[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:8738
The User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop setting should be configured correctly. This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevat ...

oval:org.secpod.oval:def:8825
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

oval:org.secpod.oval:def:8836
The Network security: LAN Manager authentication level setting should be configured correctly. LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sh ...

oval:org.secpod.oval:def:8839
The System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) setting should be configured correctly. This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be l ...

oval:org.secpod.oval:def:8789
The Network security: Allow LocalSystem NULL session fallback setting should be configured correctly. Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security ...

oval:org.secpod.oval:def:8782
The User Account Control: Detect application installations and prompt for elevation setting should be configured correctly. This policy setting controls the behavior of application installation detection for the computer. The options are: * Enabled: (Default for home) When an application installati ...

oval:org.secpod.oval:def:8762
The User Account Control: Run all administrators in Admin Approval Mode setting should be configured correctly. This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The option ...

oval:org.secpod.oval:def:8777
The Domain member: Disable machine account password changes setting should be configured correctly. This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its ...

oval:org.secpod.oval:def:8898
The Maximum Log Size (KB) machine setting should be configured correctly for the setup log. maximum size (in bytes) of setup log" Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) (2) KEY: HKLM\SOFTWARE\Policies\Mi ...

oval:org.secpod.oval:def:8774
The MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) setting should be configured correctly. The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\T ...

oval:org.secpod.oval:def:8878
The Enumerate administrator accounts on elevation machine setting should be configured correctly. By default administrator accounts are not displayed when attempting to elevate a running application. If you enable this policy setting, all local administrator accounts on the machine will be displaye ...

oval:org.secpod.oval:def:8853
The Turn off Internet download for Web publishing and online ordering wizards machine setting should be configured correctly. Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a list of companie ...

oval:org.secpod.oval:def:8776
The MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) setting should be configured correctly. The registry value entry SafeDllSearchMode was added to the template file in the HKEY_LOCAL_MACHINE\\ SYSTEM\\CurrentControlSet\\Control\\Session Manager\\ registry key. The entry appears ...

oval:org.secpod.oval:def:8926
The Accounts: Limit local account use of blank passwords to console logon only setting should be configured correctly. This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable t ...

oval:org.secpod.oval:def:8899
The Solicited Remote Assistance machine setting should be configured correctly. This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also ...

oval:org.secpod.oval:def:8877
The Default behavior for AutoRun machine setting should be configured correctly. Sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an ...

oval:org.secpod.oval:def:8874
The Turn off printing over HTTP machine setting should be configured correctly. Specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This setting affects the client side of Internet pri ...

oval:org.secpod.oval:def:8858
The Maximum Log Size (KB) machine setting should be configured correctly for the system log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum ...

oval:org.secpod.oval:def:8757
The MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers setting should be configured correctly. The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ ...

oval:org.secpod.oval:def:8895
The Set client connection encryption level machine setting should be configured correctly. Specifies whether to require the use of a specific encryption level to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this se ...

oval:org.secpod.oval:def:8754
The Audit: Audit the use of Backup and Restore privilege setting should be configured correctly. This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit eve ...

oval:org.secpod.oval:def:8866
The Always prompt for password upon connection machine setting should be configured correctly. Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, e ...

oval:org.secpod.oval:def:8780
The System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting should be configured correctly. This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA ci ...

oval:org.secpod.oval:def:8796
The Network Security: Allow PKU2U authentication requests to this computer to use online identities setting should be configured correctly. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate dec ...

oval:org.secpod.oval:def:8808
The MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) setting should be configured correctly. This entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE. IP source rout ...

oval:org.secpod.oval:def:8766
The RPC Endpoint Mapper Client Authentication machine setting should be configured correctly. Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication in ...

oval:org.secpod.oval:def:8747
The Interactive logon: Smart card removal behavior setting should be configured correctly. This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: * No Action * Lock Workstation * Force Logoff * Disconnect if a r ...

oval:org.secpod.oval:def:8894
The Require a Password When a Computer Wakes (Plugged In) machine setting should be configured correctly. Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when ...

oval:org.secpod.oval:def:8818
The User Account Control: Only elevate executables that are signed and validated setting should be configured correctly. This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can ...

oval:org.secpod.oval:def:8710
The MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. setting should be configured correctly. The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPSEC\\ registry key. The entry ...

