:org.secpod.oval:def:8859
The Configuration of wireless settings using Windows Connect Now machine setting should be configured correctly. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPn ...

oval:org.secpod.oval:def:19409
The Limit the maximum network bandwidth used for Peercaching machine setting should be configured correctly. This setting limits the network bandwidth that BITS uses for peercache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer ...

oval:org.secpod.oval:def:8821
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.

oval:org.secpod.oval:def:8822
The Network access: Restrict anonymous access to Named Pipes and Shares setting should be configured correctly. When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network ...

oval:org.secpod.oval:def:8823
The MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) setting should be configured correctly. The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Serv ...

oval:org.secpod.oval:def:8824
The Network access: Named Pipes that can be accessed anonymously setting should be configured correctly. This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Fix: (1) GPO: Computer Configuration\Windows Settings\Securi ...

oval:org.secpod.oval:def:8820
The Interactive logon: Prompt user to change password before expiration setting should be configured correctly. This policy setting determines how far in advance users are warned that their password will expire. Microsoft recommends that you configure this policy setting to 14 days to sufficiently ...

oval:org.secpod.oval:def:8829
The Microsoft network client: Digitally sign communications (always) setting should be configured correctly. This policy setting determines whether packet signing is required by the SMB client component. If you enable this policy setting, the Microsoft network client computer cannot communicate wit ...

oval:org.secpod.oval:def:8825
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

oval:org.secpod.oval:def:8826
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8827
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8828
The 'Remove computer from docking station' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8832
The Redirect only the default client printer machine setting should be configured correctly. This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions. If you enable this policy setting, only the default client pr ...

oval:org.secpod.oval:def:8833
The Microsoft network server: Digitally sign communications (if client agrees) setting should be configured correctly. This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no sig ...

oval:org.secpod.oval:def:8834
The Turn off heap termination on corruption machine setting should be configured correctly. Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: ( ...

oval:org.secpod.oval:def:8835
The Microsoft network server: Disconnect clients when logon hours expire setting should be configured correctly. This policy setting determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours. It affects the SMB component. If you ena ...

oval:org.secpod.oval:def:8830
The Microsoft network client: Digitally sign communications (if server agrees) setting should be configured correctly. This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. The implementation of digital signing in Windows-based networks helps to prevent ...

oval:org.secpod.oval:def:8831
The built-in Administrator account should be correctly named. The built-in local administrator account is a well-known account name that attackers will target. Microsoft recommends to choose another name for this account, and to avoid names that denote administrative or elevated access accounts. Be ...

oval:org.secpod.oval:def:8836
The Network security: LAN Manager authentication level setting should be configured correctly. LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sh ...

oval:org.secpod.oval:def:8837
The System objects: Require case insensitivity for non-Windows subsystems setting should be configured correctly. This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32 subsystem is case insensitive. However, the kernel supports case sensitivit ...

oval:org.secpod.oval:def:8838
The Microsoft network server: Digitally sign communications (always) setting should be configured correctly. This policy setting determines if the server side SMB service is required to perform SMB packet signing. Enable this policy setting in a mixed environment to prevent downstream clients from ...

oval:org.secpod.oval:def:8839
The System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) setting should be configured correctly. This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be l ...

oval:org.secpod.oval:def:19449
The Domain Controller Address Type Returned machine setting should be configured correctly. The Domain Controller (DC) Locator APIs return IP address of the DC with the other part of the information. Before the support of IPv6, the returned DC IP address was IPv4. But with the support of IPv6, the ...

oval:org.secpod.oval:def:8800
The Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider machine setting should be configured correctly. Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users ...

oval:org.secpod.oval:def:8801
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8802
The "add workstations to domain" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:19445
The Maximum wait time for Group Policy scripts machine setting should be configured correctly. Determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon, logoff, startup, and shutdown scripts applied by Group Policy to ...

oval:org.secpod.oval:def:19446
The Enable user to use media source while elevated machine setting should be configured correctly. Allows users to install programs from removable media, such as floppy disks and CD-ROMs, during privileged installations. This setting permits all users to install programs from removable media, even ...

oval:org.secpod.oval:def:19447
The CD and DVD: Deny read access machine setting should be configured correctly. This policy setting denies read access to the CD and DVD removable storage class. If you enable this policy setting, read access will be denied to this removable storage class. If you disable or do not configure this p ...

oval:org.secpod.oval:def:19448
The Hide entry points for Fast User Switching machine setting should be configured correctly. By enabling the policy, Administrators hide the Switch user button in the Logon UI, the Start menu and the Task Manager. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Logon\Hide en ...

oval:org.secpod.oval:def:19441
The Server Authentication Certificate Template machine setting should be configured correctly. This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is neede ...

oval:org.secpod.oval:def:8807
The Devices: Allow undock without having to log on setting should be configured correctly. This policy setting determines whether a portable computer can be undocked if the user does not log on to the system. Enable this policy setting to eliminate a Logon requirement and allow use of an external h ...

oval:org.secpod.oval:def:19442
The DNS Suffix Search List machine setting should be configured correctly. Determines the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An unqualified single-label name contains no dots, such as "example". This is different from ...

oval:org.secpod.oval:def:8808
The MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) setting should be configured correctly. This entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE. IP source rout ...

oval:org.secpod.oval:def:19443
The Allow Applications to Prevent Automatic Sleep (Plugged In) machine setting should be configured correctly. Allow applications and services to prevent automatic sleep. If you enable this policy setting, any application, service or device driver may prevent Windows from automatically transitionin ...

oval:org.secpod.oval:def:8809
The Turn off Search Companion content file updates machine setting should be configured correctly. Specifies whether Search Companion should automatically download content updates during local and Internet searches. When the user searches the local machine or the Internet, Search Companion occasion ...

oval:org.secpod.oval:def:19444
The Allow Standby States (S1-S3) When Sleeping (On Battery) machine setting should be configured correctly. Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy ...

oval:org.secpod.oval:def:8803
The User Account Control: Virtualize file and registry write failures to per-user locations setting should be configured correctly. This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates application ...

oval:org.secpod.oval:def:8804
The Domain member: Digitally encrypt or sign secure channel data (always) setting should be configured correctly. This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted. If a system is set to always encrypt or sign secure ...

oval:org.secpod.oval:def:8805
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:19440
The Select the Sleep Button Action (On Battery) machine setting should be configured correctly. Specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select the ...

oval:org.secpod.oval:def:8806
The Restrictions for Unauthenticated RPC clients machine setting should be configured correctly. If you enable this setting, it directs the RPC Runtime on an RPC server to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticat ...

oval:org.secpod.oval:def:8810
The 'Change the time zone' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:7964
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:8811
The System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies setting should be configured correctly. This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run ...

oval:org.secpod.oval:def:8812
The Domain member: Maximum machine account password age setting should be configured correctly. This policy setting determines the maximum allowable age for a computer account password. By default, domain members automatically change their domain passwords every 30 days. If you increase this interv ...

oval:org.secpod.oval:def:7966
The Screen Saver timeout setting should be configured correctly.

oval:org.secpod.oval:def:8813
The Store passwords using reversible encryption setting should be configured correctly. This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the users passwor ...

oval:org.secpod.oval:def:19456
The Allow users to connect remotely using Remote Desktop Services machine setting should be configured correctly. This policy setting allows you to configure remote access to computers using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop User ...

oval:org.secpod.oval:def:19457
The Do not allow the computer to act as a BITS Peercaching server machine setting should be configured correctly. This setting specifies whether the computer will act as a BITS peercaching server. By default, when BITS peercaching is enabled, the computer acts as both a peercaching server (offering ...

oval:org.secpod.oval:def:19458
The Do not display Manage Your Server page at logon machine setting should be configured correctly. This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting, the Manage Your Server page is not displayed each time an administr ...

oval:org.secpod.oval:def:19459
The Enable Windows NTP Server machine setting should be configured correctly. Specifies whether the Windows NTP Server is enabled. Enabling the Windows NTP Server allows your computer to service NTP requests from other machines. Fix: (1) GPO: Computer Configuration\Administrative Templates\System ...

oval:org.secpod.oval:def:7962
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:19452
The Allow Remote Shell Access machine setting should be configured correctly. Configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections will be rejected by the server. If you disable or do not configure this policy setting, new remote sh ...

oval:org.secpod.oval:def:8818
The User Account Control: Only elevate executables that are signed and validated setting should be configured correctly. This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can ...

oval:org.secpod.oval:def:19453
The Configure Report Queue machine setting should be configured correctly. This setting determines the behavior of the Windows Error Reporting queue. If Queuing behavior is set to "Default", Windows will decide each time a problem occurs whether the report should be queued or the user sho ...

oval:org.secpod.oval:def:8819
The Interactive logon: Number of previous logons to cache (in case domain controller is not available) setting should be configured correctly. This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be ...

oval:org.secpod.oval:def:19454
The Package Point and print - Approved servers machine setting should be configured correctly. Restricts package point and print to approved servers. This policy setting restricts package point and print connections to approved servers. This setting only applies to Package Point and Print connectio ...

oval:org.secpod.oval:def:19455
The Limit reservable bandwidth machine setting should be configured correctly. Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system. By default, the Packet Scheduler limits the syst ...

oval:org.secpod.oval:def:8814
The Enable user control over installs machine setting should be configured correctly. Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. It permits installations to comple ...

oval:org.secpod.oval:def:8815
Administrators may create symbolic links

oval:org.secpod.oval:def:19450
The Do not allow manual configuration of iSNS servers machine setting should be configured correctly. If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added an ...

oval:org.secpod.oval:def:8816
The 'System settings: Optional subsystems' setting should be configured correctly.

oval:org.secpod.oval:def:19451
The Non-conforming packets machine setting should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets. If you ...

oval:org.secpod.oval:def:8817
The 'Debug programs' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:19427
The Turn off access to the performance center core section machine setting should be configured correctly. Removes access to the performance center control panel page. If you enable this setting, some settings within the performance control panel page will not be displayed. The administrative tools ...

oval:org.secpod.oval:def:19428
The Disallow optical media as backup target machine setting should be configured correctly. This policy setting allows you to manage whether backups of a machine can run to an optical media or not. If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Ba ...

oval:org.secpod.oval:def:19429
The Specify the System Hibernate Timeout (On Battery) machine setting should be configured correctly. Specifies the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should ...

oval:org.secpod.oval:def:19423
The Hide previous versions list for local files machine setting should be configured correctly. This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media. If this policy set ...

oval:org.secpod.oval:def:19424
The Allow restore of system to default state machine setting should be configured correctly. This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not co ...

oval:org.secpod.oval:def:19425
The Do not allow adding new targets via manual configuration machine setting should be configured correctly. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and alre ...

oval:org.secpod.oval:def:19426
The Do not automatically encrypt files moved to encrypted folders machine setting should be configured correctly. Prevents Windows Explorer from encrypting files that are moved to an encrypted folder. If you disable this setting or do not configure it, Windows Explorer automatically encrypts files ...

oval:org.secpod.oval:def:19420
The Limit maximum display resolution machine setting should be configured correctly. This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session ...

oval:org.secpod.oval:def:19421
The Teredo Server Name machine setting should be configured correctly. This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied. If you enable this policy setting, you can specify a Tere ...

oval:org.secpod.oval:def:19422
The Removable Disks: Deny execute access machine setting should be configured correctly. This policy setting denies execute access to removable disks. If you enable this policy setting, execute access will be denied to this removable storage class. If you disable or do not configure this policy set ...

oval:org.secpod.oval:def:19438
The Disable delete notifications on all volumes machine setting should be configured correctly. Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation. A value of 0, the default, will enable delete notifications for all ...

oval:org.secpod.oval:def:19439
The Choose drive encryption method and cipher strength machine setting should be configured correctly. This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption ...

oval:org.secpod.oval:def:19434
The Turn off Help and Support Center "Did you know?" content machine setting should be configured correctly. Specifies whether to show the Did you know? section of Help and Support Center. This content is dynamically updated when users who are connected to the Internet open Help and Suppo ...

oval:org.secpod.oval:def:19435
The Force Rediscovery Interval machine setting should be configured correctly. The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller, it caches domain controllers to improve the e ...

oval:org.secpod.oval:def:19436
The Allow installation of devices using drivers that match these device setup classes machine setting should be configured correctly. This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is allowed to install. Use ...

oval:org.secpod.oval:def:19437
The Turn Off Non Volatile Cache Feature machine setting should be configured correctly. Turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system, from the device manager, right click the disk drive and select ...

oval:org.secpod.oval:def:19430
The Positive Periodic DC Cache Refresh for Background Callers machine setting should be configured correctly. Determines when a successful DC cache entry is refreshed. This setting is applied to caller programs that periodically attempt to locate DCs, and it is applied before the returning the DC i ...

oval:org.secpod.oval:def:19431
The Minimum Idle Connection Timeout for RPC/HTTP connections machine setting should be configured correctly. Directs the RPC Runtime to assume the specified timeout as the idle connection timeout even if the IIS server running the RPC HTTP proxy is configured with a higher timeout. If the IIS serve ...

oval:org.secpod.oval:def:19432
The Use mandatory profiles on the RD Session Host server machine setting should be configured correctly. This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server. If you enable this policy sett ...

oval:org.secpod.oval:def:19433
The Configure TPM platform validation profile machine setting should be configured correctly. This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer ...

oval:org.secpod.oval:def:18953
Auditing of Object Access: Handle Manipulation events on success should be enabled or disabled as appropriate. This subcategory reports when a handle to an object is opened or closed. Only objects with SACLs cause these events to be generated, and only if the attempted handle operation matches the ...

oval:org.secpod.oval:def:18952
The Disallow changing of geographic location machine setting should be configured correctly. This policy prevents users from changing their user geographical location (GeoID). If this policy is Enabled, then the user cannot change their geographical location (GeoID) If the policy is Disabled or Not ...

oval:org.secpod.oval:def:18951
Rights to activate or launch DCOM applications should be assigned as appropriate. This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can us ...

oval:org.secpod.oval:def:18950
The Turn off creation of System Restore Checkpoints machine setting should be configured correctly. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, the Windows Installer automatically creates a S ...

oval:org.secpod.oval:def:18957
The Devices: Restrict floppy access to locally logged-on user only setting should be configured correctly. This policy setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on ...

oval:org.secpod.oval:def:18956
The Only use Package Point and print machine setting should be configured correctly. This policy restricts clients computers to use package point and print only. If this setting is enabled, users will only be able to point and print to printers that use package-aware drivers. When using package poi ...

oval:org.secpod.oval:def:18955
The Prevent restoring remote previous versions machine setting should be configured correctly. This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share. If this setting is enabled, then the Resto ...

oval:org.secpod.oval:def:18954
The Sets how often a DFS Client discovers DC's machine setting should be configured correctly. Allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on their network. By default, a DFS client attempts to discover domain controllers every 15 ...

oval:org.secpod.oval:def:18949
The Encrypt the Offline Files cache machine setting should be configured correctly. This setting determines whether offline files are encrypted. Offline files reside on a user's hard drive, not the network, and they are stored in a local cache on the computer. Encrypting this cache enhances se ...

oval:org.secpod.oval:def:18948
The Set the Remote Desktop licensing mode machine setting should be configured correctly. This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. You can use this policy setting to sele ...

oval:org.secpod.oval:def:18947
Auditing of System: Security State Change events on failure should be enabled or disabled as appropriate. Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system. Changes in the security state of the operating system include ...

oval:org.secpod.oval:def:18964
The Timeout for fast user switching events machine setting should be configured correctly. This policy setting specifies the number of seconds a pending fast-user switch event will remain active before the switch is initiated. By default, a fast user switch event is active for 10 seconds before bec ...

oval:org.secpod.oval:def:18963
Auditing of Audit system events on success should be enabled or disabled as appropriate. This security setting determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. If you define this policy s ...

oval:org.secpod.oval:def:18962
The Windows Firewall: Private: Apply local connection security rules setting should be configured correctly. This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Fix: (1) G ...

oval:org.secpod.oval:def:18961
The Sites Covered by the Application Directory Partition Locator DNS SRV Records machine setting should be configured correctly. Specifies the sites for which the domain controllers (DC) housing application directory partition should register the site-specific, application directory partition-speci ...

oval:org.secpod.oval:def:18968
The Wait for remote user profile machine setting should be configured correctly. Directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow. Also, the system waits for the remote copy when the user is notified about a slow connection, but does not ...

oval:org.secpod.oval:def:18967
The "Synchronize directory service data" setting should be configured correctly.

oval:org.secpod.oval:def:18966
The Primary DNS Suffix Devolution machine setting should be configured correctly. Determines whether the DNS client performs primary DNS suffix devolution in a name resolution process. When a user submits a query for a single-label name, such as "example", a local DNS client attaches a su ...

oval:org.secpod.oval:def:18965
The Turn off Tablet PC touch input machine setting should be configured correctly. Turn off Tablet PC touch input. Turns off touch input, which allows the user to interact with their computer using their finger. If you enable this setting, the user will not be able to produce input with touch. They ...

oval:org.secpod.oval:def:18960
The Retain old events machine setting should be configured correctly for the application log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: ...

oval:org.secpod.oval:def:18959
Auditing of Account Management: Security Group Management events on failure should be enabled or disabled as appropriate. Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. Tasks for secu ...

oval:org.secpod.oval:def:18958
The Sysvol share compatibility machine setting should be configured correctly. This setting controls whether or not the Sysvol share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. When this setting is en ...

oval:org.secpod.oval:def:18931
The Guaranteed service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (Service ...

oval:org.secpod.oval:def:18930
The Do not allow window animations machine setting should be configured correctly. This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maximizing windows. If you enable this setting, window animations will be turned off. If you disabl ...

oval:org.secpod.oval:def:18935
Auditing of Logon-Logoff: Other Logon/Logoff Events events on success should be enabled or disabled as appropriate. This subcategory reports other logon/logoff-related events, such as Terminal Services session disconnects and reconnects, using RunAs to run processes under a different account, and l ...

oval:org.secpod.oval:def:18934
The Define interoperable Kerberos V5 realm settings machine setting should be configured correctly. This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined by this policy setting. If you enable this policy setting, you can vie ...

oval:org.secpod.oval:def:18933
The Enable user to browse for source while elevated machine setting should be configured correctly. Allows users to search for installation files during privileged installations. This setting enables the Browse button in the "Use feature from" dialog box. As a result, users can search for ...

oval:org.secpod.oval:def:18932
The Execute print drivers in isolated processes machine setting should be configured correctly. This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a pri ...

oval:org.secpod.oval:def:18928
The Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers setting should be configured correctly. This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server. This policy is support ...

oval:org.secpod.oval:def:18927
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile. This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allo ...

oval:org.secpod.oval:def:18926
The Allow the Network Access Protection client to support the 802.1x Enforcement Client component machine setting should be configured correctly. This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component. If yo ...

oval:org.secpod.oval:def:18925
Auditing of Object Access: Kernel Object events on failure should be enabled or disabled as appropriate. Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores. Only kernel objec ...

oval:org.secpod.oval:def:18929
Auditing of Account Management: Computer Account Management events on success should be enabled or disabled as appropriate. This subcategory reports each event of computer account management, such as when a computer account is created, changed, deleted, renamed, disabled, or enabled. Events for thi ...

oval:org.secpod.oval:def:18942
The Deny log on through Remote Desktop Services user right should be assigned to the appropriate accounts. This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts ...

oval:org.secpod.oval:def:18941
The Set the Time interval in minutes for logging accounting data machine setting should be configured correctly. This setting directs the Accounting feature to log data on the accounting server at the specified time interval. If you enable this setting, Windows System Resource Manager (WSRM) will s ...

oval:org.secpod.oval:def:18940
The Domain member: Digitally encrypt secure channel data (when possible) setting should be configured correctly. This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the dom ...

oval:org.secpod.oval:def:18946
The Corporate DNS Probe Host Name machine setting should be configured correctly. This is the host name of a PC known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. Fix: (1) GPO: Computer Configuration\Administrati ...

oval:org.secpod.oval:def:18945
The Turn On Desktop Background Slideshow (Plugged In) machine setting should be configured correctly. Specify if Windows should enable the desktop background slideshow. If you enable this policy setting, desktop background slideshow is enabled. If you disable this policy setting, the desktop backgr ...

oval:org.secpod.oval:def:18944
Auditing of System: System Integrity events on failure should be enabled or disabled as appropriate. Audit System Integrity, which determines whether the operating system audits events that violate the integrity of the security subsystem. Activities that violate the integrity of the security subsys ...

oval:org.secpod.oval:def:18943
Auditing of System: Other System Events events on success should be enabled or disabled as appropriate. This subcategory reports on other system events. Events for this subcategory include: - 5024 : The Windows Firewall Service has started successfully. - 5025 : The Windows Firewall Service has be ...

oval:org.secpod.oval:def:18939
Auditing of Policy Change: Authentication Policy Change events on failure should be enabled or disabled as appropriate. Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy. Changes made to authentica ...

oval:org.secpod.oval:def:18938
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile. This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Fix: (1) GPO: Computer Configurat ...

oval:org.secpod.oval:def:18937
The Do not allow Windows Messenger to be run machine setting should be configured correctly. Allows you to disable Windows Messenger. If you enable this setting, Windows Messenger will not run. If you disable or do not configure this setting, Windows Messenger can be used. Fix: (1) GPO: Computer ...

oval:org.secpod.oval:def:18936
The Configure the list of blocked TPM commands machine setting should be configured correctly. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows. If you enable this policy setting, Windows will block the specified commands fr ...

oval:org.secpod.oval:def:18997
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile. This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow ...

oval:org.secpod.oval:def:8887
The Do Not Show First Use Dialog Boxes machine setting should be configured correctly. This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to se ...

oval:org.secpod.oval:def:18996
The Do not allow additional session logins machine setting should be configured correctly. If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent login ...

oval:org.secpod.oval:def:8888
The Turn off Microsoft Peer-to-Peer Networking Services machine setting should be configured correctly. This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the ...

oval:org.secpod.oval:def:18995
Auditing of Logon-Logoff: IPsec Main Mode events on failure should be enabled or disabled as appropriate. Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) du ...

oval:org.secpod.oval:def:8889
The Require domain users to elevate when setting a network's location machine setting should be configured correctly. This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable this policy setting, domain users must elevate when s ...

oval:org.secpod.oval:def:18994
The Configure the refresh interval for Server Manager machine setting should be configured correctly. This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with updated information about which server roles and features are installed and ...

oval:org.secpod.oval:def:8883
The Turn off downloading of print drivers over HTTP machine setting should be configured correctly. Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. Note: This setting does not prevent the ...

oval:org.secpod.oval:def:8884
The Do not send additional data machine setting should be configured correctly. If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user. Fix: (1) GPO: Computer Configuration\Adm ...

oval:org.secpod.oval:def:18999
Auditing of Logon-Logoff: IPsec Quick Mode events on failure should be enabled or disabled as appropriate. Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (Au ...

oval:org.secpod.oval:def:8885
The Turn off the Publish to Web task for files and folders machine setting should be configured correctly. Specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web, are available from File and Folder Tasks in Windows folders ...

oval:org.secpod.oval:def:18998
The Turn on certificate propagation from smart card machine setting should be configured correctly. This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. If you enable or do not configure this policy setting then certificate propagation will ...

oval:org.secpod.oval:def:8886
The Prevent device metadata retrieval from the Internet machine setting should be configured correctly. This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed dev ...

oval:org.secpod.oval:def:18993
The Turn on Software Notifications machine setting should be configured correctly. This policy setting allows you to control whether users see detailed enhanced notification messages about featured software from the Microsoft Update service. Enhanced notification messages convey the value and promo ...

oval:org.secpod.oval:def:18992
Auditing of Object Access: Registry events on failure should be enabled or disabled as appropriate. Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects. Audit events are generated only for objects that have configured sy ...

oval:org.secpod.oval:def:18991
The Select the network adapter to be used for Remote Desktop IP Virtualization machine setting should be configured correctly. This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should ...

oval:org.secpod.oval:def:18990
The Allow .rdp files from unknown publishers machine setting should be configured correctly. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer. If you enable or do not configure ...

oval:org.secpod.oval:def:8880
The Set time limit for active but idle Remote Desktop Services sessions machine setting should be configured correctly. This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnec ...

oval:org.secpod.oval:def:8881
The Do not allow smart card device redirection machine setting should be configured correctly. This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. If you enable this policy setting, Remote Desktop Services users cannot use a smart ca ...

oval:org.secpod.oval:def:8882
The Turn off shell protocol protected mode machine setting should be configured correctly. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. Th ...

oval:org.secpod.oval:def:8898
The Maximum Log Size (KB) machine setting should be configured correctly for the setup log. maximum size (in bytes) of setup log" Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) (2) KEY: HKLM\SOFTWARE\Policies\Mi ...

oval:org.secpod.oval:def:8899
The Solicited Remote Assistance machine setting should be configured correctly. This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also ...

