| NaN |
Version: 5.20120314 |
NaN |
NaN |
NaN |
NaN |
| CCE ID |
CCE Description |
CCE Parameters |
CCE Technical Mechanisms |
|
Microsoft Security Compliance Manager (SCM) Baselines and Settings Packs |
| CCE-12007-1 |
The "6to4 Relay Name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 Relay Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12009-7 |
The "6to4 Relay Name Resolution Interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 Relay Name Resolution Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11356-3 |
The "6to4 State" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12287-9 |
The "ActiveX installation policy for sites in Trusted zones" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\ActiveX installation policy for sites in Trusted zones HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11699-6 |
The "Add Printer wizard - Network scan page (Managed network)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Add Printer wizard - Network scan page (Managed network) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\Wizard |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11325-8 |
The "Add Printer wizard - Network scan page (Unmanaged network)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Add Printer wizard - Network scan page (Unmanaged network) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\Wizard |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11456-1 |
The "Add the Administrators security group to roaming user profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Add the Administrators security group to roaming user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11163-3 |
The "Administratively assigned offline files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Administratively assigned offline files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11762-2 |
The "All Removable Storage classes: Deny all access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage classes: Deny all access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11585-7 |
The "All Removable Storage: Allow direct access in remote sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage: Allow direct access in remote sessions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10982-7 |
The "Allow .rdp files from unknown publishers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Allow .rdp files from unknown publishers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11350-6 |
The "Allow .rdp files from valid publishers and user's default .rdp settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Allow .rdp files from valid publishers and user's default .rdp settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11465-2 |
The "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Allow access to BitLocker-protected fixed data drives from earlier versions of Windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11636-8 |
The "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Allow access to BitLocker-protected removable data drives from earlier versions of Windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10520-5 |
The "Allow admin to install from Remote Desktop Services session" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Allow admin to install from Remote Desktop Services session HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10446-3 |
The "Allow administrators to override Device Installation Restriction policies" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Allow administrators to override Device Installation Restriction policies HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11674-9 |
The "Allow Applications to Prevent Automatic Sleep (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Applications to Prevent Automatic Sleep (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11835-6 |
The "Allow Applications to Prevent Automatic Sleep (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Applications to Prevent Automatic Sleep (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12885-0 |
The "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11359-7 |
The "Allow audio and video playback redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow audio and video playback redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11228-4 |
The "Allow audio recording redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow audio recording redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11381-1 |
The "Allow automatic configuration of listeners" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow automatic configuration of listeners HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10584-1 |
The "Allow Automatic Sleep with Open Network Files (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Automatic Sleep with Open Network Files (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11514-7 |
The "Allow Automatic Sleep with Open Network Files (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Automatic Sleep with Open Network Files (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11537-8 |
The "Allow Automatic Updates immediate installation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow Automatic Updates immediate installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10454-7 |
The "Allow Basic authentication" machine setting should be configured correctly for the WinRM client. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow Basic authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11131-0 |
The "Allow Basic authentication" machine setting should be configured correctly for the WinRM service. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow Basic authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11216-9 |
The "Allow BITS Peercaching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11906-5 |
The "Allow certificates with no extended key usage certificate attribute" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11539-4 |
The "Allow Corporate redirection of Customer Experience Improvement uploads" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Customer Experience Improvement Program\Allow Corporate redirection of Customer Experience Improvement uploads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12032-9 |
The "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM client. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow CredSSP authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11306-8 |
The "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM service. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow CredSSP authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13723-2 |
The "Allow Cross-Forest User Policy and Roaming User Profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Allow Cross-Forest User Policy and Roaming User Profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11972-7 |
The "Allow cryptography algorithms compatible with Windows NT 4.0" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Allow cryptography algorithms compatible with Windows NT 4.0 HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10397-8 |
The "Allow Delegating Default Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Default Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10648-4 |
The "Allow Delegating Default Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Default Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11223-5 |
The "Allow Delegating Fresh Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Fresh Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10968-6 |
The "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Fresh Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10440-6 |
The "Allow Delegating Saved Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Saved Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12094-9 |
The "Allow Delegating Saved Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Saved Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12042-8 |
The "Allow desktop composition for remote desktop sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Allow desktop composition for remote desktop sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11379-5 |
The "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11188-0 |
The "Allow domain users to log on using biometrics" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow domain users to log on using biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11455-3 |
The "Allow ECC certificates to be used for logon and authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow ECC certificates to be used for logon and authentication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10612-0 |
The "Allow enhanced PINs for startup" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Allow enhanced PINs for startup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10532-0 |
The "Allow Enhanced Storage certificate provisioning" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Allow Enhanced Storage certificate provisioning HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10675-7 |
The "Allow installation of devices that match any of these device IDs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Allow installation of devices that match any of these device IDs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11822-4 |
The "Allow installation of devices using drivers that match these device setup classes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Allow installation of devices using drivers that match these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11250-8 |
The "Allow Integrated Unblock screen to be displayed at the time of logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow Integrated Unblock screen to be displayed at the time of logon HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11201-1 |
The "Allow local activation security check exemptions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Distributed COM\Application Compatibility Settings\Allow local activation security check exemptions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11330-8 |
The "Allow logon scripts when NetBIOS or WINS is disabled" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Allow logon scripts when NetBIOS or WINS is disabled HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12004-8 |
The "Allow non-administrators to install drivers for these device setup classes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10383-8 |
The "Allow non-administrators to receive update notifications" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow non-administrators to receive update notifications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10946-2 |
The "Allow only system backup" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Allow only system backup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11081-7 |
The "Allow only USB root hub connected Enhanced Storage devices" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Allow only USB root hub connected Enhanced Storage devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11249-0 |
The "Allow only Vista or later connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Allow only Vista or later connections HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10947-0 |
The "Allow or Disallow use of the Offline Files feature" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Allow or Disallow use of the Offline Files feature HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11912-3 |
The "Allow Print Spooler to accept client connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Allow Print Spooler to accept client connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11104-7 |
The "Allow printers to be published" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Allow printers to be published HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11704-4 |
The "Allow pruning of published printers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Allow pruning of published printers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11248-2 |
The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Allow remote access to the Plug and Play interface HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11860-4 |
The "Allow Remote Shell Access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Allow Remote Shell Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12066-7 |
The "Allow remote start of unlisted programs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow remote start of unlisted programs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11784-6 |
The "Allow restore of system to default state" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Recovery\Allow restore of system to default state HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11398-5 |
The "Allow signature keys valid for Logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow signature keys valid for Logon HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11428-0 |
The "Allow signed updates from an intranet Microsoft update service location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow signed updates from an intranet Microsoft update service location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11837-2 |
The "Allow Standby States (S1-S3) When Sleeping (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11714-3 |
The "Allow Standby States (S1-S3) When Sleeping (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10854-8 |
The "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Network Access Protection\Allow the Network Access Protection client to support the 802.1x Enforcement Client component HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Qecs\79620 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11545-1 |
The "Allow the use of biometrics" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow the use of biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11213-6 |
The "Allow time invalid certificates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow time invalid certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11427-2 |
The "Allow time zone redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow time zone redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11954-5 |
The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM client. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11290-4 |
The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM service. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10713-6 |
The "Allow user name hint" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow user name hint HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11867-9 |
The "Allow users to connect remotely using Remote Desktop Services" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow users to connect remotely using Remote Desktop Services HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10455-4 |
The "Allow users to log on using biometrics" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow users to log on using biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12401-6 |
The "Always install with elevated privileges" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Always install with elevated privileges HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11299-5 |
The "Always prompt for password upon connection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Always prompt for password upon connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11478-5 |
The "Always render print jobs on the server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Always render print jobs on the server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11015-5 |
The "Always show desktop on connection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Always show desktop on connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11256-5 |
The "Always use classic logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Always use classic logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11499-1 |
The "Always use custom logon background" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Always use custom logon background HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12164-0 |
The "Always wait for the network at computer startup and logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11166-6 |
The "Apply policy to removable media" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Apply policy to removable media HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11594-9 |
The "Apply the default user logon picture to all users" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Control Panel\User Accounts\Apply the default user logon picture to all users HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11433-0 |
The "Approved Installation Sites for ActiveX Controls" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AxInstaller |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11133-6 |
The "Assign a default domain for logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Assign a default domain for logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11511-3 |
The "Automated Site Coverage by the DC Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Automated Site Coverage by the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11039-5 |
The "Automatic reconnection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Automatic reconnection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11761-4 |
The "Automatic Updates detection frequency" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Automatic Updates detection frequency HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11237-5 |
The "Background upload of a roaming user profile's registry file while user is logged on" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Background upload of a roaming user profile's registry file while user is logged on HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11890-1 |
The "Backup log automatically when full" machine setting should be configured correctly for the application log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11400-9 |
The "Backup log automatically when full" machine setting should be configured correctly for the security log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11138-5 |
The "Backup log automatically when full" machine setting should be configured correctly for the setup log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12204-4 |
The "Backup log automatically when full" machine setting should be configured correctly for the system log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11345-6 |
The "Baseline file cache maximum size" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Baseline file cache maximum size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12036-0 |
The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11663-2 |
The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10975-1 |
The "Best effort service type" link layer (Layer-2) priority value should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11092-4 |
The "Cache transforms in secure location on workstation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Cache transforms in secure location on workstation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12092-3 |
The "CD and DVD: Deny execute access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11847-1 |
The "CD and DVD: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10724-3 |
The "CD and DVD: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10771-4 |
The "Check for New Signatures Before Scheduled Scans" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Check for New Signatures Before Scheduled Scans HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Scan |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11185-6 |
The "Check published state" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Check published state HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11423-1 |
The "Choose default folder for recovery password" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose default folder for recovery password HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11829-9 |
The "Choose drive encryption method and cipher strength" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11273-0 |
The "Choose how BitLocker-protected fixed drives can be recovered" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Choose how BitLocker-protected fixed drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12060-0 |
The "Choose how BitLocker-protected operating system drives can be recovered" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Choose how BitLocker-protected operating system drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11973-5 |
The "Choose how BitLocker-protected removable drives can be recovered" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Choose how BitLocker-protected removable drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10583-3 |
The "Communities" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\SNMP\Communities HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\ValidCommunities |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11177-3 |
The "Computer location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Computer location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11242-5 |
The "Configuration of wireless settings using Windows Connect Now" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11287-0 |
The "Configure Applications preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Applications preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10749-0 |
The "Configure Automatic Updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10511-4 |
The "Configure Background Sync" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Configure Background Sync HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11275-5 |
The "Configure BranchCache for network files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\BranchCache\Configure BranchCache for network files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10483-6 |
The "Configure Corporate Windows Error Reporting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Corporate Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10485-1 |
The "Configure Corrupted File Recovery Behavior" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Corrupted File Recovery\Configure Corrupted File Recovery Behavior HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11321-7 |
The "Configure Data Sources preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Data Sources preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11575-8 |
The "Configure Default consent" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Configure Default consent HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12057-6 |
The "Configure device installation time-out" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Configure device installation time-out HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14026-9 |
The "Configure Devices preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Devices preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11527-9 |
The "Configure Drive Maps preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Drive Maps preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12910-6 |
The "Configure Environment preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Environment preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12822-3 |
The "Configure Files preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Files preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12974-2 |
The "Configure Folder Options preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Folder Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11935-4 |
The "Configure Folders preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Folders preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12948-6 |
The "Configure Ini Files preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Ini Files preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11522-0 |
The "Configure Internet Settings preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Internet Settings preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11194-8 |
The "Configure keep-alive connection interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Configure keep-alive connection interval HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11418-1 |
The "Configure list of Enhanced Storage devices usable on your computer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Configure list of Enhanced Storage devices usable on your computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10797-9 |