oval:org.secpod.oval:def:8908
The Turn off the Windows Messenger Customer Experience Improvement Program machine setting should be configured correctly. Specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used. With the Customer Experience Improvement program, u ...

oval:org.secpod.oval:def:8767
The MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) setting should be configured correctly. The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Param ...

oval:org.secpod.oval:def:8723
The Network access: Do not allow storage of passwords and credentials for network authentication setting should be configured correctly. This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentica ...

oval:org.secpod.oval:def:8737
The MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes setting should be configured correctly. The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\ registry key. T ...

oval:org.secpod.oval:def:8769
The MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) setting should be configured correctly. The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\ registry key. The entry appears as ...

oval:org.secpod.oval:def:8916
The Turn off Data Execution Prevention for Explorer machine setting should be configured correctly. This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, ...

oval:org.secpod.oval:def:8850
The Set time limit for disconnected sessions machine setting should be configured correctly. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session ...

oval:org.secpod.oval:def:8809
The Turn off Search Companion content file updates machine setting should be configured correctly. Specifies whether Search Companion should automatically download content updates during local and Internet searches. When the user searches the local machine or the Internet, Search Companion occasion ...

oval:org.secpod.oval:def:8814
The Enable user control over installs machine setting should be configured correctly. Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. It permits installations to comple ...

oval:org.secpod.oval:def:8840
The MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning setting should be configured correctly. The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\\ SYSTEM\\CurrentControlSet\\Services\\Eventlog\ ...

oval:org.secpod.oval:def:8792
The Network access: Sharing and security model for local accounts setting should be configured correctly. This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign ...

oval:org.secpod.oval:def:8823
The MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) setting should be configured correctly. The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Serv ...

oval:org.secpod.oval:def:8715
The User Account Control: Switch to the secure desktop when prompting for elevation setting should be configured correctly. This policy setting controls whether the elevation request prompt is displayed on the interactive users desktop or the secure desktop. The options are: * Enabled: (Default) Al ...

oval:org.secpod.oval:def:8763
The Prevent the computer from joining a homegroup machine setting should be configured correctly. By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting ...

oval:org.secpod.oval:def:8815
Administrators may create symbolic links

oval:org.secpod.oval:def:8746
The User Account Control: Only elevate UIAccess applications that are installed in secure locations setting should be configured correctly. This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure lo ...

oval:org.secpod.oval:def:8756
The Recovery console: Allow floppy copy and access to all drives and all folders setting should be configured correctly. This policy setting makes the Recovery Console SET command available, which allows you to set the following recovery console environment variables: * AllowWildCards. Enables wild ...

oval:org.secpod.oval:def:8731
The Shutdown: Allow system to be shut down without having to log on setting should be configured correctly. This policy setting determines whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon scre ...

oval:org.secpod.oval:def:8915
The Require a Password When a Computer Wakes (On Battery) machine setting should be configured correctly. Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when ...

oval:org.secpod.oval:def:8785
The MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) setting should be configured correctly. The registry value entry TCPMaxDataRetransmissions for IPv6 was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentCo ...

oval:org.secpod.oval:def:8819
The Interactive logon: Number of previous logons to cache (in case domain controller is not available) setting should be configured correctly. This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be ...

oval:org.secpod.oval:def:8855
The Maximum Log Size (KB) machine setting should be configured correctly for the application log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the ma ...

oval:org.secpod.oval:def:8803
The User Account Control: Virtualize file and registry write failures to per-user locations setting should be configured correctly. This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates application ...

oval:org.secpod.oval:def:8876
The Turn off Autoplay for non-volume devices machine setting should be configured correctly. If this policy is enabled, autoplay will not be enabled for non-volume devices like MTP devices. If you disable or not configure this policy, autoplay will continue to be enabled for non-volume devices. F ...

oval:org.secpod.oval:def:8845
The System cryptography: Force strong key protection for user keys stored on the computer setting should be configured correctly. This policy setting determines whether users private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users m ...

oval:org.secpod.oval:def:8822
The Network access: Restrict anonymous access to Named Pipes and Shares setting should be configured correctly. When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network ...