oval:org.secpod.oval:def:8894
The Require a Password When a Computer Wakes (Plugged In) machine setting should be configured correctly. Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when ...

oval:org.secpod.oval:def:8895
The Set client connection encryption level machine setting should be configured correctly. Specifies whether to require the use of a specific encryption level to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this se ...

oval:org.secpod.oval:def:8896
The Disable Windows Error Reporting machine setting should be configured correctly. If this setting is enabled, Windows Error Reporting will not send any problem information to Microsoft. Additionally, solution information will not be available in the Action Center control panel. Fix: (1) GPO: Co ...

oval:org.secpod.oval:def:8897
The Do not allow drive redirection machine setting should be configured correctly. Specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default, an RD Session Host server maps client drives automatically upon connection. Mapped drive ...

oval:org.secpod.oval:def:8890
The Disable Logging machine setting should be configured correctly. If this setting is enabled Windows Error Reporting events will not be logged to the system event log. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging (2) K ...

oval:org.secpod.oval:def:8891
The Do not allow LPT port redirection machine setting should be configured correctly. Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from t ...

oval:org.secpod.oval:def:8892
The Offer Remote Assistance machine setting should be configured correctly. This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using ...

oval:org.secpod.oval:def:8893
The Configure Microsoft SpyNet Reporting machine setting should be configured correctly. Adjusts membership in Microsoft SpyNet. Microsoft SpyNet is the online community that helps you choose how to respond to potential spyware threats. The community also helps stop the spread of new spyware infect ...

oval:org.secpod.oval:def:18975
The Prioritize all digitally signed drivers equally during the driver ranking and selection process machine setting should be configured correctly. This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other val ...

oval:org.secpod.oval:def:8865
The Prevent Automatic Updates machine setting should be configured correctly. Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated ver ...

oval:org.secpod.oval:def:18974
Auditing of Object Access: Certification Services events on failure should be enabled or disabled as appropriate. Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed. Examples of AD ...

oval:org.secpod.oval:def:8866
The Always prompt for password upon connection machine setting should be configured correctly. Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, e ...

oval:org.secpod.oval:def:18973
Auditing of Logon-Logoff: IPsec Main Mode events on success should be enabled or disabled as appropriate. This subcategory reports the results of Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. Events for this subcategory include: - 4 ...

oval:org.secpod.oval:def:8867
The Route all traffic through the internal network machine setting should be configured correctly. This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly. When a remote client computer ...

oval:org.secpod.oval:def:18972
The Allow or Disallow use of the Offline Files feature machine setting should be configured correctly. Determines whether the Offline Files feature is enabled. This setting also disables the "Enable Offline Files" option on the Offline Files tab. This prevents users from trying to change ...

oval:org.secpod.oval:def:8868
The Do not allow clipboard redirection machine setting should be configured correctly. Specifies whether to prevent the sharing of clipboard contents (clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. You can use this setting to prevent ...

oval:org.secpod.oval:def:18979
The Turn off Multicast Bootstrap machine setting should be configured correctly for IPv6 Link Local. This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud. The Peer Name Resolution Protocol (PNRP) allows for d ...

oval:org.secpod.oval:def:8861
The Allow remote access to the Plug and Play interface machine setting should be configured correctly. This policy setting allows you to allow or deny remote access to the Plug and Play interface. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Device Installation\Allow remot ...

oval:org.secpod.oval:def:18978
Auditing of Logon-Logoff: IPsec Extended Mode events on success should be enabled or disabled as appropriate. This subcategory reports the results of AuthIP during Extended Mode negotiations. Events for this subcategory include: - 4978: During Extended Mode negotiation, IPsec received an invalid ne ...

oval:org.secpod.oval:def:8862
The Always use classic logon machine setting should be configured correctly. This setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain. Fix: (1) ...

oval:org.secpod.oval:def:18977
Auditing of Object Access: Handle Manipulation events on failure should be enabled or disabled as appropriate. Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.Only objects with configured system access co ...

oval:org.secpod.oval:def:8863
The Turn on session logging machine setting should be configured correctly. This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files will be generated. If you disable thi ...

oval:org.secpod.oval:def:18976
The Turn on logging machine setting should be configured correctly. This policy setting turns on logging. If you enable or do not configure this policy setting, then events can be written to this log. If the policy setting is disabled, then no new events can be logged. Events can always be read fro ...

oval:org.secpod.oval:def:8864
The Turn off Automatic Root Certificates Update machine setting should be configured correctly. Specifies whether to automatically update root certificates using the Windows Update Web site. Typically, a certificate is used when you use a secure Web site or when you send and receive secure e-mail. ...

oval:org.secpod.oval:def:18971
The Allow only system backup machine setting should be configured correctly. This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up. If you enable this policy setting, machine administrator/backup operator can backup o ...

oval:org.secpod.oval:def:8869
The Turn on Responder (RSPNDR) driver machine setting should be configured correctly. This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered ...

oval:org.secpod.oval:def:18970
The Permitted Managers machine setting should be configured correctly. This setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer. Simple Network Management Protocol is a protocol designed to give a user t ...

oval:org.secpod.oval:def:18969
The Tape Drives: Deny read access machine setting should be configured correctly. This policy setting denies read access to the Tape Drive removable storage class. If you enable this policy setting, read access will be denied to this removable storage class. If you disable or do not configure this ...

oval:org.secpod.oval:def:8860
The Turn off the Order Prints picture task machine setting should be configured correctly. Specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The "Order Prints Online" Wizard is used to download a list of providers and allow user ...

oval:org.secpod.oval:def:18986
The Disable Windows Installer machine setting should be configured correctly. Disables or restricts the use of Windows Installer. This setting can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. If you enable ...

oval:org.secpod.oval:def:8876
The Turn off Autoplay for non-volume devices machine setting should be configured correctly. If this policy is enabled, autoplay will not be enabled for non-volume devices like MTP devices. If you disable or not configure this policy, autoplay will continue to be enabled for non-volume devices. F ...

oval:org.secpod.oval:def:18985
Auditing of Audit privilege use events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user exercising a user right. If you define this policy setting, you can specify whether to audit successes, audit failures, or not au ...

oval:org.secpod.oval:def:8877
The Default behavior for AutoRun machine setting should be configured correctly. Sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an ...

oval:org.secpod.oval:def:18984
The Allow Delegating Fresh Credentials with NTLM-only Server Authentication machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via NTLM. ...

oval:org.secpod.oval:def:8878
The Enumerate administrator accounts on elevation machine setting should be configured correctly. By default administrator accounts are not displayed when attempting to elevate a running application. If you enable this policy setting, all local administrator accounts on the machine will be displaye ...

oval:org.secpod.oval:def:18983
Auditing of Object Access: File System events on failure should be enabled or disabled as appropriate. Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects. Audit events are generated only for objects that have conf ...

oval:org.secpod.oval:def:8879
The Prohibit non-administrators from applying vendor signed updates machine setting should be configured correctly. This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for ...

oval:org.secpod.oval:def:8872
The Turn off Windows Customer Experience Improvement Program machine setting should be configured correctly. The Windows Customer Experience Improvement Program will collect information about your hardware configuration and how you use our software and services to identify trends and usage patterns ...

oval:org.secpod.oval:def:18989
Auditing of Object Access: Other Object Access Events events on failure should be enabled or disabled as appropriate. Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects. For scheduler jobs, ...

oval:org.secpod.oval:def:8873
The 6to4 State machine setting should be configured correctly. This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 us ...

oval:org.secpod.oval:def:18988
The Best effort service type link layer (Layer-2) priority value should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Lay ...

oval:org.secpod.oval:def:8874
The Turn off printing over HTTP machine setting should be configured correctly. Specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This setting affects the client side of Internet pri ...

oval:org.secpod.oval:def:18987
The Final DC Discovery Retry Setting for Background Callers machine setting should be configured correctly. When applications performing periodic searches for domain controllers (DC) are unable to find a DC, the value set in this setting determines when retries are no longer allowed. For example, r ...

oval:org.secpod.oval:def:8875
The Require secure RPC communication machine setting should be configured correctly. Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication ...

oval:org.secpod.oval:def:18982
The Enable user to patch elevated products machine setting should be configured correctly. Allows users to upgrade programs during privileged installations. This setting permits all users to install patches, even when the installation program is running with elevated system privileges. Patches are ...

oval:org.secpod.oval:def:18981
The Specify maximum number of remote shells per user machine setting should be configured correctly. Configures maximum number of concurrent shells any user can remotely open on the same system. Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells. If you enable thi ...

oval:org.secpod.oval:def:18980
The Run logon scripts synchronously machine setting should be configured correctly. Directs the system to wait for the logon scripts to finish running before it starts the Windows Explorer interface program and creates the desktop. If you enable this setting, Windows Explorer does not start until t ...

oval:org.secpod.oval:def:8870
The Turn off Windows Update device driver search prompt machine setting should be configured correctly. Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. Note: This setting only has effect if "Turn off Windows Up ...

oval:org.secpod.oval:def:8871
The Prevent Windows from sending an error report when a device driver requests additional software during installation machine setting should be configured correctly. This policy allows you to prevent Windows from sending an error report when a device driver requests additional software during inst ...

oval:org.secpod.oval:def:19089
The Backup log automatically when full machine setting should be configured correctly for the setup log. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled. If you enable this policy set ...

oval:org.secpod.oval:def:19085
The Allow Basic authentication machine setting should be configured correctly for the WinRM service. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. If you enable this policy setting, the WinRM service ...

oval:org.secpod.oval:def:19086
The Configure RD Connection Broker server name machine setting should be configured correctly. This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session ...

oval:org.secpod.oval:def:19087
The Assign a default domain for logon machine setting should be configured correctly. This policy setting specifies a default logon domain which may be a different domain than the machine joined domain. Without this policy, at logon, if a user does not specify a domain for logon, the domain to whic ...

oval:org.secpod.oval:def:19088
The Exclude files from being cached machine setting should be configured correctly. This policy enables administrators to exclude certain file types from being made available offline. You need to specify file extensions of the file types that should be excluded. A user will then be unable to create ...

oval:org.secpod.oval:def:19081
The Turn off Windows Mail application machine setting should be configured correctly. Denies or allows access to the Windows Mail application. If you enable this setting, access to the Windows Mail application is denied. If you disable or do not configure this setting, access to the Windows Mail ap ...

oval:org.secpod.oval:def:19082
The Display a custom message title when device installation is prevented by a policy setting machine setting should be configured correctly. This policy setting allows you to display a custom message title in the notification balloon when a device installation is attempted and a policy setting prev ...

oval:org.secpod.oval:def:19083
The Do not allow changes to initiator CHAP secret machine setting should be configured correctly. If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\i ...

oval:org.secpod.oval:def:19084
The Directory pruning priority machine setting should be configured correctly. The pruning thread, which runs only on domain controllers, deletes printer objects from Active Directory if the printer that published the object does not respond to contact attempts. This process keeps printer informati ...

oval:org.secpod.oval:def:19080
The Prompt user when a slow network connection is detected machine setting should be configured correctly. This policy setting provides users with the ability to download their roaming profile, even when a slow network connection with their roaming profile server is detected. If you enable this pol ...

oval:org.secpod.oval:def:19096
The Events.asp program command line parameters machine setting should be configured correctly. This specifies the command line parameters that will be passed to the events.asp program. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program ...

oval:org.secpod.oval:def:19097
Auditing of Global Object Access Auditing: File System events on success should be enabled or disabled as appropriate. File System (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the file system for an entire computer. If you select the ...

oval:org.secpod.oval:def:19098
The Turn off Touch Panning machine setting should be configured correctly. Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch digitizer, by default users are able to scroll or pan inside a scrolling area by dragging up or down directly on the sc ...

oval:org.secpod.oval:def:19099
The Primary DNS Suffix Devolution Level machine setting should be configured correctly. This policy setting determines the Domain Name System (DNS) suffix devolution level that DNS clients will use, if the clients perform primary DNS suffix devolution in a name resolution process. When DNS suffix d ...

oval:org.secpod.oval:def:19092
The Turn Off Adaptive Display Timeout (Plugged In) machine setting should be configured correctly. Manages how Windows controls the setting that specifies how long a computer must be inactive before Windows turns off the computer's display. When this policy is enabled, Windows automatically ad ...

oval:org.secpod.oval:def:19093
The Limit maximum number of monitors machine setting should be configured correctly. This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can impr ...

oval:org.secpod.oval:def:19094
Auditing of Object Access: Filtering Platform Packet Drop events on failure should be enabled or disabled as appropriate. This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: - 5152: The ...

oval:org.secpod.oval:def:19095
The Disallow Kerberos authentication machine setting should be configured correctly for the WinRM service. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not accept Kerberos credentials over the network. If you enable this policy setting, the Win ...

oval:org.secpod.oval:def:19090
The Deny write access to removable drives not protected by BitLocker machine setting should be configured correctly. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all remo ...

oval:org.secpod.oval:def:19091
The Configure Network Options preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Network Options preference extension, and to turn on tracing for the Network Options extensi ...

oval:org.secpod.oval:def:19067
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile. Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any ...

oval:org.secpod.oval:def:19068
The Allow printers to be published machine setting should be configured correctly. Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer&ap ...

oval:org.secpod.oval:def:19069
The Maximum DC Discovery Retry Interval Setting for Background Callers machine setting should be configured correctly. When applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC, the value set in this setting determines the maximum retry interval allowed. Fo ...

oval:org.secpod.oval:def:19063
The Do not allow Digital Locker to run machine setting should be configured correctly. Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and ...

oval:org.secpod.oval:def:19064
The Use IP Address Redirection machine setting should be configured correctly. This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies ...

oval:org.secpod.oval:def:19065
Auditing of Object Access: Detailed File Share events on failure should be enabled or disabled as appropriate. Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is a ...

oval:org.secpod.oval:def:19066
Auditing of Logon-Logoff: Logoff events on success should be enabled or disabled as appropriate. This subcategory reports when a user logs off from the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged o ...

oval:org.secpod.oval:def:19060
The Prevent Media Sharing machine setting should be configured correctly. This policy prevents any user on this computer from sharing digital media content from Windows Media Player with other computers and devices that are on the same network. When this policy is disabled or not configured, anyone ...

oval:org.secpod.oval:def:19061
The Cache transforms in secure location on workstation machine setting should be configured correctly. Saves copies of transform files in a secure location on the local computer. Transform files consist of instructions to modify or customize a program during installation. If you enable this setting ...

oval:org.secpod.oval:def:19062
The Disable logging via package settings machine setting should be configured correctly. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package. This setting controls Windows Installer's processing of this property. ...

oval:org.secpod.oval:def:19078
The Prohibit patching machine setting should be configured correctly. Prevents users from using Windows Installer to install patches. Patches are updates or upgrades that replace only those program files that have changed. Because patches can be easy vehicles for malicious programs, some installati ...

oval:org.secpod.oval:def:19079
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile. Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbo ...

oval:org.secpod.oval:def:19074
Auditing of Logon-Logoff: Logoff events on failure should be enabled or disabled as appropriate. Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer. These events are related to the creation of logon sessions and occur on th ...

oval:org.secpod.oval:def:19075
The Run these programs at user logon machine setting should be configured correctly. Specifies additional programs or documents that Windows starts automatically when a user logs on to the system. To specify values for this setting, click Show. In the Show Contents dialog box in the Value column, ...

oval:org.secpod.oval:def:19076
The Maximum Log File Size machine setting should be configured correctly. Specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled. By default, the maximum size of the log file is 20MB. If this policy is enabled, the maximum size of th ...

oval:org.secpod.oval:def:19077
Auditing of System: Other System Events events on failure should be enabled or disabled as appropriate. Audit Other System Events, which determines whether the operating system audits various system events. The system events in this category include: * Startup and shutdown of the Windows Firewall s ...

oval:org.secpod.oval:def:19070
The Configure Security Policy for Scripted Diagnostics machine setting should be configured correctly. Determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers. If you enable this policy setting, the scripted diagnostics execution engine will ...

oval:org.secpod.oval:def:19071
Auditing of Logon-Logoff: Logon events on success should be enabled or disabled as appropriate. This subcategory reports when a user attempts to log on to the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is l ...

oval:org.secpod.oval:def:19072
The IP Security policy processing machine setting should be configured correctly. Determines when IP security policies are updated. This setting affects all policies that use the IP security component of Group Policy, such as policies in Computer Configuration\Windows Settings\Security Settings\IP ...

oval:org.secpod.oval:def:19073
Auditing of Object Access: Application Generated events on success should be enabled or disabled as appropriate. This subcategory reports when applications attempt to generate audit events by using the Windows auditing application programming interfaces (APIs). Events for this subcategory include: ...

oval:org.secpod.oval:def:19009
The Set timer resolution machine setting should be configured correctly. Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this en ...

oval:org.secpod.oval:def:19005
Auditing of Policy Change: Filtering Platform Policy Change events on failure should be enabled or disabled as appropriate. Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions. Windows ...

oval:org.secpod.oval:def:19489
The Specify idle Timeout machine setting should be configured correctly. Configures maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for ...

oval:org.secpod.oval:def:19006
Auditing of System: Security State Change events on success should be enabled or disabled as appropriate. This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: - 4608: Windows is starting up. - 4 ...

oval:org.secpod.oval:def:19007
The Include rarely used Chinese, Kanji, or Hanja characters machine setting should be configured correctly. Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only to the use of the Microsoft recognizers for Chinese (Simplified ...

oval:org.secpod.oval:def:19008
The MaxConcurrentUsers machine setting should be configured correctly. Configures the maximum number of users able to concurrently perform remote shell operations on the system. The value can be any number from 1 to 100. If you enable this policy setting, the new shell connections will be rejected ...

oval:org.secpod.oval:def:19001
Auditing of Account Management: Other Account Management Events events on success should be enabled or disabled as appropriate. This subcategory reports other account management events. Events for this subcategory include: - 4782: The password hash an account was accessed. - 4793: The Password Poli ...

oval:org.secpod.oval:def:19485
The Turn Off Solid State Mode machine setting should be configured correctly. Turns off the solid state mode for the hybrid hard disks. If you enable this policy setting, frequently written files such as the file system metadata and registry may not be stored in the NV cache. If you disable this po ...

oval:org.secpod.oval:def:19002
The Turn off Application Telemetry machine setting should be configured correctly. The policy controls the state of the Application Telemetry engine in the system. Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications. Turning Applica ...

oval:org.secpod.oval:def:19486
The Prevent display of the user interface for critical errors machine setting should be configured correctly. This policy setting prevents the display of the user interface for critical errors. If you enable this policy setting, Windows Error Reporting prevents the display of the user interface for ...

oval:org.secpod.oval:def:19003
Auditing of Privilege Use: Sensitive Privilege Use events on success should be enabled or disabled as appropriate. This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back ...

oval:org.secpod.oval:def:19487
The Slow network connection timeout for user profiles machine setting should be configured correctly. Defines a slow connection for roaming user profiles. If the server on which the user's roaming user profile resides takes longer to respond than the thresholds set by this setting allow, then ...

oval:org.secpod.oval:def:19004
The Positive Periodic DC Cache Refresh for Non-Background Callers machine setting should be configured correctly. Determines when a successful DC cache entry is refreshed. This setting is applied to caller programs that do not periodically attempt to locate DCs, and it is applied before the returni ...

oval:org.secpod.oval:def:19488
The Select the Lid Switch Action (On Battery) machine setting should be configured correctly. Specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select ...

oval:org.secpod.oval:def:19481
The Low Battery Notification Level machine setting should be configured correctly. Specifies the percentage of battery capacity remaining that triggers the low battery notification action. If you enable this policy, you must enter a numeric value (percentage) to set the battery level that triggers ...

oval:org.secpod.oval:def:19482
The Specify the System Hibernate Timeout (Plugged In) machine setting should be configured correctly. Specifies the period of inactivity before Windows transitions the system to hibernate. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should ...

oval:org.secpod.oval:def:19483
The Require additional authentication at startup machine setting should be configured correctly. This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. T ...

oval:org.secpod.oval:def:19000
The Network Projector Port Setting machine setting should be configured correctly. This policy setting allows you to select the TCP port the Network Projector will use to send packets. If you leave the 0, the operating system will select a port. If you select a TCP port that is already in use by a ...

oval:org.secpod.oval:def:19484
The Configure Folders preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Folders preference extension, and to turn on tracing for the Folders extension. Logging and tracing ...

oval:org.secpod.oval:def:19480
The Prevent memory overwrite on restart machine setting should be configured correctly. This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encr ...

oval:org.secpod.oval:def:19016
Auditing of Detailed Tracking: RPC Events events on success should be enabled or disabled as appropriate. This subcategory reports remote procedure call (RPC) connection events. Events for this subcategory include: - 5712: A Remote Procedure Call (RPC) was attempted. Refer to the Microsoft Knowled ...

oval:org.secpod.oval:def:19017
The Prevent restoring local previous versions machine setting should be configured correctly. This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file. If this setting is enabled, then the Restore button w ...

oval:org.secpod.oval:def:19018
Auditing of System: Security System Extension events on success should be enabled or disabled as appropriate. This subcategory reports the loading of extension code such as authentication packages by the security subsystem. Events for this subcategory include: - 4610: An authentication package has ...

oval:org.secpod.oval:def:19019
Auditing of Policy Change: Other Policy Change Events events on failure should be enabled or disabled as appropriate. Audit Other Policy Change Events, which determines whether the operating system generates audit events for security policy changes that are not otherwise audited in the Policy Chang ...

oval:org.secpod.oval:def:19012
The Disable remote Desktop Sharing machine setting should be configured correctly. Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windo ...

oval:org.secpod.oval:def:19496
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows System Responsiveness Diagnostics. Determines the execution level for Windows System Responsiveness Diagnostics. If you enable this policy setting, you must select an ex ...

oval:org.secpod.oval:def:19013
Auditing of Account Management: Other Account Management Events events on failure should be enabled or disabled as appropriate. Audit Other Account Management Events, which determines whether the operating system generates user account management audit events. Events can be generated for user accou ...

oval:org.secpod.oval:def:19497
The Configure Reliability WMI Providers machine setting should be configured correctly. This policy controls the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilityMetrics and Win32_ReliabilityRecords. If this setting is disabled, the Reliability Monitor will not display s ...

oval:org.secpod.oval:def:19014
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile. Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbo ...

oval:org.secpod.oval:def:19498
The Allow cryptography algorithms compatible with Windows NT 4.0 machine setting should be configured correctly. This setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4. ...

oval:org.secpod.oval:def:19015
Auditing of Object Access: File Share events on success should be enabled or disabled as appropriate. This subcategory reports when a file share is accessed. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the event of a user who accesses a file ...

oval:org.secpod.oval:def:19499
The Choose how BitLocker-protected removable drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when ...

oval:org.secpod.oval:def:19492
The Allow unencrypted traffic machine setting should be configured correctly for the WinRM client. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM cli ...

oval:org.secpod.oval:def:19493
The Delete cached copies of roaming profiles machine setting should be configured correctly. Determines whether the system saves a copy of a users roaming profile on the local computer's hard drive when the user logs off. This setting, and related settings in this folder, together describe a s ...

oval:org.secpod.oval:def:19010
The Trusted Hosts machine setting should be configured correctly. This policy setting allows you to manage whether Windows Remote Management (WinRM) client uses the list specified in TrustedHostsList to determine if the destination host is a trusted entity. If you enable this policy setting, the Wi ...

oval:org.secpod.oval:def:19494
The Configure Report Archive machine setting should be configured correctly. This setting controls the behavior of the Windows Error Reporting archive. If Archive behavior is set to "Store all", all data collected for each report will be stored in the appropriate location. If Archive beha ...

oval:org.secpod.oval:def:19011
The Always show desktop on connection machine setting should be configured correctly. This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a cl ...

oval:org.secpod.oval:def:19495
The Events.asp URL machine setting should be configured correctly. This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. Fix: (1) GPO: Computer Configuration ...

oval:org.secpod.oval:def:19490
The Network control service type link layer (Layer-2) priority value should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority val ...

oval:org.secpod.oval:def:19491
The Turn off PNRP cloud creation machine setting should be configured correctly for IPv6 Global. This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 ...

oval:org.secpod.oval:def:19467
The List of applications to be excluded machine setting should be configured correctly. This setting determines the behavior of the error reporting exclusion list. Windows will not send reports for any process added to this list. Click "Show" to display the exclusion list. In the Show Con ...

oval:org.secpod.oval:def:19468
The Allow certificates with no extended key usage certificate attribute machine setting should be configured correctly. This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. In versions of Windows prior to Windows Vista, smart card certificate ...

oval:org.secpod.oval:def:19469
The Turn on root certificate propagation from smart card machine setting should be configured correctly. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. If you enable or do not configure this policy setting then root certificate p ...

oval:org.secpod.oval:def:19463
The Log File Path machine setting should be configured correctly for the application log. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. If you enable this policy setting, ...

oval:org.secpod.oval:def:19464
The Detect applications unable to launch installers under UAC machine setting should be configured correctly. This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with programs under User Account Control (UAC). If you enable this policy setting, the PCA dete ...

