Docstoc

win7 - Common Configuration Enumeration _CCE_

Document Sample
win7 - Common Configuration Enumeration _CCE_ Powered By Docstoc
					                                               CCE
  CCE ID         CCE Description
                                            Parameters



            The 'MSS:
            (AutoShareWks) Enable
            Administrative Shares
            (recommended except for
            highly secure
            environments)' setting
            should be configured
CCE-10814-2 correctly.                    enabled/disabled
            The 'MSS: (AutoReboot)
            Allow Windows to
            automatically restart after a
            system crash
            (recommended except for
            highly secure
            environments)' setting
            should be configured
CCE-10303-6 correctly.                    enabled/disabled

            Auditing of 'Policy Change:
            Authentication Policy
            Change' events on failure
            should be enabled or
CCE-10014-9 disabled as appropriate.    enabled/disabled

            Auditing of 'Policy Change:
            Audit Policy Change'
            events on success should
            be enabled or disabled as
CCE-10021-4 appropriate.                enabled/disabled

            Auditing of 'Policy Change:
            Other Policy Change
            Events' events on failure
            should be enabled or
CCE-10049-5 disabled as appropriate.    enabled/disabled

            Auditing of 'Policy Change:
            Authorization Policy
            Change' events on failure
            should be enabled or
CCE-10050-3 disabled as appropriate.    enabled/disabled
            The screen saver should
            be enabled or disabled as
            appropriate for the current
CCE-10051-1 user.                         enabled/disabled




            The 'Turn off printing over
            HTTP' setting should be
CCE-10061-0 configured correctly.         enabled/disabled


            The 'Retain old events'
            setting should be
            configured correctly for the
CCE-10064-4 system log.                  enabled/disabled



            The 'Notify antivirus
            programs when opening
            attachments' setting should
CCE-10076-8 be configured correctly.    enabled/disabled



            The 'Allow Remote Shell
            Access' setting should be
CCE-10077-6 configured correctly.         enabled/disabled


            Auditing of 'Object
            Access: Registry' events on
            failure should be enabled
CCE-10078-4 or disabled as appropriate. enabled/disabled

            Auditing of 'Policy Change:
            Filtering Platform Policy
            Change' events on failure
            should be enabled or
CCE-10081-8 disabled as appropriate.    enabled/disabled


            Auditing of 'Audit process
            tracking' events on failure
            should be enabled or
CCE-10082-6 disabled as appropriate.      enabled/disabled
            Auditing of 'System: Other
            System Events' events on
            failure should be enabled
CCE-10088-3 or disabled as appropriate. enabled/disabled



            The 'Do not allow
            passwords to be saved'
            setting should be
CCE-10090-9 configured correctly.        enabled/disabled



            The 'Require trusted path
            for credential entry' setting
            should be enabled or
CCE-10092-5 disabled as appropriate.      enabled/disabled



            The 'Turn off Windows
            Update device driver
            searching' setting should
CCE-10093-3 be configured correctly.     enabled/disabled


            Auditing of 'Object
            Access: Handle
            Manipulation' events on
            failure should be enabled
CCE-10098-2 or disabled as appropriate. enabled/disabled



            The 'Always prompt for
            password upon connection'
            setting should be
CCE-10103-0 configured correctly.     enabled/disabled


            Auditing of 'Audit logon
            events' events on failure
            should be enabled or
CCE-10118-8 disabled as appropriate.     enabled/disabled


            The Windows Explorer
            'Remove Security tab'
            setting should be
CCE-10129-5 configured correctly.        enabled/disabled
            The 'Retain old events'
            setting should be
            configured correctly for the
CCE-10136-0 application log.             enabled/disabled



            The 'Turn off Search
            Companion content file
            updates' setting should be
CCE-10140-2 configured correctly.         enabled/disabled


            Auditing of 'Audit policy
            change' events on failure
            should be enabled or
CCE-10144-4 disabled as appropriate.      enabled/disabled


            The 'Screen Saver timeout'
            setting should be
CCE-10148-5 configured correctly.      time in seconds



            The 'Do not process the
            run once list' setting should
CCE-10154-3 be configured correctly.      enabled/disabled


            The 'Maximum Log Size
            (KB)' setting should be
            configured correctly for the
CCE-10156-8 system log.                  size in kilobytes