The "Configure list of IEEE 1667 silos usable on your computer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Configure list of IEEE 1667 silos usable on your computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12051-9 |
The "Configure Local Users and Groups preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Local Users and Groups preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11638-4 |
The "Configure Microsoft SpyNet Reporting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft SpyNet Reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SpyNet |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11332-4 |
The "Configure minimum PIN length for startup" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure minimum PIN length for startup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11305-0 |
The "Configure MSI Corrupted File Recovery Behavior" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery\Configure MSI Corrupted File Recovery Behavior HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11144-3 |
The "Configure Network Options preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Network Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13026-0 |
The "Configure Network Shares preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Network Shares preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11881-0 |
The "Configure Power Options preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Power Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12806-6 |
The "Configure Printers preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Printers preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10563-5 |
The "Configure RD Connection Broker farm name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Configure RD Connection Broker farm name HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11132-8 |
The "Configure RD Connection Broker server name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Configure RD Connection Broker server name HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12147-5 |
The "Configure Regional Options preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Regional Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13691-1 |
The "Configure Registry preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Registry preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11971-9 |
The "Configure Reliability WMI Providers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Reliability Analysis\Configure Reliability WMI Providers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11962-8 |
The "Configure Report Archive" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Report Archive HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11861-2 |
The "Configure Report Queue" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Report Queue HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11646-7 |
The "Configure root certificate clean up" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Configure root certificate clean up HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertProp |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12038-6 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Fault Tolerant Heap . |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Fault Tolerant Heap\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11210-2 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Boot Performance Diagnostics. |
Disabled/Detection and Troubleshooting Only/Detection, Troubleshooting and Resolution |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11484-3 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Memory Leak Diagnosis. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10616-1 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Resource Exhaustion Detection and Resolution. |
Disabled/Detection and Troubleshooting Only/Detection, Troubleshooting and Resolution |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10626-0 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Shutdown Performance Diagnostics. |
Disabled/Detection and Troubleshooting Only/Detection, Troubleshooting and Resolution |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11054-4 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Standby/Resume Performance Diagnostics. |
Disabled/Detection and Troubleshooting Only/Detection, Troubleshooting and Resolution |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11966-9 |
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows System Responsiveness Diagnostics. |
Disabled/Detection and Troubleshooting Only/Detection, Troubleshooting and Resolution |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13753-9 |
The "Configure Scheduled Tasks preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Scheduled Tasks preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11106-2 |
The "Configure Security Policy for Scripted Diagnostics" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Configure Security Policy for Scripted Diagnostics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11494-2 |
The Remote Desktop Connection Client "Configure server authentication for client" machine setting should be configured correctly. |
Always connect, even if authentication fails/Warn me if authentication fails/Do not connect if authentication fails |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Configure server authentication for client HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12116-0 |
The "Configure Services preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Services preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14699-3 |
The "Configure Shortcuts preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Shortcuts preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12002-2 |
The "Configure slow-link mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Configure slow-link mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12226-7 |
The "Configure Start Menu preference logging and tracing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Start Menu preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10870-4 |
The "Configure the list of blocked TPM commands" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Configure the list of blocked TPM commands HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10994-2 |
The "Configure the refresh interval for Server Manager" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Server Manager\Configure the refresh interval for Server Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\ServerManager |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11673-1 |
The "Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Forwarding\Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11809-1 |
The "Configure TPM platform validation profile" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure TPM platform validation profile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12237-4 |
The "Configure use of passwords for fixed data drives" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Configure use of passwords for fixed data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10422-4 |
The "Configure use of passwords for removable data drives" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of passwords for removable data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11239-1 |
The "Configure use of smart cards on fixed data drives" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Configure use of smart cards on fixed data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12336-4 |
The "Configure use of smart cards on removable data drives" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of smart cards on removable data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11856-2 |
The "Configure Windows NTP Client" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11328-2 |
The "Contact PDC on logon failure" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Contact PDC on logon failure HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11377-9 |
The "Control use of BitLocker on removable drives" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Control use of BitLocker on removable drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10558-5 |
The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11393-6 |
The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) should be configured correctly for packets that do not conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10315-0 |
The "Controlled load service type" link layer (Layer-2) priority value should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11399-3 |
The "Corporate DNS Probe Host Address" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate DNS Probe Host Address HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10891-0 |
The "Corporate DNS Probe Host Name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate DNS Probe Host Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11600-4 |
The "Corporate Site Prefix List" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate Site Prefix List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12005-5 |
The "Corporate Website Probe URL" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate Website Probe URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11279-7 |
The "Critical Battery Notification Action" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Critical Battery Notification Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11438-9 |
The "Critical Battery Notification Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Critical Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11370-4 |
The "Custom Classes: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Custom Classes: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10718-5 |
The "Custom Classes: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Custom Classes: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11703-6 |
The "Customize consent settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Customize consent settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11554-3 |
The "Customize Warning Messages" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Customize Warning Messages HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11083-3 |
The "DC Locator DNS records not registered by the DCs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\DC Locator DNS records not registered by the DCs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11431-4 |
The "Default behavior for AutoRun" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Default behavior for AutoRun HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11601-2 |
The "Default quota limit and warning level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Default quota limit and warning level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11718-4 |
The "Define Activation Security Check exemptions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Distributed COM\Application Compatibility Settings\Define Activation Security Check exemptions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12137-6 |
The "Define host name-to-Kerberos realm mappings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Kerberos\Define host name-to-Kerberos realm mappings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10868-8 |
The "Define interoperable Kerberos V5 realm settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Kerberos\Define interoperable Kerberos V5 realm settings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11534-5 |
The "Delay Restart for scheduled installations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Delay Restart for scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11955-2 |
The "Delete cached copies of roaming profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10613-8 |
The "Delete data from devices running Microsoft firmware when a user logs off from the computer." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Delete data from devices running Microsoft firmware when a user logs off from the computer. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShow |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11349-8 |
The "Delete user profiles older than a specified number of days on system restart" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Delete user profiles older than a specified number of days on system restart HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12399-2 |
The "Deny Delegating Default Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Default Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11281-3 |
The "Deny Delegating Fresh Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Fresh Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11231-8 |
The "Deny Delegating Saved Credentials" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Saved Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11615-2 |
The "Deny write access to fixed drives not protected by BitLocker" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Deny write access to fixed drives not protected by BitLocker HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11142-7 |
The "Deny write access to removable drives not protected by BitLocker" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11234-2 |
The "Detect application failures caused by deprecated COM objects" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application failures caused by deprecated COM objects HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11688-9 |
The "Detect application failures caused by deprecated Windows DLLs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application failures caused by deprecated Windows DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10784-7 |
The "Detect application install failures" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application install failures HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10569-2 |
The "Detect application installers that need to be run as administrator" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application installers that need to be run as administrator HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11885-1 |
The "Detect applications unable to launch installers under UAC" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect applications unable to launch installers under UAC HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11241-7 |
The "Diagnostics: Configure scenario execution level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Diagnostics: Configure scenario execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11611-1 |
The "Diagnostics: Configure scenario retention" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Diagnostics: Configure scenario retention HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12047-7 |
The "Directory pruning interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Directory pruning interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11129-4 |
The "Directory pruning priority" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Directory pruning priority HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10477-8 |
The "Directory pruning retry" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Directory pruning retry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11705-1 |
The "Disable binding directly to IPropertySetStorage without intermediate layers." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Disable binding directly to IPropertySetStorage without intermediate layers. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11824-0 |
The "Disable delete notifications on all volumes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\Disable delete notifications on all volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10343-2 |
The "Disable IE security prompt for Windows Installer scripts" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable IE security prompt for Windows Installer scripts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11621-0 |
The "Disable Logging" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11094-0 |
The "Disable logging via package settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable logging via package settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12332-3 |
The "Disable or enable software Secure Attention Sequence" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Disable or enable software Secure Attention Sequence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11547-7 |
The "Disable password strength validation for Peer Grouping" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11017-1 |
The "Disable remote Desktop Sharing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\NetMeeting\Disable remote Desktop Sharing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Conferencing |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12376-0 |
The "Disable text prediction" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Disable text prediction HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11708-5 |
The "Disable Windows Error Reporting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10972-8 |
The "Disable Windows Installer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable Windows Installer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10899-3 |
The "Disallow changing of geographic location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Locale Services\Disallow changing of geographic location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12266-3 |
The "Disallow Digest authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Digest authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12168-1 |
The "Disallow Interactive Users from generating Resultant Set of Policy data" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Disallow Interactive Users from generating Resultant Set of Policy data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11697-0 |
The "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM client. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Kerberos authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11149-2 |
The "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM service. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Disallow Kerberos authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11497-5 |
The "Disallow locally attached storage as backup target" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow locally attached storage as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11756-4 |
The "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM client. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Negotiate authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12295-2 |
The "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM service. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Disallow Negotiate authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11908-1 |
The "Disallow network as backup target" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow network as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11797-8 |
The "Disallow optical media as backup target" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow optical media as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11681-4 |
The "Disallow run-once backups" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow run-once backups HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11327-4 |
The "Disallow selection of Custom Locales" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Locale Services\Disallow selection of Custom Locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11420-7 |
The "Disallow user override of locale settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Locale Services\Disallow user override of locale settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12166-5 |
The "Disk Diagnostic: Configure custom alert text" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Disk Diagnostic\Disk Diagnostic: Configure custom alert text HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11922-2 |
The "Disk Diagnostic: Configure execution level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Disk Diagnostic\Disk Diagnostic: Configure execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12073-3 |
The "Disk Quota policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Disk Quota policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11125-2 |
The "Display a custom message title when device installation is prevented by a policy setting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Display a custom message title when device installation is prevented by a policy setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12020-4 |
The "Display a custom message when installation is prevented by a policy setting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Display a custom message when installation is prevented by a policy setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11410-8 |
The "Display information about previous logons during user logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Display information about previous logons during user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11444-7 |
The "Display Shutdown Event Tracker" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Display Shutdown Event Tracker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Reliability |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11362-1 |
The "Display string when smart card is blocked" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Display string when smart card is blocked HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11834-9 |
The "DNS Suffix Search List" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\DNS Suffix Search List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11341-5 |
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11785-3 |
The "Do not allow adding new targets via manual configuration" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow adding new targets via manual configuration HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10996-7 |
The "Do not allow additional session logins" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\General iSCSI\Do not allow additional session logins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11127-8 |
The "Do not allow changes to initiator CHAP secret" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow changes to initiator CHAP secret HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11285-4 |
The "Do not allow changes to initiator iqn name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\General iSCSI\Do not allow changes to initiator iqn name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12056-8 |
The "Do not allow client printer redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Do not allow client printer redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11303-5 |
The "Do not allow clipboard redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow clipboard redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11448-8 |
The "Do not allow color changes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Window Frame Coloring\Do not allow color changes HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10600-5 |
The "Do not allow COM port redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow COM port redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11425-6 |
The "Do not allow compression on all NTFS volumes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Do not allow compression on all NTFS volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11277-1 |
The "Do not allow connections without IPSec" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow connections without IPSec HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11352-2 |
The "Do not allow desktop composition" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow desktop composition HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11098-1 |
The "Do not allow Digital Locker to run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Digital Locker\Do not allow Digital Locker to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Digital Locker |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11709-3 |
The "Do not allow drive redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow drive redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11284-7 |
The "Do not allow encryption on all NTFS volumes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Do not allow encryption on all NTFS volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10353-1 |
The "Do not allow Flip3D invocation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow Flip3D invocation HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11664-0 |
The "Do not allow font smoothing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Do not allow font smoothing HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12159-0 |