oval:org.secpod.oval:def:19465
The Backup log automatically when full machine setting should be configured correctly for the application log. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled. If you enable this poli ...

oval:org.secpod.oval:def:19466
The Do not detect slow network connections machine setting should be configured correctly. Disables the slow link detection feature. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system de ...

oval:org.secpod.oval:def:19460
The Specify channel binding token hardening level machine setting should be configured correctly. This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to channel binding tokens. If you enable this policy setting, the WinRM service us ...

oval:org.secpod.oval:def:19461
The Turn on definition updates through both WSUS and Windows Update machine setting should be configured correctly. This policy setting allows you to configure Windows Defender to check and install definition updates from Windows Update when a locally managed Windows Server Update Services (WSUS) s ...

oval:org.secpod.oval:def:19462
The Configure Power Options preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Power Options preference extension, and to turn on tracing for the Power Options extension. Lo ...

oval:org.secpod.oval:def:19478
The Reschedule Automatic Updates scheduled installations machine setting should be configured correctly. Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, ...

oval:org.secpod.oval:def:19479
The Point and Print Restrictions machine setting should be configured correctly. This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers th ...

oval:org.secpod.oval:def:19474
The Enable client-side targeting machine setting should be configured correctly. Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. If the status is set to Enabled, the specified target group information is sent to the intranet ...

oval:org.secpod.oval:def:19475
The Require strict KDC validation machine setting should be configured correctly. This policy setting controls the Kerberos client's behavior in validating the KDC certificate. If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KD ...

oval:org.secpod.oval:def:19476
The Turn Off the Hard Disk (Plugged In) machine setting should be configured correctly. Specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off th ...

oval:org.secpod.oval:def:19477
The Disk Diagnostic: Configure execution level machine setting should be configured correctly. Determines the execution level for S.M.A.R.T.-based disk diagnostics. Self-Monitoring And Reporting Technology (S.M.A.R.T.) is a standard mechanism for storage devices to report faults to Windows. A disk ...

oval:org.secpod.oval:def:19470
The Disallow network as backup target machine setting should be configured correctly. This policy setting allows you to manage whether backups of a machine can run to a network share or not. If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to ...

oval:org.secpod.oval:def:19471
The Remove browse dialog box for new source machine setting should be configured correctly. Prevents users from searching for installation files when they add features or components to an installed program. This setting disables the Browse button beside the "Use feature from" list in the ...

oval:org.secpod.oval:def:19472
The Allow Print Spooler to accept client connections machine setting should be configured correctly. This policy controls whether the print spooler will accept client connections. When the policy is unconfigured, the spooler will not accept client connections until a user shares out a local printer ...

oval:org.secpod.oval:def:19473
The Dont set the always do this checkbox machine setting should be configured correctly. If this policy is enabled, the "Always do this..." checkbox in Autoplay dialog will not be set by default when the dialog is shown. Fix: (1) GPO: Computer Configuration\Administrative Templates\Wind ...

oval:org.secpod.oval:def:19049
The SSL Cipher Suite Order machine setting should be configured correctly. Determines the cipher suites used by the Secure Socket Layer (SSL). If this setting is enabled, SSL cipher suites will be prioritized in the order specified. If this setting is disabled or not configured, the factory defau ...

oval:org.secpod.oval:def:19045
The WPD Devices: Deny write access machine setting should be configured correctly. This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. If you enable this policy setting, write access will be denied to this ...

oval:org.secpod.oval:def:19046
The Priority Set in the DC Locator DNS SRV Records machine setting should be configured correctly. Specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service a ...

oval:org.secpod.oval:def:19047
Auditing of DS Access: Detailed Directory Service Replication events on failure should be enabled or disabled as appropriate. Audit Detailed Directory Service Replication, which determines whether the operating system generates audit events that contain detailed tracking information about data that ...

oval:org.secpod.oval:def:19048
The Filter duplicate logon certificates machine setting should be configured correctly. This policy settings lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a user can have multiple valid logon certificates issued from the same certifica ...

oval:org.secpod.oval:def:19041
Auditing of Logon-Logoff: Network Policy Server events on failure should be enabled or disabled as appropriate. Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Gr ...

oval:org.secpod.oval:def:19042
Auditing of DS Access: Directory Service Changes events on failure should be enabled or disabled as appropriate. Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS). The ty ...

oval:org.secpod.oval:def:19043
Auditing of Audit object access events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit the event of a user accessing an object for example, a file, folder, registry key, printer, and so forth that has its own system access control list (SAC ...

oval:org.secpod.oval:def:19044
Auditing of Detailed Tracking: Process Creation events on failure should be enabled or disabled as appropriate. Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts). These audit events can help you track user activity and un ...

oval:org.secpod.oval:def:19040
The Register PTR Records machine setting should be configured correctly. Determines whether the registration of PTR resource records is enabled for the computers to which this policy is applied. By default, DNS clients configured to perform dynamic DNS registration attempt PTR resource record regis ...

oval:org.secpod.oval:def:19056
The DC Locator DNS records not registered by the DCs machine setting should be configured correctly. Determines which Domain Controller (DC) Locator DNS records are not registered by the Netlogon service. If this setting is disabled, DCs configured to perform dynamic registration of DC Locator DNS ...

oval:org.secpod.oval:def:19057
The Registration Refresh Interval machine setting should be configured correctly. Specifies the Registration Refresh Interval of A and PTR resource records for computers to which this setting is applied. This setting may be applied to computers using dynamic update only. Computers running Windows 2 ...

oval:org.secpod.oval:def:19058
Auditing of DS Access: Directory Service Replication events on failure should be enabled or disabled as appropriate. Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends. Fix: (1) ...

oval:org.secpod.oval:def:19059
The Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates machine setting should be configured correctly. Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the system from hibernation, if ...

oval:org.secpod.oval:def:19052
Auditing of Account Logon: Kerberos Authentication Service events on success should be enabled or disabled as appropriate. This subcategory reports events generated by the Kerberos Authentication Server. These events occur on the computer that is authoritative for the credentials. Events for this s ...

oval:org.secpod.oval:def:19053
The Prevent Input Panel tab from appearing machine setting should be configured correctly. Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols, ...

oval:org.secpod.oval:def:19054
The Allow only USB root hub connected Enhanced Storage devices machine setting should be configured correctly. This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk ...

oval:org.secpod.oval:def:19055
The Turn off Windows Startup Sound machine setting should be configured correctly. Turn off the Windows Startup sound and prevent its customization in the Sound item of Control Panel. The Microsoft Windows Startup sound is heard during system startup and cold startup and can be turned on or off in ...

oval:org.secpod.oval:def:19050
The Prohibit Use of Restart Manager machine setting should be configured correctly. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update. This setting controls Windows Installer's interaction with the Restart Mana ...

oval:org.secpod.oval:def:19051
Auditing of Logon-Logoff: Special Logon events on failure should be enabled or disabled as appropriate. Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances. This security policy setting determines whether th ...

oval:org.secpod.oval:def:19027
Auditing of Global Object Access Auditing: Registry events on failure should be enabled or disabled as appropriate. Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer. If you select the Configure security ...

oval:org.secpod.oval:def:19028
The Limit number of connections machine setting should be configured correctly. Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. ...

oval:org.secpod.oval:def:19029
The Shutdown: Clear virtual memory pagefile setting should be configured correctly. This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down pr ...

oval:org.secpod.oval:def:19023
Auditing of Detailed Tracking: Process Termination events on success should be enabled or disabled as appropriate. This subcategory reports when a process terminates. Events for this subcategory include: - 4689: A process has exited. Refer to the Microsoft Knowledgebase article Description of secur ...

oval:org.secpod.oval:def:19024
The Automatic reconnection machine setting should be configured correctly. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default, a maximum of twenty reconnection attempt ...

oval:org.secpod.oval:def:19025
The Turn off location scripting machine setting should be configured correctly. This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature will not run. If you disable or do not configure this policy setting, all location sc ...

oval:org.secpod.oval:def:19026
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile. This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Fix: (1) GPO: Computer Configurat ...

oval:org.secpod.oval:def:19020
Auditing of System: System Integrity events on success should be enabled or disabled as appropriate. This subcategory reports on violations of integrity of the security subsystem. Events for this subcategory include: - 4612 : Internal resources allocated for the queuing of audit messages have been ...

oval:org.secpod.oval:def:19021
The Windows Firewall: Domain: Apply local connection security rules setting should be configured correctly. This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Fix: (1) GP ...

oval:org.secpod.oval:def:19022
The Update Security Level machine setting should be configured correctly. Specifies whether the computers to which this setting is applied use secure dynamic update or standard dynamic update for registration of DNS records. To enable this setting, click Enable, and then choose one of the following ...

oval:org.secpod.oval:def:19038
Auditing of Logon-Logoff: Logon events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user logging on to or logging off from a computer. Account logon events are generated on domain controllers for domain account activit ...

oval:org.secpod.oval:def:19039
Auditing of Detailed Tracking: RPC Events events on failure should be enabled or disabled as appropriate. This topic for the IT professional describes the Advanced Security Audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remo ...

oval:org.secpod.oval:def:19034
The Retain old events machine setting should be configured correctly for the system log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) G ...

oval:org.secpod.oval:def:19035
Auditing of DS Access: Detailed Directory Service Replication events on success should be enabled or disabled as appropriate. This subcategory reports detailed information about the information replicating between domain controllers. These events can be very high in volume. Events for this subcateg ...

oval:org.secpod.oval:def:19036
The Enable Windows NTP Client machine setting should be configured correctly. Specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You may want to disable this service if you decide to use ...

oval:org.secpod.oval:def:19037
The EFS recovery policy processing machine setting should be configured correctly. Determines when encryption policies are updated. This setting affects all policies that use the encryption component of Group Policy, such as policies related to encryption in Windows Settings\Security Settings. It o ...

oval:org.secpod.oval:def:19030
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile. Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any ...

oval:org.secpod.oval:def:19031
Auditing of Audit account management events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each event of account management on a computer. Examples of account management events include: * A user account or group is created, changed, or del ...

oval:org.secpod.oval:def:19032
The Refresh Interval of the DC Locator DNS Records machine setting should be configured correctly. Specifies the Refresh Interval of the domain controller (DC) Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon servic ...

oval:org.secpod.oval:def:19033
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows Standby/Resume Performance Diagnostics. Determines the execution level for Windows Standby/Resume Performance Diagnostics. If you enable this policy setting, you must se ...

oval:org.secpod.oval:def:19526
The Do not allow password authentication of Enhanced Storage devices machine setting should be configured correctly. This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. If you enable this policy setting, a password cannot be used to unlock an E ...

oval:org.secpod.oval:def:19527
The Allow desktop composition for remote desktop sessions machine setting should be configured correctly. This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions. Desktop composition provi ...

oval:org.secpod.oval:def:19528
The Limit outstanding packets machine setting should be configured correctly. Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit, the Packet Scheduler postpones all submissions to network adapters until the number f ...

oval:org.secpod.oval:def:19529
The Specify the Display Dim Brightness (On Battery) machine setting should be configured correctly. Specify the brightness of the display when Windows automatically reduces brightness of the display. If you enable this policy setting, you must provide a value, in percentage, indicating the display ...

oval:org.secpod.oval:def:19522
The Removable Disks: Deny read access machine setting should be configured correctly. This policy setting denies read access to removable disks. If you enable this policy setting, read access will be denied to this removable storage class. If you disable or do not configure this policy setting, rea ...

oval:org.secpod.oval:def:19523
The Allow CredSSP authentication machine setting should be configured correctly for the WinRM client. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication. If you enable this policy setting, the WinRM client will use CredSSP authe ...

oval:org.secpod.oval:def:19524
The Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (Servi ...

oval:org.secpod.oval:def:19525
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Fault Tolerant Heap . Determines the execution level for Diagnostic Policy Service (DPS) scenarios. If you enable this policy setting, you must select an execution level from th ...

oval:org.secpod.oval:def:19520
The Logging machine setting should be configured correctly. Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears in the Temp directory of the system volume. When you enable this setting, you can specify the types of eve ...

oval:org.secpod.oval:def:19521
The Display a custom message when installation is prevented by a policy setting machine setting should be configured correctly. This policy setting allows you to display a custom message to users in the notification balloon when a device installation is attempted and a policy setting prevents the i ...

oval:org.secpod.oval:def:19519
The Prohibit installing or uninstalling color profiles machine setting should be configured correctly. This policy setting affects the ability of users to install or uninstall color profiles. If you enable this policy setting, users will not be able to install new color profiles or uninstall previo ...

oval:org.secpod.oval:def:19537
The Choose how BitLocker-protected operating system drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy set ...

oval:org.secpod.oval:def:19538
The Turn off hardware buttons machine setting should be configured correctly. Turns off Tablet PC hardware buttons. If you enable this policy, no actions will occur when the buttons are pressed, and the buttons tab in Tablet PC Control Panel will be removed. If you disable this policy, user and OEM ...

oval:org.secpod.oval:def:19539
The Turn off PNRP cloud creation machine setting should be configured correctly for IPv6 Site Local. This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol versi ...

oval:org.secpod.oval:def:19533
The Configure Local Users and Groups preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group preference extension, and to turn on tracing for the Local ...

oval:org.secpod.oval:def:19534
The Do not allow client printer redirection machine setting should be configured correctly. This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs f ...

oval:org.secpod.oval:def:19535
The Configure device installation time-out machine setting should be configured correctly. This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting, Windows waits for the number of seconds you speci ...

oval:org.secpod.oval:def:19536
The Enforce Removal of Remote Desktop Wallpaper machine setting should be configured correctly. Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services se ...

oval:org.secpod.oval:def:19530
The Do not allow manual configuration of target portals machine setting should be configured correctly. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added ...

oval:org.secpod.oval:def:19531
The Directory pruning interval machine setting should be configured correctly. Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a comp ...

oval:org.secpod.oval:def:19532
The Turn off Windows Network Connectivity Status Indicator active tests machine setting should be configured correctly. This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Interne ...

oval:org.secpod.oval:def:19504
The Turn off Windows Installer RDS Compatibility machine setting should be configured correctly. This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run a ...

oval:org.secpod.oval:def:19505
The Location of the DCs hosting a domain with single label DNS name machine setting should be configured correctly. Specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names. By default, when a computer (or the DC Locator running on ...

oval:org.secpod.oval:def:19506
The Turn Off Cache Power Mode machine setting should be configured correctly. Turns off the power save mode on the hybrid hard disks in the system. If you enable this policy, the disks will not be put into NV cache power save mode and no power savings would be achieved. If you disable this policy s ...

oval:org.secpod.oval:def:19507
The Do not allow the BITS client to use Windows Branch Cache machine setting should be configured correctly. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, then BITS jobs on that comp ...

oval:org.secpod.oval:def:19500
The WPD Devices: Deny read access machine setting should be configured correctly. This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices. If you enable this policy setting, read access will be denied to this re ...

oval:org.secpod.oval:def:19501
The Set BranchCache Distributed Cache mode machine setting should be configured correctly. This policy setting specifies whether the client computer should use the Distributed Cache mode. This BranchCache mode enables a client computer to retrieve content that has been downloaded and cached by othe ...

oval:org.secpod.oval:def:19502
The Prevent press and hold machine setting should be configured correctly. Prevents press and hold actions on hardware buttons, so that only one action is available per button. If you enable this policy, press and hold actions are unavailable, and the button configuration dialog will display the fo ...

oval:org.secpod.oval:def:19503
The Reserve Battery Notification Level machine setting should be configured correctly. Specify the percentage of battery capacity remaining that triggers the reserve power mode. If you enable this policy setting, you must enter a numeric value (percentage) to set the battery level that triggers the ...

oval:org.secpod.oval:def:19515
The Corporate Website Probe URL machine setting should be configured correctly. This is the URL of the corporate website that will be used to perform an active probe against. Fix: (1) GPO: Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate Webs ...

oval:org.secpod.oval:def:19516
The 6to4 Relay Name machine setting should be configured correctly. This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity i ...

oval:org.secpod.oval:def:19517
The 6to4 Relay Name Resolution Interval machine setting should be configured correctly. This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host. If you ...

oval:org.secpod.oval:def:19518
The Floppy Drives: Deny execute access machine setting should be configured correctly. This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable this policy setting, execute access will be denied to this removable storage clas ...

oval:org.secpod.oval:def:19511
The Reverse the subject name stored in a certificate when displaying machine setting should be configured correctly. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed ...

oval:org.secpod.oval:def:19512
The Configure slow-link mode machine setting should be configured correctly. This policy setting enables computers running Windows Vista or Windows Server 2008 to use the slow-link mode of Offline Files (it is enabled by default for computers running Windows 7 or Windows Server 2008 R2). This polic ...

oval:org.secpod.oval:def:19513
The Set time limit for logoff of RemoteApp sessions machine setting should be configured correctly. This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the RD Session Host server. By default, if ...

oval:org.secpod.oval:def:19514
The Allow non-administrators to install drivers for these device setup classes machine setting should be configured correctly. Specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the built-in Users group may install on the system. If you enable t ...

oval:org.secpod.oval:def:19510
The Ignore the default list of blocked TPM commands machine setting should be configured correctly. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands. If you enable this policy setting, Windows will ignore the comp ...

oval:org.secpod.oval:def:19508
The Do not process the run once list machine setting should be configured correctly. Ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added ...

oval:org.secpod.oval:def:19509
The Group Policy refresh interval for computers machine setting should be configured correctly. Specifies how often Group Policy for computers is updated while the computer is in use (in the background). This setting specifies a background update rate only for Group Policies in the Computer Configu ...

oval:org.secpod.oval:def:8920
The Turn off background refresh of Group Policy machine setting should be configured correctly. Prevents Group Policy from being updated while the computer is in use. This setting applies to Group Policy for computers, users, and domain controllers. If you enable this setting, the system waits unti ...

oval:org.secpod.oval:def:8921
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8922
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8923
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:19566
The Configure Regional Options preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Regional Options preference extension, and to turn on tracing for the Regional Options exte ...

oval:org.secpod.oval:def:19567
The Prune printers that are not automatically republished machine setting should be configured correctly. Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond,just as it does with Wind ...

oval:org.secpod.oval:def:19568
The Turn On Compatibility HTTPS Listener machine setting should be configured correctly. This policy setting enables or disables an HTTPS listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. When certain port 443 listeners are migrated to WinRM 2.0, ...

oval:org.secpod.oval:def:19569
The Do not allow local administrators to customize permissions machine setting should be configured correctly. Specifies whether to disable the administrator rights to customize security permissions in the Remote Desktop Session Host Configuration tool. You can use this setting to prevent administr ...

oval:org.secpod.oval:def:19562
The Require strict target SPN match on remote procedure calls machine setting should be configured correctly. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN), computers running Windows 7 will attempt to use Ker ...

oval:org.secpod.oval:def:19563
The Define host name-to-Kerberos realm mappings machine setting should be configured correctly. This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm. If you enable this policy setting, you can view and change the list of DNS host names ...

oval:org.secpod.oval:def:19564
The Turn Off the Hard Disk (On Battery) machine setting should be configured correctly. Specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off th ...

oval:org.secpod.oval:def:19565
The Floppy Drives: Deny write access machine setting should be configured correctly. This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable this policy setting, write access will be denied to this removable storage class. If ...

oval:org.secpod.oval:def:8924
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8925
The Accounts: Guest account status setting should be configured correctly. This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system. Note that this setting will have no impact when applied to ...

oval:org.secpod.oval:def:19560
The Turn off automatic learning machine setting should be configured correctly. Turns off the automatic learning component of handwriting recognition personalization. Automatic learning enables the collection and storage of text and/or ink written by the user in order to help adapt handwriting reco ...

oval:org.secpod.oval:def:8926
The Accounts: Limit local account use of blank passwords to console logon only setting should be configured correctly. This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable t ...

oval:org.secpod.oval:def:19561
The Microsoft Support Diagnostic Tool: Configure execution level machine setting should be configured correctly. Determines the execution level for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you enabl ...

oval:org.secpod.oval:def:8927
The Devices: Prevent users from installing printer drivers setting should be configured correctly. It is feasible for a attacker to disguise a Trojan horse program as a printer driver. The program may appear to users as if they must use it to print, but such a program could unleash malicious code o ...

oval:org.secpod.oval:def:19577
The Backup log automatically when full machine setting should be configured correctly for the system log. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled. If you enable this policy se ...

oval:org.secpod.oval:def:19578
The Join RD Connection Broker machine setting should be configured correctly. This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session i ...

oval:org.secpod.oval:def:19579
The Configure Start Menu preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension, and to turn on tracing for the Start Menu extension. Logging and ...

oval:org.secpod.oval:def:19573
The Do not allow manual configuration of discovered targets machine setting should be configured correctly. If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VD ...

oval:org.secpod.oval:def:19574
The Log File Path machine setting should be configured correctly for the setup log. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. If you enable this policy setting, the E ...

oval:org.secpod.oval:def:19575
The Do not allow Windows Media Center to run machine setting should be configured correctly. Specifies whether Windows Media Center can run. If you enable this setting, Windows Media Center will not run. If you disable or do not configure this setting, Windows Media Center can be run. Fix: (1) GP ...

oval:org.secpod.oval:def:19576
The Remove Make Available Offline machine setting should be configured correctly. Prevents users from making network files and folders available offline. This setting removes the "Make Available Offline" option from the File menu and from all context menus in Windows Explorer. As a result ...

oval:org.secpod.oval:def:19570
The Always wait for the network at computer startup and logon machine setting should be configured correctly. his policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the network to be fully initialized during computer startup and user logon) ...

oval:org.secpod.oval:def:19571
The Disk Diagnostic: Configure custom alert text machine setting should be configured correctly. Substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting, Windows will display custom alert text in the disk ...

oval:org.secpod.oval:def:19572
The Disallow Interactive Users from generating Resultant Set of Policy data machine setting should be configured correctly. This setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default, interactively logged on users can view their own Resultant Set of Pol ...

oval:org.secpod.oval:def:19548
The Restrict these programs from being launched from Help machine setting should be configured correctly. Allows you to restrict programs from being run from online Help. If you enable this setting, you can prevent programs that you specify from being allowed to be run from Help. When you enable th ...

oval:org.secpod.oval:def:19549
The CD and DVD: Deny execute access machine setting should be configured correctly. This policy setting denies execute access to the CD and DVD removable storage class. If you enable this policy setting, execute access will be denied to this removable storage class. If you disable or do not configu ...

oval:org.secpod.oval:def:8900
The Turn off downloading of game information machine setting should be configured correctly. Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not c ...

oval:org.secpod.oval:def:8901
The Turn off Windows Error Reporting machine setting should be configured correctly. Controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of ...

oval:org.secpod.oval:def:19544
The Turn off access to the solutions to performance problems section machine setting should be configured correctly. Removes access to the performance center control panel solutions to performance problems. If you enable this setting, the solutions and issue section within the performance control p ...

oval:org.secpod.oval:def:19545
The Reduce Display Brightness (On Battery) machine setting should be configured correctly. Specify the period of inactivity before Windows automatically reduces brightness of the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should e ...

oval:org.secpod.oval:def:19546
The Internet Explorer Maintenance policy processing machine setting should be configured correctly. Determines when Internet Explorer Maintenance policies are updated. This setting affects all policies that use the Internet Explorer Maintenance component of Group Policy, such as those in Windows Se ...

oval:org.secpod.oval:def:19547
The Sites Covered by the DC Locator DNS SRV Records machine setting should be configured correctly. Specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records reg ...

oval:org.secpod.oval:def:19540
The Allow remote start of unlisted programs machine setting should be configured correctly. This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session, or whether they can only start programs t ...

oval:org.secpod.oval:def:8906
The Enable/Disable PerfTrack machine setting should be configured correctly. This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted t ...

oval:org.secpod.oval:def:19541
The Hide previous versions of files on backup location machine setting should be configured correctly. This setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points o ...

oval:org.secpod.oval:def:8907
The Do not allow passwords to be saved machine setting should be configured correctly. Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no lon ...

oval:org.secpod.oval:def:19542
The Require trusted path for credential entry. machine setting should be configured correctly. This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the users Windows credentials. N ...

oval:org.secpod.oval:def:8908
The Turn off the Windows Messenger Customer Experience Improvement Program machine setting should be configured correctly. Specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used. With the Customer Experience Improvement program, u ...

oval:org.secpod.oval:def:19543
The Disk Quota policy processing machine setting should be configured correctly. Determines when disk quota policies are updated. This setting affects all policies that use the disk quota component of Group Policy, such as those in Computer Configuration\Administrative Templates\System\Disk Quotas. ...

oval:org.secpod.oval:def:8909
The Extend Point and Print connection to search Windows Update machine setting should be configured correctly. This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy setting, the client computer will continue to search for com ...

oval:org.secpod.oval:def:8902
The Specify search order for device driver source locations machine setting should be configured correctly. This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting, you can select whether Windows searches W ...