            The 'Do not preserve zone
            information in file
            attachments' setting should
CCE-10166-7 be configured correctly.    enabled/disabled


            Auditing of 'Audit account
            management' events on
            failure should be enabled
CCE-10169-1 or disabled as appropriate. enabled/disabled
            Auditing of 'Audit privilege
            use' events on failure
            should be enabled or
CCE-10175-8 disabled as appropriate.       enabled/disabled


            The 'RPC Endpoint Mapper
            Client Authentication'
            setting should be
CCE-10181-6 configured correctly.    enabled/disabled


            The 'Prevent the computer
            from joining a homegroup'
            setting should be
CCE-10183-2 configured correctly.     enabled/disabled


            The 'Reschedule Automatic
            Updates scheduled
            installations' setting should
            be enabled or disabled as
CCE-10205-3 appropriate.                  enabled/disabled



            The 'Remove CD Burning
            features' setting should be
CCE-10490-1 configured correctly.       enabled/disabled


               The BitLocker 'Allow data
               recovery agent' setting
               should be enabled or
               disabled as appropriate for
CCE-8235-4     fixed data drives.          enabled/disabled

               The 'Configure user
               storage of BitLocker 48-
               digit recovery password'
               setting should be
               configured correctly for    allowed/required/not
CCE-8242-0     fixed data drives.          allowed
             The 'Choose how BitLocker-
             protected operating system
             drives can be recovered'
             setting should be enabled
CCE-8278-4   or disabled as appropriate. enabled/disabled


             The BitLocker 'Configure
             TPM platform validation
             profile' setting should be
             enabled or disabled as
CCE-8284-2   appropriate.                 enabled/disabled

             Validation of the 'Boot
             Manager' Platform
             Configuration Register (aka
             PCR 10) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8299-0   disabled as appropriate.    enabled/disabled

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 14) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8301-4   disabled as appropriate.    enabled/disabled


             The BitLocker 'Require
             additional authentication at
             startup' setting should be
             enabled or disabled as
CCE-8303-0   appropriate..                enabled/disabled

             Use of a Trusted Platform
             Module (TPM) startup key
             for operating system drives
             encrypted with BitLocker
             should be configured        allowed/required/not
CCE-8309-7   correctly.                  allowed


             The BitLocker 'Select the
             encryption method' setting
             should be enabled or
CCE-8370-9   disabled as appropriate.   enabled/disabled
             The BitLocker 'Do not allow
             write access to devices
             configured in another
             organization' setting should
CCE-8405-3   be configured correctly.     enabled/disabled


             Auditing of 'Audit system
             events' events on success
             should be enabled or
CCE-8407-9   disabled as appropriate.  enabled/disabled


             The 'Bypass traverse
             checking' user right should
             be assigned to the
CCE-8414-5   appropriate accounts.       list of accounts

             The 'Configure user
             storage of BitLocker 48-
             digit recovery password'
             setting should be
             configured correctly for      allowed/required/not
CCE-8415-2   removable data drives.        allowed

             The 'Configure user
             storage of BitLocker 256-
             digit recovery key' setting
             should be configured
             correctly for fixed data      allowed/required/not
CCE-8417-8   drives.                       allowed


             The 'Change the time zone'
             user right should be
             assigned to the appropriate
CCE-8423-6   accounts.                   list of accounts


             The 'Create global objects'
             user right should be
             assigned to the appropriate
CCE-8431-9   accounts.                   list of accounts



             The 'Create symbolic links'
             user right should be
             assigned to the appropriate
CCE-8460-8   accounts.                   list of accounts
             The 'Impersonate a client
             after authentication' user
             right should be assigned to
CCE-8467-3   the appropriate accounts. list of accounts



             The 'Perform volume
             maintenance tasks' user
             right should be assigned to
CCE-8475-6   the appropriate accounts. list of accounts

             Validation of the 'Computer
             Manufacturer-Specific'
             Platform Configuration
             Register (aka PCR 7) by
             the Trusted Platform
             Module (TPM) should be
             enabled or disabled as
CCE-8483-0   appropriate.                enabled/disabled

             The built-in Administrator
             account should be correctly
CCE-8484-8   named.                      account name

             The 'Interactive logon:
             Number of previous logons
             to cache (in case domain
             controller is not available)'
             setting should be
CCE-8487-1   configured correctly.         number of logons