The "Do not allow local administrators to customize permissions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Do not allow local administrators to customize permissions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11623-6 |
The "Do not allow LPT port redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow LPT port redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12170-7 |
The "Do not allow manual configuration of discovered targets" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of discovered targets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11852-1 |
The "Do not allow manual configuration of iSNS servers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of iSNS servers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12045-1 |
The "Do not allow manual configuration of target portals" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of target portals HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11316-7 |
The "Do not allow non-Enhanced Storage removable devices" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Do not allow non-Enhanced Storage removable devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12040-2 |
The "Do not allow password authentication of Enhanced Storage devices" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Do not allow password authentication of Enhanced Storage devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11905-7 |
The "Do not allow passwords to be saved" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Do not allow passwords to be saved HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11531-1 |
The "Do not allow printing to Journal Note Writer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow printing to Journal Note Writer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11232-6 |
The "Do not allow sessions without mutual CHAP" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow sessions without mutual CHAP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11486-8 |
The "Do not allow sessions without one way CHAP" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow sessions without one way CHAP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11517-0 |
The "Do not allow smart card device redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card device redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11390-2 |
The "Do not allow Snipping Tool to run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow Snipping Tool to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11387-8 |
The "Do not allow Sound Recorder to run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Sound Recorder\Do not allow Sound Recorder to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SoundRecorder |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11128-6 |
The "Do not allow supported Plug and Play device redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow supported Plug and Play device redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11991-7 |
The "Do not allow the BITS client to use Windows Branch Cache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the BITS client to use Windows Branch Cache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11353-0 |
The "Do not allow the computer to act as a BITS Peercaching client" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the computer to act as a BITS Peercaching client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11870-3 |
The "Do not allow the computer to act as a BITS Peercaching server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the computer to act as a BITS Peercaching server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10861-3 |
The "Do not allow window animations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow window animations HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11342-3 |
The "Do not allow Windows Journal to be run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow Windows Journal to be run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12192-1 |
The "Do not allow Windows Media Center to run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Center\Do not allow Windows Media Center to run HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaCenter |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10872-0 |
The "Do not allow Windows Messenger to be run" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be run HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11794-5 |
The "Do not automatically encrypt files moved to encrypted folders" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Do not automatically encrypt files moved to encrypted folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10773-0 |
The "Do not automatically start Windows Messenger initially" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not automatically start Windows Messenger initially HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11172-4 |
The "Do not check for user ownership of Roaming Profile Folders" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Do not check for user ownership of Roaming Profile Folders HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12046-9 |
The "Do not delete temp folder upon exit" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders\Do not delete temp folder upon exit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11898-4 |
The "Do not detect slow network connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Do not detect slow network connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10819-1 |
The "Do not display Initial Configuration Tasks window automatically at logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Server Manager\Do not display Initial Configuration Tasks window automatically at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10299-6 |
The "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11872-9 |
The "Do not display Manage Your Server page at logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Do not display Manage Your Server page at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11282-1 |
The "Do not display Server Manager automatically at logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Server Manager\Do not display Server Manager automatically at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\ServerManager |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11603-8 |
The "Do not forcefully unload the users registry at user logoff" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Do not forcefully unload the users registry at user logoff HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10837-3 |
The "Do not log users on with temporary profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Do not log users on with temporary profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10320-0 |
The "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11245-8 |
The "Do not process the legacy run list" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Do not process the legacy run list HKEY_LOCAL_MACHINE\ |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11992-5 |
The "Do not process the run once list" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Do not process the run once list HKEY_LOCAL_MACHINE\ |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12274-7 |
The "Do not send a Windows error report when a generic driver is installed on a device" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11584-0 |
The "Do not send additional data" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional data HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10572-6 |
The "Do not set default client printer to be default printer in a session" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Do not set default client printer to be default printer in a session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11596-4 |
The "Do Not Show First Use Dialog Boxes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10355-6 |
The "Do not show the "local access only" network icon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connections\Do not show the "local access only" network icon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10806-8 |
The "Do not turn off system power after a Windows system shutdown has occurred." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Do not turn off system power after a Windows system shutdown has occurred. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11178-1 |
The "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Do not use Remote Desktop Session Host server IP address when virtual IP address is not available HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10669-0 |
The "Do not use temporary folders per session" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders\Do not use temporary folders per session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11849-7 |
The "Domain Controller Address Type Returned" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Domain Controller Address Type Returned HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10842-3 |
The "Domain Location Determination URL" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Domain Location Determination URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11913-1 |
The "Don't set the always do this checkbox" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Don't set the always do this checkbox HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11217-7 |
The "Download missing COM components" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Download missing COM components HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\App Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11318-3 |
The "Dynamic Registration of the DC Locator DNS Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Dynamic Registration of the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11209-4 |
The "Dynamic Update" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Dynamic Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11058-5 |
The "EFS recovery policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\EFS recovery policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11917-2 |
The "Enable client-side targeting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Enable client-side targeting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11198-9 |
The "Enable disk quotas" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Enable disk quotas HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10568-4 |
The "Enable NTFS pagefile encryption" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Enable NTFS pagefile encryption HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11261-5 |
The "Enable Persistent Time Stamp" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enable Persistent Time Stamp HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Reliability |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11369-6 |
The "Enable Transparent Caching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Enable Transparent Caching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10906-6 |
The "Enable user control over installs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user control over installs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10866-2 |
The "Enable user to browse for source while elevated" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to browse for source while elevated HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10965-2 |
The "Enable user to patch elevated products" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to patch elevated products HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11844-8 |
The "Enable user to use media source while elevated" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to use media source while elevated HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11057-7 |
The "Enable Windows NTP Client" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11873-7 |
The "Enable Windows NTP Server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11889-3 |
The "Enable/Disable PerfTrack" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11088-2 |
The "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10894-4 |
The "Encrypt the Offline Files cache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Encrypt the Offline Files cache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11593-1 |
The "Enforce disk quota limit" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Enforce disk quota limit HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12058-4 |
The "Enforce Removal of Remote Desktop Wallpaper" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Enforce Removal of Remote Desktop Wallpaper HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11434-8 |
The "Enforce upgrade component rules" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enforce upgrade component rules HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11450-4 |
The "Enumerate administrator accounts on elevation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Enumerate administrator accounts on elevation HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11746-5 |
The "Events.asp program" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11152-6 |
The "Events.asp program command line parameters" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program command line parameters HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11964-4 |
The "Events.asp URL" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11460-3 |
The "Exclude credential providers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Exclude credential providers HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11137-7 |
The "Exclude files from being cached" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Exclude files from being cached HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10864-7 |
The "Execute print drivers in isolated processes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Execute print drivers in isolated processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10624-5 |
The "Expected dial-up delay on logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Expected dial-up delay on logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11976-8 |
The "Extend Point and Print connection to search Windows Update" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11075-9 |
The "Filter duplicate logon certificates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Filter duplicate logon certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10973-6 |
The "Final DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Final DC Discovery Retry Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12010-5 |
The "Floppy Drives: Deny execute access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11411-6 |
The "Floppy Drives: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12142-6 |
The "Floppy Drives: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12115-2 |
The "Folder Redirection policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Folder Redirection policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11643-4 |
The "For tablet pen input, don’t show the Input Panel icon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\For tablet pen input, don’t show the Input Panel icon HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11322-5 |
The "For touch input, don’t show the Input Panel icon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\For touch input, don’t show the Input Panel icon HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11821-6 |
The "Force Rediscovery Interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Force Rediscovery Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11180-7 |
The "Force selected system UI language to overwrite the user UI language" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Force selected system UI language to overwrite the user UI language HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11297-9 |
The "Force the reading of all certificates from the smart card" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Force the reading of all certificates from the smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11402-5 |
The "ForwarderResourceUsage" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Forwarding\ForwarderResourceUsage HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwarding |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11543-6 |
The "Global Configuration Settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Windows Time Service\Global Configuration Settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\Config |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11995-8 |
The "Group Policy refresh interval for computers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Group Policy refresh interval for computers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11520-4 |
The "Group Policy refresh interval for domain controllers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Group Policy refresh interval for domain controllers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12121-0 |
The "Group Policy slow link detection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Group Policy slow link detection HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10863-9 |
The "Guaranteed service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11634-3 |
The "Guaranteed service type" Layer-3 Differentiated Services Code Point should be configured correctly for packets that do not conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11269-8 |
The "Guaranteed service type" link layer (Layer-2) priority value should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11440-5 |
The "Hash Publication for BranchCache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Lanman Server\Hash Publication for BranchCache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanServer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11848-9 |
The "Hide entry points for Fast User Switching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Hide entry points for Fast User Switching HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11401-7 |
The "Hide notifications about RD Licensing problems that affect the RD Session Host server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Hide notifications about RD Licensing problems that affect the RD Session Host server HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11778-8 |
The "Hide previous versions list for local files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions list for local files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10846-4 |
The "Hide previous versions list for remote files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions list for remote files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12067-5 |
The "Hide previous versions of files on backup location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions of files on backup location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12120-2 |
The "Ignore custom consent settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Ignore custom consent settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10660-9 |
The "Ignore Delegation Failure" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\Ignore Delegation Failure HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11998-2 |
The "Ignore the default list of blocked TPM commands" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Ignore the default list of blocked TPM commands HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPM\BlockedCommands |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11491-8 |
The "Ignore the local list of blocked TPM commands" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Ignore the local list of blocked TPM commands HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPM\BlockedCommands |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11008-0 |
The "Include rarely used Chinese, Kanji, or Hanja characters" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Include rarely used Chinese, Kanji, or Hanja characters HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10703-7 |
The "Initial DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Initial DC Discovery Retry Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12085-7 |
The "Internet Explorer Maintenance policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11110-4 |
The "IP Security policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\IP Security policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10832-4 |
The "IP-HTTPS State" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\IP-HTTPS State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10712-8 |
The "ISATAP Router Name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP Router Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11141-9 |
The "ISATAP State" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12215-0 |
The "Join RD Connection Broker" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Join RD Connection Broker HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11344-9 |
The "Leave Windows Installer and Group Policy Software Installation Data" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Leave Windows Installer and Group Policy Software Installation Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11656-6 |
The "License server security group" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing\License server security group HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11473-6 |
The "Limit audio playback quality" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Limit audio playback quality HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11266-4 |
The "Limit disk space used by offline files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Limit disk space used by offline files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11464-5 |
The "Limit maximum color depth" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum color depth HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11769-7 |
The "Limit maximum display resolution" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum display resolution HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11147-6 |
The "Limit maximum number of monitors" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum number of monitors HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11047-8 |
The "Limit number of connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12043-6 |
The "Limit outstanding packets" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Limit outstanding packets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11864-6 |
The "Limit reservable bandwidth" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Limit reservable bandwidth HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11726-7 |
The "Limit the age of files in the BITS Peercache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11710-1 |
The "Limit the BITS Peercache size" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12104-6 |
The "Limit the maximum BITS job download time" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum BITS job download time HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11752-3 |
The "Limit the maximum network bandwidth used for Peercaching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth used for Peercaching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11570-9 |
The "Limit the maximum number of BITS jobs for each user" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of BITS jobs for each user HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11407-4 |
The "Limit the maximum number of BITS jobs for this computer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of BITS jobs for this computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11707-7 |
The "Limit the maximum number of files allowed in a BITS job" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of files allowed in a BITS job HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10702-9 |
The "Limit the maximum number of ranges that can be added to the file in a BITS job" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of ranges that can be added to the file in a BITS job HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11445-4 |
The "Limit the size of the entire roaming user profile cache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Limit the size of the entire roaming user profile cache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11900-8 |
The "List of applications to be excluded" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\List of applications to be excluded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11988-3 |