oval:org.secpod.oval:def:8903
The Turn off game updates machine setting should be configured correctly. Manages download of game update information from Windows Metadata Services. If you enable this setting, game update information will not be downloaded. If you disable or do not configure this setting, game update information ...

oval:org.secpod.oval:def:8904
The "Configure Windows NTP Client" machine setting should be configured correctly.

oval:org.secpod.oval:def:8905
The Teredo State machine setting should be configured correctly. This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. If you disable or do not configure this policy setting, the ...

oval:org.secpod.oval:def:19559
The Group Policy slow link detection machine setting should be configured correctly. Defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower t ...

oval:org.secpod.oval:def:8910
The Remove Disconnect option from Shut Down dialog machine setting should be configured correctly. This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions. You can use this policy setting to prevent users f ...

oval:org.secpod.oval:def:8911
The Restrict Remote Desktop Services users to a single Remote Desktop Services session machine setting should be configured correctly. This policy setting allows you to restrict users to a single remote Remote Desktop Services session. If you enable this policy setting, users who log on remotely us ...

oval:org.secpod.oval:def:8912
The Do not delete temp folder upon exit machine setting should be configured correctly. Specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer ...

oval:org.secpod.oval:def:19555
The Prevent Quick Launch Toolbar Shortcut Creation machine setting should be configured correctly. This policy prevents a shortcut for the Player from being added to the Quick Launch bar. When this policy is not configured or disabled, the user can choose whether to add the shortcut for the Player ...

oval:org.secpod.oval:def:19556
The Folder Redirection policy processing machine setting should be configured correctly. Determines when folder redirection policies are updated. This setting affects all policies that use the folder redirection component of Group Policy, such as those in WindowsSettings\Folder Redirection. You can ...

oval:org.secpod.oval:def:19557
The Configure Services preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group preference extension, and to turn on tracing for the Local User and Loca ...

oval:org.secpod.oval:def:19558
The Ignore custom consent settings machine setting should be configured correctly. This setting determines the behavior of the default consent setting in relation to custom consent settings. If this setting is enabled, the default Consent level setting will always override any other consent setting ...

oval:org.secpod.oval:def:19551
The Teredo Client Port machine setting should be configured correctly. This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the operating system will select a port (recommended). If you select a UDP port that is already in ...

oval:org.secpod.oval:def:8917
The Report when logon server was not available during user logon machine setting should be configured correctly. This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for th ...

oval:org.secpod.oval:def:19552
The Turn off the ability to create a system image machine setting should be configured correctly. This setting lets you disable the creation of system images. If this setting is enabled, users cannot create system images. If this setting is disabled or not configured, users can create system images ...

oval:org.secpod.oval:def:8918
The Do not send a Windows error report when a generic driver is installed on a device machine setting should be configured correctly. This policy setting allows you to specify whether to send a Windows error report when a generic driver is installed on a device. If you enable this policy setting, a ...

oval:org.secpod.oval:def:19553
The Limit the maximum BITS job download time machine setting should be configured correctly. This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively ...

oval:org.secpod.oval:def:8919
The Registry policy processing machine setting should be configured correctly. Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the ...

oval:org.secpod.oval:def:19554
The TTL Set in the DC Locator DNS Records machine setting should be configured correctly. Specifies the value for the Time-To-Live (TTL) field in Net Logon registered SRV resource records. These DNS records are dynamically registered by the Net Logon service, and they are used to locate the domain ...

oval:org.secpod.oval:def:8913
The Prohibit installation and configuration of Network Bridge on your DNS domain network machine setting should be configured correctly. Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected t ...

oval:org.secpod.oval:def:8914
The Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com machine setting should be configured correctly. Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the ...

oval:org.secpod.oval:def:8915
The Require a Password When a Computer Wakes (On Battery) machine setting should be configured correctly. Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when ...

oval:org.secpod.oval:def:19550
The Allow Delegating Saved Credentials with NTLM-only Server Authentication machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via NTLM. ...

oval:org.secpod.oval:def:8916
The Turn off Data Execution Prevention for Explorer machine setting should be configured correctly. This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, ...

oval:org.secpod.oval:def:19188
The Force the reading of all certificates from the smart card machine setting should be configured correctly. This policy setting allows you to manage the reading of all certificates from the smart card for logon. During logon Windows will by default only read the default certificate from the smart ...

oval:org.secpod.oval:def:19189
The Run shutdown scripts visible machine setting should be configured correctly. Displays the instructions in shutdown scripts as they run. Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default, the system does not display the instr ...

oval:org.secpod.oval:def:19184
The Turn off Federation Service machine setting should be configured correctly. This policy setting prevents a Federation Service in Active Directory Federation Services (AD FS) from being installed or run. If you enable this policy setting, installation of a Federation Service fails. If a Federati ...

oval:org.secpod.oval:def:19185
The Turn on economical application of administratively assigned Offline Files machine setting should be configured correctly. This policy setting allows you to turn on economical application of administratively assigned Offline Files. If you enable or do not configure this policy setting, only new ...

oval:org.secpod.oval:def:19186
The Require use of specific security layer for remote (RDP) connections machine setting should be configured correctly. Specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connect ...

oval:org.secpod.oval:def:19187
The Set path for Remote Desktop Services Roaming User Profile machine setting should be configured correctly. This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default, Remote Desktop Services stores all user profiles locally ...

oval:org.secpod.oval:def:19180
The Do not allow changes to initiator iqn name machine setting should be configured correctly. If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\iSCSI\Gene ...

oval:org.secpod.oval:def:19181
The Prevent launch an application machine setting should be configured correctly. Prevents the user from launching an application from a Tablet PC hardware button. If you enable this policy, applications cannot be launched from a hardware button, and "Launch an application" is removed fro ...

oval:org.secpod.oval:def:19182
The Configure Applications preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Applications preference extension, and to turn on tracing for the Applications extension. Loggi ...

oval:org.secpod.oval:def:19183
The Allow unencrypted traffic machine setting should be configured correctly for the WinRM service. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM s ...

oval:org.secpod.oval:def:19199
The Dynamic Registration of the DC Locator DNS Records machine setting should be configured correctly. Determines if Dynamic Registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the ...

oval:org.secpod.oval:def:19195
The Optimize visual experience for Remote Desktop Services sessions machine setting should be configured correctly. This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimiz ...

oval:org.secpod.oval:def:19196
The Lock Enhanced Storage when the computer is locked machine setting should be configured correctly. This policy will enable the Enhanced Storage device to be locked when the computer is locked. This policy is supported in Windows Enterprise and Business SKUs only. If you enable this policy settin ...

oval:org.secpod.oval:def:19197
The Do not allow non-Enhanced Storage removable devices machine setting should be configured correctly. This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer. If you enable this policy setting, non-Enhanced Storage removable devices are no ...

oval:org.secpod.oval:def:19198
The Turn off Data Execution Prevention for HTML Help Executible machine setting should be configured correctly. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-han ...

oval:org.secpod.oval:def:19191
The Allow CredSSP authentication machine setting should be configured correctly for the WinRM service. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authentication from a remote client. If you enable this policy setting, the WinRM ser ...

oval:org.secpod.oval:def:19192
The Restrict potentially unsafe HTML Help functions to specified folders machine setting should be configured correctly. With this policy, you can restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can dis ...

oval:org.secpod.oval:def:19193
The Re-prompt for restart with scheduled installations machine setting should be configured correctly. Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. If the status is set to Enabled, a scheduled restart will occur the specified number of ...

oval:org.secpod.oval:def:19194
The Turn off access to all Windows Update features machine setting should be configured correctly. This setting allows you to remove access to Windows Update. If you enable this setting, all Windows Update features are removed. This includes blocking access to the Windows Update Web site at http:// ...

oval:org.secpod.oval:def:19190
The Configure MSI Corrupted File Recovery Behavior machine setting should be configured correctly. This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: Prompt for Resolution: Detection, troubleshooting, and recovery of corrupted MSI appli ...

oval:org.secpod.oval:def:19126
The Use forest search order machine setting should be configured correctly for Kerberos client searches. This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs). If you enable this policy setting, ...

oval:org.secpod.oval:def:19127
The Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type ...

oval:org.secpod.oval:def:19128
Auditing of Detailed Tracking: DPAPI Activity events on failure should be enabled or disabled as appropriate. Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI ...

oval:org.secpod.oval:def:19129
The Configure keep-alive connection interval machine setting should be configured correctly. This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state. After an RD Session Host server client loses ...

oval:org.secpod.oval:def:19122
The Turn off Multicast Bootstrap machine setting should be configured correctly for IPv6 Site Local. This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud. The Peer Name Resolution Protocol (PNRP) allows for d ...

oval:org.secpod.oval:def:19123
Auditing of Privilege Use: Non Sensitive Privilege Use events on failure should be enabled or disabled as appropriate. Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. The following privileg ...

oval:org.secpod.oval:def:19124
The Allow domain users to log on using biometrics machine setting should be configured correctly. This policy setting determines whether domain users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, domain users cannot use biometrics to log on. If you enabl ...

oval:org.secpod.oval:def:19125
The Specify Windows installation file location machine setting should be configured correctly. Specifies an alternate location for Windows installation files. To enable this setting, and enter the fully qualified path to the new location in the "Windows Setup file path" box. If you disabl ...

oval:org.secpod.oval:def:19120
Auditing of Detailed Tracking: Process Termination events on failure should be enabled or disabled as appropriate. Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process. Success audits record successful attempts and ...

oval:org.secpod.oval:def:19121
The Check published state machine setting should be configured correctly. Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default, the system only v ...

oval:org.secpod.oval:def:19137
The Turn on Remote Desktop IP Virtualization machine setting should be configured correctly. This policy setting specifies whether Remote Desktop IP Virtualization is turned on. By default, Remote Desktop IP Virtualization is turned off. If you enable this policy setting, Remote Desktop IP Virtuali ...

oval:org.secpod.oval:def:19138
The Sites Covered by the GC Locator DNS SRV Records machine setting should be configured correctly. Specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records reg ...

oval:org.secpod.oval:def:19139
The Dynamic Update machine setting should be configured correctly. Computers configured for dynamic update automatically register and update their DNS resource records with a DNS server. If you enable this setting, the computers to which this setting is applied may use dynamic DNS registration on e ...

oval:org.secpod.oval:def:19133
The Turn On Desktop Background Slideshow (On Battery) machine setting should be configured correctly. Specify if Windows should enable the desktop background slideshow. If you enable this policy setting, desktop background slideshow is enabled. If you disable this policy setting, the desktop backgr ...

oval:org.secpod.oval:def:19134
The Allow local activation security check exemptions machine setting should be configured correctly. Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list. If you enable this policy setting, and DCOM does not find an ...

oval:org.secpod.oval:def:19135
The Turn off Fair Share CPU Scheduling machine setting should be configured correctly. Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server, based on the number of sessions and the demand for processor time w ...

oval:org.secpod.oval:def:19136
The Turn Off Hybrid Sleep (On Battery) machine setting should be configured correctly. Disables Hybrid Sleep. If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). If you do not configure this policy setting, users can see and change this s ...

oval:org.secpod.oval:def:19130
Auditing of Object Access: Application Generated events on failure should be enabled or disabled as appropriate. Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces ...

oval:org.secpod.oval:def:19131
The Enable disk quotas machine setting should be configured correctly. Enables and disables disk quota management on all NTFS volumes of the computer, and prevents users from changing the setting. If you enable this setting, disk quota management is enabled, and users cannot disable it. If you disa ...

oval:org.secpod.oval:def:19132
The Reduce Display Brightness (Plugged In) machine setting should be configured correctly. Specify the period of inactivity before Windows automatically reduces brightness of the display. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should e ...

oval:org.secpod.oval:def:19108
Auditing of Object Access: Other Object Access Events events on success should be enabled or disabled as appropriate. This subcategory reports other object access-related events such as Task Scheduler jobs and COM+ objects. Events for this subcategory include: - 4671: An application attempted to ac ...

oval:org.secpod.oval:def:19109
The Do not check for user ownership of Roaming Profile Folders machine setting should be configured correctly. This setting disables the more secure default setting for the user's roaming user profile folder. Once an administrator has configured a users' roaming profile, the profile will ...

oval:org.secpod.oval:def:19104
The Apply policy to removable media machine setting should be configured correctly. Extends the disk quota policies in this folder to NTFS file system volumes on removable media. If you disable this setting or do not configure it, the disk quota policies established in this folder apply to fixed-me ...

oval:org.secpod.oval:def:19588
The Set the map update interval for NIS subordinate servers machine setting should be configured correctly. This policy setting allows a Server for NIS administrator to configure an update interval for pushing Network Information Service (NIS) maps to NIS subordinate servers. Fix: (1) GPO: Comput ...

oval:org.secpod.oval:def:19105
The Microsoft Support Diagnostic Tool: Restrict tool download machine setting should be configured correctly. Restricts the tool download policy for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. For some pr ...

oval:org.secpod.oval:def:19589
The Turn Off the Display (Plugged In) machine setting should be configured correctly. Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the di ...

oval:org.secpod.oval:def:19106
The Turn off Configuration machine setting should be configured correctly. Allows you to disable System Restore configuration through System Protection. System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. The be ...

oval:org.secpod.oval:def:19107
Auditing of System: Security System Extension events on failure should be enabled or disabled as appropriate. Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions. Changes to security system extensions in the ope ...

oval:org.secpod.oval:def:19100
The Turn Off Low Battery User Notification machine setting should be configured correctly. Disables a user notification when the battery capacity remaining equals the low battery notification level. If you enable this policy, Windows will not show a notification when the battery capacity remaining ...

oval:org.secpod.oval:def:19584
The Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension, an ...

oval:org.secpod.oval:def:19101
The Terminate session when time limits are reached machine setting should be configured correctly. Specifies whether to terminate a timed-out Remote Desktop Services session instead of disconnecting it. You can use this setting to direct Remote Desktop Services to terminate a session (that is, the ...

oval:org.secpod.oval:def:19585
The Turn off pen feedback machine setting should be configured correctly. Disables visual pen action feedback, except for press and hold feedback. If you enable this policy, all visual pen action feedback is disabled except for press and hold feedback. Additionally, the mouse cursors are shown inst ...

oval:org.secpod.oval:def:19102
Auditing of Policy Change: Authentication Policy Change events on success should be enabled or disabled as appropriate. This subcategory reports changes in authentication policy. Events for this subcategory include: - 4706: A new trust was created to a domain. - 4707: A trust to a domain was remov ...

oval:org.secpod.oval:def:19586
The Disallow Digest authentication machine setting should be configured correctly. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Digest authentication. If you enable this policy setting, the WinRM client will not use Digest authentication ...

oval:org.secpod.oval:def:19103
The Administratively assigned offline files machine setting should be configured correctly. This policy setting lists network files and folders that are always available for offline use. This ensures that the the specified files and folders are available offline to users of the computer.If you enab ...

oval:org.secpod.oval:def:19587
The Switch to the Simplified Chinese (PRC) gestures machine setting should be configured correctly. Switches the gesture set used for editing from the common handheld computer gestures to the Simplified Chinese (PRC) standard gestures. Tablet PC Input Panel is a Tablet PC accessory that enables you ...

oval:org.secpod.oval:def:19580
The Select the Lid Switch Action (Plugged In) machine setting should be configured correctly. Specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select ...

oval:org.secpod.oval:def:19581
The Configure use of passwords for fixed data drives machine setting should be configured correctly. This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, ...

oval:org.secpod.oval:def:19582
The Log directory pruning retry events machine setting should be configured correctly. Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts compute ...

oval:org.secpod.oval:def:19583
The Network control service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control serv ...

oval:org.secpod.oval:def:19119
The Turn on bandwidth optimization machine setting should be configured correctly. This policy setting allows you to improve performance in low bandwidth scenarios. This setting is incrementally scaled from "No optimization" to "Full optimization". Each incremental setting inclu ...

oval:org.secpod.oval:def:19115
Auditing of Logon-Logoff: Other Logon/Logoff Events events on failure should be enabled or disabled as appropriate. Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events. These other logon or logoff events include: * A Remote Deskt ...

oval:org.secpod.oval:def:19599
The Deny Delegating Default Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). If you enable this policy setting you can specify the servers to which the user's default credentials ...

oval:org.secpod.oval:def:19116
The Force selected system UI language to overwrite the user UI language machine setting should be configured correctly. This is a setting for computers with more than one UI language installed. If you enable this setting, the UI language of Windows menus and dialogs language for systems with more t ...

oval:org.secpod.oval:def:19117
The Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers machine setting should be configured correctly. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and ...

oval:org.secpod.oval:def:19118
The Remove Program Compatibility Property Page machine setting should be configured correctly. This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file. The ...

oval:org.secpod.oval:def:19111
The Turn off Problem Steps Recorder machine setting should be configured correctly. This policy controls the state of the Problem Steps Recorder feature in the system. Problem Steps Recorder enables capturing the steps taken by the user before encountering a problem. The output data generated by Pr ...

oval:org.secpod.oval:def:19595
The Configure use of smart cards on removable data drives machine setting should be configured correctly. This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setti ...

oval:org.secpod.oval:def:19112
The Turn on Accounting for WSRM machine setting should be configured correctly. This setting turns the Accounting feature On or Off. If you enable this setting, Windows System Resource Manager (WSRM) will start accounting various usage statistics of the processes. If you disable this setting, WSRM ...

oval:org.secpod.oval:def:19596
The Tape Drives: Deny execute access machine setting should be configured correctly. This policy setting denies execute access to the Tape Drive removable storage class. If you enable this policy setting, execute access will be denied to this removable storage class. If you disable or do not config ...

oval:org.secpod.oval:def:19113
The Computer location machine setting should be configured correctly. Specifies the default location criteria used when searching for printers. This setting is a component of the Location Tracking feature of Windows printers. To use this setting, enable Location Tracking by enabling the "Pre-p ...

oval:org.secpod.oval:def:19597
The Turn off the ability to back up data files machine setting should be configured correctly. This setting lets you disable the data file backup functionality. If this setting is enabled, users cannot back up data files. If this setting is disabled or not configured, users can back up data files. ...

oval:org.secpod.oval:def:19114
The Do not use Remote Desktop Session Host server IP address when virtual IP address is not available machine setting should be configured correctly. This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not availabl ...

oval:org.secpod.oval:def:19598
The Disable text prediction machine setting should be configured correctly. Prevents the Tablet PC Input Panel from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab. Tablet PC Input Panel is a Tablet PC accessory that enables you to ...

oval:org.secpod.oval:def:19591
The Disallow Negotiate authentication machine setting should be configured correctly for the WinRM service. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Negotiate authentication. If you enable this policy setting, the WinRM client will n ...

oval:org.secpod.oval:def:19592
The Short name creation options machine setting should be configured correctly. These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility, but short names have a negative performance impact on the syste ...

oval:org.secpod.oval:def:19593
The Verify old and new Folder Redirection targets point to the same share before redirecting machine setting should be configured correctly. This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same ...

oval:org.secpod.oval:def:19110
Auditing of Privilege Use: Non Sensitive Privilege Use events on success should be enabled or disabled as appropriate. This subcategory reports when a user account or service uses a non-sensitive privilege. A non-sensitive privilege includes the following user rights: Access Credential Manager as ...

oval:org.secpod.oval:def:19594
The Disable or enable software Secure Attention Sequence machine setting should be configured correctly. This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). If you enable this policy setting, you have one of four options: If you set this policy set ...

oval:org.secpod.oval:def:19590
The ActiveX installation policy for sites in Trusted zones machine setting should be configured correctly. This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If this setting is enabled ActiveX controls will be installed according to the settings defined by ...

oval:org.secpod.oval:def:19166
The Enable Persistent Time Stamp machine setting should be configured correctly. The Persistent System Timestamp allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a schedule controlled by the Timestamp Interval. If you enable this setting, the Persi ...

oval:org.secpod.oval:def:19167
The Only allow local user profiles machine setting should be configured correctly. This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users log on to a computer, their roaming profile is copied down to the local computer. If the ...

oval:org.secpod.oval:def:19168
The Limit disk space used by offline files machine setting should be configured correctly. This policy limits the amount of the computer's disk space that can be used to store offline files. Using this setting you can configure how much total disk space (in Megabytes) is used for storing offli ...

oval:org.secpod.oval:def:19169
The Guaranteed service type link layer (Layer-2) priority value should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer ...

oval:org.secpod.oval:def:19162
The Troubleshooting: Allow users to access and run Troubleshooting Wizards machine setting should be configured correctly. This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to tr ...

oval:org.secpod.oval:def:19163
The Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory machine setting should be configured correctly. This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-bas ...

oval:org.secpod.oval:def:19164
The Provide the unique identifiers for your organization machine setting should be configured correctly. This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed ...

oval:org.secpod.oval:def:19165
The Set the SMTP Server used to send notifications machine setting should be configured correctly. This setting assigns the address of the SMTP server that sends out notifications. If you enable this setting, Windows System Resource Manager (WSRM) will set the SMTP server to the value specified. If ...

oval:org.secpod.oval:def:19160
The Allow Integrated Unblock screen to be displayed at the time of logon machine setting should be configured correctly. This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI). In order to use the integrated unblock feature y ...

oval:org.secpod.oval:def:19161
The Select the Power Button Action (On Battery) machine setting should be configured correctly. Specifies the action that Windows takes when a user presses the power button. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select the ...

oval:org.secpod.oval:def:19177
The Deny Delegating Fresh Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). If you enable this policy setting you can specify the servers to which the user's fresh credentials can ...

oval:org.secpod.oval:def:19178
The Do not display Server Manager automatically at logon machine setting should be configured correctly. This policy setting allows you to turn off the automatic display of Server Manager at logon. If you enable this policy setting, Server Manager is not displayed automatically when an administrato ...

oval:org.secpod.oval:def:19179
The Do not allow encryption on all NTFS volumes machine setting should be configured correctly. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files. Fix: (1) GPO: Computer Configuration\Administrative ...

oval:org.secpod.oval:def:19173
The Prevent access to 16-bit applications machine setting should be configured correctly. Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem ...

oval:org.secpod.oval:def:19174
The Configure BranchCache for network files machine setting should be configured correctly. This policy setting changes the default round trip network latency value above which network files are cached by client computers in the branch. BranchCache for network files enables computers in a branch of ...

oval:org.secpod.oval:def:19175
The Do not allow connections without IPSec machine setting should be configured correctly. If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. ...

oval:org.secpod.oval:def:19176
The Critical Battery Notification Action machine setting should be configured correctly. Specifies the action that Windows takes when battery capacity reaches the critical battery notification level. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy se ...

oval:org.secpod.oval:def:19170
The Turn off Multicast Bootstrap machine setting should be configured correctly for IPv6 Global. This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud. The Peer Name Resolution Protocol (PNRP) allows for distribut ...

oval:org.secpod.oval:def:19171
The Specify the Display Dim Brightness (Plugged In) machine setting should be configured correctly. Specify the brightness of the display when Windows automatically reduces brightness of the display. If you enable this policy setting, you must provide a value, in percentage, indicating the display ...

oval:org.secpod.oval:def:19172
The Choose how BitLocker-protected fixed drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn ...

oval:org.secpod.oval:def:19148
Auditing of Logon-Logoff: IPsec Extended Mode events on failure should be enabled or disabled as appropriate. Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protoc ...

oval:org.secpod.oval:def:19149
The Allow audio recording redirection machine setting should be configured correctly. This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session. Users can specify whether to record audio to the remote computer by configuring ...

oval:org.secpod.oval:def:19144
The Download missing COM components machine setting should be configured correctly. Directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires. Many Windows programs, such as the MMC snap-ins, use the interfaces provided by the COM comp ...

oval:org.secpod.oval:def:19145
The Log Access machine setting should be configured correctly for the application log. This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. If this policy setting is enabled, only those users matching the security ...

oval:org.secpod.oval:def:19146
The Turn on BranchCache machine setting should be configured correctly. This policy setting specifies whether BranchCache is enabled on the client computer. BranchCache reduces the utilization of the wide area network (WAN) links connecting branch offices to the data center or headquarters and incr ...

oval:org.secpod.oval:def:19147
The Allow Delegating Fresh Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos. If ...

oval:org.secpod.oval:def:19140
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows Boot Performance Diagnostics. Determines the execution level for Windows Boot Performance Diagnostics. If you enable this policy setting, you must select an execution le ...

oval:org.secpod.oval:def:19141
The Turn on Security Center (Domain PCs only) machine setting should be configured correctly. This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on, it monitors essential security sett ...

oval:org.secpod.oval:def:19142
The Allow time invalid certificates machine setting should be configured correctly. This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. Under previous versions of Microsoft Windows, certificates were required to contain a valid time and ...

oval:org.secpod.oval:def:19143
The Allow BITS Peercaching machine setting should be configured correctly. This policy setting determines if the Background Intelligent Transfer Service (BITS) Peercaching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server speci ...

oval:org.secpod.oval:def:19159
The Allow only Vista or later connections machine setting should be configured correctly. This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This sett ...