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 12) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8493-9   disabled as appropriate.    enabled/disabled

             Validation of the 'Core Root
             of Trust of Measurement
             (CRTM), BIOS, and
             Platform Extensions'
             Platform Configuration
             Register (aka PCR 0) by
             the Trusted Platform
             Module (TPM) should be
             enabled or disabled as
CCE-8496-2   appropriate.                 enabled/disabled
             The 'Microsoft network
             server: Server SPN target   Off/Accept if
             name validation level'      provided by
             setting should be           client/Required from
CCE-8503-5   configured correctly.       client

             The 'MSS:
             (EnableICMPRedirect)
             Allow ICMP redirects to
             override OSPF generated
             routes' setting should be
CCE-8513-4   configured correctly.       enabled/disabled

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 21) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8517-5   disabled as appropriate.     enabled/disabled
                                          (1) users and/or
                                          groups
                                          (2) allow/deny
                                          (3) local
             Rights to activate or launch launch/remote
             DCOM applications should launch/local
             be assigned as               activation/remote
CCE-8525-8   appropriate.                 activation

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 15) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8530-8   disabled as appropriate.    enabled/disabled
             Validation of the 'Master
             Boot Record (MBR) Code'
             Platform Configuration
             Register (aka PCR 4) by
             the Trusted Platform
             Module (TPM) should be
             enabled or disabled as
CCE-8535-7   appropriate.                enabled/disabled
             The BitLocker 'Require use
             of smart cards on
             removable data drives'
             setting should be
CCE-8538-1   configured correctly.      enabled/disabled


             The BitLocker 'Configure
             password complexity for
             fixed data drives' setting
             should be configured         allowed/required/not
CCE-8540-7   correctly.                   allowed


             The 'Interactive logon:
             Display user information
             when the session is
             locked.' setting should be
CCE-8541-5   configured correctly.        enabled/disabled

             Use of a Trusted Platform
             Moduel (TPM) startup PIN
             for operating system drives
             encrypted with BitLocker
             should be configured        allowed/required/not
CCE-8546-4   correctly.                  allowed


             The 'Omit recovery options
             from the BitLocker setup
             wizard' setting should be
             configured correctly for
CCE-8553-0   fixed data drives.         enabled/disabled
             The 'MSS: (Hidden) Hide
             Computer From the
             Browse List (not
             recommended except for
             highly secure
             environments)' setting
             should be configured
CCE-8560-5   correctly.                 enabled/disabled
             The 'MSS:
             (NoNameReleaseOnDema
             nd) Allow the computer to
             ignore NetBIOS name
             release requests except
             from WINS servers' setting
             should be configured
CCE-8562-1   correctly.                 enabled/disabled
             The BitLocker 'Provide the
             unique identifiers for your
             organization' setting should
             be enabled or disabled as
CCE-8581-1   appropriate.                 enabled/disabled



             The 'Debug programs' user
             right should be assigned to
CCE-8583-7   the appropriate accounts. list of accounts

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 17) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8587-8   disabled as appropriate.    enabled/disabled

             The 'Configure user
             storage of BitLocker 48-
             digit recovery password'
             setting should be
             configured correctly for    allowed/required/not
CCE-8588-6   operating system drives.    allowed


             The time in seconds before
             the screen saver grace
             period expires
             (ScreenSaverGracePeriod)
             setting should be
CCE-8591-0   configured correctly.      number of seconds


             The 'Omit recovery options
             from the BitLocker setup
             wizard' setting should be
             configured correctly for
CCE-8595-1   removable data drives.     enabled/disabled


             The 'Change the system
             time' user right should be
             assigned to the appropriate
CCE-8612-4   accounts.                   list of accounts
             The 'Choose how BitLocker-
             protected removable drives
             can be recovered' setting
             should be enabled or
CCE-8613-2   disabled as appropriate.   enabled/disabled


             The BitLocker 'Configure
             use of smart cards on
             removable data drives'
             setting should be enabled
CCE-8648-8   or disabled as appropriate. enabled/disabled
             Validation of the 'Platform
             and Motherboard
             Configuration and Data'
             Platform Configuration
             Register (aka PCR 1) by
             the Trusted Platform
             Module (TPM) should be
             enabled or disabled as
CCE-8651-2   appropriate.                enabled/disabled

