Download
| Alert*
|
oval:org.secpod.oval:def:57201
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:56609 This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ... oval:org.secpod.oval:def:57097 This policy setting determines which users can interactively log on to computers in your environment. Logons that are initiated by pressing the CTRL+ALT+DEL key sequence on the client computer keyboard require this user right. Users who attempt to log on through Terminal Services or IIS also require ... oval:org.secpod.oval:def:56690 LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ... oval:org.secpod.oval:def:56884 This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan. If you enable this setting, removable drives will be scanned during any type of scan. If you disable ... oval:org.secpod.oval:def:56867 This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders. This policy setting specifies whether the tasks Publish this file to the Web, Publish ... oval:org.secpod.oval:def:56131 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you enable this policy setting, the PC&apos;s network connectivity state cannot be changed without signing into Windows. If you disable or don&apos;t configure this poli ... oval:org.secpod.oval:def:56798 This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign different types of access to different users for the same resource. The Guest only option allows you to tre ... oval:org.secpod.oval:def:56258 This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of servic ... oval:org.secpod.oval:def:56260 Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Allow NTLM to fall back to NULL session when used with LocalS ... oval:org.secpod.oval:def:57131 Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the Choose a list of Internet Service Providers path in the Internet Connection Wizard will cause the wizard to exit. This prevents users fr ... oval:org.secpod.oval:def:57192 This policy setting determines which users can change the auditing options for files and directories and clear the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, ... oval:org.secpod.oval:def:56726 Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error rep ... oval:org.secpod.oval:def:56159 This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ... oval:org.secpod.oval:def:56255 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication. If you enable this policy setting, the WinRM client will use Basic authentication. If WinRM is configured to use HTTP transport, then the user name and password are sent over the ... oval:org.secpod.oval:def:56629 This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. ... oval:org.secpod.oval:def:57008 This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentication. If you enable this policy setting, the Stored User Names and Passwords feature of Windows does not store passwords and credentials. ... oval:org.secpod.oval:def:56542 This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system. If you enable or do not configure this policy setting, the device securely saves the user&apos;s credentials (including the user name, domain and encrypte ... oval:org.secpod.oval:def:57213 This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they c ... oval:org.secpod.oval:def:56365 This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to ... oval:org.secpod.oval:def:56031 This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log them. ... oval:org.secpod.oval:def:56277 This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable this policy setting, local accounts that have blank passwords will not be able to log on to the network from remote clien ... oval:org.secpod.oval:def:56058 Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ... oval:org.secpod.oval:def:56218 Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ... oval:org.secpod.oval:def:56044 This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time. If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances: Auto ... oval:org.secpod.oval:def:57067 This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps pass phrase is a better term than password. In Microsoft Windows 2000 or later, ... oval:org.secpod.oval:def:56160 This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment. Users who are assigned this user right can affect the appearance of event logs. When a computer's time setting is changed, logged events reflect the new time ... oval:org.secpod.oval:def:56936 This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format: \\TSClient\<driveletter>$ If local drives are shared they are left vulne ... oval:org.secpod.oval:def:57231 This policy setting determines which users can use tools to monitor the performance of non-system processes. Typically, you do not need to configure this user right to use the Microsoft Management Console (MMC) Performance snap-in. However, you do need this user right if System Monitor is configured ... oval:org.secpod.oval:def:56225 This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ... oval:org.secpod.oval:def:57181 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ... oval:org.secpod.oval:def:56781 This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting, no app notifications are displayed on the lock screen. If you disable or do not configure this policy setting, users can choose which apps display notifications on the ... oval:org.secpod.oval:def:57021 When WDigest authentication is enabled, Lsass.exe retains a copy of the user&apos;s plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed. If this setting is not configured, WDigest authentication is disabled in ... oval:org.secpod.oval:def:56122 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins. If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any pl ... oval:org.secpod.oval:def:56551 This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (O ... oval:org.secpod.oval:def:56817 This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session. By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the M ... oval:org.secpod.oval:def:56829 This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Ad ... oval:org.secpod.oval:def:56278 This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user. When configuring a user right in the SCM enter a comma delimited list of ... oval:org.secpod.oval:def:56667 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client. If you enable this policy setting, the WinRM service will accept Basic authentication from a remote client. If you disable or do not configure this poli ... oval:org.secpod.oval:def:56631 This policy setting allows you to restrict users to a single remote Remote Desktop Services session. If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves t ... oval:org.secpod.oval:def:56808 This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy setting, a domain user can&apos;t set up or sign in with a picture password. If you disable or don&apos;t configure this policy setting, a domain user can set up ... oval:org.secpod.oval:def:56318 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ... oval:org.secpod.oval:def:56937 This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting, behavior monitoring will be enabled. If you disable this setting, behavior monitoring will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Component ... oval:org.secpod.oval:def:56938 This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure this setting, scanning for all downloaded files and attachments will be enabled. If you disable this setting, scanning for all downloaded files and attachments will be d ... oval:org.secpod.oval:def:56571 This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this setting, Watson events will be sent. If you disable this setting, Watson events will not be sent. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Compon ... oval:org.secpod.oval:def:56814 This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy setting, the Logon UI will not enumerate any connected users on domain-joined computers. If you disable or do not configure this policy setting, connected users will be enumerat ... oval:org.secpod.oval:def:56846 This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. If you disable or do not configure ... oval:org.secpod.oval:def:57208 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall wi ... oval:org.secpod.oval:def:57212 This policy setting allows you to control whether a domain user can sign in using a PIN. If you enable this policy setting, a domain user can set up and sign in with a PIN. If you disable or don&apos;t configure this policy setting, a domain user can&apos;t set up and use a PIN. Note that ... oval:org.secpod.oval:def:56409 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Use this option to log when Windows Firewall with Advanced Security allows ... oval:org.secpod.oval:def:56217 Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication pro ... oval:org.secpod.oval:def:57121 It is feasible for a attacker to disguise a Trojan horse program as a printer driver. The program may appear to users as if they must use it to print, but such a program could unleash malicious code on your computer network. To reduce the possibility of such an event, only administrators should be a ... oval:org.secpod.oval:def:56231 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that block the connection. Important If you set Outbound connections to Block and then deploy the firewall policy ... oval:org.secpod.oval:def:56026 This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or extremely small, an attacker could easily affect the performance of a compromised computer. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can ... oval:org.secpod.oval:def:56164 This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ... oval:org.secpod.oval:def:56376 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:56820 The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that appropriate recovery password backup policies are enabled. This security setting determines the number of failed logon attempts that causes the machine to be locke ... oval:org.secpod.oval:def:56738 This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB) based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). When configuring a user right i ... oval:org.secpod.oval:def:56682 This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The default value for Windows Vista is 0 passwords, but the default settin ... oval:org.secpod.oval:def:56343 Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By default, users can enable invocation of an available camera on the lock screen. If you enable this setting, users will no longer be able to enable or disable lock screen cam ... oval:org.secpod.oval:def:57176 This policy setting determines whether the Lightweight Directory Access Protocol (LDAP) server requires LDAP clients to negotiate data signing. This policy setting determines whether the LDAP server requires a signature before it will negotiate with LDAP clients. Fix: (1) GPO: Computer Configurat ... oval:org.secpod.oval:def:56751 The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the S ... oval:org.secpod.oval:def:56455 This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Policy w ... oval:org.secpod.oval:def:56981 This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM. if you disable this policy setting, responsiveness ... oval:org.secpod.oval:def:56694 Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services ... oval:org.secpod.oval:def:56183 Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain ... oval:org.secpod.oval:def:57009 This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used. This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is u ... oval:org.secpod.oval:def:56202 Specifies whether or not the user is prompted for a password when the system resumes from sleep. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings!Specifies whether or not the user is prompted for a password when the system resumes from sleep. (2 ... oval:org.secpod.oval:def:56326 This security setting determines which users and groups have the authority to synchronize all directory service data. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Synchronize directory service data (2) WMI: root\rsop\computer#RSOP_U ... oval:org.secpod.oval:def:56232 This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account. Note this does not affect the availability of user input methods on the lock screen or ... oval:org.secpod.oval:def:56174 This policy setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader. Fix: (1) GPO: Computer Configuration\Windows Sett ... oval:org.secpod.oval:def:57068 This policy setting determines whether members of the Server Operators group are allowed to submit jobs by means of the AT schedule facility. The impact of this policy setting configuration should be small for most organizations. Users, including those in the Server Operators group, will still be ab ... oval:org.secpod.oval:def:57071 This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Scheduler to schedule jobs need this user right. The Deny log on as a batch job user right o ... oval:org.secpod.oval:def:56442 Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. If you disable or do not configure this ... oval:org.secpod.oval:def:57156 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ... oval:org.secpod.oval:def:56145 This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be cached locally to allow users to log on even if a domain controller cannot be contacted. This policy setting determines the number of unique use ... oval:org.secpod.oval:def:56402 This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps. If you enable this policy setting, the advertising ID is turned off. Apps can&apos;t use the ID for experiences across apps. If you disable or do not configure this policy setting, ... oval:org.secpod.oval:def:57093 This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ... oval:org.secpod.oval:def:56741 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. In Windows Vista, the default behavior is to allow connections unless there are firewall rules that block the connection. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settin ... oval:org.secpod.oval:def:56558 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Use this option to log when Windows Firewall with Advanced Security allows ... oval:org.secpod.oval:def:57174 This policy setting determines whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen. Microsoft recommends to disable this policy setting to restrict the ability to shut down the computer to ... oval:org.secpod.oval:def:56221 This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches. Fix: (1) GPO: Computer ... oval:org.secpod.oval:def:56753 This policy setting allows accounts to log on using the task scheduler service. Because the task scheduler is often used for administrative purposes, it may be needed in enterprise environments. However, its use should be restricted in high security environments to prevent misuse of system resources ... oval:org.secpod.oval:def:56875 Turns off Real-Time Protection prompts for known malware detection. Windows Defender alerts you when spyware or potentially unwanted software attempts to install itself or to run on your computer. If you enable this policy setting, Windows Defender will not prompt users to take actions on malware ... oval:org.secpod.oval:def:56742 The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key. The entry appears as MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) in the Security Configuration Editor. This settin ... oval:org.secpod.oval:def:57180 This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components. Developers who are debugging their own applications do not need to be assigned this user ... oval:org.secpod.oval:def:56410 This policy setting allows you to disable the client computer's ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet. This policy setting allows you to disable the client computer's ability to print over HTTP, which allows the computer t ... oval:org.secpod.oval:def:56039 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices. ... oval:org.secpod.oval:def:56303 When enabled, this policy setting causes Local System services that use Negotiate to use the computer identity when NTLM authentication is selected by the negotiation. This policy is supported on at least Windows 7 or Windows Server 2008 R2. This policy setting allows Local System services that us ... oval:org.secpod.oval:def:56668 This security setting determines whether domain controllers will refuse requests from member computers to change computer account passwords. By default, member computers change their computer account passwords every 30 days. If enabled, the domain controller will refuse computer account password cha ... oval:org.secpod.oval:def:56637 Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Se ... oval:org.secpod.oval:def:56586 This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ... oval:org.secpod.oval:def:56777 This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies.Note: This security setting does not apply to the System, Local Service, or N ... oval:org.secpod.oval:def:56275 This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: - Not contain the user&apos;s account name or parts of the user&apos;s full name that exceed tw ... oval:org.secpod.oval:def:56340 Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By default, users can enable a slide show that will run after they lock the machine. If you enable this setting, users will no longer be able to modify slide show settings in PC S ... oval:org.secpod.oval:def:56207 Turns off Windows Defender Real-Time Protection, and no more scans are scheduled. If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software. If you disable or do not configure this policy setting, by defau ... oval:org.secpod.oval:def:56685 This setting determines which users can change the time zone of the computer. This ability holds no great danger for the computer and may be useful for mobile workers. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Activ ... oval:org.secpod.oval:def:56082 The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE. Internet Control M ... oval:org.secpod.oval:def:56050 This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that block the connection. Important If you set Outbound connections to Block and then deploy the firewall policy ... oval:org.secpod.oval:def:56378 Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Wi ... oval:org.secpod.oval:def:57170 Specifies whether or not the user is prompted for a password when the system resumes from sleep. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings!Specifies whether or not the user is prompted for a password when the system resumes from sleep. (2 ... oval:org.secpod.oval:def:56696 This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server ... oval:org.secpod.oval:def:56975 The Windows Customer Experience Improvement Program will collect information about your hardware configuration and how you use our software and services to identify trends and usage patterns. We will not collect your name, address, or any other personally identifiable information. There are no surve ... oval:org.secpod.oval:def:57227 This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other users ... oval:org.secpod.oval:def:56785 This policy setting determines whether users can increase the base priority class of a process. (It is not a privileged operation to increase relative priority within a priority class.) This user right is not required by administrative tools that are supplied with the operating system but might be r ... oval:org.secpod.oval:def:56650 This policy setting allows users to shut down Windows based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft recommends ... oval:org.secpod.oval:def:56709 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ... oval:org.secpod.oval:def:56371 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Digest authentication. If you enable this policy setting, the WinRM client will not use Digest authentication. If you disable or do not configure this policy setting, the WinRM client will us ... oval:org.secpod.oval:def:56451 This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: * Users can't access OneDrive from the OneDrive app and file picker. * Windows Store apps can't access OneDrive using the WinRT API. * OneDrive doesn't appear in the navig ... oval:org.secpod.oval:def:57210 This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or do not configure this policy setting, by default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows t ... oval:org.secpod.oval:def:57160 This policy setting controls whether the elevation request prompt is displayed on the interactive user&apos;s desktop or the secure desktop. The options are: - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators an ... oval:org.secpod.oval:def:56618 This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network. If you disable or do not configure t ... oval:org.secpod.oval:def:56052 This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or c ... oval:org.secpod.oval:def:56227 This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature will be turned off, and all programs on this computer will not be able to use location information from the location feature. If you disable or do not confi ... oval:org.secpod.oval:def:56805 Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Sett ... oval:org.secpod.oval:def:56737 This policy setting specifies which users can add computer workstations to a specific domain. For this policy setting to take effect, it must be assigned to the user as part of the Default Domain Controller Policy for the domain. A user who has been assigned this right can add up to 10 workstations ... oval:org.secpod.oval:def:56590 The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect, fo ... oval:org.secpod.oval:def:56956 Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\File Explorer!Turn ... oval:org.secpod.oval:def:56963 Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users will be able to use MSDT to collect and send diagnostic data to a support professional to resolve a problem. By default, the support provider is s ... oval:org.secpod.oval:def:56189 This policy setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings!Setting controls whether Windows ... oval:org.secpod.oval:def:56614 This entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Fix: (1) GPO: Computer Config ... oval:org.secpod.oval:def:57214 Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ... oval:org.secpod.oval:def:56795 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. This setting determines the behavior for inbound connections that do not match an inbound fi ... oval:org.secpod.oval:def:56154 This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ... oval:org.secpod.oval:def:56452 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in t ... oval:org.secpod.oval:def:56529 This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Fix: (1) GPO: Computer Configuration\Ad ... oval:org.secpod.oval:def:57198 This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box. If you disable or do not confi ... oval:org.secpod.oval:def:57166 This policy setting determines if the server side SMB service is required to perform SMB packet signing. Enable this policy setting in a mixed environment to prevent downstream clients from using the workstation as a network server. This policy setting determines if the server side SMB service is r ... oval:org.secpod.oval:def:56698 Specifies whether Remote Desktop Services retains a user&apos;s per-session temporary folders at logoff. You can use this setting to maintain a user&apos;s session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services ... oval:org.secpod.oval:def:56230 This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches i ... oval:org.secpod.oval:def:56055 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notification ... oval:org.secpod.oval:def:56418 This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled. If you enable this policy setting the command line information for every process will be logged in pla ... oval:org.secpod.oval:def:56153 Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Ser ... oval:org.secpod.oval:def:56778 This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers. If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-j ... oval:org.secpod.oval:def:56763 Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Interactive logon: Machine in ... oval:org.secpod.oval:def:57203 This policy setting determines which users who are logged on locally to the computers in your environment can shut down the operating system with the Shut Down command. Misuse of this user right can result in a denial of service condition. When configuring a user right in the SCM enter a comma deli ... oval:org.secpod.oval:def:56707 This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate tem ... oval:org.secpod.oval:def:56649 This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ... oval:org.secpod.oval:def:56173 This policy setting determines which users or processes can generate audit records in the Security log. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. This poli ... oval:org.secpod.oval:def:57011 This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP. This policy setting controls whether the computer can ... oval:org.secpod.oval:def:56634 Prevents Group Policy from being updated while the computer is in use. This setting applies to Group Policy for computers, users, and domain controllers. If you enable this setting, the system waits until the current user logs off the system before updating the computer and user settings. If you d ... oval:org.secpod.oval:def:56821 This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall wi ... oval:org.secpod.oval:def:56764 Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notification ... oval:org.secpod.oval:def:56054 Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (instal ... oval:org.secpod.oval:def:56332 This policy setting allows users to circumvent file and directory permissions to back up the system. This user right is enabled only when an application (such as NTBACKUP) attempts to access a file or directory through the NTFS file system backup application programming interface (API). Otherwise, t ... oval:org.secpod.oval:def:57232 This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. If this user right is assigned, significant degradation of system performance can occur. When configuring a user right in the SCM enter a comma delimited l ... oval:org.secpod.oval:def:56584 This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges. When configuring a user right in the SCM enter a comma ... oval:org.secpod.oval:def:57099 This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges. This policy setting determines who ... oval:org.secpod.oval:def:56825 This policy setting allows users to dynamically load a new device driver on a system. An attacker could potentially use this capability to install malicious code that appears to be a device driver. This user right is required for users to add local printers or printer drivers in Windows Vista. When ... oval:org.secpod.oval:def:57092 This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network. When configuring a user right in the SCM enter a comma delimited list of accounts ... oval:org.secpod.oval:def:56302 This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories on computers that run Windows Vista in your environment. This user right also determines which users can set valid security principa ... oval:org.secpod.oval:def:56166 This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. The LM hash is relatively weak and prone to attack compared to the cryptographically stronger Microsoft Windows NT hash. Note Older operating systems and some third- ... oval:org.secpod.oval:def:56611 This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ... oval:org.secpod.oval:def:56167 This policy setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. It affects the SMB component. If you enable this policy setting, client sessions with the SMB service will be forcibly disconnected when the client's log ... oval:org.secpod.oval:def:57204 This policy setting allows users to manage the system&apos;s volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be ... oval:org.secpod.oval:def:57165 This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel mode have this user right inherently. Therefore, it is typically not necessary to specifically assign this user right. When configuring a user right in the SCM enter a comma ... oval:org.secpod.oval:def:57019 This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the Users can't add Microsoft accounts option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain account t ... oval:org.secpod.oval:def:56621 This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ... oval:org.secpod.oval:def:56824 This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ... oval:org.secpod.oval:def:56048 This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. Administrators can use this policy setting to control when a computer suspends an inactive SMB session. If client activity resumes, the ... oval:org.secpod.oval:def:56653 Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. Microsoft recommends that you disable this policy setting unless there is a strong business case to enable it. If this ... oval:org.secpod.oval:def:56761 This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). If you enable this policy setting, users with anonymous connections cannot enumerate domain account user names on the workstations in your environment. This policy setting al ... oval:org.secpod.oval:def:56916 This policy setting specifies that Automatic Updates will wait for computers to be restarted by the users who are logged on to them to complete a scheduled installation. If you enable the No auto-restart for scheduled Automatic Updates installations setting, Automatic Updates