oval:org.secpod.oval:def:19155
The Configure use of smart cards on fixed data drives machine setting should be configured correctly. This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting s ...

oval:org.secpod.oval:def:19156
The Diagnostics: Configure scenario execution level machine setting should be configured correctly. Determines the execution level for Diagnostic Policy Service (DPS) scenarios. If you enable this policy setting, you must select an execution level from the dropdown menu. If you select problem detec ...

oval:org.secpod.oval:def:19157
The Update Top Level Domain Zones machine setting should be configured correctly. Specifies whether the computers to which this setting is applied may send dynamic updates to the zones named with a single label name, also known as top-level domain zones, for example, "com". By default, a ...

oval:org.secpod.oval:def:19158
The Do not process the legacy run list machine setting should be configured correctly. Ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 ...

oval:org.secpod.oval:def:19151
The Deny Delegating Saved Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). If you enable this policy setting you can specify the servers to which the user's saved credentials can ...

oval:org.secpod.oval:def:19152
The Do not allow sessions without mutual CHAP machine setting should be configured correctly. If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be e ...

oval:org.secpod.oval:def:19153
The Detect application failures caused by deprecated COM objects machine setting should be configured correctly. This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose DLL load or COM object creation failures in programs. If you enable this policy setting, th ...

oval:org.secpod.oval:def:19154
The Background upload of a roaming user profile's registry file while user is logged on machine setting should be configured correctly. Sets the schedule for background uploading of a roaming user profile's registry file (ntuser.dat). This setting will only upload the user profile's regis ...

oval:org.secpod.oval:def:19150
The Use Remote Desktop Easy Print printer driver first machine setting should be configured correctly. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting, ...

oval:org.secpod.oval:def:18799
The Allow users to log on using biometrics machine setting should be configured correctly. This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the " ...

oval:org.secpod.oval:def:18798
The Allow Basic authentication machine setting should be configured correctly for the WinRM client. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. If you enable this policy setting, the WinRM client will use Basic authenticat ...

oval:org.secpod.oval:def:18797
The Allow administrators to override Device Installation Restriction policies machine setting should be configured correctly. This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device, regardless of other policy setting ...

oval:org.secpod.oval:def:18796
Auditing of Account Logon: Other Account Logon Events events on success should be enabled or disabled as appropriate. This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. ...

oval:org.secpod.oval:def:18791
The Specify intranet Microsoft update service location machine setting should be configured correctly. Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network. This setting lets you specify a server o ...

oval:org.secpod.oval:def:18790
Auditing of Privilege Use: Sensitive Privilege Use events on failure should be enabled or disabled as appropriate. This policy setting determines whether the operating system generates audit events when sensitive privileges (user rights) are used. Actions that can be audited include: A privileged s ...

oval:org.secpod.oval:def:18795
The Turn on extensive logging for Password Synchronization machine setting should be configured correctly. This policy setting allows an administrator to turn on extensive logging for Password Synchronization. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Passwo ...

oval:org.secpod.oval:def:18794
The Allow Delegating Saved Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos. If ...

oval:org.secpod.oval:def:18793
The Configure use of passwords for removable data drives machine setting should be configured correctly. This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, ...

oval:org.secpod.oval:def:18792
The Log File Path machine setting should be configured correctly for the security log. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. If you enable this policy setting, th ...

oval:org.secpod.oval:def:18777
The Turn on Smart Card Plug and Play service machine setting should be configured correctly. This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this policy setting, Smart Card Plug and Play will be enabled and the system will att ...

oval:org.secpod.oval:def:19625
The Require message integrity option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security Support ...

oval:org.secpod.oval:def:18776
The Turn off PNRP cloud creation machine setting should be configured correctly for IPv6 Link Local. This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol versi ...

oval:org.secpod.oval:def:19626
The Require message confidentiality option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security S ...

oval:org.secpod.oval:def:18775
The Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names machine setting should be configured correctly. This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). This policy setti ...

oval:org.secpod.oval:def:19627
The Require 128-bit encryption option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate. This security setting allows a server to require the negotiation of message confidentiality (encryption), ...

oval:org.secpod.oval:def:18774
The Controlled load service type link layer (Layer-2) priority value should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority valu ...

oval:org.secpod.oval:def:19628
The Require message integrity option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security Support ...

oval:org.secpod.oval:def:19621
The Wireless policy processing machine setting should be configured correctly. Determines when policies that assign wireless network settings are updated. This setting affects all policies that use the wireless network component of Group Policy, such as those in WindowsSettings\Wireless Network Pol ...

oval:org.secpod.oval:def:19622
The Configure Shortcuts preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Shortcuts preference extension, and to turn on tracing for the Shortcuts extension. Logging and tr ...

oval:org.secpod.oval:def:18779
The Do not allow Flip3D invocation machine setting should be configured correctly. Flip3D is a 3D window switcher. If you enable this setting, Flip3D will be inaccessible. If you disable or do not configure this policy setting, Flip3D will be accessible, if desktop composition is turned on. Changin ...

oval:org.secpod.oval:def:19623
The Require NTLMv2 session security option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security S ...

oval:org.secpod.oval:def:18778
The Require user authentication for remote connections by using Network Level Authentication machine setting should be configured correctly. This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level A ...

oval:org.secpod.oval:def:19624
The Require 128-bit encryption option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security Suppor ...

oval:org.secpod.oval:def:19620
The Turn off Resultant Set of Policy logging machine setting should be configured correctly. This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer. RSoP logs information on Group Policy settings that have been applied to the client. This informatio ...

oval:org.secpod.oval:def:18773
The Retain old events machine setting should be configured correctly for the setup log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) GP ...

oval:org.secpod.oval:def:18772
The Run Windows PowerShell scripts first at user logon, logoff machine setting should be configured correctly. This policy setting determines whether Windows PowerShell scripts will run before non-PowerShell scripts during user logon and logoff. By default, PowerShell scripts run after non-PowerShe ...

oval:org.secpod.oval:def:18771
The Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box machine setting should be configured correctly. This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box. If you en ...

oval:org.secpod.oval:def:18770
Auditing of Object Access: Filtering Platform Connection events on success should be enabled or disabled as appropriate. This subcategory reports when connections are allowed or blocked by WFP. These events can be high in volume. Events for this subcategory include: - 5031: The Windows Firewall Ser ...

oval:org.secpod.oval:def:19618
The Configure Devices preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Devices preference extension, and to turn on tracing for the Devices extension. Logging and tracing ...

oval:org.secpod.oval:def:19619
The Security policy processing machine setting should be configured correctly. Determines when security policies are updated. This setting affects all policies that use the security component of Group Policy, such as those in Windows Settings\Security Settings. It overrides customized settings that ...

oval:org.secpod.oval:def:18788
Auditing of Object Access: Detailed File Share events on success should be enabled or disabled as appropriate. This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, wher ...

oval:org.secpod.oval:def:18787
Auditing of System: IPsec Driver events on success should be enabled or disabled as appropriate. This subcategory reports on the activities of the Internet Protocol security (IPsec) driver. Events for this subcategory include: - 4960: IPsec dropped an inbound packet that failed an integrity check. ...

oval:org.secpod.oval:def:18786
Auditing of Policy Change: Audit Policy Change events on success should be enabled or disabled as appropriate. This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include: - 4715: The audit policy (SACL) on an object was changed. - 4719: System audi ...

oval:org.secpod.oval:def:18785
The Prevent Roaming Profile changes from propagating to the server machine setting should be configured correctly. This setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile. By default, when a roaming profile user logs on to a comp ...

oval:org.secpod.oval:def:19632
The Access Credential Manager as a trusted caller user right should be assigned to the appropriate accounts. This security setting is used by Credential Manager during Backup and Restore. No accounts should have this user right, as it is only assigned to Winlogon. Users saved credentials might be c ...

oval:org.secpod.oval:def:18789
The Allow Delegating Default Credentials machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via a trusted X509 certificate or Kerberos. I ...

oval:org.secpod.oval:def:18780
The Do not show the local access only network icon machine setting should be configured correctly. Specifies whether or not the "local access only" network icon will be shown. When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a ne ...

oval:org.secpod.oval:def:19630
The Require message confidentiality option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security S ...

oval:org.secpod.oval:def:19631
Auditing of Audit privilege use events on success should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user exercising a user right. If you define this policy setting, you can specify whether to audit successes, audit failures, or not au ...

oval:org.secpod.oval:def:18784
The Allow non-administrators to receive update notifications machine setting should be configured correctly. This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enabl ...

oval:org.secpod.oval:def:18783
The Specify maximum amount of memory in MB per Shell machine setting should be configured correctly. Configures maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes. Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimit ...

oval:org.secpod.oval:def:18782
The Turn off the communities features machine setting should be configured correctly. Windows Mail will not check your newsgroup servers for Communities support. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities features (2) KE ...

oval:org.secpod.oval:def:18781
The Time (in seconds) to force reboot when required for policy changes to take effect machine setting should be configured correctly. Set the amount of time (in seconds) that the system will wait to reboot in order to enforce a change in device installation restriction policies. If you enable this ...

oval:org.secpod.oval:def:19629
The Require NTLMv2 session security option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients setting should be enabled or disabled as appropriate. Specifies the prescribed value for 'Require NTLMv2 session security' option for the 'N ...

oval:org.secpod.oval:def:19207
The Contact PDC on logon failure machine setting should be configured correctly. Defines whether a domain controller (DC) should attempt to verify with the PDC the password provided by a client if the DC failed to validate the password. Contacting the PDC is useful in case the client's passwor ...

oval:org.secpod.oval:def:19208
The Allow logon scripts when NetBIOS or WINS is disabled machine setting should be configured correctly. This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured and NetBIOS or WINS is disabled. This policy setting affects all user accounts i ...

oval:org.secpod.oval:def:19209
The Use localized subfolder names when redirecting Start Menu and My Documents machine setting should be configured correctly. This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs, Startup, My Music, My Pictures, and My Vi ...

oval:org.secpod.oval:def:19203
The Specify a default color machine setting should be configured correctly. This policy setting controls the default color for window frames when the user does not specify a color. If you enable this policy setting and specify a default color, this color will be used in glass window frames, if the ...

oval:org.secpod.oval:def:19204
The Add Printer wizard - Network scan page (Unmanaged network) machine setting should be configured correctly. This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an unmanaged network (when the computer is not able to reach a doma ...

oval:org.secpod.oval:def:19205
The Set time limit for active Remote Desktop Services sessions machine setting should be configured correctly. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. If you enable this policy ...

oval:org.secpod.oval:def:19206
The Disallow selection of Custom Locales machine setting should be configured correctly. This policy prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that shipped with the operating system. Note that this does not affect ...

oval:org.secpod.oval:def:19200
The Configure Data Sources preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Data Sources preference extension, and to turn on tracing for the Data Sources extension. Loggi ...

oval:org.secpod.oval:def:19201
The For touch input, don't show the Input Panel icon machine setting should be configured correctly. Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when a user is using touch input. T ...

oval:org.secpod.oval:def:19202
The Prevent restoring previous versions from backups machine setting should be configured correctly. This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file, in which the previous version is stored on a b ...

oval:org.secpod.oval:def:19218
The Baseline file cache maximum size machine setting should be configured correctly. This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta differenc ...

oval:org.secpod.oval:def:19219
The Delete user profiles older than a specified number of days on system restart machine setting should be configured correctly. This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One d ...

oval:org.secpod.oval:def:19214
The Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box machine setting should be configured correctly. This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut D ...

oval:org.secpod.oval:def:19215
The Do not allow Windows Journal to be run machine setting should be configured correctly. Prevents start of Windows Journal. If you enable this policy, the Windows Journal accessory will not run. If you disable this policy, the Windows Journal accessory will run. If you do not configure this polic ...

oval:org.secpod.oval:def:19216
The TTL Set in the A and PTR records machine setting should be configured correctly. Specifies the value for the Time-To-Live (TTL) field in A and PTR resource records registered by the computers to which this setting is applied. To specify the TTL, click Enable, and then enter a value in seconds ( ...

oval:org.secpod.oval:def:19217
The Leave Windows Installer and Group Policy Software Installation Data machine setting should be configured correctly. Determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion. By default User profile ...

oval:org.secpod.oval:def:19210
The Configure minimum PIN length for startup machine setting should be configured correctly. This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum l ...

oval:org.secpod.oval:def:19211
The Turn off Application Compatibility Engine machine setting should be configured correctly. This policy controls the state of the application compatibility engine in the system. The engine is part of the loader and looks through a compatibility database every time an application is started on the ...

oval:org.secpod.oval:def:19212
The Propagation of extended error information machine setting should be configured correctly. Directs the RPC Runtime to generate extended error information when an error occurs. Extended error information includes the local time that the error occurred, the RPC version, and the name of the compute ...

oval:org.secpod.oval:def:19213
The Specify Shell Timeout machine setting should be configured correctly. This policy setting configures the maximum time in milliseconds remote Shell will stay open without any user activity until it is automatically deleted. Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 millisecon ...

oval:org.secpod.oval:def:7707
Microsoft Windows Server 2008 R2 is installed

oval:org.secpod.oval:def:7706
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. The registry value entry ScreenSaverGracePeriod was added to the template file in the HKEY_LOCAL_MACHINE\\SYSTEM\\Software\\Microsoft\\ Windows NT\\CurrentVersion\\Winlo ...

oval:org.secpod.oval:def:18755
Auditing of Account Management: User Account Management events on success should be enabled or disabled as appropriate. This subcategory reports each event of user account management, such as when a user account is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a ...

oval:org.secpod.oval:def:19603
The Configure Printers preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Printers preference extension, and to turn on tracing for the Printers extension. Logging and traci ...

oval:org.secpod.oval:def:18754
Auditing of Account Management: Distribution Group Management events on success should be enabled or disabled as appropriate. This subcategory reports each event of distribution group management, such as when a distribution group is created, changed, or deleted or when a member is added to or remov ...

oval:org.secpod.oval:def:19604
The Configure Files preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Files preference extension, and to turn on tracing for the Files extension. Logging and tracing provid ...

oval:org.secpod.oval:def:18753
Auditing of Privilege Use: Other Privilege Use Events events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user exercising a user right. If you define this policy setting, you can specify whether to audit successes, aud ...

oval:org.secpod.oval:def:19605
The Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services machine setting should be configured correctly. This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asyn ...

oval:org.secpod.oval:def:18752
Auditing of Account Logon: Kerberos Service Ticket Operations events on success should be enabled or disabled as appropriate. This subcategory reports generated by Kerberos ticket request processes on the domain controller that is authoritative for the domain account. Events for this subcategory in ...

oval:org.secpod.oval:def:19606
The Configure Environment preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Environment preference extension, and to turn on tracing for the Environment extension. Logging ...

oval:org.secpod.oval:def:18759
Auditing of System: IPsec Driver events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system audits the activities of the IPsec driver and reports any of the following events: * Startup and shutdown of IPsec services. * Packet ...

oval:org.secpod.oval:def:18758
Auditing of Audit logon events on success should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user logging on to or logging off from a computer. Account logon events are generated on domain controllers for domain account activity and on ...

oval:org.secpod.oval:def:19600
The Always install with elevated privileges machine setting should be configured correctly. Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs th ...

oval:org.secpod.oval:def:18757
Auditing of Audit directory service access events on success should be enabled or disabled as appropriate. This security setting determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified. By default, this value ...

oval:org.secpod.oval:def:19601
The Remove users ability to invoke machine policy refresh machine setting should be configured correctly. This setting allows you to control a user's ability to invoke a computer policy refresh. If you enable this setting, users may not invoke a refresh of computer policy. Computer policy will ...

oval:org.secpod.oval:def:18756
Auditing of DS Access: Directory Service Replication events on success should be enabled or disabled as appropriate. This subcategory reports when replication between two domain controllers begins and ends. Events for this subcategory include: - 4932: Synchronization of a replica of an Active Direc ...

oval:org.secpod.oval:def:19602
The Scripts policy processing machine setting should be configured correctly. Determines when policies that assign shared scripts are updated. This setting affects all policies that use the scripts component of Group Policy, such as those in WindowsSettings\Scripts. It overrides customized settings ...

oval:org.secpod.oval:def:18751
Auditing of Account Logon: Credential Validation events on success should be enabled or disabled as appropriate. This subcategory reports the results of validation tests on credentials submitted for a user account logon request. These events occur on the computer that is authoritative for the crede ...

oval:org.secpod.oval:def:18750
Auditing of Policy Change: MPSSVC Rule-Level Policy Change events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.e ...

oval:org.secpod.oval:def:18749
The Windows Firewall: Public: Apply local firewall rules setting should be configured correctly. This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Fix: (1) GPO: Computer Configuration\W ...

oval:org.secpod.oval:def:18766
Auditing of Account Logon: Kerberos Service Ticket Operations events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates security audit events for Kerberos service ticket requests. Events are generated every time Ke ...

oval:org.secpod.oval:def:19614
The Software Installation policy processing machine setting should be configured correctly. Determines when software installation policies are updated. This setting affects all policies that use the software installation component of Group Policy, such as policies in Software Settings\Software Inst ...

oval:org.secpod.oval:def:18765
Auditing of Account Logon: Kerberos Authentication Service events on failure should be enabled or disabled as appropriate. This security policy setting allows you to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. If you configure this policy setting, an aud ...

oval:org.secpod.oval:def:19615
The Configure Registry preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Registry preference extension, and to turn on tracing for the Registry extension. Logging and traci ...

oval:org.secpod.oval:def:18764
The Network Security: Restrict NTLM: NTLM authentication in this domain setting should be configured correctly. This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller. ...

oval:org.secpod.oval:def:19616
The Allow Cross-Forest User Policy and Roaming User Profiles machine setting should be configured correctly. Allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logons across forests. This setting affects all user accounts that interactively log ...

oval:org.secpod.oval:def:18763
Auditing of Object Access: Registry events on success should be enabled or disabled as appropriate. This subcategory reports when registry objects are accessed. Only registry objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By i ...

oval:org.secpod.oval:def:19617
The Configure Scheduled Tasks preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Scheduled Tasks preference extension, and to turn on tracing for the Scheduled Tasks extensi ...

oval:org.secpod.oval:def:19610
The Configure Network Shares preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference extension, and to turn on tracing for the Folder Options extension. ...

oval:org.secpod.oval:def:18769
Auditing of Object Access: File System events on success should be enabled or disabled as appropriate. This subcategory reports when file system objects are accessed. Only file system objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their S ...

oval:org.secpod.oval:def:19611
The User Group Policy loopback processing mode machine setting should be configured correctly. Applies alternate user settings when a user logs on to a computer affected by this setting. This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs o ...

oval:org.secpod.oval:def:18768
Auditing of Account Management: User Account Management events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events when the following user account management tasks are performed: * A user account is cre ...

oval:org.secpod.oval:def:19612
The Turn off Local Group Policy objects processing machine setting should be configured correctly. This policy setting prevents Local Group Policy objects (Local GPOs) from being applied. By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These po ...

oval:org.secpod.oval:def:18767
Auditing of Account Management: Distribution Group Management events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events for the following distribution group management tasks: A distribution group is cr ...

oval:org.secpod.oval:def:19613
The Wired policy processing machine setting should be configured correctly. Determines when policies that assign wired network settings are updated. This setting affects all policies that use the wired network component of Group Policy, such as those in Windows Settings\Wired Network Policies. It o ...

oval:org.secpod.oval:def:18762
Auditing of Audit account management events on success should be enabled or disabled as appropriate. This security setting determines whether to audit each event of account management on a computer. Examples of account management events include: * A user account or group is created, changed, or del ...

oval:org.secpod.oval:def:18761
Auditing of Object Access: Kernel Object events on success should be enabled or disabled as appropriate. This subcategory reports when kernel objects such as processes and mutexes are accessed. Only kernel objects with SACLs cause audit events to be generated, and only when they are accessed in a m ...

oval:org.secpod.oval:def:18760
Auditing of Object Access: Certification Services events on success should be enabled or disabled as appropriate. This subcategory reports when Certification Services operations are performed. Events for this subcategory include: - 4868: The certificate manager denied a pending certificate request. ...

oval:org.secpod.oval:def:19607
The Configure Ini Files preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Ini Files preference extension, and to turn on tracing for the Ini Files extension. Logging and tr ...

oval:org.secpod.oval:def:19608
The Configure Folder Options preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference extension, and to turn on tracing for the Folder Options extension. ...

oval:org.secpod.oval:def:19609
The Startup policy processing wait time machine setting should be configured correctly. This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous, the computer is blocked u ...

oval:org.secpod.oval:def:18733
The Domain member: Digitally sign secure channel data (when possible) setting should be configured correctly. This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. Digital signatures protect ...

oval:org.secpod.oval:def:18737
The Network Security: Restrict NTLM: Audit NTLM authentication in this domain setting should be configured correctly. This policy setting allows you to audit NTLM authentication in a domain from this domain controller. This policy is supported on at least Windows Server 2008 R2. Note: Audit events ...

oval:org.secpod.oval:def:18736
The Network Security: Restrict NTLM: Audit Incoming NTLM Traffic setting should be configured correctly. This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the O ...

oval:org.secpod.oval:def:18735
The Network Security: Restrict NTLM: Add server exceptions in this domain setting should be configured correctly. This policy setting allows you to create an exception list of servers in this domain to which clients are allowed to use NTLM pass-through authentication if the Network Security: Restri ...

oval:org.secpod.oval:def:18734
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly.

oval:org.secpod.oval:def:18744
The Windows Firewall: Private: Apply local firewall rules setting should be configured correctly. This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Fix: (1) GPO: Computer Configuration\ ...

oval:org.secpod.oval:def:18743
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile. This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages. Fix: (1) GPO: Computer Configura ...

oval:org.secpod.oval:def:18742
Windows Firewall should allow or block outbound connections by default as appropriate for the Private Profile. This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that ...

oval:org.secpod.oval:def:18741
Auditing of Policy Change: Audit Policy Change events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies. If you define this policy setting, you c ...

oval:org.secpod.oval:def:18748
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile. This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow ...

oval:org.secpod.oval:def:18747
The Interactive logon: Display user information when the session is locked setting should be configured correctly. This policy setting determines whether the account name of the last user to log on to the client computers in your organization can display in each computers respective Windows logon s ...

oval:org.secpod.oval:def:18746
Rights to access DCOM applications should be assigned as appropriate. This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to ...

oval:org.secpod.oval:def:18745
Auditing of Policy Change: Authorization Policy Change events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events when the following changes are made to the authorization policy: Assigning or removing o ...

oval:org.secpod.oval:def:18740
Windows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile. This setting determines the behavior for outbound connections that do not match an outbound firewall rule. In Windows Vista, the default behavior is to allow connections unless there are fi ...

oval:org.secpod.oval:def:18739
The Network Security: Restrict NTLM: Incoming NTLM traffic setting should be configured correctly. This policy setting allows you to deny or allow incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Block events are recorded on this computer in the ...

oval:org.secpod.oval:def:18738
Auditing of Audit process tracking events on success should be enabled or disabled as appropriate. Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. By default, this value is set to No audit ...

oval:org.secpod.oval:def:14845
Auditing of Audit account logon events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. Account logon events a ...

oval:org.secpod.oval:def:18803
The Directory pruning retry machine setting should be configured correctly. Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have publis ...

oval:org.secpod.oval:def:18802
The Negative DC Discovery Cache Setting machine setting should be configured correctly. Specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this sett ...

oval:org.secpod.oval:def:18801
The Removable Disks: Deny write access machine setting should be configured correctly. This policy setting denies write access to removable disks. If you enable this policy setting, write access will be denied to this removable storage class. If you disable or do not configure this policy setting, ...

oval:org.secpod.oval:def:18800
The Timeout for hung logon sessions during shutdown machine setting should be configured correctly. The number of minutes the system will wait for the hung logon sessions before proceeding with the system shutdown. If this settings is enabled, the system will wait for the hung logon sessions for th ...

oval:org.secpod.oval:def:19247
The Turn Off Hybrid Sleep (Plugged In) machine setting should be configured correctly. Disables Hybrid Sleep. If you enable this policy setting, a hiberfile is not generated when the system transitions to sleep (Stand By). If you do not configure this policy setting, users can see and change this s ...

oval:org.secpod.oval:def:19248
The Allow signature keys valid for Logon machine setting should be configured correctly. This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this policy setting then any certificates available on the smart card with a signature ...

oval:org.secpod.oval:def:19249
The Corporate DNS Probe Host Address machine setting should be configured correctly. This is the expected address of the host name used as for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. Fix: (1) GPO: Computer Configuration\Administrativ ...

oval:org.secpod.oval:def:19243
The Do not allow Snipping Tool to run machine setting should be configured correctly. Prevents the snipping tool from running. If you enable this policy setting, the Snipping Tool will not run. If you disable this policy setting, the Snipping Tool will run. If you do not configure this policy setti ...

oval:org.secpod.oval:def:19244
The Prevent license upgrade machine setting should be configured correctly. This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running ...