The "Location of the DCs hosting a domain with single label DNS name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Location of the DCs hosting a domain with single label DNS name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11314-2 |
The "Lock Enhanced Storage when the computer is locked" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Lock Enhanced Storage when the computer is locked HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11219-3 |
The "Log Access" machine setting should be configured correctly for the application log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11690-5 |
The "Log Access" machine setting should be configured correctly for the security log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10679-9 |
The "Log Access" machine setting should be configured correctly for the setup log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11712-7 |
The "Log Access" machine setting should be configured correctlyfor the system log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12246-5 |
The "Log directory pruning retry events" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Log directory pruning retry events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11581-6 |
The "Log event when quota limit exceeded" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Log event when quota limit exceeded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11394-4 |
The "Log event when quota warning level exceeded" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk Quotas\Log event when quota warning level exceeded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10639-3 |
The "Log File Debug Output Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Log File Debug Output Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11883-6 |
The "Log File Path" machine setting should be configured correctly for the application log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10421-6 |
The "Log File Path" machine setting should be configured correctly for the security log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12180-6 |
The "Log File Path" machine setting should be configured correctly for the setup log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11441-3 |
The "Log File Path" machine setting should be configured correctly for the system log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12018-8 |
The "Logging" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11469-4 |
The "Low Battery Notification Action" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Low Battery Notification Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11930-5 |
The "Low Battery Notification Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Low Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170a |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11620-2 |
The "Make Parental Controls control panel visible on a Domain" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Parental Controls\Make Parental Controls control panel visible on a Domain HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ParentalControls |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11009-8 |
The "MaxConcurrentUsers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\MaxConcurrentUsers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11105-4 |
The "Maximum DC Discovery Retry Interval Setting for Background Callers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Maximum DC Discovery Retry Interval Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11115-3 |
The "Maximum Log File Size" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11143-5 |
The "Maximum Log Size (KB)" machine setting should be configured correctly for the application log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11033-8 |
The "Maximum Log Size (KB)" machine setting should be configured correctly for the secirity log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11717-6 |
The "Maximum Log Size (KB)" machine setting should be configured correctly for the setup log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11174-0 |
The "Maximum Log Size (KB)" machine setting should be configured correctly for the system log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11840-6 |
The "Maximum wait time for Group Policy scripts" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Maximum wait time for Group Policy scripts HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12127-7 |
The "Microsoft Support Diagnostic Tool: Configure execution level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Configure execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11167-4 |
The "Microsoft Support Diagnostic Tool: Restrict tool download" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Restrict tool download HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10855-5 |
The "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11800-0 |
The "Minimum Idle Connection Timeout for RPC/HTTP connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\Minimum Idle Connection Timeout for RPC/HTTP connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10474-5 |
The "Negative DC Discovery Cache Setting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Negative DC Discovery Cache Setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11413-2 |
The "Netlogon share compatibility" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Netlogon share compatibility HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11573-3 |
The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12248-1 |
The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11947-9 |
The "Network control service type" link layer (Layer-2) priority value should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11000-7 |
The "Network Projector Port Setting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Network Projector\Network Projector Port Setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\NetworkProjector |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11453-8 |
The "No auto-restart with logged on users for scheduled automatic updates installations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart with logged on users for scheduled automatic updates installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11857-0 |
The "Non-conforming packets" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Non-conforming packets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11518-8 |
The "Notify blocked drivers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Notify blocked drivers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11408-2 |
The "Notify user of successful smart card driver installation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Notify user of successful smart card driver installation HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScPnP |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11625-1 |
The "Offer Remote Assistance" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Offer Remote Assistance HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11262-3 |
The "Only allow local user profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Only allow local user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10910-8 |
The "Only use Package Point and print" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Only use Package Point and print HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11313-4 |
The "Optimize visual experience for Remote Desktop Services sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Optimize visual experience for Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11758-0 |
The "Override print driver execution compatibility setting reported by print driver" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Override print driver execution compatibility setting reported by print driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11365-4 |
The "Override the More Gadgets link" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Override the More Gadgets link HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11863-8 |
The "Package Point and print - Approved servers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Package Point and print - Approved servers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10945-4 |
The "Permitted Managers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\SNMP\Permitted Managers HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\PermittedManagers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11925-5 |
The "Point and Print Restrictions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11799-4 |
The "Positive Periodic DC Cache Refresh for Background Callers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Positive Periodic DC Cache Refresh for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11005-6 |
The "Positive Periodic DC Cache Refresh for Non-Background Callers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Positive Periodic DC Cache Refresh for Non-Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11487-6 |
The "Pre-populate printer search location text" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Pre-populate printer search location text HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11274-8 |
The "Prevent access to 16-bit applications" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Prevent access to 16-bit applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11298-7 |
The "Prevent Automatic Updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10776-3 |
The "Prevent Back-ESC mapping" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent Back-ESC mapping HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10665-8 |
The "Prevent backing up to local disks" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to local disks HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10508-0 |
The "Prevent backing up to network location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to network location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11412-4 |
The "Prevent backing up to optical media (CD/DVD)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to optical media (CD/DVD) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10546-0 |
The "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11598-0 |
The "Prevent Desktop Shortcut Creation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11589-9 |
The "Prevent device metadata retrieval from the Internet" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Prevent device metadata retrieval from the Internet HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device Metadata |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11941-2 |
The "Prevent display of the user interface for critical errors" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Prevent display of the user interface for critical errors HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11665-7 |
The "Prevent flicks" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11488-4 |
The "Prevent Flicks Learning Mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Pen Flicks Learning\Prevent Flicks Learning Mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11080-9 |
The "Prevent Input Panel tab from appearing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Prevent Input Panel tab from appearing HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11591-5 |
The "Prevent installation of devices not described by other policy settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices not described by other policy settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11764-8 |
The "Prevent installation of devices that match any of these device IDs" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices that match any of these device IDs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10478-6 |
The "Prevent installation of devices using drivers that match these device setup classes" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices using drivers that match these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11662-4 |
The "Prevent installation of removable devices" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of removable devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11286-2 |
The "Prevent launch an application" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent launch an application HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11392-8 |
The "Prevent license upgrade" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing\Prevent license upgrade HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11090-8 |
The "Prevent Media Sharing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Media Sharing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11928-9 |
The "Prevent memory overwrite on restart" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Prevent memory overwrite on restart HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11378-7 |
The "Prevent plaintext PINs from being returned by Credential Manager" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Prevent plaintext PINs from being returned by Credential Manager HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11983-4 |
The "Prevent press and hold" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent press and hold HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12108-7 |
The "Prevent Quick Launch Toolbar Shortcut Creation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Quick Launch Toolbar Shortcut Creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11026-2 |
The "Prevent restoring local previous versions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring local previous versions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11323-3 |
The "Prevent restoring previous versions from backups" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring previous versions from backups HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10908-2 |
The "Prevent restoring remote previous versions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring remote previous versions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10384-6 |
The "Prevent Roaming Profile changes from propagating to the server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Prevent Roaming Profile changes from propagating to the server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10691-4 |
The "Prevent the computer from joining a homegroup" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\HomeGroup\Prevent the computer from joining a homegroup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HomeGroup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11765-5 |
The "Prevent Video Smoothing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Video Smoothing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10544-5 |
The "Prevent Windows Anytime Upgrade from running." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Anytime Upgrade\Prevent Windows Anytime Upgrade from running. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11336-5 |
The "Prevent Windows from sending an error report when a device driver requests additional software during installation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11052-8 |
The "Prevent Windows Media DRM Internet Access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management\Prevent Windows Media DRM Internet Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11475-1 |
The "Primary DNS Suffix" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10931-4 |
The "Primary DNS Suffix Devolution" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix Devolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11157-5 |
The "Primary DNS Suffix Devolution Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix Devolution Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11383-7 |
The "Printer browsing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Printer browsing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10951-2 |
The "Prioritize all digitally signed drivers equally during the driver ranking and selection process" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Prioritize all digitally signed drivers equally during the driver ranking and selection process HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11072-6 |
The "Priority Set in the DC Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Priority Set in the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11155-9 |
The "Prohibit Access of the Windows Connect Now wizards" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Windows Connect Now\Prohibit Access of the Windows Connect Now wizards HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11599-8 |
The "Prohibit Flyweight Patching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit Flyweight Patching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12074-1 |
The "Prohibit installation and configuration of Network Bridge on your DNS domain network" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of Network Bridge on your DNS domain network HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12011-3 |
The "Prohibit installing or uninstalling color profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Color System\Prohibit installing or uninstalling color profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsColorSystem |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11468-6 |
The "Prohibit non-administrators from applying vendor signed updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit non-administrators from applying vendor signed updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11118-7 |
The "Prohibit patching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit patching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11498-3 |
The "Prohibit removal of updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit removal of updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10670-8 |
The "Prohibit rollback" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit rollback HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11077-5 |
The "Prohibit Use of Restart Manager" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit Use of Restart Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11711-9 |
The "Prompt for credentials on the client computer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Prompt for credentials on the client computer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11122-9 |
The "Prompt user when a slow network connection is detected" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Prompt user when a slow network connection is detected HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11338-1 |
The "Propagation of extended error information" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\Propagation of extended error information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11564-2 |
The "Provide information about previous logons to client computers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\KDC\Provide information about previous logons to client computers HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11258-1 |
The "Provide the unique identifiers for your organization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Provide the unique identifiers for your organization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12150-9 |
The "Prune printers that are not automatically republished" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Printers\Prune printers that are not automatically republished HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11698-8 |
The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11192-2 |
The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11479-3 |
The "Qualitative service type" link layer (Layer-2) priority value should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10977-7 |
The "Redirect only the default client printer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12083-2 |
The "Reduce Display Brightness (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Reduce Display Brightness (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11199-7 |
The "Reduce Display Brightness (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Reduce Display Brightness (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11053-6 |
The "Refresh Interval of the DC Locator DNS Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Refresh Interval of the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10579-1 |
The "Register DNS records with connection-specific DNS suffix" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11063-5 |
The "Register PTR Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Register PTR Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11086-6 |
The "Registration Refresh Interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Registration Refresh Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12754-8 |
The "Registry policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Registry policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11773-9 |
The "Removable Disks: Deny execute access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12029-5 |
The "Removable Disks: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10469-5 |
The "Removable Disks: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11997-4 |
The "Remove "Disconnect" option from Shut Down dialog" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove "Disconnect" option from Shut Down dialog HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11911-5 |
The "Remove browse dialog box for new source" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Remove browse dialog box for new source HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12200-2 |
The "Remove 'Make Available Offline'" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Remove 'Make Available Offline' HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11182-3 |
The "Remove Program Compatibility Property Page" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Remove Program Compatibility Property Page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12585-6 |
The "Remove users ability to invoke machine policy refresh" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Remove users ability to invoke machine policy refresh HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11421-5 |
The "Remove Windows Security item from Start menu" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove Windows Security item from Start menu HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12260-6 |
The "Report when logon server was not available during user logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Report when logon server was not available during user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11308-4 |
The "Re-prompt for restart with scheduled installations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Re-prompt for restart with scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12088-1 |
The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11651-7 |
The "Require a Password When a Computer Wakes (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10791-2 |
The "Require a PIN to access data on devices running Microsoft firmware" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Require a PIN to access data on devices running Microsoft firmware HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShow |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11933-9 |
The "Require additional authentication at startup" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11610-3 |
The "Require domain users to elevate when setting a network's location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network's location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11368-8 |
The "Require secure RPC communication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require secure RPC communication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11919-8 |
The "Require strict KDC validation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Kerberos\Require strict KDC validation HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12131-9 |
The "Require strict target SPN match on remote procedure calls" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Kerberos\Require strict target SPN match on remote procedure calls HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12070-9 |
The "Require trusted path for credential entry." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Require trusted path for credential entry. HKEY_LOCAL_MACHINE\ |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11295-3 |
The "Require use of specific security layer for remote (RDP) connections" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10338-2 |