oval:org.secpod.oval:def:8880
The Set time limit for active but idle Remote Desktop Services sessions machine setting should be configured correctly. This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnec ...

oval:org.secpod.oval:def:8768
The Deny access to this computer from the network user right should be assigned to the appropriate accounts. This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environmen ...

oval:org.secpod.oval:def:8844
The Maximum Log Size (KB) machine setting should be configured correctly for the secirity log. This policy requires Windows Vista or later versions of Windows. This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maxim ...

oval:org.secpod.oval:def:8797
The Network Security: Configure encryption types allowed for Kerberos setting should be configured correctly. Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for Kerberos, preventing the use of the DES encryption suites. This policy is sup ...

oval:org.secpod.oval:def:8773
The Minimum password age setting should be configured correctly. The Minimum password age policy setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or ...

oval:org.secpod.oval:def:8842
The User Account Control: Admin Approval Mode for the Built-in Administrator account setting should be configured correctly. This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses A ...

oval:org.secpod.oval:def:8729
The Recovery console: Allow automatic administrative logon setting should be configured correctly. The recovery console is a command-line environment that is used to recover from system problems. If you enable this policy setting, the administrator account is automatically logged on to the recovery ...

oval:org.secpod.oval:def:8861
The Allow remote access to the Plug and Play interface machine setting should be configured correctly. This policy setting allows you to allow or deny remote access to the Plug and Play interface. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Device Installation\Allow remot ...

oval:org.secpod.oval:def:8925
The Accounts: Guest account status setting should be configured correctly. This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system. Note that this setting will have no impact when applied to ...

oval:org.secpod.oval:def:7902
The Maximum password age setting should be configured correctly. This policy setting defines how long a user can use their password before it expires. Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire. The default value for this polic ...

oval:org.secpod.oval:def:7899
This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired. You can set a value between 0 and 999 failed logon at ...

oval:org.secpod.oval:def:7897
The Enforce password history setting should be configured correctly. This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The ...

oval:org.secpod.oval:def:7901
The Password must meet complexity requirements policy should be set correctly. This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: * Not contain the users ...

oval:org.secpod.oval:def:7706
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. The registry value entry ScreenSaverGracePeriod was added to the template file in the HKEY_LOCAL_MACHINE\\SYSTEM\\Software\\Microsoft\\ Windows NT\\CurrentVersion\\Winlo ...

oval:org.secpod.oval:def:18960
The Retain old events machine setting should be configured correctly for the application log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: ...

oval:org.secpod.oval:def:7900
The Minimum password length setting should be configured correctly. This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps pass phras ...

oval:org.secpod.oval:def:18942
The Deny log on through Remote Desktop Services user right should be assigned to the appropriate accounts. This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts ...

oval:org.secpod.oval:def:8755
The Devices: Allowed to format and eject removable media setting should be configured correctly. This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on anothe ...

oval:org.secpod.oval:def:8772
The Deny log on locally user right should be assigned to the appropriate accounts. This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:I ...

oval:org.secpod.oval:def:8841
The User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode setting should be configured correctly. This policy setting controls the behavior of the elevation prompt for administrators. The options are: * Elevate without prompting: Allows privileged accounts ...

oval:org.secpod.oval:def:8787
The User Account Control: Behavior of the elevation prompt for standard users setting should be configured correctly. This policy setting controls the behavior of the elevation prompt for standard users. The options are: * Prompt for credentials: When an operation requires elevation of privilege, t ...

oval:org.secpod.oval:def:8793
The Network security: Do not store LAN Manager hash value on next password change setting should be configured correctly. This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. The LM hash is relatively weak and prone to a ...

oval:org.secpod.oval:def:8837
The System objects: Require case insensitivity for non-Windows subsystems setting should be configured correctly. This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32 subsystem is case insensitive. However, the kernel supports case sensitivit ...

oval:org.secpod.oval:def:8716
The Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings setting should be configured correctly. This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy setti ...

oval:org.secpod.oval:def:8788
The Interactive logon: Do not require CTRL+ALT+DEL setting should be configured correctly. This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, u ...

oval:org.secpod.oval:def:8848
The Reset account lockout counter after setting should be configured correctly. This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset ti ...