oval:org.secpod.oval:def:19245
The Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) should be configured correctly for packets that do not conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service t ...

oval:org.secpod.oval:def:19246
The Log event when quota warning level exceeded machine setting should be configured correctly. Determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume. If you enable this setting, the system records an event. If you disable ...

oval:org.secpod.oval:def:19240
The Verbose vs normal status messages machine setting should be configured correctly. Directs the system to display highly detailed status messages. If you enable this setting, the system displays status messages that reflect each step in the process of starting, shutting down, logging on, or loggi ...

oval:org.secpod.oval:def:19241
The Do not allow Sound Recorder to run machine setting should be configured correctly. Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an aud ...

oval:org.secpod.oval:def:19242
The Scavenge Interval machine setting should be configured correctly. Determines the interval at which Netlogon performs the following scavenging operations: - Checks if a password on a secure channel needs to be modified, and modifies it if necessary. - On the domain controllers (DC), discovers a ...

oval:org.secpod.oval:def:19258
The Turn off sensors machine setting should be configured correctly. This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature will be turned off, and all programs on this computer will not be able to use the sensor feature. If you dis ...

oval:org.secpod.oval:def:19259
The Display information about previous logons during user logon machine setting should be configured correctly. This policy setting controls whether or not the system displays information about previous logons and logon failures to the user. For local user accounts and domain user accounts in Micro ...

oval:org.secpod.oval:def:19254
The Turn off Windows SideShow machine setting should be configured correctly. This policy setting turns off Windows SideShow. If you enable this policy setting, the Windows SideShow Control Panel will be disabled and data from Windows SideShow-compatible gadgets (applications) will not be sent to c ...

oval:org.secpod.oval:def:19255
The Validate smart card certificate usage rule compliance machine setting should be configured correctly. This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker. The obj ...

oval:org.secpod.oval:def:19256
The Limit the maximum number of BITS jobs for this computer machine setting should be configured correctly. This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 3 ...

oval:org.secpod.oval:def:19257
The Notify user of successful smart card driver installation machine setting should be configured correctly. This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed. If you enable or do not configure this policy setting, a c ...

oval:org.secpod.oval:def:19250
The Backup log automatically when full machine setting should be configured correctly for the security log. This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the Retain old events policy setting is enabled. If you enable this policy ...

oval:org.secpod.oval:def:19251
The Hide notifications about RD Licensing problems that affect the RD Session Host server machine setting should be configured correctly. This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Sess ...

oval:org.secpod.oval:def:19252
The ForwarderResourceUsage machine setting should be configured correctly. Controls resource usage for the forwarder. Each setting applies across all subscriptions for the forwarder. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Forwarding\ForwarderResourc ...

oval:org.secpod.oval:def:19253
The Use the specified Remote Desktop license servers machine setting should be configured correctly. This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license severs. If you enable this policy setting, an RD Session Host server ...

oval:org.secpod.oval:def:19229
The Enable Transparent Caching machine setting should be configured correctly. Enabling this policy optimizes subsequent reads to network files by a user or an application. This is done by caching reads to remote files over a slow network in the Offline Files cache. Subsequent reads to the same fil ...

oval:org.secpod.oval:def:19225
The Display string when smart card is blocked machine setting should be configured correctly. This policy setting allows you to manage the displayed message when a smart card is blocked. If you enable this policy setting, the specified message will be displayed to the user when the smart card is bl ...

oval:org.secpod.oval:def:19226
The Override the More Gadgets link machine setting should be configured correctly. This policy setting allows you to override the More Gadgets link. The Gadget Gallery contains a link for users to download more gadgets from a website. Microsoft hosts a default website where many gadget authors can ...

oval:org.secpod.oval:def:19227
The Set Remote Desktop Services User Home Directory machine setting should be configured correctly. Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session. To use this set ...

oval:org.secpod.oval:def:19228
The Turn off location machine setting should be configured correctly. This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature will be turned off, and all programs on this computer will not be able to use location information from ...

oval:org.secpod.oval:def:19221
The Do not allow desktop composition machine setting should be configured correctly. This policy setting controls how some graphics are rendered and facilitates other features, including Flip, Flip3D, and Taskbar Thumbnails. If you enable this setting, the desktop compositor visual experience will ...

oval:org.secpod.oval:def:19222
The Do not allow the computer to act as a BITS Peercaching client machine setting should be configured correctly. This setting specifies whether the computer will act as a BITS peercaching client. By default, when BITS peercaching is enabled, the computer acts as both a peercaching server (offering ...

oval:org.secpod.oval:def:19223
The Turn off Windows Mobility Center machine setting should be configured correctly. This policy setting turns off Windows Mobility Center. If you enable this policy setting, the user is unable to invoke Windows Mobility Center. The Windows Mobility Center UI is removed from all shell entry points ...

oval:org.secpod.oval:def:19224
The Allow audio and video playback redirection machine setting should be configured correctly. This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session. Users can specify where to play the remote comp ...

oval:org.secpod.oval:def:19220
The Allow .rdp files from valid publishers and user's default .rdp settings machine setting should be configured correctly. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid ce ...

oval:org.secpod.oval:def:19236
The Restrict user locales machine setting should be configured correctly. This policy prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that shipped with the operating system. Note that this does not affect the selection o ...

oval:org.secpod.oval:def:19237
The Allow automatic configuration of listeners machine setting should be configured correctly. This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on the network for requests on the HTTP transport over the default HTTP port. If you en ...

oval:org.secpod.oval:def:19238
The Printer browsing machine setting should be configured correctly. Announces the presence of shared printers to print browse master servers for the domain. On domains with Active Directory, shared printer resources are available in Active Directory and are not announced. If you enable this settin ...

oval:org.secpod.oval:def:19239
The Set the interval between synchronization retries for Password Synchronization machine setting should be configured correctly. This policy setting allows a Password Synchronization administrator to configure the interval, in seconds, between synchronization retries in the event that a synchroniz ...

oval:org.secpod.oval:def:19232
The Turn off Connect to a Network Projector machine setting should be configured correctly. Disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy, users cannot use the Connect to a Network Projector wizard to connect to a p ...

oval:org.secpod.oval:def:19233
The Control use of BitLocker on removable drives machine setting should be configured correctly. This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property setting ...

oval:org.secpod.oval:def:19234
The Prevent plaintext PINs from being returned by Credential Manager machine setting should be configured correctly. This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Credential Manager does not return a plaintext PIN. If you d ...

oval:org.secpod.oval:def:19235
The Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries machine setting should be configured correctly. Specifies whether the computers to which this setting is applied may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries, if the original name ...

oval:org.secpod.oval:def:19230
The Custom Classes: Deny read access machine setting should be configured correctly. This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access will be denied to these removable storage classes. If you disable or do not configure this ...

oval:org.secpod.oval:def:19231
The Site Name machine setting should be configured correctly. Specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the site name ...

oval:org.secpod.oval:def:19287
The Turn Off Adaptive Display Timeout (On Battery) machine setting should be configured correctly. Manages how Windows controls the setting that specifies how long a computer must be inactive before Windows turns off the computer's display. When this policy is enabled, Windows automatically ad ...

oval:org.secpod.oval:def:19288
The No auto-restart with logged on users for scheduled automatic updates installations machine setting should be configured correctly. Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing t ...

oval:org.secpod.oval:def:19289
The Allow ECC certificates to be used for logon and authentication machine setting should be configured correctly. This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain. If you enable this policy setting, E ...

oval:org.secpod.oval:def:19283
The Log File Path machine setting should be configured correctly for the system log. This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. If you enable this policy setting, the ...

oval:org.secpod.oval:def:19284
The Display Shutdown Event Tracker machine setting should be configured correctly. The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions that is displayed when you invoke a shutdown to collect information related to why you are shu ...

oval:org.secpod.oval:def:19285
The Limit the size of the entire roaming user profile cache machine setting should be configured correctly. This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting only applies to a computer on which the Remote Desktop Sessio ...

oval:org.secpod.oval:def:19286
The Do not allow color changes machine setting should be configured correctly. This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent users from changing the default window frame color. If you disable or do not configure this po ...

oval:org.secpod.oval:def:19280
The Critical Battery Notification Level machine setting should be configured correctly. Specifies the percentage of battery capacity remaining that triggers the critical battery notification action. If you enable this policy, you must enter a numeric value (percentage) to set the battery level that ...

oval:org.secpod.oval:def:19281
The Restrict Internet communication machine setting should be configured correctly. Specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If this setting is enabled, all of the the policy settings listed in the "Internet Communication settings&q ...

oval:org.secpod.oval:def:19282
The Hash Publication for BranchCache machine setting should be configured correctly. This policy enables a hash generation service to generate hashes for data stored in shared folders, and then provide these hashes to client computers on which BranchCache is enabled. Hashes are mathematically-deriv ...

oval:org.secpod.oval:def:19298
The Specify SHA1 thumbprints of certificates representing trusted .rdp publishers machine setting should be configured correctly. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file pub ...

oval:org.secpod.oval:def:19299
The Turn off Multicast Name Resolution machine setting should be configured correctly. Local Link Multicast Name Resolution (LLMNR) is a secondary name resolution protocol. Queries are sent over the Local Link, a single subnet, from a client machine using Multicast to which another client on the sa ...

oval:org.secpod.oval:def:19294
The Limit maximum color depth machine setting should be configured correctly. This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections. You can use this policy setting to set a limit on the color depth of any connection using RDP. ...

oval:org.secpod.oval:def:19295
The Allow access to BitLocker-protected fixed data drives from earlier versions of Windows machine setting should be configured correctly. This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Serve ...

oval:org.secpod.oval:def:19296
The Turn off Windows HotStart machine setting should be configured correctly. This policy setting allows you to manage whether HotStart buttons can be used to launch applications. If you enable this policy setting, applications cannot be launched using the HotStart buttons. If you disable or do not ...

oval:org.secpod.oval:def:19297
The Low Battery Notification Action machine setting should be configured correctly. Specifies the action that Windows takes when battery capacity reaches the low battery notification level. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you ...

oval:org.secpod.oval:def:19290
The Add the Administrators security group to roaming user profiles machine setting should be configured correctly. This setting adds the Administrator security group to the roaming user profile share. Once an administrator has configured a users' roaming profile, the profile will be created at ...

oval:org.secpod.oval:def:19291
The Turn off legacy remote shutdown interface machine setting should be configured correctly. This policy controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 s ...

oval:org.secpod.oval:def:19292
The Exclude credential providers machine setting should be configured correctly. This policy setting allows the administrator to exclude the specified credential providers from use during authentication. Note: credential providers are used to process and validate user credentials during logon or wh ...

oval:org.secpod.oval:def:19293
The Set PNRP cloud to resolve only machine setting should be configured correctly for IPv6 Site Local. This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud. This policy setting forces computers to act as clients in peer-t ...

oval:org.secpod.oval:def:19269
The Remove Windows Security item from Start menu machine setting should be configured correctly. Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Servi ...

oval:org.secpod.oval:def:19265
The Set percentage of disk space used for client computer cache machine setting should be configured correctly. This policy setting changes the default percentage of total disk space to dedicate to caching retrieved content with BranchCache. This content is made available to other requesting client ...

oval:org.secpod.oval:def:19266
The Configure list of Enhanced Storage devices usable on your computer machine setting should be configured correctly. This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable on your computer. This policy setting only applies to ...

oval:org.secpod.oval:def:19267
The Turn off automatic wake machine setting should be configured correctly. This policy setting turns off the option to periodically wake the computer to update information on Windows SideShow-compatible devices. If you enable this policy setting, the option to automatically wake the computer will ...

oval:org.secpod.oval:def:19268
The Disallow user override of locale settings machine setting should be configured correctly. This policy prevents the user from customizing their locale by changing their user overrides. Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides, ...

oval:org.secpod.oval:def:19261
The Prevent backing up to optical media (CD/DVD) machine setting should be configured correctly. This setting lets you prevent users from selecting optical media (CD/DVD) for storing backups. If this setting is enabled, users will be blocked from selecting optical media as a backup location. If thi ...

oval:org.secpod.oval:def:19262
The Netlogon share compatibility machine setting should be configured correctly. This setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. When this setting i ...

oval:org.secpod.oval:def:19263
The Specify Windows Service Pack installation file location machine setting should be configured correctly. Specifies an alternate location for Windows Service Pack installation files. To enable this setting, enter the fully qualified path to the new location in the "Windows Service Pack Setup ...

oval:org.secpod.oval:def:19264
The Turn Off Boot and Resume Optimizations machine setting should be configured correctly. Turns off the boot and resume optimizations for the hybrid hard disks in the system. If you enable this policy setting, the system does not use the non-volatile (NV) cache to optimize boot and resume. If you ...

oval:org.secpod.oval:def:19260
The Floppy Drives: Deny read access machine setting should be configured correctly. This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable this policy setting, read access will be denied to this removable storage class. If you ...

oval:org.secpod.oval:def:19276
The Approved Installation Sites for ActiveX Controls machine setting should be configured correctly. The ActiveX Installer Service is the solution to delegate the install of per-machine ActiveX controls to a Standard User in the enterprise. The list of Approved ActiveX Install sites contains the ho ...

oval:org.secpod.oval:def:19277
The Enforce upgrade component rules machine setting should be configured correctly. This setting causes the Windows Installer to enforce strict rules for component upgrades - setting this may cause some updates to fail. If you enable this policy setting strict upgrade rules will be enforced by the ...

oval:org.secpod.oval:def:19278
The Set BranchCache Hosted Cache mode machine setting should be configured correctly. This policy setting specifies whether the client computer should use the Hosted Cache mode, and if so, what the address of the BranchCache server is. The Hosted Cache mode enables a client computer to retrieve con ...

oval:org.secpod.oval:def:19279
The Run startup scripts asynchronously machine setting should be configured correctly. Lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is invited to log on. By default, the system waits for each startup script to complete before it runs t ...

oval:org.secpod.oval:def:19272
The Do not allow compression on all NTFS volumes machine setting should be configured correctly. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. Fix: (1) GPO: Computer Configuration\Administrat ...

oval:org.secpod.oval:def:19273
The Allow time zone redirection machine setting should be configured correctly. This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session. If you enable this policy setting, clients that are capable of time zone redirection se ...

oval:org.secpod.oval:def:19274
The Allow signed updates from an intranet Microsoft update service location machine setting should be configured correctly. This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft up ...

oval:org.secpod.oval:def:19275
The Restrict system locales machine setting should be configured correctly. This policy restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its current value. This policy does not change the existing system locale; however, the next time ...

oval:org.secpod.oval:def:19270
The Choose default folder for recovery password machine setting should be configured correctly. This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recov ...

oval:org.secpod.oval:def:19271
The Turn off SwitchBack Compatibility Engine machine setting should be configured correctly. The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavio ...

oval:org.secpod.oval:def:8722
The 'Generate security audits' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8723
The Network access: Do not allow storage of passwords and credentials for network authentication setting should be configured correctly. This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentica ...

oval:org.secpod.oval:def:8724
The Network access: Let Everyone permissions apply to anonymous users setting should be configured correctly. This policy setting determines what additional permissions are assigned for anonymous connections to the computer. If you enable this policy setting, anonymous Windows users are allowed to ...

oval:org.secpod.oval:def:8725
The Disable IE security prompt for Windows Installer scripts machine setting should be configured correctly. Allows Web-based programs to install software on the computer without notifying the user. By default, when a script hosted by an Internet browser tries to install a program on the system, th ...

oval:org.secpod.oval:def:8720
The 'Deny log on as a service' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8721
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts

oval:org.secpod.oval:def:8726
The Turn off Windows Update device driver searching machine setting should be configured correctly. This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. If you enable this setting, Windows Update will not be searched when a ...

oval:org.secpod.oval:def:8727
The Microsoft network server: Amount of idle time required before suspending session setting should be configured correctly. This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. Administr ...

oval:org.secpod.oval:def:8728
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8729
The Recovery console: Allow automatic administrative logon setting should be configured correctly. The recovery console is a command-line environment that is used to recover from system problems. If you enable this policy setting, the administrator account is automatically logged on to the recovery ...

oval:org.secpod.oval:def:8733
The 'Shut down the system' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8734
The 'Profile single process' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8735
The Turn on Mapper I/O (LLTDIO) driver machine setting should be configured correctly. This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to ...

oval:org.secpod.oval:def:8736
The Audit: Audit the access of global system objects setting should be configured correctly. This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objec ...

oval:org.secpod.oval:def:8730
The MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds setting should be configured correctly. The registry value entry KeepAliveTime was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\ registry key. The entry ap ...

oval:org.secpod.oval:def:8731
The Shutdown: Allow system to be shut down without having to log on setting should be configured correctly. This policy setting determines whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon scre ...

oval:org.secpod.oval:def:8732
The Domain Controller: LDAP server signing requirements setting should be configured correctly. This security setting determines whether the LDAP server requires signing to be negotiated with LDAP clients, as follows: * None: Data signing is not required in order to bind with the server. If the cl ...

oval:org.secpod.oval:def:8737
The MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes setting should be configured correctly. The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\ registry key. T ...

oval:org.secpod.oval:def:8738
The User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop setting should be configured correctly. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevat ...

oval:org.secpod.oval:def:8739
The Domain member: Require strong (Windows 2000 or later) session key setting should be configured correctly. When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. ...

oval:org.secpod.oval:def:18898
Auditing of Policy Change: Authorization Policy Change events on success should be enabled or disabled as appropriate. This subcategory reports changes in authorization policy including permissions (DACL) changes. Events for this subcategory include: - 4704: A user right was assigned. - 4705: A us ...

oval:org.secpod.oval:def:18897
The Detect application install failures machine setting should be configured correctly. This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application installations. If you enable this policy setting, the PCA is configured to detect failures in the ex ...

oval:org.secpod.oval:def:18896
The MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) setting should be configured correctly. This entry appears as MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) in the Group Po ...

oval:org.secpod.oval:def:18895
The Devices: Restrict CD-ROM access to locally logged-on user only setting should be configured correctly. This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed ...

oval:org.secpod.oval:def:18899
The Require a PIN to access data on devices running Microsoft firmware machine setting should be configured correctly. This policy setting requires users to enter a default personal identification number (PIN) to unlock and access data on the device after a specified period of inactivity (time-out ...

oval:org.secpod.oval:def:18890
Auditing of Detailed Tracking: DPAPI Activity events on success should be enabled or disabled as appropriate. This subcategory reports encrypt or decrypt calls into the data protections application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key inform ...

oval:org.secpod.oval:def:8709
The Interactive logon: Message title for users attempting to log on setting should be configured correctly. Microsoft recommends that you use this setting, if appropriate to your environment and your organizations business requirements, to help protect end user computers. This policy setting allows ...

oval:org.secpod.oval:def:18894
The Prevent Back-ESC mapping machine setting should be configured correctly. Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this behavior. If you enable this policy, a button assigned to Back will not map to ESC. If you disable t ...

oval:org.secpod.oval:def:18893
The Do not automatically start Windows Messenger initially machine setting should be configured correctly. Windows Messenger is automatically loaded and running when a user logs on to a Windows XP computer. You can use this setting to stop Windows Messenger from automatically being run at logon. If ...

oval:org.secpod.oval:def:18892
The Check for New Signatures Before Scheduled Scans machine setting should be configured correctly. Checks for new signatures before running scheduled scans. If you enable this policy setting, the scheduled scan checks for new signatures before it scans the computer. If you disable or do not config ...

oval:org.secpod.oval:def:18891
The Set a support web page link machine setting should be configured correctly. Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\W ...

oval:org.secpod.oval:def:8711
The Network access: Do not allow anonymous enumeration of SAM accounts setting should be configured correctly. This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). If you enable this policy setting, users with anonymous connec ...

oval:org.secpod.oval:def:8712
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:8713
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:8714
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8710
The MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. setting should be configured correctly. The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPSEC\\ registry key. The entry ...

oval:org.secpod.oval:def:8719
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8715
The User Account Control: Switch to the secure desktop when prompting for elevation setting should be configured correctly. This policy setting controls whether the elevation request prompt is displayed on the interactive users desktop or the secure desktop. The options are: * Enabled: (Default) Al ...

oval:org.secpod.oval:def:8716
The Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings setting should be configured correctly. This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy setti ...

oval:org.secpod.oval:def:8717
The 'Change the system time' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:8718
The 'Profile system performance' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:19328
The Global Configuration Settings machine setting should be configured correctly. These settings control the Windows Time service (W32time) for domain controllers. Several of these values are scalar, which means that they only have meaning in relation to one another and are not defined by specific ...

oval:org.secpod.oval:def:19329
The Turn off Help and Support Center Microsoft Knowledge Base search machine setting should be configured correctly. Specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center. The Knowledge Base is an online source of technical support information and se ...

oval:org.secpod.oval:def:19324
The Allow Automatic Updates immediate installation machine setting should be configured correctly. Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows. If the status is set to Enabled, Automatic Updates will im ...

oval:org.secpod.oval:def:19325
The Allow Corporate redirection of Customer Experience Improvement uploads machine setting should be configured correctly. If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server. If you disable this setting uploads are no ...

oval:org.secpod.oval:def:19326
The Restricts the UI language Windows uses for all logged users machine setting should be configured correctly. This is a setting for computers with more than one UI language installed. If you enable this setting the UI language of Windows menus and dialogs language for systems with more than one l ...

oval:org.secpod.oval:def:19327
The Try Next Closest Site machine setting should be configured correctly. The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the same site. If none are found in th ...

oval:org.secpod.oval:def:19320
The Configure Drive Maps preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Drive Maps preference extension, and to turn on tracing for the Drive Maps extension. Logging and ...

oval:org.secpod.oval:def:19321
The Select an Active Power Plan machine setting should be configured correctly. Specifies the active power plan from a list of default Windows power plans. To specify a custom power plan, use the Custom Active Power Plan setting. If you enable this policy setting, you must specify a power plan from ...

oval:org.secpod.oval:def:19322
The Do not allow printing to Journal Note Writer machine setting should be configured correctly. Prevents printing to Journal Note Writer. If you enable this policy, the Journal Note Writer printer driver will not allow printing to it. It will remain displayed in the list of available printers, but ...

oval:org.secpod.oval:def:19323
The Delay Restart for scheduled installations machine setting should be configured correctly. Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart. If the status is set to Enabled, a scheduled restart will occur the specified number of minutes after ...

oval:org.secpod.oval:def:19339
The Limit the maximum number of BITS jobs for each user machine setting should be configured correctly. This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setti ...

oval:org.secpod.oval:def:19335
The Set the Seed Server machine setting should be configured correctly for IPv6 Site Local. This setting sets the seed server for the site local cloud to a specified node in the enterprise. The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and p ...

oval:org.secpod.oval:def:19336
The Weight Set in the DC Locator DNS SRV Records machine setting should be configured correctly. Specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service, ...

oval:org.secpod.oval:def:19337
The Provide information about previous logons to client computers machine setting should be configured correctly. This policy setting controls whether the domain controller provides information about previous logons to client computers. If you enable this policy setting, the domain controller provi ...

oval:org.secpod.oval:def:19338
The Turn on TPM backup to Active Directory Domain Services machine setting should be configured correctly. This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of Trusted Platform Module (TPM) owner information. TPM owner information includes a cryptographic ...

oval:org.secpod.oval:def:19331
The Disable password strength validation for Peer Grouping machine setting should be configured correctly. By default, when a Peer Group is created that allows for password-authentication (or the password for such a Group is changed), Peer Grouping validates that the password meets the password com ...

oval:org.secpod.oval:def:19332
The Customize Warning Messages machine setting should be configured correctly. The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer. The "Display warning message befor ...

oval:org.secpod.oval:def:19333
The Set maximum wait time for the network if a user has a roaming user profile or remote home directory machine setting should be configured correctly. If the user has a roaming user profile or remote home directory and the network is currently unavailable, Microsoft Windows waits 30 seconds for th ...

oval:org.secpod.oval:def:19334
The Use RD Connection Broker load balancing machine setting should be configured correctly. This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setti ...

oval:org.secpod.oval:def:19330
The Allow the use of biometrics machine setting should be configured correctly. If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to l ...

oval:org.secpod.oval:def:19306
The Pre-populate printer search location text machine setting should be configured correctly. Enables the physical Location Tracking setting for Windows printers. Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Loca ...

oval:org.secpod.oval:def:19307
The Prevent Flicks Learning Mode machine setting should be configured correctly. Makes pen flicks learning mode unavailable. If you enable this policy, pen flicks are still available but learning mode is not. Pen flicks are off by default and can be turned on system-wide, but cannot be restricted t ...

oval:org.secpod.oval:def:19308
The Ignore the local list of blocked TPM commands machine setting should be configured correctly. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands. If you enable this policy setting, Windows will ignore the computer ...

oval:org.secpod.oval:def:19309
The Remote Desktop Connection Client Configure server authentication for client machine setting should be configured correctly. This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session H ...