The "Require user authentication for remote connections by using Network Level Authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11923-0 |
The "Reschedule Automatic Updates scheduled installations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11985-9 |
The "Reserve Battery Notification Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Reserve Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11439-7 |
The "Restrict Internet communication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Restrict Internet communication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\InternetManagement |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11307-6 |
The "Restrict potentially unsafe HTML Help functions to specified folders" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Restrict potentially unsafe HTML Help functions to specified folders HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12016-2 |
The "Restrict Remote Desktop Services users to a single Remote Desktop Services session" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Restrict Remote Desktop Services users to a single Remote Desktop Services session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11432-2 |
The "Restrict system locales" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Locale Services\Restrict system locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12090-7 |
The "Restrict these programs from being launched from Help" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Restrict these programs from being launched from Help HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10610-4 |
The "Restrict unpacking and installation of gadgets that are not digitally signed." machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11380-3 |
The "Restrict user locales" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Locale Services\Restrict user locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10881-1 |
The "Restrictions for Unauthenticated RPC clients" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11540-2 |
The "Restricts the UI language Windows uses for all logged users" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Restricts the UI language Windows uses for all logged users HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10918-1 |
The "Retain old events" machine setting should be configured correctly for the application log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10663-3 |
The "Retain old events" machine setting should be configured correctly for the security log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10309-3 |
The "Retain old events" machine setting should be configured correctly for the setup log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11055-1 |
The "Retain old events" machine setting should be configured correctly for the system log. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12001-4 |
The "Reverse the subject name stored in a certificate when displaying" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Reverse the subject name stored in a certificate when displaying HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11300-1 |
The "Route all traffic through the internal network" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Network Connections\Route all traffic through the internal network HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10715-1 |
The "RPC Endpoint Mapper Client Authentication" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11641-8 |
The "RPC Troubleshooting State Information" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Troubleshooting State Information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10963-7 |
The "Run logon scripts synchronously" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run logon scripts synchronously HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11301-9 |
The "Run shutdown scripts visible" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run shutdown scripts visible HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11437-1 |
The "Run startup scripts asynchronously" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts asynchronously HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10719-3 |
The "Run startup scripts visible" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts visible HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11114-6 |
The "Run these programs at user logon" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11612-9 |
The "Run Windows PowerShell scripts first at computer startup, shutdown" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run Windows PowerShell scripts first at computer startup, shutdown HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10301-0 |
The "Run Windows PowerShell scripts first at user logon, logoff" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Scripts\Run Windows PowerShell scripts first at user logon, logoff HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11389-4 |
The "Scavenge Interval" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Scavenge Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12661-5 |
The "Scripts policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Scripts policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14153-1 |
The "Security policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Security policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11529-5 |
The "Select an Active Power Plan" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Select an Active Power Plan HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11944-6 |
The "Select the Lid Switch Action (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Lid Switch Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12232-5 |
The "Select the Lid Switch Action (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Lid Switch Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10987-6 |
The "Select the network adapter to be used for Remote Desktop IP Virtualization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Select the network adapter to be used for Remote Desktop IP Virtualization HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11251-6 |
The "Select the Power Button Action (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Power Button Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10662-5 |
The "Select the Power Button Action (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Power Button Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11832-3 |
The "Select the Sleep Button Action (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Sleep Button Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10555-1 |
The "Select the Sleep Button Action (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Sleep Button Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10682-3 |
The "Selectively allow the evaluation of a symbolic link" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\Selectively allow the evaluation of a symbolic link HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Filesystems\NTFS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11833-1 |
The "Server Authentication Certificate Template" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Server Authentication Certificate Template HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10766-4 |
The "Set a support web page link" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Set a support web page link HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11977-6 |
The "Set BranchCache Distributed Cache mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\BranchCache\Set BranchCache Distributed Cache mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11436-3 |
The "Set BranchCache Hosted Cache mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\BranchCache\Set BranchCache Hosted Cache mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11677-2 |
The "Set client connection encryption level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Set client connection encryption level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10815-9 |
The "Set compression algorithm for RDP data" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Set compression algorithm for RDP data HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11556-8 |
The "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if a user has a roaming user profile or remote home directory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11296-1 |
The "Set path for Remote Desktop Services Roaming User Profile" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Set path for Remote Desktop Services Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11417-3 |
The "Set percentage of disk space used for client computer cache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\BranchCache\Set percentage of disk space used for client computer cache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11742-4 |
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Global. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11524-6 |
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Link Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11463-7 |
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Site Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11366-2 |
The "Set Remote Desktop Services User Home Directory" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Set Remote Desktop Services User Home Directory HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11689-7 |
The "Set roaming profile path for all users logging onto this computer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Set roaming profile path for all users logging onto this computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11693-9 |
The "Set rules for remote control of Remote Desktop Services user sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11724-2 |
The "Set the Email IDs to which notifications are to be sent" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the Email IDs to which notifications are to be sent HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11384-5 |
The "Set the interval between synchronization retries for Password Synchronization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Set the interval between synchronization retries for Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSync |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12273-9 |
The "Set the map update interval for NIS subordinate servers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Server for NIS\Set the map update interval for NIS subordinate servers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server for NIS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11716-8 |
The "Set the number of synchronization retries for servers running Password Synchronization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Set the number of synchronization retries for servers running Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSync |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10893-6 |
The "Set the Remote Desktop licensing mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Set the Remote Desktop licensing mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11627-7 |
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Global. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10585-8 |
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Link Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11560-0 |
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Site Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11260-7 |
The "Set the SMTP Server used to send notifications" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the SMTP Server used to send notifications HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10876-1 |
The "Set the Time interval in minutes for logging accounting data" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the Time interval in minutes for logging accounting data HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11506-3 |
The "Set time limit for active but idle Remote Desktop Services sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active but idle Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11326-6 |
The "Set time limit for active Remote Desktop Services sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11117-9 |
The "Set time limit for disconnected sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for disconnected sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12003-0 |
The "Set time limit for logoff of RemoteApp sessions" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11012-2 |
The "Set timer resolution" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Set timer resolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11500-6 |
The "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS\Throttling |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11181-5 |
The "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS\Throttling |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10907-4 |
The "Sets how often a DFS Client discovers DC's" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Sets how often a DFS Client discovers DC's HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DFSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12312-5 |
The "Short name creation options" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Short name creation options HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11371-2 |
The "Site Name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Site Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10920-7 |
The "Sites Covered by the Application Directory Partition Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the Application Directory Partition Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12086-5 |
The "Sites Covered by the DC Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11208-6 |
The "Sites Covered by the GC Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the GC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11942-0 |
The "Slow network connection timeout for user profiles" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Slow network connection timeout for user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13580-6 |
The "Software Installation policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Software Installation policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11723-4 |
The "Solicited Remote Assistance" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Solicited Remote Assistance HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10505-6 |
The "Specify a Custom Active Power Plan" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Specify a Custom Active Power Plan HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11324-1 |
The "Specify a default color" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Window Frame Coloring\Specify a default color HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11875-2 |
The "Specify channel binding token hardening level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Specify channel binding token hardening level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11945-3 |
The "Specify idle Timeout" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify idle Timeout HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10416-6 |
The "Specify intranet Microsoft update service location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10374-7 |
The "Specify maximum amount of memory in MB per Shell" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum amount of memory in MB per Shell HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11614-5 |
The "Specify maximum number of processes per Shell" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum number of processes per Shell HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10964-5 |
The "Specify maximum number of remote shells per user" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum number of remote shells per user HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11787-9 |
The "Specify search order for device driver source locations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Specify search order for device driver source locations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11470-2 |
The "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Specify SHA1 thumbprints of certificates representing trusted .rdp publishers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11339-9 |
The "Specify Shell Timeout" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify Shell Timeout HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12044-4 |
The "Specify the Display Dim Brightness (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Specify the Display Dim Brightness (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11271-4 |
The "Specify the Display Dim Brightness (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Specify the Display Dim Brightness (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11798-6 |
The "Specify the System Hibernate Timeout (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11932-1 |
The "Specify the System Hibernate Timeout (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11605-3 |
The "Specify the System Sleep Timeout (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Sleep Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11608-7 |
The "Specify the System Sleep Timeout (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Sleep Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11658-2 |
The "Specify the Unattended Sleep Timeout (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the Unattended Sleep Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10757-3 |
The "Specify the Unattended Sleep Timeout (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the Unattended Sleep Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11190-6 |
The "Specify Windows installation file location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Specify Windows installation file location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11415-7 |
The "Specify Windows Service Pack installation file location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Specify Windows Service Pack installation file location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11076-7 |
The "SSL Cipher Suite Order" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10827-4 |
The "Start a program on connection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Start a program on connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12994-0 |
The "Startup policy processing wait time" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Startup policy processing wait time HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12269-7 |
The "Switch to the Simplified Chinese (PRC) gestures" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Switch to the Simplified Chinese (PRC) gestures HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10914-0 |
The "Sysvol share compatibility" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\Sysvol share compatibility HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11669-9 |
The "Tag Windows Customer Experience Improvement data with Study Identifier" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Customer Experience Improvement Program\Tag Windows Customer Experience Improvement data with Study Identifier HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12345-5 |
The "Tape Drives: Deny execute access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10942-1 |
The "Tape Drives: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10717-7 |
The "Tape Drives: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12099-8 |
The "Teredo Client Port" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Client Port HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11737-4 |
The "Teredo Default Qualified" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Default Qualified HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11759-8 |
The "Teredo Refresh Rate" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Refresh Rate HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11770-5 |
The "Teredo Server Name" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Server Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11865-3 |
The "Teredo State" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11159-1 |
The "Terminate session when time limits are reached" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Terminate session when time limits are reached HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11732-5 |
The "Time (in seconds) to force reboot" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\Time (in seconds) to force reboot HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10358-0 |
The "Time (in seconds) to force reboot when required for policy changes to take effect" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Time (in seconds) to force reboot when required for policy changes to take effect HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10928-0 |
The "Timeout for fast user switching events" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Biometrics\Timeout for fast user switching events HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10468-7 |
The "Timeout for hung logon sessions during shutdown" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Shutdown Options\Timeout for hung logon sessions during shutdown HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10831-6 |
The "Traps for public community" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\SNMP\Traps for public community HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\TrapConfiguration\public |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11253-2 |
The "Troubleshooting: Allow users to access and run Troubleshooting Wizards" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow users to access and run Troubleshooting Wizards HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11161-7 |
The "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11013-0 |
The "Trusted Hosts" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Trusted Hosts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11542-8 |
The "Try Next Closest Site" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Try Next Closest Site HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11343-1 |
The "TTL Set in the A and PTR records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\TTL Set in the A and PTR records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12105-3 |
The "TTL Set in the DC Locator DNS Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\TTL Set in the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10565-0 |
The "Turn off "Found New Hardware" balloons during device installation" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Device Installation\Turn off "Found New Hardware" balloons during device installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11310-0 |
The "Turn off access to all Windows Update features" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11639-2 |
The "Turn off access to the OEM and Microsoft branding section" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Performance Control Panel\Turn off access to the OEM and Microsoft branding section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11795-2 |
The "Turn off access to the performance center core section" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Performance Control Panel\Turn off access to the performance center core section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12078-2 |
The "Turn off access to the solutions to performance problems section" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Performance Control Panel\Turn off access to the solutions to performance problems section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control Panel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11609-5 |
The "Turn off Active Help" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Online Assistance\Turn off Active Help HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11451-2 |
The "Turn Off Adaptive Display Timeout (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off Adaptive Display Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11145-0 |
The "Turn Off Adaptive Display Timeout (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off Adaptive Display Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11337-3 |
The "Turn off Application Compatibility Engine" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Application Compatibility Engine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11002-3 |
The "Turn off Application Telemetry" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Application Telemetry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10627-8 |