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 22) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8653-8   disabled as appropriate.    enabled/disabled

             The 'Network access: Do
             not allow storage of
             passwords and credentials
             for network authentication'
             setting should be
CCE-8654-6   configured correctly.       enabled/disabled


             The 'MSS:
             (DisableIPSourceRouting
             IPv6) IP source routing
             protection level (protects
             against packet spoofing)'    allowed/ignored
             setting should be            when IP forwarding
CCE-8655-3   configured correctly.        is enabled/disabled
             The BitLocker 'Require
             password for fixed data
             drive' setting should be
CCE-8673-6   configured correctly.         enabled/disabled



             The BitLocker 'Require
             password for removable
             data drive' setting should
CCE-8683-5   be configured correctly.      enabled/disabled

             The minimum number of
             characters required for the
             BitLocker startup PIN used
             with the Trusted Platform
             Module (TPM) should be      number of
CCE-8688-4   set correctly.              characters

             The 'Configure user
             storage of BitLocker 256-
             digit recovery key' setting
             should be configured
             correctly for removable       allowed/required/not
CCE-8701-5   data drives.                  allowed

             Validation of the 'State
             Transition and Wake
             Events' Platform
             Configuration Register (aka
             PCR 6) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8703-1   disabled as appropriate.    enabled/disabled
             The 'Accounts: Guest
             account status' setting
             should be configured
CCE-8714-8   correctly.                  enabled/disabled



             The 'Deny write access to
             fixed drives not protected
             by BitLocker' setting should
CCE-8719-7   be configured correctly.     enabled/disabled
             The BitLocker 'Configure
             use of smart cards on fixed
             data drives' setting should
CCE-8721-3   be configured correctly.    enabled/disabled



             The 'Replace a process
             level token' user right
             should be assigned to the
CCE-8732-0   appropriate accounts.         list of accounts


             The 'Interactive logon:
             Message title for users
             attempting to log on' setting
             should be configured
CCE-8740-3   correctly.                    string

             The 'Configure storage of
             BitLocker recovery            Backup recovery
             information to AD DS'         passwords and key
             setting should be             packages/Backup
             configured correctly for      recovery passwords
CCE-8743-7   fixed data drives.            only/disabled


             The 'Choose how BitLocker-
             protected fixed drives can
             be recovered' setting
             should be enabled or
CCE-8745-2   disabled as appropriate.   enabled/disabled

             Validation of the 'NTFS
             Boot Sector' Platform
             Configuration Register (aka
             PCR 8) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8751-0   disabled as appropriate.    enabled/disabled


             The 'Do not enable
             BitLocker until recovery
             information is stored to AD
             DS for operating system
             drives' setting should be
CCE-8759-3   configured correctly.       enabled/disabled
             The 'MSS:
             (NtfsDisable8dot3NameCr
             eation) Enable the
             computer to stop
             generating 8.3 style
             filenames (recommended)'
             setting should be
CCE-8784-1   configured correctly.    enabled/disabled

             Validation of the 'Options
             ROM Code'' Platform
             Configuration Register (aka
             PCR 2) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8787-4   disabled as appropriate.    enabled/disabled



             The 'Audit: Audit the use of
             Backup and Restore
             privilege' setting should be
CCE-8789-0   configured correctly.        enabled/disabled


             The default folder for
             BitLocker recovery
             passwords should be set
CCE-8791-6   correctly.                  folder path


             The 'Network security:
             Allow LocalSystem NULL
             session fallback' setting
             should be configured
CCE-8804-7   correctly.                  enabled/disabled



             The 'Network security: LAN
             Manager authentication
             level' setting should be
CCE-8806-2   configured correctly.      authentication level


             The 'Recovery console:
             Allow automatic
             administrative logon'
             setting should be
CCE-8807-0   configured correctly.       enabled/disabled
             The 'User Account Control:
             Admin Approval Mode for
             the Built-in Administrator
             account' setting should be
CCE-8811-2   configured correctly.      enabled/disabled



             The 'User Account Control:
             Behavior of the elevation    Prompt for
             prompt for standard users'   credentials/Automati
             setting should be            cally deny elevation
CCE-8813-8   configured correctly.        requests


             The 'User Account Control:
             Virtualize file and registry
             write failures to per-user
             locations' setting should be
CCE-8817-9   configured correctly.        enabled/disabled