oval:org.secpod.oval:def:19302
The Always render print jobs on the server machine setting should be configured correctly. When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass them on to the server to do the work. This policy setting only effects printing ...

oval:org.secpod.oval:def:19303
The Qualitative service type link layer (Layer-2) priority value should be configured correctly. Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the La ...

oval:org.secpod.oval:def:19304
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows Memory Leak Diagnosis. This policy setting determines whether Diagnostic Policy Service (DPS) will diagnose memory leak problems. If you disable this policy setting, the ...

oval:org.secpod.oval:def:19305
The Do not allow sessions without one way CHAP machine setting should be configured correctly. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may ...

oval:org.secpod.oval:def:19300
The Limit audio playback quality machine setting should be configured correctly. This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links. If you ...

oval:org.secpod.oval:def:19301
The Primary DNS Suffix machine setting should be configured correctly. Specifies the primary Domain Name System (DNS) suffix for all affected computers. The primary DNS suffix is used in DNS name registration and DNS name resolution. This setting lets you specify a primary DNS suffix for a group of ...

oval:org.secpod.oval:def:19317
The Group Policy refresh interval for domain controllers machine setting should be configured correctly. Specifies how often Group Policy is updated on domain controllers while they are running (in the background). The updates specified by this setting occur in addition to updates performed when th ...

oval:org.secpod.oval:def:19318
The Configure Internet Settings preference logging and tracing machine setting should be configured correctly. This policy setting allows you to configure the level of detail recorded by event logging for the Internet preference extension, and to turn on tracing for the Internet extension. Logging ...

oval:org.secpod.oval:def:19319
The Set PNRP cloud to resolve only machine setting should be configured correctly for IPv6 Link Local. This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) cloud. This policy setting forces computers to act as clients in peer-t ...

oval:org.secpod.oval:def:19313
The Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers machine setting should be configured correctly. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the m ...

oval:org.secpod.oval:def:19314
The Automated Site Coverage by the DC Locator DNS SRV Records machine setting should be configured correctly. Determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog ...

oval:org.secpod.oval:def:19315
The Allow Automatic Sleep with Open Network Files (Plugged In) machine setting should be configured correctly. Allow Automatic Sleep with Open Network Files. If you enable this policy setting, the computer will automatically sleep when network files are open. If you disable this policy setting, the ...

oval:org.secpod.oval:def:19316
The Notify blocked drivers machine setting should be configured correctly. This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose drivers blocked due to compatibility issues. If you enable this policy setting, the PCA will notify the user of blocked driver is ...

oval:org.secpod.oval:def:19310
The Disallow locally attached storage as backup target machine setting should be configured correctly. This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not. If you enable this policy setting, machine administrator/backup operator cannot us ...

oval:org.secpod.oval:def:19311
The Prohibit removal of updates machine setting should be configured correctly. This setting controls the ability for users or administrators to remove Windows Installer based updates. This setting should be used if you need to maintain a tight control over updates. One example is a lockdown enviro ...

oval:org.secpod.oval:def:19312
The Always use custom logon background machine setting should be configured correctly. Ignores Windows Logon Background. This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting, the logon screen will always attempt to load a cu ...

oval:org.secpod.oval:def:18832
The Set the Seed Server machine setting should be configured correctly for IPv6 Link Local. This setting sets the seed server for the link local cloud to a specified node in the enterprise. The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and p ...

oval:org.secpod.oval:def:18831
The Allow Automatic Sleep with Open Network Files (On Battery) machine setting should be configured correctly. Allow Automatic Sleep with Open Network Files. If you enable this policy setting, the computer will automatically sleep when network files are open. If you disable this policy setting, the ...

oval:org.secpod.oval:def:18830
The Communities machine setting should be configured correctly. Configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal val ...

oval:org.secpod.oval:def:18836
The Deny log on as a batch job user right should be assigned to the appropriate accounts. This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Sc ...

oval:org.secpod.oval:def:18835
Auditing of Privilege Use: Other Privilege Use Events events on success should be enabled or disabled as appropriate. This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, B ...

oval:org.secpod.oval:def:18834
Auditing of Object Access: File Share events on failure should be enabled or disabled as appropriate. This policy setting determines whether the operating system generates audit events when a file share is accessed. Audit events are not generated when shares are created, deleted, or when share perm ...

oval:org.secpod.oval:def:18833
The Turn on definition updates through both WSUS and the Microsoft Malware Protection Center machine setting should be configured correctly. This policy setting allows you to configure Windows Defender to check and install definition updates from Windows Update the Microsoft Malware Protection Cent ...

oval:org.secpod.oval:def:18829
The Register DNS records with connection-specific DNS suffix machine setting should be configured correctly. Determines if a computer performing dynamic registration may register A and PTR resource records with a concatenation of its Computer Name and a connection-specific DNS suffix, in addition t ...

oval:org.secpod.oval:def:18828
Auditing of Audit account logon events on success should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. Account logon events a ...

oval:org.secpod.oval:def:18827
The Do not set default client printer to be default printer in a session machine setting should be configured correctly. This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. By default, Re ...

oval:org.secpod.oval:def:18826
The Detect application installers that need to be run as administrator machine setting should be configured correctly. This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose failures with application installers that are not detected to run as administrator. I ...

oval:org.secpod.oval:def:18843
The Expected dial-up delay on logon machine setting should be configured correctly. Specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network. To specify the Expected dial-up delay at logon, click Enable, and then enter the desire ...

oval:org.secpod.oval:def:18842
The Turn On Compatibility HTTP Listener machine setting should be configured correctly. This policy setting enables or disables an HTTP listener created for backward compatibility purposes in the Windows Remote Management (WinRM) service. When certain port 80 listeners are migrated to WinRM 2.0, th ...

oval:org.secpod.oval:def:18841
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows Resource Exhaustion Detection and Resolution. Determines the execution level for Windows Resource Exhaustion Detection and Resolution. If you enable this policy setting, ...

oval:org.secpod.oval:def:18840
The Delete data from devices running Microsoft firmware when a user logs off from the computer. machine setting should be configured correctly. This policy setting deletes all data stored on Windows SideShow-compatible devices (running Microsoft firmware) when a user logs off from the computer. Thi ...

oval:org.secpod.oval:def:18847
The Log File Debug Output Level machine setting should be configured correctly. Specifies the level of debug output for the Net Logon service. The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default, no debug information is logged. If ...

oval:org.secpod.oval:def:18846
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile. Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inb ...

oval:org.secpod.oval:def:18845
The Turn off AutoComplete integration with Input Panel machine setting should be configured correctly. Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is available. Tablet PC Input Panel is a Tablet PC accessory that enable ...

oval:org.secpod.oval:def:18844
The Diagnostic Policy Service (DPS) Configure Scenario Execution Level machine setting should be configured correctly for Windows Shutdown Performance Diagnostics. Determines the execution level for Windows Shutdown Performance Diagnostics. If you enable this policy setting, you must select an exec ...

oval:org.secpod.oval:def:18839
The Allow enhanced PINs for startup machine setting should be configured correctly. This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, number ...

oval:org.secpod.oval:def:18838
The Restrict unpacking and installation of gadgets that are not digitally signed. machine setting should be configured correctly. This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned ...

oval:org.secpod.oval:def:18837
Auditing of Audit process tracking events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. If you define this ...

oval:org.secpod.oval:def:18810
The Specify a Custom Active Power Plan machine setting should be configured correctly. Specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg, the power configuration command line tool. If you enable this policy se ...

oval:org.secpod.oval:def:8788
The Interactive logon: Do not require CTRL+ALT+DEL setting should be configured correctly. This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, u ...

oval:org.secpod.oval:def:8789
The Network security: Allow LocalSystem NULL session fallback setting should be configured correctly. Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security ...

oval:org.secpod.oval:def:18814
The Turn off Windows Defender machine setting should be configured correctly. Turns off Windows Defender Real-Time Protection, and no more scans are scheduled. If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwant ...

oval:org.secpod.oval:def:8784
The Domain Controller: Refuse machine account password changes setting should be configured correctly. This security setting determines whether domain controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer acco ...

oval:org.secpod.oval:def:18813
Auditing of Detailed Tracking: Process Creation events on success should be enabled or disabled as appropriate. This subcategory reports the creation of a process and the name of the program or user that created it. Events for this subcategory include: - 4688: A new process has been created. - 4696 ...

oval:org.secpod.oval:def:8785
The MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) setting should be configured correctly. The registry value entry TCPMaxDataRetransmissions for IPv6 was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentCo ...

oval:org.secpod.oval:def:18812
The Configure Background Sync machine setting should be configured correctly. This is a machine-specific setting which applies to any user who logs onto the specified machine while this policy is in effect. This policy is in effect when a network folder is determined, as specified by the Configure ...

oval:org.secpod.oval:def:8786
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18811
The Prevent backing up to network location machine setting should be configured correctly. This setting lets you prevent users from selecting a network location for storing backups. If this setting is enabled, users will be blocked from selecting a network location as a backup location. If this set ...

oval:org.secpod.oval:def:8787
The User Account Control: Behavior of the elevation prompt for standard users setting should be configured correctly. This policy setting controls the behavior of the elevation prompt for standard users. The options are: * Prompt for credentials: When an operation requires elevation of privilege, t ...

oval:org.secpod.oval:def:18807
The Configure Corporate Windows Error Reporting machine setting should be configured correctly. This setting determines the corporate server to which Windows Error Reporting will send reports (instead of sending reports to Microsoft). Server port indicates the port to use on the target server. Conn ...

oval:org.secpod.oval:def:8780
The System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting should be configured correctly. This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA ci ...

oval:org.secpod.oval:def:18806
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile. Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any ...

oval:org.secpod.oval:def:8781
The 'Create global objects' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18805
Windows Firewall should allow or block outbound connections by default as appropriate for the Public Profile. This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that ...

oval:org.secpod.oval:def:8782
The User Account Control: Detect application installations and prompt for elevation setting should be configured correctly. This policy setting controls the behavior of application installation detection for the computer. The options are: * Enabled: (Default for home) When an application installati ...

oval:org.secpod.oval:def:18804
The Prevent installation of devices using drivers that match these device setup classes machine setting should be configured correctly. This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from instal ...

oval:org.secpod.oval:def:8783
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18809
Auditing of Object Access: SAM events on success should be enabled or disabled as appropriate. This subcategory reports when SAM objects are accessed. Refer to the Microsoft Knowledgebase article Description of security events in Windows Vista and in Windows Server 2008 for the most recent informat ...

oval:org.secpod.oval:def:18808
The Configure Corrupted File Recovery Behavior machine setting should be configured correctly. This policy setting allows you to configure the recovery behavior for corrupted files to one of three states: Regular: Detection, troubleshooting, and recovery of corrupted files will automatically start ...

oval:org.secpod.oval:def:18821
The Select the Sleep Button Action (Plugged In) machine setting should be configured correctly. Specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select the ...

oval:org.secpod.oval:def:8799
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18820
The Allow Enhanced Storage certificate provisioning machine setting should be configured correctly. This policy setting configures whether or not users can provision certificates on Enhanced Storage certificate silo devices. If you enable this policy setting, users can provision certificates on Enh ...

oval:org.secpod.oval:def:18825
The Enable NTFS pagefile encryption machine setting should be configured correctly. Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing overhead for filesystem operations. Enabling this setting will cause the page files to be enc ...

oval:org.secpod.oval:def:8795
The Microsoft network client: Send unencrypted password to third-party SMB servers setting should be configured correctly. Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encrypt ...

oval:org.secpod.oval:def:18824
The Turn off Found New Hardware balloons during device installation machine setting should be configured correctly. This policy setting allows you to turn off "Found New Hardware" balloons during device installation. If you enable this policy setting, "Found New Hardware" balloo ...

oval:org.secpod.oval:def:8796
The Network Security: Allow PKU2U authentication requests to this computer to use online identities setting should be configured correctly. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate dec ...

oval:org.secpod.oval:def:18823
The Configure RD Connection Broker farm name machine setting should be configured correctly. This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Ho ...

oval:org.secpod.oval:def:8797
The Network Security: Configure encryption types allowed for Kerberos setting should be configured correctly. Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for Kerberos, preventing the use of the DES encryption suites. This policy is sup ...

oval:org.secpod.oval:def:18822
The Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service typ ...

oval:org.secpod.oval:def:8798
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18818
The Windows Firewall: Public: Apply local connection security rules setting should be configured correctly. This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Fix: (1) GP ...

oval:org.secpod.oval:def:8791
The Network access: Shares that can be accessed anonymously setting should be configured correctly. This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated ...

oval:org.secpod.oval:def:18817
Auditing of Policy Change: Filtering Platform Policy Change events on success should be enabled or disabled as appropriate. This subcategory reports the addition and removal of objects from WFP, including startup filters. These events can be very high in volume. Events for this subcategory include: ...

oval:org.secpod.oval:def:8792
The Network access: Sharing and security model for local accounts setting should be configured correctly. This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign ...

oval:org.secpod.oval:def:18816
Auditing of Account Management: Computer Account Management events on failure should be enabled or disabled as appropriate. This security policy setting determines whether the operating system generates audit events when a computer account is created, changed, or deleted. This policy setting is use ...

oval:org.secpod.oval:def:8793
The Network security: Do not store LAN Manager hash value on next password change setting should be configured correctly. This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. The LM hash is relatively weak and prone to a ...

oval:org.secpod.oval:def:18815
The Allow admin to install from Remote Desktop Services session machine setting should be configured correctly. Allows Remote Desktop Services administrators to install and configure programs remotely. By default, system administrators can install programs only when system administrators are logged ...

oval:org.secpod.oval:def:8794
The IP-HTTPS State machine setting should be configured correctly. This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. If you disable or do not configure this policy setting, the local host setting ...

oval:org.secpod.oval:def:18819
Auditing of Policy Change: MPSSVC Rule-Level Policy Change events on success should be enabled or disabled as appropriate. This subcategory reports changes in policy rules used by the Microsoft Protection Service (MPSSVC.exe). This service is used by Windows Firewall and by Microsoft OneCare. Event ...

oval:org.secpod.oval:def:8790
The Network security: Allow Local System to use computer identity for NTLM setting should be configured correctly. This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. This policy is supported on at least Windows 7 o ...

oval:org.secpod.oval:def:18876
The Use forest search order machine setting should be configured correctly for Key Distribution Center (KDC) searches. This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs). If you ...

oval:org.secpod.oval:def:8766
The RPC Endpoint Mapper Client Authentication machine setting should be configured correctly. Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication in ...

oval:org.secpod.oval:def:18875
The Run startup scripts visible machine setting should be configured correctly. Displays the instructions in startup scripts as they run. Startup scripts are batch files of instructions that run before the user is invited to log on. By default, the system does not display the instructions in the st ...

oval:org.secpod.oval:def:8767
The MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) setting should be configured correctly. The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Param ...

oval:org.secpod.oval:def:18874
The Custom Classes: Deny write access machine setting should be configured correctly. This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access will be denied to these removable storage classes. If you disable or do not configure th ...

oval:org.secpod.oval:def:8768
The Deny access to this computer from the network user right should be assigned to the appropriate accounts. This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environmen ...

oval:org.secpod.oval:def:18873
The Tape Drives: Deny write access machine setting should be configured correctly. This policy setting denies write access to the Tape Drive removable storage class. If you enable this policy setting, write access will be denied to this removable storage class. If you disable or do not configure th ...

oval:org.secpod.oval:def:8769
The MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) setting should be configured correctly. The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ registry key. The entry appears as ...

oval:org.secpod.oval:def:8762
The User Account Control: Run all administrators in Admin Approval Mode setting should be configured correctly. This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The option ...

oval:org.secpod.oval:def:18879
Auditing of Object Access: SAM events on failure should be enabled or disabled as appropriate. The policy setting enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects. The Security Account Manager (SAM) is a database that is present on computer ...

oval:org.secpod.oval:def:8763
The Prevent the computer from joining a homegroup machine setting should be configured correctly. By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting ...

oval:org.secpod.oval:def:18878
The Manage auditing and security log user right should be assigned to the appropriate accounts. This policy setting determines which users can change the auditing options for files and directories and clear the Security log. When configuring a user right in the SCM enter a comma delimited list of a ...

oval:org.secpod.oval:def:8764
The Turn off Event Viewer Events.asp links machine setting should be configured correctly. This policy setting specifies whether "Events.asp" hyperlinks are available for Events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that acti ...

oval:org.secpod.oval:def:18877
The CD and DVD: Deny write access machine setting should be configured correctly. This policy setting denies write access to the CD and DVD removable storage class. If you enable this policy setting, write access will be denied to this removable storage class. If you disable or do not configure thi ...

oval:org.secpod.oval:def:8765
The Turn off Internet File Association service machine setting should be configured correctly. Specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. When a user opens a file that has an extension that is not associated with ...

oval:org.secpod.oval:def:18872
Auditing of Audit system events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. If you define this policy s ...

oval:org.secpod.oval:def:18871
The Allow user name hint machine setting should be configured correctly. This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain, thereby associating a certificate with tha ...

oval:org.secpod.oval:def:18870
The ISATAP Router Name machine setting should be configured correctly. This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. If you enable this policy setting, you can specify a router name or IPv4 address for an ISATAP router. I ...

oval:org.secpod.oval:def:8760
The Interactive logon: Message text for users attempting to log on setting should be configured correctly. Microsoft recommends that you use this setting, if appropriate to your environment and your organizations business requirements, to help protect end user computers. This policy setting specifi ...

oval:org.secpod.oval:def:8761
The Domain Controller: Allow server operators to schedule tasks setting should be configured correctly. This policy setting determines whether members of the Server Operators group are allowed to submit jobs by means of the AT schedule facility. The impact of this policy setting configuration shoul ...

oval:org.secpod.oval:def:18887
Auditing of Account Management: Application Group Management events on failure should be enabled or disabled as appropriate. Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed. Application gr ...

oval:org.secpod.oval:def:8777
The Domain member: Disable machine account password changes setting should be configured correctly. This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its ...

oval:org.secpod.oval:def:18886
The MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) setting should be configured correctly. The registry value entry Hidden was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Lanmanserver\\Parameter ...

oval:org.secpod.oval:def:8778
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18885
Auditing of Account Management: Application Group Management events on success should be enabled or disabled as appropriate. This subcategory reports each event of application group management on a computer, such as when an application group is created, changed, or deleted or when a member is added ...

oval:org.secpod.oval:def:8779
The Interactive logon: Do not display last user name setting should be configured correctly. This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computers respective Windows logon screen. Enable th ...

oval:org.secpod.oval:def:18884
Auditing of Object Access: Filtering Platform Connection events on failure should be enabled or disabled as appropriate. Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platfor ...

oval:org.secpod.oval:def:8773
The Minimum password age setting should be configured correctly. The Minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or ...

oval:org.secpod.oval:def:8774
The MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) setting should be configured correctly. The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\T ...

oval:org.secpod.oval:def:18889
The Specify the Unattended Sleep Timeout (Plugged In) machine setting should be configured correctly. Specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. If you enable this policy setting, you must provide a value, in second ...

oval:org.secpod.oval:def:8775
The 'Create a token object' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18888
Auditing of Account Logon: Other Account Logon Events events on failure should be enabled or disabled as appropriate. Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validatio ...

oval:org.secpod.oval:def:8776
The MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) setting should be configured correctly. The registry value entry SafeDllSearchMode was added to the template file in the HKEY_LOCAL_MACHINE\\ SYSTEM\\CurrentControlSet\\Control\\Session Manager\\ registry key. The entry appears ...

oval:org.secpod.oval:def:18883
The Audit: Shut down system immediately if unable to log security audits setting should be configured correctly. This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Co ...

oval:org.secpod.oval:def:18882
Auditing of Account Management: Security Group Management events on success should be enabled or disabled as appropriate. This subcategory reports each event of security group management, such as when a security group is created, changed, or deleted or when a member is added to or removed from a se ...

oval:org.secpod.oval:def:18881
Auditing of Account Logon: Credential Validation events on failure should be enabled or disabled as appropriate. Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request. These events occur o ...

oval:org.secpod.oval:def:18880
Auditing of Logon-Logoff: Special Logon events on success should be enabled or disabled as appropriate. This subcategory reports when a special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. Events for t ...

oval:org.secpod.oval:def:8770
The built-in Guest account should be correctly named.

oval:org.secpod.oval:def:8771
The Configure Automatic Updates machine setting should be configured correctly. Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer ...

oval:org.secpod.oval:def:8772
The Deny log on locally user right should be assigned to the appropriate accounts. This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:I ...

oval:org.secpod.oval:def:18854
The Prevent backing up to local disks machine setting should be configured correctly. This setting lets you prevent users from selecting a local disk (internal or external) for storing backups. If this setting is enabled, the user will be blocked from selecting a local disk as a backup location. If ...

oval:org.secpod.oval:def:7897
The Enforce password history setting should be configured correctly. This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The ...

oval:org.secpod.oval:def:8744
The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting should be configured correctly. This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to e ...

oval:org.secpod.oval:def:18853
The Retain old events machine setting should be configured correctly for the security log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) ...

oval:org.secpod.oval:def:7898
The Account lockout duration setting should be configured correctly. This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain un ...

oval:org.secpod.oval:def:8745
Noone may modify an object label.

oval:org.secpod.oval:def:18852
The Select the Power Button Action (Plugged In) machine setting should be configured correctly. Specifies the action that Windows takes when a user presses the power button. Possible actions include: -Take no action -Sleep -Hibernate -Shut down If you enable this policy setting, you must select the ...

oval:org.secpod.oval:def:7899
This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon at ...

oval:org.secpod.oval:def:8746
The User Account Control: Only elevate UIAccess applications that are installed in secure locations setting should be configured correctly. This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure lo ...

oval:org.secpod.oval:def:18851
The Ignore Delegation Failure machine setting should be configured correctly. Directs the RPC Runtime to ignore delegation failures if delegation was asked for. Windows Server 2003 family includes a new delegation model - constrained delegation. In this model the security system does not report tha ...

oval:org.secpod.oval:def:8747
The Interactive logon: Smart card removal behavior setting should be configured correctly. This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: * No Action * Lock Workstation * Force Logoff * Disconnect if a r ...

oval:org.secpod.oval:def:18858
Auditing of Object Access: Filtering Platform Packet Drop events on success should be enabled or disabled as appropriate. This policy setting determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform. Windows Filtering Platform (WFP) w ...

oval:org.secpod.oval:def:8740
The Prevent Windows Anytime Upgrade from running machine setting should be configured correctly. By default Windows Anytime Upgrade is available for all administrators. If you enable this policy setting, Windows Anytime Upgrade will not run. If you disable this policy setting or set it to Not Confi ...

oval:org.secpod.oval:def:18857
The Allow installation of devices that match any of these device IDs machine setting should be configured correctly. This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. Use this policy setting only when th ...

oval:org.secpod.oval:def:8741
The Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point machine setting should be configured correctly. This policy setting allows you to prevent Windows from creating a system restore point during device activity that would norma ...

oval:org.secpod.oval:def:18856
The Prohibit rollback machine setting should be configured correctly. Prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation. This setting prevents Windows Installer from recording the original state of the system and sequenc ...

oval:org.secpod.oval:def:8742
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18855
Auditing of DS Access: Directory Service Access events on success should be enabled or disabled as appropriate. This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. ...

oval:org.secpod.oval:def:8743
The 'Log on as a batch job' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18850
The Allow Delegating Default Credentials with NTLM-only Server Authentication machine setting should be configured correctly. This policy setting applies to applications using the Cred SSP component (for example: Terminal Server). This policy applies when server authentication was achieved via NTLM ...

oval:org.secpod.oval:def:8748
The Network security: Force logoff when logon hours expire setting should be configured correctly. This policy setting, which determines whether to disconnect users who are connected to the local computer outside their user accounts valid logon hours, affects the SMB component. If you enable this p ...

oval:org.secpod.oval:def:8749
The 'Replace a process level token' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18849
The Turn Off the Display (On Battery) machine setting should be configured correctly. Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the di ...

oval:org.secpod.oval:def:18848
The Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication setting should be configured correctly. This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the Network Security: Restrict N ...

oval:org.secpod.oval:def:18865
The Initial DC Discovery Retry Setting for Background Callers machine setting should be configured correctly. When applications performing periodic searches for domain controllers (DC) are unable to find a DC, the value set in this setting determines the amount of time (in seconds) before the first ...

oval:org.secpod.oval:def:8755
The Devices: Allowed to format and eject removable media setting should be configured correctly. This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on anothe ...

oval:org.secpod.oval:def:18864
The Limit the maximum number of ranges that can be added to the file in a BITS job machine setting should be configured correctly. This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can u ...

oval:org.secpod.oval:def:8756
The Recovery console: Allow floppy copy and access to all drives and all folders setting should be configured correctly. This policy setting makes the Recovery Console SET command available, which allows you to set the following recovery console environment variables: * AllowWildCards. Enables wild ...