The "Turn off AutoComplete integration with Input Panel" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Turn off AutoComplete integration with Input Panel HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12123-6 |
The "Turn off automatic learning" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Handwriting personalization\Turn off automatic learning HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalization |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11264-9 |
The "Turn off Automatic Root Certificates Update" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Automatic Root Certificates Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10823-3 |
The "Turn off automatic termination of applications that block or cancel shutdown" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Shutdown Options\Turn off automatic termination of applications that block or cancel shutdown HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11419-9 |
The "Turn off automatic wake" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Turn off automatic wake HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShow |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11126-0 |
The "Turn off Autoplay" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11375-3 |
The "Turn off Autoplay for non-volume devices" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay for non-volume devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14437-8 |
The "Turn off background refresh of Group Policy" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Turn off background refresh of Group Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11416-5 |
The "Turn Off Boot and Resume Optimizations" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Boot and Resume Optimizations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11990-9 |
The "Turn Off Cache Power Mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Cache Power Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11168-2 |
The "Turn off Configuration" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\System Restore\Turn off Configuration HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11372-0 |
The "Turn off Connect to a Network Projector" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Network Projector\Turn off Connect to a Network Projector HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\NetworkProjector |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10895-1 |
The "Turn off creation of System Restore Checkpoints" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Turn off creation of System Restore Checkpoints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12161-6 |
The "Turn off Data Execution Prevention for Explorer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off Data Execution Prevention for Explorer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11317-5 |
The "Turn off Data Execution Prevention for HTML Help Executible" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Turn off Data Execution Prevention for HTML Help Executible HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10801-9 |
The "Turn off desktop gadgets" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Turn off desktop gadgets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11739-0 |
The "Turn off downloading of game information" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off downloading of game information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11563-4 |
The "Turn off downloading of print drivers over HTTP" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off downloading of print drivers over HTTP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10693-0 |
The "Turn off Event Viewer "Events.asp" links" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Event Viewer "Events.asp" links HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11203-7 |
The "Turn off Fair Share CPU Scheduling" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Turn off Fair Share CPU Scheduling HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SessionManager\DFSS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11292-0 |
The "Turn off Federation Service" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Active Directory Federation Services\Turn off Federation Service HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ADFS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11807-5 |
The "Turn off game updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11030-4 |
The "Turn off handwriting recognition error reporting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off handwriting recognition error reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12064-2 |
The "Turn off hardware buttons" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Turn off hardware buttons HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10981-9 |
The "Turn off heap termination on corruption" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off heap termination on corruption HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11812-5 |
The "Turn off Help and Support Center "Did you know?" content" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help and Support Center "Did you know?" content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11544-4 |
The "Turn off Help and Support Center Microsoft Knowledge Base search" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help and Support Center Microsoft Knowledge Base search HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11204-5 |
The "Turn Off Hybrid Sleep (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn Off Hybrid Sleep (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11397-7 |
The "Turn Off Hybrid Sleep (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn Off Hybrid Sleep (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12082-4 |
The "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11136-9 |
The "Turn off Internet download for Web publishing and online ordering wizards" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet download for Web publishing and online ordering wizards HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10697-1 |
The "Turn off Internet File Association service" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet File Association service HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11458-7 |
The "Turn off legacy remote shutdown interface" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Shutdown Options\Turn off legacy remote shutdown interface HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13373-6 |
The "Turn off Local Group Policy objects processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Turn off Local Group Policy objects processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11367-0 |
The "Turn off location" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11040-3 |
The "Turn off location scripting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off location scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11158-3 |
The "Turn Off Low Battery User Notification" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Turn Off Low Battery User Notification HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11604-6 |
The "Turn off Microsoft Peer-to-Peer Networking Services" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Turn off Microsoft Peer-to-Peer Networking Services HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11270-6 |
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Global. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10962-9 |
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Link Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11186-4 |
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Site Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11472-8 |
The "Turn off Multicast Name Resolution" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Turn off Multicast Name Resolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11823-2 |
The "Turn Off Non Volatile Cache Feature" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Non Volatile Cache Feature HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11588-1 |
The "Turn off numerical sorting in Windows Explorer" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off numerical sorting in Windows Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11616-0 |
The "Turn off password security in Input Panel" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Turn off password security in Input Panel HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12255-6 |
The "Turn off pen feedback" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Cursors\Turn off pen feedback HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11950-3 |
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Global. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10333-3 |
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Link Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12065-9 |
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Site Local. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11360-5 |
The "Turn off printing over HTTP" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off printing over HTTP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11175-7 |
The "Turn off Problem Steps Recorder" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Problem Steps Recorder HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11757-2 |
The "Turn off Program Compatibility Assistant" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Compatibility Assistant HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11043-7 |
The "Turn off Program Inventory" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Inventory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11748-1 |
The "Turn off Real-Time Monitoring" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Real-Time Monitoring HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-time Protection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11112-0 |
The "Turn off Registration if URL connection is referring to Microsoft.com" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Registration if URL connection is referring to Microsoft.com HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10813-4 |
The "Turn off restore functionality" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off restore functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14285-1 |
The "Turn off Resultant Set of Policy logging" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Turn off Resultant Set of Policy logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10836-5 |
The "Turn off Routinely Taking Action" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Routinely Taking Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10889-4 |
The "Turn off Search Companion content file updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Search Companion content file updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11409-0 |
The "Turn off sensors" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off sensors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11530-3 |
The "Turn off shell protocol protected mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off shell protocol protected mode HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11938-8 |
The "Turn Off Solid State Mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Solid State Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11424-9 |
The "Turn off SwitchBack Compatibility Engine" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off SwitchBack Compatibility Engine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11725-9 |
The "Turn off System Restore" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\System Restore\Turn off System Restore HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10929-8 |
The "Turn off Tablet PC touch input" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Touch Input\Turn off Tablet PC touch input HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11243-3 |
The "Turn off the "Order Prints" picture task" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the "Order Prints" picture task HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11587-3 |
The "Turn off the "Publish to Web" task for files and folders" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the "Publish to Web" task for files and folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12354-7 |
The "Turn off the ability to back up data files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off the ability to back up data files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12103-8 |
The "Turn off the ability to create a system image" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off the ability to create a system image HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10366-3 |
The "Turn off the communities features" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities features HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10647-6 |
The "Turn Off the Display (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off the Display (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12282-0 |
The "Turn Off the Display (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off the Display (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12139-2 |
The "Turn Off the Hard Disk (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Hard Disk Settings\Turn Off the Hard Disk (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11921-4 |
The "Turn Off the Hard Disk (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Hard Disk Settings\Turn Off the Hard Disk (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11958-6 |
The "Turn off the Windows Messenger Customer Experience Improvement Program" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the Windows Messenger Customer Experience Improvement Program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11156-7 |
The "Turn off Touch Panning" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Touch Input\Turn off Touch Panning HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11763-0 |
The "Turn off tracking of last play time of games in the Games folder" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off tracking of last play time of games in the Games folder HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11727-5 |
The "Turn Off user-installed desktop gadgets" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11354-8 |
The "Turn off Windows Customer Experience Improvement Program" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Customer Experience Improvement Program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10517-1 |
The "Turn off Windows Defender" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Windows Defender HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11750-7 |
The "Turn off Windows Error Reporting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Error Reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11467-8 |
The "Turn off Windows HotStart" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Windows HotStart\Turn off Windows HotStart HKEY_LOCAL_MACHINE\Software\policies\Microsoft\System\HotStart |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11987-5 |
The "Turn off Windows Installer RDS Compatibility" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn off Windows Installer RDS Compatibility HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11123-7 |
The "Turn off Windows Mail application" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off Windows Mail application HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11358-9 |
The "Turn off Windows Mobility Center" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Mobility Center\Turn off Windows Mobility Center HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12049-3 |
The "Turn off Windows Network Connectivity Status Indicator active tests" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Network Connectivity Status Indicator active tests HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11574-1 |
The "Turn off Windows presentation settings" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Presentation Settings\Turn off Windows presentation settings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11404-1 |
The "Turn off Windows SideShow" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Turn off Windows SideShow HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShow |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11082-5 |
The "Turn off Windows Startup Sound" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Logon\Turn off Windows Startup Sound HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11319-1 |
The "Turn off Windows Update device driver search prompt" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Driver Installation\Turn off Windows Update device driver search prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10357-2 |
The "Turn off Windows Update device driver searching" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Update device driver searching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11176-5 |
The "Turn on Accounting for WSRM" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Turn on Accounting for WSRM HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11183-1 |
The "Turn on bandwidth optimization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Turn on bandwidth optimization HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11222-7 |
The "Turn on BranchCache" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\BranchCache\Turn on BranchCache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10998-3 |
The "Turn on certificate propagation from smart card" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on certificate propagation from smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertProp |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10621-1 |
The "Turn On Compatibility HTTP Listener" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Turn On Compatibility HTTP Listener HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12157-4 |
The "Turn On Compatibility HTTPS Listener" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Turn On Compatibility HTTPS Listener HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10587-4 |
The "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn on definition updates through both WSUS and the Microsoft Malware Protection Center HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature Updates |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11880-2 |
The "Turn on definition updates through both WSUS and Windows Update" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn on definition updates through both WSUS and Windows Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature Updates |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11200-3 |
The "Turn On Desktop Background Slideshow (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn On Desktop Background Slideshow (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10885-2 |
The "Turn On Desktop Background Slideshow (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn On Desktop Background Slideshow (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11293-8 |
The "Turn on economical application of administratively assigned Offline Files" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Offline Files\Turn on economical application of administratively assigned Offline Files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12251-5 |
The "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Server for NIS\Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server for NIS |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10442-2 |
The "Turn on extensive logging for Password Synchronization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Turn on extensive logging for Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSync |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10958-7 |
The "Turn on logging" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Turn on logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10484-4 |
The "Turn on Mapper I/O (LLTDIO) driver" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11648-3 |
The "Turn on recommended updates via Automatic Updates" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Turn on recommended updates via Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11205-2 |
The "Turn on Remote Desktop IP Virtualization" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn on Remote Desktop IP Virtualization HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11304-3 |
The "Turn on Responder (RSPNDR) driver" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11907-3 |
The "Turn on root certificate propagation from smart card" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on root certificate propagation from smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertProp |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10698-9 |
The "Turn on Script Execution" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows PowerShell\Turn on Script Execution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11211-0 |
The "Turn on Security Center (Domain PCs only)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Security Center\Turn on Security Center (Domain PCs only) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Security Center |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11263-1 |
The "Turn on session logging" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Remote Assistance\Turn on session logging HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10335-8 |
The "Turn on Smart Card Plug and Play service" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on Smart Card Plug and Play service HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScPnP |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10991-8 |
The "Turn on Software Notifications" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Turn on Software Notifications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11731-7 |
The "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11578-2 |
The "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11255-7 |
The "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSync |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11567-5 |
The "Turn on TPM backup to Active Directory Domain Services" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Turn on TPM backup to Active Directory Domain Services HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11037-9 |
The "Update Security Level" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Update Security Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11244-1 |
The "Update Top Level Domain Zones" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\DNS Client\Update Top Level Domain Zones HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10722-7 |
The "Use forest search order" machine setting should be configured correctly for Key Distribution Center (KDC) searches. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\KDC\Use forest search order HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11191-4 |
The "Use forest search order" machine setting should be configured correctly for Kerberos client searches. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Kerberos\Use forest search order HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11099-9 |
The "Use IP Address Redirection" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use IP Address Redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11331-6 |
The "Use localized subfolder names when redirecting Start Menu and My Documents" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Folder Redirection\Use localized subfolder names when redirecting Start Menu and My Documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\Fdeploy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11804-2 |
The "Use mandatory profiles on the RD Session Host server" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Use mandatory profiles on the RD Session Host server HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11558-4 |
The "Use RD Connection Broker load balancing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use RD Connection Broker load balancing HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11230-0 |
The "Use Remote Desktop Easy Print printer driver first" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Use Remote Desktop Easy Print printer driver first HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11403-3 |