oval:org.secpod.oval:def:8751
The Network security: LDAP client signing requirements setting should be configured correctly. This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: * None. The LDAP BIND request is issued with the caller-specified ...

oval:org.secpod.oval:def:8724
The Network access: Let Everyone permissions apply to anonymous users setting should be configured correctly. This policy setting determines what additional permissions are assigned for anonymous connections to the computer. If you enable this policy setting, anonymous Windows users are allowed to ...

oval:org.secpod.oval:def:8812
The Domain member: Maximum machine account password age setting should be configured correctly. This policy setting determines the maximum allowable age for a computer account password. By default, domain members automatically change their domain passwords every 30 days. If you increase this interv ...

oval:org.secpod.oval:def:8711
The Network access: Do not allow anonymous enumeration of SAM accounts setting should be configured correctly. This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). If you enable this policy setting, users with anonymous connec ...

oval:org.secpod.oval:def:8791
The Network access: Shares that can be accessed anonymously setting should be configured correctly. This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated ...

oval:org.secpod.oval:def:8744
The Network access: Do not allow anonymous enumeration of SAM accounts and shares setting should be configured correctly. This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to e ...

oval:org.secpod.oval:def:18793
The Configure use of passwords for removable data drives machine setting should be configured correctly. This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose to allow use of a password, you can require a password to be used, ...

oval:org.secpod.oval:def:19537
The Choose how BitLocker-protected operating system drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This policy set ...

oval:org.secpod.oval:def:19090
The Deny write access to removable drives not protected by BitLocker machine setting should be configured correctly. This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive. If you enable this policy setting, all remo ...

oval:org.secpod.oval:def:19627
The Require 128-bit encryption option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) servers setting should be enabled or disabled as appropriate. This security setting allows a server to require the negotiation of message confidentiality (encryption), ...

oval:org.secpod.oval:def:18895
The Devices: Restrict CD-ROM access to locally logged-on user only setting should be configured correctly. This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed ...

oval:org.secpod.oval:def:19624
The Require 128-bit encryption option for the Network security: Minimum session security for NTLM SSP based (including secure RPC) clients setting should be enabled or disabled as appropriate. This policy setting determines which behaviors are allowed for applications using the NTLM Security Suppor ...

oval:org.secpod.oval:def:18773
The Retain old events machine setting should be configured correctly for the setup log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) GP ...

oval:org.secpod.oval:def:19198
The Turn off Data Execution Prevention for HTML Help Executible machine setting should be configured correctly. This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-han ...

oval:org.secpod.oval:def:19508
The Do not process the run once list machine setting should be configured correctly. Ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added ...

oval:org.secpod.oval:def:19441
The Server Authentication Certificate Template machine setting should be configured correctly. This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is neede ...

oval:org.secpod.oval:def:19444
The Allow Standby States (S1-S3) When Sleeping (On Battery) machine setting should be configured correctly. Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy ...

oval:org.secpod.oval:def:19456
The Allow users to connect remotely using Remote Desktop Services machine setting should be configured correctly. This policy setting allows you to configure remote access to computers using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop User ...

oval:org.secpod.oval:def:19210
The Configure minimum PIN length for startup machine setting should be configured correctly. This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum l ...

oval:org.secpod.oval:def:19452
The Allow Remote Shell Access machine setting should be configured correctly. Configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections will be rejected by the server. If you disable or do not configure this policy setting, new remote sh ...

oval:org.secpod.oval:def:19439
The Choose drive encryption method and cipher strength machine setting should be configured correctly. This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption ...

oval:org.secpod.oval:def:19433
The Configure TPM platform validation profile machine setting should be configured correctly. This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer ...

oval:org.secpod.oval:def:18836
The Deny log on as a batch job user right should be assigned to the appropriate accounts. This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Sc ...

oval:org.secpod.oval:def:19366
The Allow access to BitLocker-protected removable data drives from earlier versions of Windows machine setting should be configured correctly. This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and viewed on computers running Windo ...

oval:org.secpod.oval:def:19361
The Deny write access to fixed drives not protected by BitLocker machine setting should be configured correctly. This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If ...

oval:org.secpod.oval:def:19483
The Require additional authentication at startup machine setting should be configured correctly. This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additional authentication method that is required each time the computer starts. T ...