oval:org.secpod.oval:def:18863
The Turn on Script Execution machine setting should be configured correctly. If you enable this policy setting, the Scripts selected in the drop-down list are allowed to run. The "Allow only signed Scripts" policy setting allows Scripts to execute only if they are signed by a trusted publ ...

oval:org.secpod.oval:def:8757
The MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers setting should be configured correctly. The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ ...

oval:org.secpod.oval:def:18862
Auditing of DS Access: Directory Service Access events on failure should be enabled or disabled as appropriate. This policy setting detemines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed. These events are similar to the Dire ...

oval:org.secpod.oval:def:8758
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18869
Auditing of Audit logon events on failure should be enabled or disabled as appropriate. This security setting determines whether to audit each instance of a user logging on to or logging off from a computer. Account logon events are generated on domain controllers for domain account activity and on ...

oval:org.secpod.oval:def:8751
The Network security: LDAP client signing requirements setting should be configured correctly. This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: * None. The LDAP BIND request is issued with the caller-specified ...

oval:org.secpod.oval:def:18868
Auditing of Logon-Logoff: IPsec Quick Mode events on success should be enabled or disabled as appropriate. This subcategory reports the results of IKE protocol and AuthIP during Quick Mode negotiations. - 4654: An IPsec Quick Mode negotiation failed. Events for this subcategory include: - 4977: Dur ...

oval:org.secpod.oval:def:8752
The Microsoft network server: Server SPN target name validation level setting should be configured correctly. This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client comp ...

oval:org.secpod.oval:def:18867
The Interactive logon: Require Domain Controller authentication to unlock workstation setting should be configured correctly. Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting ...

oval:org.secpod.oval:def:8753
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18866
Auditing of Logon-Logoff: Account Lockout events on failure should be enabled or disabled as appropriate. The policy setting enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event i ...

oval:org.secpod.oval:def:8754
The Audit: Audit the use of Backup and Restore privilege setting should be configured correctly. This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit eve ...

oval:org.secpod.oval:def:18861
The Selectively allow the evaluation of a symbolic link machine setting should be configured correctly. Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable the evaluation of these types of symbolic links: * Local Link t ...

oval:org.secpod.oval:def:8759
The Do not use temporary folders per session machine setting should be configured correctly. This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a ...

oval:org.secpod.oval:def:18860
Auditing of Policy Change: Other Policy Change Events events on success should be enabled or disabled as appropriate. This subcategory reports other types of security policy changes such as configuration of the Trusted Platform Module (TPM) or cryptographic providers. Events for this subcategory in ...

oval:org.secpod.oval:def:18859
The Log Access machine setting should be configured correctly for the setup log. This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. If this policy setting is enabled, only those users matching the security descri ...

oval:org.secpod.oval:def:8750
The Do not allow COM port redirection machine setting should be configured correctly. Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port p ...

oval:org.secpod.oval:def:18913
Auditing of Audit policy change events on failure should be enabled or disabled as appropriate. Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy. Changes to audit policy that are audited include: * Changing permiss ...

oval:org.secpod.oval:def:18912
The Turn off automatic termination of applications that block or cancel shutdown machine setting should be configured correctly. This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level windows to block or cancel shutdown. By defau ...

oval:org.secpod.oval:def:18911
Auditing of Global Object Access Auditing: Registry events on success should be enabled or disabled as appropriate. Auditing of Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer. If you select the Config ...

oval:org.secpod.oval:def:18910
The Do not display Initial Configuration Tasks window automatically at logon machine setting should be configured correctly. This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon. If you enable this policy setting, the Initial Configurat ...

oval:org.secpod.oval:def:18906
Auditing of Audit directory service access events on failure should be enabled or disabled as appropriate. Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed. These events are simil ...

oval:org.secpod.oval:def:18905
The Do not turn off system power after a Windows system shutdown has occurred. machine setting should be configured correctly. This setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not effect Windows shutdown behavior when ...

oval:org.secpod.oval:def:18904
Auditing of Audit policy change events on success should be enabled or disabled as appropriate. Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy. Changes to audit policy that are audited include: * Changing permiss ...

oval:org.secpod.oval:def:18903
The Turn off desktop gadgets machine setting should be configured correctly. This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the desktop. If you enable this setting, desktop gadgets will be turned off. If you disable or ...

oval:org.secpod.oval:def:18909
Auditing of Global Object Access Auditing: File System events on failure should be enabled or disabled as appropriate. Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects. Audit events are generated only for object ...

oval:org.secpod.oval:def:18908
The Set compression algorithm for RDP data machine setting should be configured correctly. This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, servers use an RDP compression algorithm that is based on the server's hardware con ...

oval:org.secpod.oval:def:18907
The Turn off restore functionality machine setting should be configured correctly. This setting lets you disable file restore functionality. If this setting is enabled, the file restore program is disabled. If this setting is disabled or not configured, the file restore program is enabled and users ...

oval:org.secpod.oval:def:18920
The Domain Location Determination URL machine setting should be configured correctly. This is the HTTPS URL of the corporate website that will be used to determine the current domain location i.e. inside or outside corporate. Reachability of the URL indicates that the location is inside corporate e ...

oval:org.secpod.oval:def:18924
Auditing of Audit object access events on success should be enabled or disabled as appropriate. This security setting determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (S ...

oval:org.secpod.oval:def:18923
Auditing of Logon-Logoff: Network Policy Server events on success should be enabled or disabled as appropriate. This subcategory reports events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unloc ...

oval:org.secpod.oval:def:18922
The Hide previous versions list for remote files machine setting should be configured correctly. This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share. If this policy setting is ...

oval:org.secpod.oval:def:18921
The 'Log on as a service' user right should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:18917
Auditing of Logon-Logoff: Account Lockout events on success should be enabled or disabled as appropriate. This subcategory reports when a users account is locked out as a result of too many failed logon attempts. Events for this subcategory include: - 4625: An account failed to log on. Refer to th ...

oval:org.secpod.oval:def:18916
The 'Interactive logon: Require smart card' setting should be configured correctly.

oval:org.secpod.oval:def:18915
The Traps for public community machine setting should be configured correctly. This setting allows Trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer networ ...

oval:org.secpod.oval:def:18914
The Start a program on connection machine setting should be configured correctly. Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default, Rem ...

oval:org.secpod.oval:def:18919
The Do not log users on with temporary profiles machine setting should be configured correctly. This policy will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading, Windows ...

oval:org.secpod.oval:def:18918
The Turn off Routinely Taking Action machine setting should be configured correctly. Turns off Routinely Taking Action. This policy setting allows you to configure whether Windows Defender will automatically take action on all detected threats. The action to be taken on a particular threat will be ...

oval:org.secpod.oval:def:18902
Auditing of DS Access: Directory Service Changes events on success should be enabled or disabled as appropriate. This subcategory reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are ...

oval:org.secpod.oval:def:18901
The Windows Firewall: Domain: Apply local firewall rules setting should be configured correctly. This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Fix: (1) GPO: Computer Configuration\W ...

oval:org.secpod.oval:def:18900
The Configure list of IEEE 1667 silos usable on your computer machine setting should be configured correctly. This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1667 specification, that are usable on ...

oval:org.secpod.oval:def:19368
The RPC Troubleshooting State Information machine setting should be configured correctly. Determines whether the RPC Runtime maintains RPC state information for the system, and how much information it maintains. Basic state information, which consists only of the most commonly needed state data, is ...

oval:org.secpod.oval:def:19369
The For tablet pen input, don't show the Input Panel icon machine setting should be configured correctly. Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is available. This policy applies only when using a tablet pen as an ...

oval:org.secpod.oval:def:19364
The Set the Seed Server machine setting should be configured correctly for IPv6 Global. This setting sets the seed server for the global cloud to a specified node in the enterprise. The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPv6 address and port numb ...

oval:org.secpod.oval:def:19365
The Guaranteed service type Layer-3 Differentiated Services Code Point should be configured correctly for packets that do not conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeG ...

oval:org.secpod.oval:def:19366
The Allow access to BitLocker-protected removable data drives from earlier versions of Windows machine setting should be configured correctly. This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windo ...

oval:org.secpod.oval:def:19367
The Turn off access to the OEM and Microsoft branding section machine setting should be configured correctly. Removes access to the performance center control panel OEM and Microsoft branding links. If you enable this setting, the OEM and Microsoft web links within the performance control panel pag ...

oval:org.secpod.oval:def:19360
The Specify maximum number of processes per Shell machine setting should be configured correctly. Configures the maximum number of processes a remote shell is allowed to launch. Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of processes. If you disable or do not configu ...

oval:org.secpod.oval:def:19361
The Deny write access to fixed drives not protected by BitLocker machine setting should be configured correctly. This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If ...

oval:org.secpod.oval:def:19362
The Turn off password security in Input Panel machine setting should be configured correctly. Adjusts password security settings in Tablet PC Input Panel. These settings include using the on-screen keyboard by default, preventing users from switching to another Input Panel skin (the writing pad or ...

oval:org.secpod.oval:def:19363
The Make Parental Controls control panel visible on a Domain machine setting should be configured correctly. Configure the Parental Controls feature. If you turn on this setting, the Parental Controls control panel will be visible on a domain joined computer. If you turn off or do not configure thi ...

oval:org.secpod.oval:def:19379
The Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager machine setting should be configured correctly. This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target S ...

oval:org.secpod.oval:def:19375
The Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type ...

oval:org.secpod.oval:def:19376
The Do not allow font smoothing machine setting should be configured correctly. This policy setting allows you to specify whether font smoothing is allowed for remote connections. Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying compu ...

oval:org.secpod.oval:def:19377
The Prevent flicks machine setting should be configured correctly. Makes pen flicks and all related features unavailable. If you enable this policy, pen flicks and all related features are unavailable. This includes: pen flicks themselves, pen flicks training, pen flicks training triggers in Intern ...

oval:org.secpod.oval:def:19378
The Tag Windows Customer Experience Improvement data with Study Identifier machine setting should be configured correctly. This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted. If you enable this setting then Windows CEIP data uploa ...

oval:org.secpod.oval:def:19371
The Turn on recommended updates via Automatic Updates machine setting should be configured correctly. Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service. When this policy is enabled, Automatic Updates will install re ...

oval:org.secpod.oval:def:19372
The License server security group machine setting should be configured correctly. This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). You can use this policy setting to c ...

oval:org.secpod.oval:def:19373
The Specify the Unattended Sleep Timeout (On Battery) machine setting should be configured correctly. Specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer. If you enable this policy setting, you must provide a value, in second ...

oval:org.secpod.oval:def:19374
The Prevent installation of removable devices machine setting should be configured correctly. This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is re ...

oval:org.secpod.oval:def:19370
The Configure root certificate clean up machine setting should be configured correctly. This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or ...

oval:org.secpod.oval:def:19346
The Turn off numerical sorting in Windows Explorer machine setting should be configured correctly. This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting, Windows Explorer will sort file n ...

oval:org.secpod.oval:def:19347
The Prevent installation of devices not described by other policy settings machine setting should be configured correctly. This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting. If you enable this policy setting, Window ...

oval:org.secpod.oval:def:19348
The Enforce disk quota limit machine setting should be configured correctly. Determines whether disk quota limits are enforced and prevents users from changing the setting. If you enable this setting, disk quota limits are enforced. If you disable this setting, disk quota limits are not enforced. W ...

oval:org.secpod.oval:def:19349
The Apply the default user logon picture to all users machine setting should be configured correctly. This policy setting allows an administrator to standardize the logon pictures for all users on a system to the default user picture. One application for this policy setting is to standardize the lo ...

oval:org.secpod.oval:def:19342
The Configure Default consent machine setting should be configured correctly. This setting determines the consent behavior of Windows Error Reporting. If Consent level is set to "Always ask before sending data", Windows will prompt the user for consent to send reports. If Consent level is ...

oval:org.secpod.oval:def:19343
The Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In) machine setting should be configured correctly. Enables applications and services to prevent the system from sleeping. If you enable this policy setting, an application or service may prevent the system from sleeping ...

oval:org.secpod.oval:def:19344
The Log event when quota limit exceeded machine setting should be configured correctly. Determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume, and prevents users from changing the logging setting. If you enable this setting, ...

oval:org.secpod.oval:def:19345
The All Removable Storage: Allow direct access in remote sessions machine setting should be configured correctly. This policy setting grants normal users direct access to removable storage devices in remote sessions. If you enable this policy setting, remote users will be able to open direct handle ...

oval:org.secpod.oval:def:19340
The Network control service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service typ ...

oval:org.secpod.oval:def:19341
The Turn off Windows presentation settings machine setting should be configured correctly. This policy setting turns off Windows presentation settings. If you enable this policy setting, Windows presentation settings cannot be invoked. If you disable this policy setting, Windows presentation settin ...

oval:org.secpod.oval:def:7900
The Minimum password length setting should be configured correctly. This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps pass phras ...

oval:org.secpod.oval:def:19357
The Turn off Active Help machine setting should be configured correctly. Specifies whether active content links in trusted assistance content are rendered. By default, the Help viewer renders trusted assistance content with active elements such as ShellExecute links and Guided Help links. If you en ...

oval:org.secpod.oval:def:19358
The Diagnostics: Configure scenario retention machine setting should be configured correctly. Determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. If you enable this policy setting, you must enter the maximum size of scenario data that should be retained in megabyt ...

oval:org.secpod.oval:def:19359
The Run Windows PowerShell scripts first at computer startup, shutdown machine setting should be configured correctly. This policy setting determines whether Windows PowerShell scripts will run before non-PowerShell scripts during computer startup and shutdown. By default, PowerShell scripts run af ...

oval:org.secpod.oval:def:19353
The Default quota limit and warning level machine setting should be configured correctly. Specifies the default disk quota limit and warning level for new users of the volume. This setting determines how much disk space can be used by each user on each of the NTFS file system volumes on a computer. ...

oval:org.secpod.oval:def:19354
The Do not forcefully unload the users registry at user logoff machine setting should be configured correctly. Microsoft Windows will always unload the users registry, even if there are any open handles to the per-user registry keys at user logoff. Using this policy setting, an administrator can ne ...

oval:org.secpod.oval:def:19355
The Specify the System Sleep Timeout (On Battery) machine setting should be configured correctly. Specifies the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse b ...

oval:org.secpod.oval:def:19356
The Specify the System Sleep Timeout (Plugged In) machine setting should be configured correctly. Specifies the period of inactivity before Windows transitions the system to sleep. If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse b ...

oval:org.secpod.oval:def:7901
The Password must meet complexity requirements policy should be set correctly. This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: * Not contain the users ...

oval:org.secpod.oval:def:19350
The Prevent Desktop Shortcut Creation machine setting should be configured correctly. This policy prevents a shortcut icon for the Player from being added to the user's desktop. When this policy is not configured or disabled, users can choose whether to add the Player shortcut icon to their de ...

oval:org.secpod.oval:def:7902
The Maximum password age setting should be configured correctly. This policy setting defines how long a user can use their password before it expires. Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire. The default value for this polic ...

oval:org.secpod.oval:def:19351
The Prohibit Flyweight Patching machine setting should be configured correctly. This setting controls the ability to turn off all patch optimizations. If you turn on this policy setting (set to 1), all Patch Optimization options are turned off during the installation. If you turn off this policy se ...

oval:org.secpod.oval:def:19352
The Corporate Site Prefix List machine setting should be configured correctly. This is the list of IPv6 corporate site prefixes that should be monitored for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. Fix: (1) GPO: Computer Config ...

oval:org.secpod.oval:def:19386
The Disallow Kerberos authentication machine setting should be configured correctly for the WinRM client. This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Kerberos authentication directly. If you enable this policy setting, the Windows Remot ...

oval:org.secpod.oval:def:19387
The Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (Servi ...

oval:org.secpod.oval:def:19388
The Add Printer wizard - Network scan page (Managed network) machine setting should be configured correctly. This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on a managed network (when the computer is able to reach a domain contro ...

oval:org.secpod.oval:def:19389
The Customize consent settings machine setting should be configured correctly. This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If this policy setting is enabled and the consent level is set to "0" (Disable), Windows Error Reporting ...

oval:org.secpod.oval:def:19382
The Detect application failures caused by deprecated Windows DLLs machine setting should be configured correctly. This policy setting determines whether the Program Compatibility Assistant (PCA) will diagnose DLL load failures in programs. If you enable this policy setting, the PCA detects programs ...

oval:org.secpod.oval:def:19383
The Set roaming profile path for all users logging onto this computer machine setting should be configured correctly. Specifies whether Microsoft Windows should use the specified network path as the roaming user profile path for all users logging onto this computer. To use this setting, type the pa ...

oval:org.secpod.oval:def:19384
The Log Access machine setting should be configured correctly for the security log. This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log. If this policy setting i ...

oval:org.secpod.oval:def:19385
The Set rules for remote control of Remote Desktop Services user sessions machine setting should be configured correctly. This policy setting allows you to specify the level of remote control permitted in a Remote Desktop Services session. You can use this policy setting to select one of two levels ...

oval:org.secpod.oval:def:19380
The Allow Applications to Prevent Automatic Sleep (On Battery) machine setting should be configured correctly. Allow applications and services to prevent automatic sleep. If you enable this policy setting, any application, service or device driver may prevent Windows from automatically transitionin ...

oval:org.secpod.oval:def:19381
The Disallow run-once backups machine setting should be configured correctly. This policy setting allows you to manage whether run-once backups of a machine can be run or not. If you enable this policy setting, machine administrator/backup operator cannot use Windows Server Backup to run non-schedu ...

oval:org.secpod.oval:def:19397
The Set the number of synchronization retries for servers running Password Synchronization machine setting should be configured correctly. This policy setting allows an administrator to set the number of password synchronization retries that Password Synchronization can attempt, in the event a sync ...

oval:org.secpod.oval:def:19398
The Define Activation Security Check exemptions machine setting should be configured correctly. Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists, one configured via Group Policy through ...

oval:org.secpod.oval:def:19399
The Set the Email IDs to which notifications are to be sent machine setting should be configured correctly. This setting assigns the email address(es) to which notifications will be sent. Use a semicolon (;) to separate multiple email addresses. If you enable this setting, Windows System Resource M ...

oval:org.secpod.oval:def:19393
The Limit the BITS Peercache size machine setting should be configured correctly. This policy setting limits the maximum amount of disk space that can be used for the BITS Peercache, as a percentage of the total system disk size. BITS will add files to the Peercache and make those files available t ...

oval:org.secpod.oval:def:19394
The Prompt for credentials on the client computer machine setting should be configured correctly. This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server. If you enable this policy setting, a u ...

oval:org.secpod.oval:def:19395
The Log Access machine setting should be configured correctlyfor the system log. This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. If this policy setting is enabled, only those users matching the security descri ...

oval:org.secpod.oval:def:19396
The Allow Standby States (S1-S3) When Sleeping (Plugged In) machine setting should be configured correctly. Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy ...

oval:org.secpod.oval:def:19390
The Allow pruning of published printers machine setting should be configured correctly. Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default, the pruning service on the domain controller prunes printer objects from Act ...

oval:org.secpod.oval:def:19391
The Disable binding directly to IPropertySetStorage without intermediate layers. machine setting should be configured correctly. Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermed ...

oval:org.secpod.oval:def:19392
The Limit the maximum number of files allowed in a BITS job machine setting should be configured correctly. This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of fi ...

oval:org.secpod.oval:def:7985
Requirement : 2.3.c Verify that administrator access to the web-based management interfaces is encrypted with strong cryptography.

oval:org.secpod.oval:def:14200
The host is installed with Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successfu ...

oval:org.secpod.oval:def:3726
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the applications, which does not perform proper validation on input passed f ...

oval:org.secpod.oval:def:8178
The host is installed with Microsoft Windows Server 2008 R2 and is prone to a security bypass vulnerability. A flaw is present in the IP-HTTPS Component, which fails to properly handle certificates. Successful exploitation could allow attackers to bypass certificate validation checks.

oval:org.secpod.oval:def:9240
The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Succ ...

oval:org.secpod.oval:def:8344
The host is missing an important security update according Microsoft bulletin MS13-007. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could allow attackers to crash the servi ...

oval:org.secpod.oval:def:7926
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ...

oval:org.secpod.oval:def:9742
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9741
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9740
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:5581
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, or Windows 7 or SP1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly enforce firewall rules for outbound broadcast packets. Successful ...

oval:org.secpod.oval:def:5635
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:8333
The host is installed with Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitat ...

oval:org.secpod.oval:def:8335
The host is installed with Microsoft Windows Vista, Windows 7, Windows server 2008, Windows server 208 R2, Windows 8 or Windows server 2012 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. ...

oval:org.secpod.oval:def:9238
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:7928
The host is installed with Microsoft .NET Framework 4 or 4.5 and is prone to WPF reflection optimization vulnerability. A flaw is present in the applications, which fails to properly validate permissions of objects involved with reflection. Successful exploitation allows attackers to take complete c ...

oval:org.secpod.oval:def:7924
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ...

oval:org.secpod.oval:def:10948
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10949
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10952
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10953
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10955
The host is installed with Microsoft Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10957
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10950
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ...

oval:org.secpod.oval:def:39331
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:8342
The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ...

oval:org.secpod.oval:def:7927
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ...

oval:org.secpod.oval:def:7925
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ...

oval:org.secpod.oval:def:9285
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:46367
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attac ...

oval:org.secpod.oval:def:46372
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code executi ...

oval:org.secpod.oval:def:39330
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39328
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:14192
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14193
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14191
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14197
The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a TCP/IP integer overflow vulnerability. A flaw is present in the application, which fails to properly handle packets during TCP connection. S ...

oval:org.secpod.oval:def:14178
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14176
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14177
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14175
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14187
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14180
The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14185
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9713
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9712
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9715
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9714
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9717
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9716
The host is installed with Internet Explorer 8 and is prone to a CElement use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9719
The host is installed with Internet Explorer 8 and is prone to a CTreeNode use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9718
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9720
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10741
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10742
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10777
The host is missing an important security update according to Microsoft security bulletin, MS13-029. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the specially crafted webpage. ...

oval:org.secpod.oval:def:10778
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted webpage. Successful exploitation coul ...

oval:org.secpod.oval:def:8182
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:8192
The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted TrueType font file. Success ...

oval:org.secpod.oval:def:8193
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8195
The host is installed with Internet Explorer 9 and is prone to an CMarkup use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8196
The host is installed with Internet Explorer 9 or 10 and is prone to an improper ref counting use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted or improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10847
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ...

oval:org.secpod.oval:def:5628
The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ...

oval:org.secpod.oval:def:10941
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation could allow attackers to execute arbi ...

oval:org.secpod.oval:def:9235
The host is installed with Microsoft Windows Server 2008 R2 or Windows Server 2012 and is prone to denial of service vulnerability. A flaw is present in the NFS server, which fails to handle specially crafted request. Successful exploitation allows remote attackers to cause a denial of service on th ...

oval:org.secpod.oval:def:8351
The host is installed with Microsoft XML Core Services 4.0, 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, M ...

oval:org.secpod.oval:def:9291
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9292
The host is installed with Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9294
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9295
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9296
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9275
The host is installed with Microsoft Windows 7, SP1, Windows Server 2008 R2 or SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows CSRSS improperly handles objects in memory. Successful exploitation allows attackers to run ...

oval:org.secpod.oval:def:9286
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9287
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9284
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10737
The host is installed with Microsoft Windows Server 2008, R2, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain elevated privileges and read ...

oval:org.secpod.oval:def:10738
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle objec ...

oval:org.secpod.oval:def:10733
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attack ...

oval:org.secpod.oval:def:10736
The host is installed with Microsoft Windows Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain eleva ...

oval:org.secpod.oval:def:62551
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerabil ...

oval:org.secpod.oval:def:9257
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9258
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9259
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9253
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9254
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9255
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9256
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9250
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9251
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9252
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9268
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9269
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9264
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9265
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9266
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9267
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9260
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9261
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9262
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9263
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9236
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9237
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9246
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9247
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9248
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9249
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9244
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9245
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9270
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9271
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9272
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9273
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles object ...

oval:org.secpod.oval:def:46369
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:46368
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file desig ...

oval:org.secpod.oval:def:46370
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ...

oval:org.secpod.oval:def:8348
The host is installed with Microsoft XML Core Services 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, or Mic ...

oval:org.secpod.oval:def:8352
The host is missing a critical security update according to MS13-002. The update is required to fix multiple MSXML vulnerabilities. The flaws are present in the applications, which fail to properly handle XML content. Successful exploitation allows attackers to execute arbitrary code.

CVE    51
CVE-2017-0104
CVE-2017-0102
CVE-2017-0101
CVE-2017-0100
...
CCE    1130
CCE-11356-3
CCE-11103-9
CCE-12047-7
CCE-10906-6
...
*CPE
cpe:/o:microsoft:windows_server_2008:r2
XCCDF    8
xccdf_scaprepo.com_benchmark_microsoft-windows-server-2008-r2
xccdf_com.secpod_benchmark_microsoft-windows-server-2008-r2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2008_R2
...

© SecPod Technologies