The "Use the specified Remote Desktop license servers" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Use the specified Remote Desktop license servers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13295-1 |
The "User Group Policy loopback processing mode" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11405-8 |
The "Validate smart card certificate usage rule compliance" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11385-2 |
The "Verbose vs normal status messages" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Verbose vs normal status messages HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-12328-1 |
The "Verify old and new Folder Redirection targets point to the same share before redirecting" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Verify old and new Folder Redirection targets point to the same share before redirecting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10934-8 |
The "Wait for remote user profile" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\User Profiles\Wait for remote user profile HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11561-8 |
The "Weight Set in the DC Locator DNS SRV Records" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Weight Set in the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11768-9 |
The "Windows Scaling Heuristics State" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\Network\TCPIP Settings\Parameters\Windows Scaling Heuristics State HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-13394-2 |
The "Wired policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Wired policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-14616-7 |
The "Wireless policy processing" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Group Policy\Wireless policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11974-3 |
The "WPD Devices: Deny read access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11070-0 |
The "WPD Devices: Deny write access" machine setting should be configured correctly. |
enabled/disabled |
Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33} |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10575-9 |
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountLogon' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10689-8 |
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountLogon' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11051-0 |
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountManage' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10222-8 |
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountManage' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10808-4 |
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit directory service access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditDSAccess' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10209-5 |
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit directory service access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditDSAccess' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10707-8 |
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditLogonEvents' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10213-7 |
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditLogonEvents' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10848-0 |
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditObjectAccess' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11068-4 |
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditObjectAccess' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10826-6 |
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit policy change (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPolicyChange' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10803-5 |
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit policy change (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPolicyChange' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10971-0 |
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit privilege use (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPrivilegeUse' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9932-5 |
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit privilege use (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPrivilegeUse' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10601-3 |
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit process tracking (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditProcessTracking' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10060-2 |
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit process tracking (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditProcessTracking' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10923-1 |
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit system events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditSystemEvents' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10716-9 |
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit system events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditSystemEvents' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9972-1 |
The 'Access Credential Manager as a trusted caller' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access Credential Manager as a trusted caller (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTrustedCredManAccessPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10086-7 |
The 'Access this computer from the network' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access this computer from the network (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeNetworkLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10232-7 |
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Act as part of the operating system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTcbPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10862-1 |
The "add workstations to domain" user right should be assigned to the correct accounts. |
list of accounts |
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to a domain |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10849-8 |
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Adjust memory quotas for a process (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseQuotaPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10853-0 |
The 'Allow log on locally' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeInteractiveLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10858-9 |
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRemoteInteractiveLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10880-3 |
The 'Back up files and directories' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Back up files and directories (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeBackupPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10369-7 |
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Bypass traverse checking (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeChangeNotifyPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10122-0 |
The 'Change the system time' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the system time (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemtimePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10897-7 |
The 'Change the time zone' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zone (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTimeZonePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9937-4 |
The 'Create a pagefile' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a pagefile (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreatePagefilePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10770-6 |
The 'Create a token object' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateTokenPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10792-0 |
The 'Create global objects' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create global objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateGlobalPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10796-1 |
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create permanent shared objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreatePermanentPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10911-6 |
The 'Create symbolic links' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create symbolic links (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateSymbolicLinkPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10915-7 |
The 'Debug programs' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Debug programs (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDebugPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10733-4 |
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyNetworkLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10596-5 |
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on as a batch job (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyBatchLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10226-9 |
The 'Deny log on as a service' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on as a service (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyServiceLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10750-8 |
The 'Deny log on locally' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyInteractiveLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10878-7 |
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on through Remote Desktop Services (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyRemoteInteractiveLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10618-7 |
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegation (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeEnableDelegationPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10785-4 |
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Force shutdown from a remote system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRemoteShutdownPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10274-9 |
The 'Generate security audits' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Generate security audits (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeAuditPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9946-5 |
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeImpersonatePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10548-6 |
The 'Increase a process working set' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase a process working set (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseWorkingSetPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9961-4 |
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase scheduling priority (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseBasePriorityPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10202-0 |
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Load and unload device drivers (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeLoadDriverPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10955-3 |
The 'Lock pages in memory' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Lock pages in memory (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeLockMemoryPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10549-4 |
The 'Log on as a batch job' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a batch job (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeBatchLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10845-6 |
The 'Log on as a service' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a service (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeServiceLogonRight' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10726-8 |
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Manage auditing and security log (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSecurityPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10567-6 |
The 'Modify an object label' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object label (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRelabelPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10659-1 |
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify firmware environment values (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemEnvironmentPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9984-6 |
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Perform volume maintenance tasks (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeManageVolumePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10458-8 |
The 'Profile single process' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile single process (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeProfileSingleProcessPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10193-1 |
The 'Profile system performance' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemProfilePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10969-4 |
The 'Remove computer from docking station' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Remove computer from docking station (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeUndockPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10599-9 |
The 'Replace a process level token' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Replace a process level token (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeAssignPrimaryTokenPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10805-0 |
The 'Restore files and directories' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Restore files and directories (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRestorePrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10439-8 |
The 'Shut down the system' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeShutdownPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10932-2 |
The "Synchronize directory service data" setting should be configured correctly. |
(1) enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Synchronize directory service data |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10954-6 |
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts. |
list of accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Take ownership of files or other objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTakeOwnershipPrivilege' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10571-8 |
The 'Accounts: Administrator account status' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9989-5 |
The 'Accounts: Guest account status' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Guest account status |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9992-9 |
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10976-9 |
The built-in Administrator account should be correctly named. |
account name |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator account |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10747-4 |
The built-in Guest account should be correctly named. |
account name |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest account |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10487-7 |
The 'Audit: Audit the access of global system objects' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10619-5 |
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\fullprivilegeauditing |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10112-1 |
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicy |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10742-5 |
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\crashonauditfail |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10139-4 |
Rights to access DCOM applications should be assigned as appropriate. |
(1) users and/or groups (2) allow/deny (3) local access/remote access |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\windows NT\DCOM\MachineAccessRestriction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10896-9 |
Rights to activate or launch DCOM applications should be assigned as appropriate. |
(1) users and/or groups (2) allow/deny (3) local launch/remote launch/local activation/remote activation |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\windows NT\DCOM\MachineLaunchRestriction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10883-7 |
The 'Devices: Allow undock without having to log on' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\undockwithoutlogon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10637-7 |
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly. |
Administrators/Administrators and Power Users/Administrators and Interactive Users |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-9999-4 |
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10780-5 |
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10912-4 |
The 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10683-1 |
The "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly. |
enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Allow server operators to schedule tasks |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10423-2 |
The "Domain Controller: LDAP server signing requirements" setting should be configured correctly. |
None/Require signing |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10802-7 |
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly. |
enabled/disabled |
(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Refuse machine account password changes |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10871-2 |
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10875-3 |
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10009-9 |
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\signsecurechannel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10775-5 |
The 'Domain member: Disable machine account password changes' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\disablepasswordchange |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10903-3 |
The 'Domain member: Maximum machine account password age' setting should be configured correctly. |
number of days |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\maximumpasswordage |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10541-1 |
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requirestrongkey |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10158-4 |
The 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked. (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10788-8 |
The 'Interactive logon: Do not display last user name' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10810-0 |
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10673-2 |
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly. |
string |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message text for users attempting to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10010-7 |
The 'Interactive logon: Message title for users attempting to log on' setting should be configured correctly. |
string |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10926-4 |
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly. |
number of logons |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\cachedlogonscount |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10930-6 |
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly. |
number of days prior to expiration |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\passwordexpirywarning |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10705-2 |
The 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10833-2 |
The 'Interactive logon: Require smart card' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Require smart card (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\scforceoption |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10573-4 |
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly. |
No Action/Lock Workstation/Force Logoff/Disconnect if a remote Terminal Services session |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\scremoveoption |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10970-2 |
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10974-4 |
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10838-1 |
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10362-2 |
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly. |
number of minutes |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autodisconnect |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10992-6 |
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\requiresecuritysignature |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10978-5 |
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enablesecuritysignature |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10983-5 |
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enableforcedlogoff |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10617-9 |
The 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly. |
Off/Accept if provided by client/Required from client |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Server SPN target name validation level (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\SMBServerNameHardeningLevel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10745-8 |
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10732-6 |
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly. |
allowed/ignored when IP forwarding is enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10888-6 |
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly. |
allowed/ignored when IP forwarding is enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting (3) WMI: Namespace = Windows XP; Class = ; Property = ; Where = |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10518-9 |
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10751-6 |
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10381-2 |
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly. |
frequency in milliseconds |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10018-0 |
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly. |
Allow all exceptions (least secure)/Multicast, broadcast, and ISAKMP are exempt (Best for Windows XP)/RSVP, Kerberos, and ISAKMP are excempt/Only ISAKMP is excempt (recommended for Windows Server 2003)/Disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10653-4 |
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10781-3 |
The 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10768-0 |
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly. |
Enable only if DHCP sends the Perform Router Discovery option/Enabled/Disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10772-2 |
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10799-5 |
DEPRECATED |
NaN |
NaN |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10019-8 |
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. |
number of seconds |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10936-3 |
DEPRECATED: Does not apply to Windows Server 2008 r2 |
NaN |
Source http://blogs.technet.com/b/netro/archive/2010/08/30/tcp-ip-stack-hardening-in-operating-systems-starting-with-windows-vista.aspx |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10941-3 |
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly. |
number of retransmissions |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10804-3 |
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly. |
number of retransmissions |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11011-4 |
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly. |
log capacity threshold as a percentage |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10024-8 |
The 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName='LSAAnonymousNameLookup' and precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10027-1 |
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10557-7 |
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10292-1 |
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials for network authentication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10297-0 |
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10944-7 |
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly. |
list of named pipes |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10949-6 |
The 'Network access: Remotely accessible registry paths' setting should be configured correctly. |
set of paths |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10935-5 |
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly. |
set of paths |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10940-5 |
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\restrictnullsessaccess |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10821-7 |
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly. |
set of shares |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10825-8 |
