This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in the security database the passwords can be compromised if the security database is attacked.
Defau ...
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.
This policy setting allows users to dynamically load a new device driver on a system. An attacker could potentially use this capability to install malicious code that appears to be a device driver. This user right is required for users to add local printers or printer drivers in Windows Vista.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be eithe ...
This setting allows to remove access to "Pause updates" feature.
Once enabled user access to pause updates is removed.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\Remove access to "Pause updates" feature
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate!SetDisablePauseUXAccess