This setting determines whether the LDAP server (Domain Controller) enforces
validation of Channel Binding Tokens (CBT) received in LDAP bind requests that are sent over SSL/TLS (i.e. LDAPS).
For more information, see https://support.microsoft.com/help/4034879 .
Some important points:
* Before configuring this setting to "Enabled, always," all clients must have installed the security update desc ...
This security setting determines whether passwords must meet complexity requirements.
If this policy is enabled, passwords must meet the following minimum requirements:
Not contain the users account name or parts of the users full name that exceed two consecutive characters
* Be at least six characters in length
* Contain characters from three of the following four categories:
* English uppercas ...
Disabling this setting turns off search highlights in the taskbar search box and in search home. Enabling or not configuring this setting turns on search highlights in the taskbar search box and in search home.
Fix:
(1) GPO: Computer Configuration/Administrative Templates/Windows Components/Search/Allow search highlights
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows ...
This policy setting specifies if the Domain Name System (DNS) client will perform name
resolution over Network Basic Input-Output System (NetBIOS). NetBIOS is a legacy name resolution method for internal Microsoft networking that predates the use of DNS for that purpose (Pre-Active Directory). Some legacy applications still require the use of NetBIOS for full functionality.
Fix:
(1) GPO: Computer ...
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
Counter Measure:
Configure the MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) entry to a value of Highest protection, source routing is completely disabled.
The possible values for this registry entry are:
? 0, 1, or 2. The default ...
This policy setting controls which protocols incoming Remote Procedure Call (RPC) connections to the print spooler are allowed to use.The recommended state for this setting is: Enabled: RPC over TCP.Fix:(1) GPO: Computer Configuration\Policies\Administrative Templates\Printers\Configure RPC listener settings: Configure protocol options for incoming RPC connections(2) REG: HKEY_LOCAL_MACHINE\SOFTWA ...
This policy setting manages how queue-specific files are processed during printer installation. At printer installation time, a vendor-supplied installation application can specify a set of files, of any type, to be associated with a particular print queue. The files are downloaded to each client that connects to the print server.The recommended state for this setting is: Enabled: Limit Queue-spec ...
This policy allows you to audit the group membership information in the user logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated ...
This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy.
Counter Measure:
Disable this setting to override firewall rules created locally by administrators.
Potential Impact:
If you configure this setting to No, administrators can still create firewall rules, but the ...