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly. |
Classic/Guest only |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10812-6 |
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10817-5 |
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10839-9 |
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Allow PKU2U authentication requests to this computer to use online identities (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineID |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10843-1 |
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Configure encryption types allowed for Kerberos (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10830-8 |
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10588-2 |
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10984-3 |
The 'Network security: LAN Manager authentication level' setting should be configured correctly. |
authentication level |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10614-6 |
The 'Network security: LDAP client signing requirements' setting should be configured correctly. |
None/Negotiate signing/Require signing |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10035-4 |
DEPRECATED in favor of CCE-18889-6, CCE-18983-7, CCE-18973-8 and CCE-18808-6 |
NaN |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18889-6 |
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18983-7 |
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18973-8 |
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18808-6 |
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10040-4 |
DEPRECATED In favor of CCE-18949-8, CCE-18927-4, CCE-18664-3 and CCE-18944-9 |
NaN |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18949-8 |
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18927-4 |
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18664-3 |
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-18944-9 |
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10640-1 |
The 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly. |
list of servers |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10045-3 |
The 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly. |
list of servers |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Add server exceptions in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServers |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10053-7 |
The 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit Incoming NTLM Traffic (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10057-8 |
The 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' setting should be configured correctly. |
Disable/Enable for domain accounts to domain servers/Enable for domain accounts/Enable for domain servers/Enable all |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit NTLM authentication in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10087-5 |
The 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly. |
Allow all/Deny all domain accounts/Deny all accounts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Incoming NTLM traffic (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTraffic |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10229-3 |
The 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly. |
Disabled/Deny for domain accounts to domain servers/deny for domain accounts/deny for domain servers/Deny all |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: NTLM authentication in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomain |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10859-7 |
The 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly. |
Allow all/Audit all/Deny all |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10370-5 |
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\securitylevel |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10643-5 |
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\setcommand |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10419-0 |
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11049-4 |
The 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory pagefile (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11035-3 |
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10789-6 |
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10986-8 |
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11010-6 |
The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10913-2 |
The 'System settings: Optional subsystems' setting should be configured correctly. |
List of subsystems |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System settings: Optional subsystems (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10900-9 |
The 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11028-8 |
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10534-6 |
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11023-9 |
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly. |
Elevate without prompting/Prompt for credentials on the secure desktop/Prompt for consent on the secure desktop/Prompt for credentials/Prompt for consent/Prompt for consent for non-Windows binaries |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10807-6 |
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly. |
Prompt for credentials/Automatically deny elevation requests |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10794-6 |
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10922-3 |
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10570-0 |
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10684-9 |
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10109-7 |
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10865-4 |
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10482-8 |
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10997-5 |
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10113-9 |
Windows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11019-7 |
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotifications |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11041-1 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10798-7 |
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11036-1 |
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11103-9 |
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10857-1 |
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10123-8 |
Windows Firewall should allow or block outbound connections by default as appropriate for the Private Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10631-0 |
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10127-9 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10131-1 |
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10921-5 |
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11050-2 |
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10171-7 |
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10481-0 |
Windows Firewall should allow or block outbound connections by default as appropriate for the Public Profile. |
allow/block |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11120-3 |
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10873-8 |
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcast |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10188-1 |
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10529-6 |
The 'Windows Firewall: Public: Apply local connection security rules' setting should be configured correctly. |
yes/no |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10738-3 |
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential Validation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10192-3 |
Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential Validation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11079-1 |
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Authentication Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10233-5 |
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Authentication Service |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10196-4 |
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Service Ticket Operations |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10237-6 |
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Service Ticket Operations |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10755-7 |
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Other Account Logon Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10445-5 |
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Other Account Logon Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10746-6 |
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Application Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10752-4 |
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Application Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10860-5 |
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Computer Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10523-9 |
Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Computer Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10240-0 |
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Distribution Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10201-2 |
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Distribution Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11001-5 |
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Other Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11018-9 |
Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Other Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10917-3 |
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Security Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10741-7 |
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Security Group Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10203-8 |
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit User Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10247-5 |
Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit User Account Management |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11193-0 |
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit DPAPI Activity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10761-5 |
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit DPAPI Activity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10514-8 |
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Creation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11069-2 |
Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Creation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11038-7 |
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Termination |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11184-9 |
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Termination |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11061-9 |
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit RPC Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11025-4 |
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit RPC Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11074-2 |
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Detailed Directory Service Replication |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11056-9 |
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Detailed Directory Service Replication |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10668-2 |
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Access |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10686-4 |
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Access |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11065-0 |
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Changes |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10800-1 |
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Changes |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11087-4 |
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Replication |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10206-1 |
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Replication |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10834-0 |
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Account Lockout |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10704-5 |
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Account Lockout |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10961-1 |
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Extended Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11224-3 |
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Extended Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10995-9 |
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Main Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10948-8 |
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Main Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10999-1 |
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Quick Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10706-0 |
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Quick Mode |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11102-1 |
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logoff |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11113-8 |
Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logoff |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11060-1 |
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11107-0 |
Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10847-2 |
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Network Policy Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11064-3 |
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Network Policy Server |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10869-6 |
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Other Logon/Logoff Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11179-9 |
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Other Logon/Logoff Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11078-3 |
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Special Logon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10737-5 |
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Special Logon |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11197-1 |
Auditing of 'Object Access: Application Generated' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Application Generated |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11111-2 |
Auditing of 'Object Access: Application Generated' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Application Generated |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10216-0 |
Auditing of 'Object Access: Certification Services' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Certification Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10950-4 |
Auditing of 'Object Access: Certification Services' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Certification Services |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11100-5 |
Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Policy: Object Access: Detailed File Share |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10391-1 |
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Policy: Object Access: Detailed File Share |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11021-3 |
Auditing of 'Object Access: File Share' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File Share |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10589-0 |
Auditing of 'Object Access: File Share' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File Share |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10263-2 |
Auditing of 'Object Access: File System' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10967-8 |
Auditing of 'Object Access: File System' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10743-3 |
Auditing of 'Object Access: Filtering Platform Connection' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Connection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10285-5 |
Auditing of 'Object Access: Filtering Platform Connection' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Connection |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11148-4 |
Auditing of 'Object Access: Filtering Platform Packet Drop' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Packet Drop |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10677-3 |
Auditing of 'Object Access: Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Packet Drop |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10959-5 |
Auditing of 'Object Access: Handle Manipulation' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Handle Manipulation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10902-5 |
Auditing of 'Object Access: Handle Manipulation' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Handle Manipulation |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10851-4 |
Auditing of 'Object Access: Kernel Object' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Kernel Object |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10220-2 |
Auditing of 'Object Access: Kernel Object' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Kernel Object |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11170-8 |
Auditing of 'Object Access: Other Object Access Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Other Object Access Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10979-3 |
Auditing of 'Object Access: Other Object Access Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Other Object Access Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10988-4 |
Auditing of 'Object Access: Registry' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Registry |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10224-4 |
Auditing of 'Object Access: Registry' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Registry |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10728-4 |
Auditing of 'Object Access: SAM' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit SAM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10491-9 |
Auditing of 'Object Access: SAM' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit SAM |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10385-3 |
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Audit Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10119-6 |
Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Audit Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10874-6 |
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Authentication Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11160-9 |
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Authentication Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10132-9 |
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Authorization Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10790-4 |
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Authorization Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11006-4 |
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Filtering Platform Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10526-2 |
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Filtering Platform Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10530-4 |
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit MPSSVC Rule-Level Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10189-9 |
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit MPSSVC Rule-Level Policy Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11032-0 |
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Other Policy Change Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10680-7 |
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Other Policy Change Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11187-2 |
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Non Sensitive Privilege Use |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11173-2 |
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Non Sensitive Privilege Use |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10197-2 |
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Policy: Privilege Use: Other Privilege Use Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10593-2 |
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Policy: Privilege Use: Other Privilege Use Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10400-0 |
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Sensitive Privilege Use |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11003-1 |
Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Sensitive Privilege Use |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10214-5 |
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit IPsec Driver |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10390-3 |
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit IPsec Driver |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11116-1 |
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Other System Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10879-5 |
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Other System Events |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10892-8 |
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security State Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11007-2 |
Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security State Change |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11029-6 |
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security System Extension |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11169-0 |
Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security System Extension |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10884-5 |
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11034-6 |
Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11153-4 |
Auditing of 'Global Object Access Auditing: File System' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\File System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10818-3 |
Auditing of 'Global Object Access Auditing: File System' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\File System |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11042-9 |
Auditing of 'Global Object Access Auditing: Registry' events on failure should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\Registry |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10822-5 |
Auditing of 'Global Object Access Auditing: Registry' events on success should be enabled or disabled as appropriate. |
enabled/disabled |
(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\Registry |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10809-2 |
The "Enforce password history" setting should be configured correctly. |
number of passwords remembered |
(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10562-7 |
The 'Maximum password age' setting should be configured correctly. |
number of days |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MaximumPasswordAge' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10760-7 |
The 'Minimum password age' setting should be configured correctly. |
number of days |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MinimumPasswordAge' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10372-1 |
The 'Minimum password length' setting should be configured correctly. |
number of characters |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MinimumPasswordLength' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10901-7 |
The 'Password must meet complexity requirements' policy should be set correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName = 'PasswordComplexity' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10905-8 |
The 'Store passwords using reversible encryption' setting should be configured correctly. |
enabled/disabled |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName = 'ClearTextPassword' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-10399-4 |
The 'Account lockout duration' setting should be configured correctly. |
number of minutes |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout duration (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='LockoutDuration' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11046-0 |
The 'Account lockout threshold' setting should be configured correctly. |
number of failed logon attempts |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='LockoutBadCount' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |
| CCE-11059-3 |
The 'Reset account lockout counter after' setting should be configured correctly. |
number of minutes |
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='ResetLockoutCount' And precedence=1 |
NaN |
Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 |