Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Network List Service
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netprofm!Start
Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Hyper-V Guest Shutdown Service
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmicshutdown!Start
Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Remote Access Connection Manager
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ ...
The registry value entry DisableIPSourceRouting was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.
IP source routing is a mechanism that allows the sender to determine the IP route that a datagr ...
This policy setting determines whether packet signing is required by the SMB client component. If you enable this policy setting, the Microsoft network client computer cannot communicate with a Microsoft network server unless that server agrees to sign SMB packets. In mixed environments with legacy client computers, set this option to Disabled because these computers will not be able to authentica ...
Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Windows Font Cache Service
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontC ...
Creates, manages, and removes X.509 certificates for applications such as S/MIME and SSL. If this service is stopped, certificates will not be created. If this service is disabled, any services that explicitly depend on it will fail to start.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services!Active Directory Certificate Services
(2) REG: HKEY_LOCAL_MACHINE\ ...
This subcategory reports changes in audit policy including SACL changes. Events for this subcategory include:
? 4715: The audit policy (SACL) on an object was changed.
? 4719: System audit policy was changed.
? 4902: The Per-user audit policy table was created.
? 4904: An attempt was made to register a security event source.
? 4905: An attempt was made to unregister a security event source.
? 4906 ...
This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
This policy setting allows a process to assume the identity of a ...