oval:org.secpod.oval:def:19480
The Prevent memory overwrite on restart machine setting should be configured correctly. This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encr ...

oval:org.secpod.oval:def:19255
The Validate smart card certificate usage rule compliance machine setting should be configured correctly. This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker. The obj ...

oval:org.secpod.oval:def:19499
The Choose how BitLocker-protected removable drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the required credentials. This policy setting is applied when ...

oval:org.secpod.oval:def:18839
The Allow enhanced PINs for startup machine setting should be configured correctly. This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, number ...

oval:org.secpod.oval:def:19581
The Configure use of passwords for fixed data drives machine setting should be configured correctly. This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to permit the use of a password, you can require that a password be used, ...

oval:org.secpod.oval:def:19595
The Configure use of smart cards on removable data drives machine setting should be configured correctly. This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setti ...

oval:org.secpod.oval:def:19233
The Control use of BitLocker on removable drives machine setting should be configured correctly. This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property setting ...

oval:org.secpod.oval:def:19600
The Always install with elevated privileges machine setting should be configured correctly. Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs th ...

oval:org.secpod.oval:def:19164
The Provide the unique identifiers for your organization machine setting should be configured correctly. This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed ...

oval:org.secpod.oval:def:18886
The MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) setting should be configured correctly. The registry value entry Hidden was added to the template file in the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Lanmanserver\\Parameter ...

oval:org.secpod.oval:def:18883
The Audit: Shut down system immediately if unable to log security audits setting should be configured correctly. This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Co ...

oval:org.secpod.oval:def:19295
The Allow access to BitLocker-protected fixed data drives from earlier versions of Windows machine setting should be configured correctly. This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Serve ...

oval:org.secpod.oval:def:19172
The Choose how BitLocker-protected fixed drives can be recovered machine setting should be configured correctly. This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn ...

oval:org.secpod.oval:def:18733
The Domain member: Digitally sign secure channel data (when possible) setting should be configured correctly. This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. Digital signatures protect ...

oval:org.secpod.oval:def:18853
The Retain old events machine setting should be configured correctly for the security log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) ...

oval:org.secpod.oval:def:19029
The Shutdown: Clear virtual memory pagefile setting should be configured correctly. This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down pr ...

oval:org.secpod.oval:def:18867
The Interactive logon: Require Domain Controller authentication to unlock workstation setting should be configured correctly. Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting ...

oval:org.secpod.oval:def:18746
Rights to access DCOM applications should be assigned as appropriate. This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to ...

oval:org.secpod.oval:def:8875
The Require secure RPC communication machine setting should be configured correctly. Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication ...

oval:org.secpod.oval:def:19034
The Retain old events machine setting should be configured correctly for the system log. This policy setting controls Event Log behavior when the log file reaches its maximum size. Old events may or may not be retained according to the Backup log automatically when full policy setting. Fix: (1) G ...

oval:org.secpod.oval:def:19155
The Configure use of smart cards on fixed data drives machine setting should be configured correctly. This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protected fixed data drives on a computer. If you enable this policy setting s ...

oval:org.secpod.oval:def:19158
The Do not process the legacy run list machine setting should be configured correctly. Ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 ...

oval:org.secpod.oval:def:7898
The Account lockout duration setting should be configured correctly. This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain un ...

oval:org.secpod.oval:def:8833
The Microsoft network server: Digitally sign communications (if client agrees) setting should be configured correctly. This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no sig ...

oval:org.secpod.oval:def:8739
The Domain member: Require strong (Windows 2000 or later) session key setting should be configured correctly. When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. ...

oval:org.secpod.oval:def:8779
The Interactive logon: Do not display last user name setting should be configured correctly. This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computers respective Windows logon screen. Enable th ...

oval:org.secpod.oval:def:8795
The Microsoft network client: Send unencrypted password to third-party SMB servers setting should be configured correctly. Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encrypt ...

oval:org.secpod.oval:def:8824
The Network access: Named Pipes that can be accessed anonymously setting should be configured correctly. This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Fix: (1) GPO: Computer Configuration\Windows Settings\Securi ...

CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    136
CCE-10949-6
CCE-11431-4
CCE-10906-6
CCE-11717-6
...
*XCCDF
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2008_R2

© SecPod Technologies