             The 'Interactive logon:
             Require Domain Controller
             authentication to unlock
             workstation' setting should
CCE-8818-7   be configured correctly.    enabled/disabled
             Auditing of 'Account
             Management: Application
             Group Management'
             events on success should
             be enabled or disabled as
CCE-8822-9   appropriate.                enabled/disabled


             The 'Microsoft network
             server: Digitally sign
             communications (if client
             agrees)' setting should be
CCE-8825-2   configured correctly.       enabled/disabled
             Auditing of 'Account
             Management: Distribution
             Group Management'
             events on failure should be
             enabled or disabled as
CCE-8829-4   appropriate.                enabled/disabled
             The 'Devices: Allow undock
             without having to log on'
             setting should be
CCE-8837-7   configured correctly.      enabled/disabled




             The 'Allow Standby States
             (S1-S3) When Sleeping
             (On Battery)' setting should
CCE-8844-3   be configured correctly.     enabled/disabled

             Auditing of 'DS Access:
             Directory Service Changes'
             events on failure should be
             enabled or disabled as
CCE-8850-0   appropriate.                enabled/disabled

             Auditing of 'Logon-Logoff:
             Account Lockout' events on
             success should be enabled
CCE-8853-4   or disabled as appropriate. enabled/disabled


             Validation of the 'BitLocker
             Access Control' Platform
             Configuration Register (aka
             PCR 11) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-8855-9   disabled as appropriate.     enabled/disabled
             Auditing of 'Logon-Logoff:
             Logoff' events on success
             should be enabled or
CCE-8856-7   disabled as appropriate.     enabled/disabled
             Auditing of 'Logon-Logoff:
             IPsec Extended Mode'
             events on failure should be
             enabled or disabled as
CCE-8857-5   appropriate.                 enabled/disabled

             Auditing of 'Object
             Access: Application
             Generated' events on
             failure should be enabled
CCE-8860-9   or disabled as appropriate. enabled/disabled
             Auditing of 'Object Access:
             Detailed File Share' events
             on failure should be
             enabled or disabled as
CCE-8861-7   appropriate.                enabled/disabled



             The 'Devices: Allowed to       Administrators/Admi
             format and eject removable     nistrators and Power
             media' setting should be       Users/Administrators
CCE-8868-2   configured correctly.          and Interactive Users



             Windows Firewall should
             allow or block outbound
             connections by default as
             appropriate for the Private
CCE-8870-8   Profile.                       allow/block


             Display of a notification to
             the user when Windows
             Firewall blocks network
             activity should be enabled
             or disabled as appropriate
CCE-8884-9   for the private profile.       enabled/disabled


             The BitLocker 'Prevent
             memory overwrite on
             restart' setting should be
CCE-8899-7   configured correctly.          enabled/disabled


             The 'Save BitLocker
             recovery information to AD
             DS for operating system
             drives' setting should be
CCE-8905-2   configured correctly.      enabled/disabled




             The "enforce password       number of
             history" policy should meet passwords
CCE-8912-8   minimum requirements.       remembered
             The 'Network Security:
             Restrict NTLM: Add server
             exceptions in this domain'
             setting should be
CCE-8917-7   configured correctly.      list of servers



             The 'Enable computer and
             user accounts to be trusted
             for delegation' user right
             should be assigned to the
CCE-8930-0   appropriate accounts.       list of accounts


             The 'Network access: Let
             Everyone permissions
             apply to anonymous users'
             setting should be
CCE-8936-7   configured correctly.     enabled/disabled

             The 'Network security: Do
             not store LAN Manager
             hash value on next
             password change' setting
             should be configured
CCE-8937-5   correctly.                   enabled/disabled


             The 'Recovery console:
             Allow floppy copy and
             access to all drives and all
             folders' setting should be
CCE-8945-8   configured correctly.        enabled/disabled


             The BitLocker 'Configure
             password complexity for
             removable data drives'
             setting should be            allowed/required/not
CCE-8947-4   configured correctly.        allowed
             Auditing of 'Logon-Logoff:
             IPsec Main Mode' events
             on success should be
             enabled or disabled as
CCE-8956-5   appropriate.                 enabled/disabled
                                          Elevate without
                                          prompting/Prompt for
                                          credentials on the
                                          secure
                                          desktop/Prompt for
                                          consent on the
             The 'User Account Control: secure
             Behavior of the elevation    desktop/Prompt for
             prompt for administrators in credentials/Prompt
             Admin Approval Mode'         for consent/Prompt
             setting should be            for consent for non-
CCE-8958-1   configured correctly.        Windows binaries