does not restart compu ... oval:org.secpod.oval:def:56654 This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer&apos;s respective Windows logon screen. Enable this policy setting to prevent intruders from collecting account names visually from t ... oval:org.secpod.oval:def:57148 This policy setting determines what additional permissions are assigned for anonymous connections to the computer. If you enable this policy setting, anonymous Windows users are allowed to perform certain activities, such as enumerate the names of domain accounts and network shares. An unauthorized ... oval:org.secpod.oval:def:56648 This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. The implementation of digital signing in Windows based networks helps to prevent sessions from being hijacked. If you enable this policy setting, the Microsoft network client will use signing only if ... oval:org.secpod.oval:def:57095 This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: - None. The LDAP BIND request is issued with the caller-specified options. - Negotiate signing. If Transport Layer Security/Secure Sockets Layer (TLS/SSL) has no ... oval:org.secpod.oval:def:56147 This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy settings available in Windows Server 2003 Active Directory do not yet contain settings for managing the new auditing subcategories. To properly apply the auditing po ... oval:org.secpod.oval:def:56711 When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to sh ... oval:org.secpod.oval:def:57064 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. Select On to allow Wi ... oval:org.secpod.oval:def:56593 This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted. If a system is set to always encrypt or sign secure channel data, it cannot establish a secure channel with a domain controller that is not capable of signing or encr ... oval:org.secpod.oval:def:56775 This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX). Because Windows is case i ... oval:org.secpod.oval:def:56422 This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, users must press CTRL+ALT+DEL before they log on to Windows unless they use a smart card for ... oval:org.secpod.oval:def:56794 This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setti ... oval:org.secpod.oval:def:57144 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is ... oval:org.secpod.oval:def:57119 When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. To enable this policy setting, all domain controllers in the domain must be able to encrypt secure channel da ... oval:org.secpod.oval:def:57168 This policy setting determines how far in advance users are warned that their password will expire. Microsoft recommends that you configure this policy setting to 14 days to sufficiently warn users when their passwords will expire. This policy setting determines how far in advance users are warned ... oval:org.secpod.oval:def:56827 This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, lo ... oval:org.secpod.oval:def:56826 This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment. The Network access: Do ... oval:org.secpod.oval:def:57171 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. Windows Firewall with ... oval:org.secpod.oval:def:56749 This policy setting determines whether packet signing is required by the SMB client component. If you enable this policy setting, the Microsoft network client computer cannot communicate with a Microsoft network server unless that server agrees to sign SMB packets. In mixed environments with legacy ... oval:org.secpod.oval:def:56828 This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. Digital signatures protect the traffic from being modified by anyone who captures the data as it traverses the network. Microsoft recomme ... oval:org.secpod.oval:def:56049 Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile. Fix: (1) GPO: Comput ... oval:org.secpod.oval:def:57022 This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server. Note: It can be very dangerous to add other s ... oval:org.secpod.oval:def:82082 This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the compu ... oval:org.secpod.oval:def:82081 This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. If you configure this policy setting, ... oval:org.secpod.oval:def:82080 This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful ... oval:org.secpod.oval:def:82086 This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. For scheduler jobs, the following are audited: Job created. Job deleted. Job enabled. Job disabled. Job updated. For COM+ objects, the following are audited: Ca ... oval:org.secpod.oval:def:82085 This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. ... oval:org.secpod.oval:def:82083 This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful a ... oval:org.secpod.oval:def:82079 Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ... oval:org.secpod.oval:def:82078 Determines when registry policies are updated. This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enab ... oval:org.secpod.oval:def:82077 This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements. Specify hardened network paths. In the name field, type a fully-qualified UNC path for each network resour ... oval:org.secpod.oval:def:82076 This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or through a ... oval:org.secpod.oval:def:82071 This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ... oval:org.secpod.oval:def:82070 This security setting determines how often a domain member will attempt to change its computer account password. Default: 30 days. By default, domain members automatically change their domain passwords every 30 days. If you increase this interval significantly or set it to 0 so that the computers ... oval:org.secpod.oval:def:82075 This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other applications that leverage the Win ... oval:org.secpod.oval:def:82074 Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. Note: This policy does not apply to Windows RT. This setting lets you specify whether automatic updates are enabled on this computer. If the service is enable ... oval:org.secpod.oval:def:82072 This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the users password for authentication purposes. Storing passwords using reversible encryption is ess ... oval:org.secpod.oval:def:82068 This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Counter Measure: Assign the Deny ... oval:org.secpod.oval:def:82067 This security setting determines which users can use performance monitoring tools to monitor the performance of system processes. Default: Administrators. Counter Measure: Ensure that only the local Administrators group is assigned the Profile system performance user right. Potential Impact: ... oval:org.secpod.oval:def:82066 This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state. If you disable or do not configure this policy setting, KMS client activation data w ... oval:org.secpod.oval:def:82065 This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop- ... oval:org.secpod.oval:def:82069 This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Counter Measure: Configure this user right so that no account ... oval:org.secpod.oval:def:82099 This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operation ... oval:org.secpod.oval:def:82098 This policy setting determines the amount of diagnostic and usage data reported to Microsoft. A value of 0 will send minimal data to Microsoft. This data includes Malicious Software Removal Tool (MSRT) & Windows Defender data, if enabled, and telemetry client settings. Setting a value of 0 appli ... oval:org.secpod.oval:def:82093 This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft. If you enable this policy setting, users will no longer see feedback notifications through the Windows Feedback app. If you disable or do not configure this policy setting, use ... oval:org.secpod.oval:def:82092 This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. If you enable this policy setting, users will no longer see personalized recommendations from Microsoft and notifications about their Microsoft account. If you disable or do ... oval:org.secpod.oval:def:82091 This subcategory reports events generated by the Kerberos Authentication Server. These events occur on the computer that is authoritative for the credentials. Events for this subcategory include: - 4768: A Kerberos authentication ticket (TGT) was requested. - 4771: Kerberos pre-authentication failed ... oval:org.secpod.oval:def:82090 Manages a Windows app&apos;s ability to share data between users who have installed the app. If you enable this policy, a Windows app can share app data with other instances of that app. Data is shared through the SharedLocal folder. This folder is available through the Windows.Storage API. ... oval:org.secpod.oval:def:82097 Specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this setting, all communications between clients and RD Session Host servers during remote conne ... oval:org.secpod.oval:def:82096 This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only fai ... oval:org.secpod.oval:def:82094 This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under &quot;Get Insider builds,&quot; and enable users to make their devices available for downloading and installing Windows preview soft ... oval:org.secpod.oval:def:82088 This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows ... oval:org.secpod.oval:def:82087 This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the &quot;Authentication Policy Change&quot; subcategory. Remova ... oval:org.secpod.oval:def:82042 This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ... oval:org.secpod.oval:def:82040 If the Screen Saver Timeout setting is enabled, then the screen saver will be launched when the specified amount of time has passed since the last user action. Valid values range from 1 to 89,400 seconds (24 hours). The setting has no effect if the wait time is set to zero or no screen saver has bee ... oval:org.secpod.oval:def:82035 The registry value entry TCPMaxDataRetransmissions for IPv6 was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 re ... oval:org.secpod.oval:def:82033 This subcategory reports the results of validation tests on credentials submitted for a user account logon request. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local accounts, the local compute ... oval:org.secpod.oval:def:82039 This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including Set up a wireless router or access point and Add a wireless de ... oval:org.secpod.oval:def:82038 This subcategory reports each event of user account management, such as when a user account is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed. If you enable this Audit policy setting, administrators can track events to detect malicious, ... oval:org.secpod.oval:def:82037 This subcategory reports other account management events. Events for this subcategory include: ? 4782: The password hash an account was accessed. ? 4793: The Password Policy Checking API was called. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in ... oval:org.secpod.oval:def:82036 This subcategory reports on the activities of the Internet Protocol security (IPsec) driver. Events for this subcategory include: ? 4960: IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified in ... oval:org.secpod.oval:def:82031 If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver. If this setting is enabled, then all screen savers are password protected. Fix: (1) GPO: User Configuration\Admi ... oval:org.secpod.oval:def:82030 This subcategory reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are performed on an object. DS Change auditing, where appropriate, indicates the old and new values of the changed pr ... oval:org.secpod.oval:def:82024 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this ... oval:org.secpod.oval:def:82023 This subcategory reports on violations of integrity of the security subsystem. Events for this subcategory include: ? 4612 : Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. ? 4615 : Invalid use of LPC port. ? 4618 : A monitored ... oval:org.secpod.oval:def:82022 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user&apos;s computer. If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the ... oval:org.secpod.oval:def:82028 This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ... oval:org.secpod.oval:def:82026 This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server. This sub ... oval:org.secpod.oval:def:82025 This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook? Express with information about their zone of origin (such as restricted, Internet, intranet, or local). This policy setting requires that files be downloaded to NTFS disk part ... oval:org.secpod.oval:def:82060 This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early Launch Antimalware boot-start driver. The Early Launch Antimalware boot-start driver can return the following classifications for each boot-start driver: - Good: T ... oval:org.secpod.oval:def:82064 This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconn ... oval:org.secpod.oval:def:82063 This policy setting allows you to manage the behavior of Windows SmartScreen. Windows SmartScreen helps keep PCs safer by warning users before running unrecognized programs downloaded from the Internet. Some information is sent to Microsoft about files and programs run on PCs with this feature enabl ... oval:org.secpod.oval:def:82062 Enables management of password for local administrator account If you enable this setting, local administrator password is managed If you disable or not configure this setting, local administrator password is NOT managed Counter Measure: Enable this setting. Potential Impact: Lo ... oval:org.secpod.oval:def:82061 When you enable this setting, planned password expiration longer than password age dictated by Password Settings policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. When you disable or not configure this se ... oval:org.secpod.oval:def:82057 This subcategory reports each event of application group management on a computer, such as when an application group is created, changed, or deleted or when a member is added to or removed from an application group. If you enable this Audit policy setting, administrators can track events to detect m ... oval:org.secpod.oval:def:82056 This subcategory reports changes in authentication policy. Events for this subcategory include: ? 4706: A new trust was created to a domain. ? 4707: A trust to a domain was removed. ? 4713: Kerberos policy was changed. ? 4716: Trusted domain information was modified. ? 4717: System security access w ... oval:org.secpod.oval:def:82055 Specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders. The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online. If you enable this setting, the task Order Prints Online is removed from Picture Tasks i ... oval:org.secpod.oval:def:82054 This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system ... oval:org.secpod.oval:def:82059 Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as op ... oval:org.secpod.oval:def:82058 System-wide Structured Exception Handler Overwrite Protection setting Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\EMET\System SEHOP (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings!SEHOP oval:org.secpod.oval:def:82053 This policy setting determines whether to require domain users to elevate when setting a network&apos;s location. If you enable this policy setting, domain users must elevate when setting a network&apos;s location. If you disable or do not configure this policy setting, domain users can se ... oval:org.secpod.oval:def:82052 This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it&apos;s connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network healt ... oval:org.secpod.oval:def:82051 This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: ? 4608: Windows is starting up. ? 4609: Windows is shutting down. ? 4616: The system time was changed. ? 4621: Administrator recovered system f ... oval:org.secpod.oval:def:82050 This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to shar ... oval:org.secpod.oval:def:82046 This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include: ? 4715: The audit policy (SACL) on an object was changed. ? 4719: System audit policy was changed. ? 4902: The Per-user audit policy table was created. ? 4904: An attempt was made to registe ... oval:org.secpod.oval:def:82045 This subcategory reports each event of computer account management, such as when a computer account is created, changed, deleted, renamed, disabled, or enabled. Events for this subcategory include: ? 4741: A computer account was created. ? 4742: A computer account was changed. ? 4743: A computer acc ... oval:org.secpod.oval:def:82044 The registry value entry ScreenSaverGracePeriod was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\ Windows NT\CurrentVersion\Winlogon\ registry key. The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 ... oval:org.secpod.oval:def:82043 This policy setting allows you to manage whether or not screen savers run. If the Screen Saver setting is disabled screen savers do not run and the screen saver section of the Screen Saver tab in Display in Control Panel is disabled. If this setting is enabled a screen saver will run if the followin ... oval:org.secpod.oval:def:82049 The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to Do ... oval:org.secpod.oval:def:82048 This subcategory reports each event of security group management, such as when a security group is created, changed, or deleted or when a member is added to or removed from a security group. If you enable this Audit policy setting, administrators can track events to detect malicious, accidental, and ... oval:org.secpod.oval:def:82047 This subcategory reports on other system events. Events for this subcategory include: ? 5024 : The Windows Firewall Service has started successfully. ? 5025 : The Windows Firewall Service has been stopped. ? 5027 : The Windows Firewall Service was unable to retrieve the security policy from the loca ... oval:org.secpod.oval:def:82119 This setting controls whether users can provide Microsoft accounts for authentication for applications or services. If this setting is enabled, all applications and services on the device are prevented from using Microsoft accounts for authentication. This applies both to existing users of a device ... oval:org.secpod.oval:def:82118 This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Messaging\Allow Message Service Cloud Sync (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Messa ... oval:org.secpod.oval:def:82117 This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically ... oval:org.secpod.oval:def:82112 This policy prevents the user from showing account details (email address or user name) on the sign-in screen. If you enable this policy setting, the user cannot choose to show account details on the sign-in screen. If you disable or do not configure this policy setting, the user may choose to sho ... oval:org.secpod.oval:def:82111 Enumeration policy for external DMA-capable devices incompatible with DMA remapping. This policy only takes effect when Kernel DMA Protection is enabled and supported by the system. Note: this policy does not apply to 1394, PCMCIA or ExpressCard devices. Fix: (1) GPO: Computer Configuration\Admin ... oval:org.secpod.oval:def:82110 Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts. This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the dev ... oval:org.secpod.oval:def:82116 This policy setting allows you to require a pin for pairing. If you set this to 'Never', a pin isn't required for pairing. If you set this to 'First Time', the pairing ceremony for new devices will always require a PIN. If you set this to 'Always', all pairings will require PIN. Fix: (1) GPO: ... oval:org.secpod.oval:def:82115 This policy setting allow the use of Camera devices on the machine. If you enable or do not configure this policy setting, Camera devices will be enabled. If you disable this property setting, Camera devices will be disabled. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windo ... oval:org.secpod.oval:def:82114 This policy setting determines whether published User Activities can be uploaded. If you enable this policy setting, activities of type User Activity are allowed to be uploaded. If you disable this policy setting, activities of type User Activity are not allowed to be uploaded. Deletion of activitie ... oval:org.secpod.oval:def:82113 This policy setting determines whether Clipboard contents can be synchronized across devices. If you enable this policy setting, Clipboard contents are allowed to be synchronized across devices logged in under the same Microsoft account or Azure AD account. If you disable this policy setting, Clipbo ... oval:org.secpod.oval:def:82109 This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue experiences). If you enable this policy setting, the Windows device is discoverable by other Windows devices that belong to the same user, and can participate in cross-device ex ... oval:org.secpod.oval:def:82108 Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require ... oval:org.secpod.oval:def:82107 Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable version of credentials to the remote host. This exposes users to the risk of credential theft from attackers on the remote host. If you enable this policy setting, the host s ... oval:org.secpod.oval:def:82106 Encryption Oracle Remediation This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection). Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable ... oval:org.secpod.oval:def:82100 This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons. If you disable this policy setting, the SMB client will reject ... oval:org.secpod.oval:def:82105 This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications fr ... oval:org.secpod.oval:def:82104 Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, ... oval:org.secpod.oval:def:82102 This policy setting allows you to restrict remote RPC connections to SAM. The recommended state for this setting is: Administrators: Remote Access: Allow . Note: A Windows 10 R1607, Server 2016 or newer OS is required to access and set this value in Group Policy. Note 2: If your organiza ... oval:org.secpod.oval:def:82020 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to Windows XP SP2, Autoplay is disabled ... oval:org.secpod.oval:def:82019 The registry value entry KeepAliveTime was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended) in the SCE. This ... oval:org.secpod.oval:def:82018 Antivirus programs are mandatory in many environments and provide a strong defense against attack. The Notify antivirus programs when opening attachments setting allows you to manage how registered antivirus programs are notified. When enabled, this policy setting configures Windows to call the reg ... oval:org.secpod.oval:def:82139 This policy setting sets the Attack Surface Reduction rules. Attack surface reduction helps prevent actions and apps that are typically used by exploit- seeking malware to infect machines. Fix: (1) GPO: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Defender An ... oval:org.secpod.oval:def:82013 This subcategory reports other logon/logoff-related events, such as Terminal Services session disconnects and reconnects, using RunAs to run processes under a different account, and locking and unlocking a workstation. Events for this subcategory include: ? 4649: A replay attack was detected. ? 4778 ... oval:org.secpod.oval:def:82012 This subcategory reports when a special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. Events for this subcategory include: ? 4964 : Special groups have been assigned to a new logon. Refer to the Microso ... oval:org.secpod.oval:def:82133 Disabling this setting disables server-side processing of the SMBv1 protocol. (Recommended.) Enabling this setting enables server-side processing of the SMBv1 protocol. (Default.) Changes to this setting require a reboot to take effect. For more information, see https://support.microsoft.com/kb/2 ... oval:org.secpod.oval:def:82132 Configures the SMB v1 client driver's start type. To disable client-side processing of the SMBv1 protocol, select the "Enabled" radio button, then select "Disable driver" from the dropdown. WARNING: DO NOT SELECT THE "DISABLED" RADIO BUTTON UNDER ANY CIRCUMSTANCES! For Windows 7 and Servers 2008, ... oval:org.secpod.oval:def:82010 This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SM ... oval:org.secpod.oval:def:82131 This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. If you enable this policy setting, network connectivity will be maintained in standby. If you disable this policy setting, network connectivity in standby is not guaranteed. This ... oval:org.secpod.oval:def:82138 This policy setting lets you turn off all Windows Spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimi ... oval:org.secpod.oval:def:82017 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including g ... oval:org.secpod.oval:def:82016 This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ... oval:org.secpod.oval:def:82137 This policy setting lets you prevent Windows from using diagnostic data to provide tailored experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device (this data may include browser, app and feature usage, depending on the "diagnostic data" set ... oval:org.secpod.oval:def:82136 If you enable this policy, Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips will no longer suggest apps and content from third-party software publishers. Users may still see suggestions and tips to make them more productive with Microsoft features a ... oval:org.secpod.oval:def:82015 The registry value entry SafeDllSearchMode was added to the template file in the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\Session Manager\ registry key. The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE. The DLL search order can be config ... oval:org.secpod.oval:def:82014 This policy setting turns off toast notifications on the lock screen. If you enable this policy setting, applications will not be able to raise toast notifications on the lock screen. If you disable or do not configure this policy setting, toast notifications on the lock screen are enabled and can ... oval:org.secpod.oval:def:82135 This policy setting lets you configure Windows spotlight on the lock screen. If you enable this policy setting, "Windows spotlight" will be set as the lock screen provider and users will not be able to modify their lock screen. "Windows spotlight" will display daily images from Microsoft on the loc ... oval:org.secpod.oval:def:82130 This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. If you enable this policy setting, network connectivity will be maintained in standby. If you disable this policy setting, network connectivity in standby is not guaranteed. This ... oval:org.secpod.oval:def:82009 This subcategory reports the loading of extension code such as authentication packages by the security subsystem. Events for this subcategory include: ? 4610: An authentication package has been loaded by the Local Security Authority. ? 4611: A trusted logon process has been registered with the Local ... oval:org.secpod.oval:def:82007 Determines if an anonymous user can request security identifier (SID) attributes for another user. oval:org.secpod.oval:def:82128 Enable or disable detection for potentially unwanted applications. You can choose to block, audit, or allow when potentially unwanted software is being downloaded or attempts to install itself on your computer. Enabled: Specify the mode in the Options section: -Block: Potentially unwanted software ... oval:org.secpod.oval:def:82123 Allow Windows Ink Workspace Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Ink Workspace\Allow Windows Ink Workspace (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsInkWorkspace!AllowWindowsInkWorkspace oval:org.secpod.oval:def:82121 Allow search and Cortana to search cloud sources like OneDrive and SharePoint Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cloud Search (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCloudSearch oval:org.secpod.oval:def:82120 Enable or disable Microsoft Defender Exploit Guard network protection to prevent employees from using any application to access dangerous domains that may host phishing scams, exploit-hosting sites, and other malicious content on the Internet. Enabled: Specify the mode in the Options section: -Blo ... oval:org.secpod.oval:def:82006 The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip \Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 i ... oval:org.secpod.oval:def:82127 Enable this policy to specify when to receive quality updates. You can defer receiving quality updates for up to 30 days. To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clea ... oval:org.secpod.oval:def:82126 Enable this policy to specify when to receive Feature Updates. Defer Updates | This enables devices to defer taking the next Feature Update available to your channel for up to 14 days for all the pre-release channels and up to 365 days for the Semi-Annual Channel. Or, if the device is updating from ... oval:org.secpod.oval:def:82005 This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this policy setting, users are not gi ... oval:org.secpod.oval:def:82125 Enable this policy to manage which updates you receive prior to the update being released to the world. Dev Channel Ideal for highly technical users. Insiders in the Dev Channel will receive builds from our active development branch that is earliest in a development cycle. These builds are not matc ... oval:org.secpod.oval:def:82124 Prevent users from making changes to the Exploit protection settings area in Windows Security. Enabled: Local users can not make changes in the Exploit protection settings area. Disabled: Local users are allowed to make changes in the Exploit protection settings area. Not configured: Same as D ... |