             The 'Configure storage of
             BitLocker recovery            Backup recovery
             information to AD DS'         passwords and key
             setting should be             packages/Backup
             configured correctly for      recovery passwords
CCE-8965-6   removable data drives.        only/disabled


             The 'Interactive logon:
             Message text for users
             attempting to log on' setting
             should be configured
CCE-8973-0   correctly.                    string


             The 'Domain member:
             Digitally encrypt or sign
             secure channel data
             (always)' setting should be
CCE-8974-8   configured correctly.       enabled/disabled


             The BitLocker 'Minimum
             password length for
             removable data drive'
             setting should be             number of
CCE-8983-9   configured correctly.         characters

             The 'Configure user
             storage of BitLocker 256-
             digit recovery key' setting
             should be configured
             correctly for operating       allowed/required/not
CCE-8993-8   system drives.                allowed
             The 'Control use of
             Bitlocker on removable
             drives' setting should be
CCE-8995-3   configured correctly.         enabled/disabled



             The 'Increase scheduling
             priority' user right should be
             assigned to the appropriate
CCE-8999-5   accounts.                      list of accounts


             The 'Do not enable
             BitLocker until recovery
             information is stored to AD
             DS for removable data
             drives' setting should be
CCE-9000-1   configured correctly.       enabled/disabled



             Windows Firewall should
             allow or block inbound
             connections by default as
             appropriate for the Public
CCE-9007-6   Profile.                      allow/block


             The 'Shut down the system'
             user right should be
             assigned to the appropriate
CCE-9014-2   accounts.                   list of accounts



             The 'User Account Control:
             Only elevate executables
             that are signed and
             validated' setting should be
CCE-9021-7   configured correctly.        enabled/disabled

             Auditing of 'Logon-Logoff:
             Account Lockout' events on
             failure should be enabled
CCE-9023-3   or disabled as appropriate. enabled/disabled
             The 'Devices: Prevent
             users from installing printer
             drivers' setting should be
CCE-9026-6   configured correctly.         enabled/disabled

             The 'Network Security:
             Restrict NTLM: Add remote
             server exceptions for
             NTLM authentication'
             setting should be
CCE-9036-5   configured correctly.     list of servers


             The 'Microsoft network
             server: Digitally sign
             communications (always)'
             setting should be
CCE-9040-7   configured correctly.       enabled/disabled

             Validation of the 'Master
             Boot Record (MBR)
             Partition Table' Platform
             Configuration Register (aka
             PCR 5) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9046-4   disabled as appropriate.    enabled/disabled



             The 'Increase a process
             working set' user right
             should be assigned to the
CCE-9048-0   appropriate accounts.       list of accounts

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 16) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9050-6   disabled as appropriate.    enabled/disabled
             The 'Allow access to
             BitLocker-protected
             removable data drives from
             earlier versions of
             Windows ' setting should
CCE-9053-0   be configured correctly.    enabled/disabled
             Auditing of 'Account
             Management: Security
             Group Management'
             events on failure should be
             enabled or disabled as
CCE-9056-3   appropriate.                enabled/disabled
             Auditing of 'Logon-Logoff:
             Logoff' events on failure
             should be enabled or
CCE-9058-9   disabled as appropriate.    enabled/disabled



             The BitLocker 'Object
             identifier' setting should be smart card certificate
CCE-9062-1   configured correctly.         object identifier


             Auditing of 'Audit privilege
             use' events on success
             should be enabled or
CCE-9066-2   disabled as appropriate.       enabled/disabled

                                            No Action/Lock
             The 'Interactive logon:        Workstation/Force
             Smart card removal             Logoff/Disconnect if
             behavior' setting should be    a remote Terminal
CCE-9067-0   configured correctly.          Services session



             The 'Adjust memory quotas
             for a process' user right
             should be assigned to the
CCE-9068-8   appropriate accounts.     list of accounts



             Unicast response to
             multicast or broadcast
             requests should be
             enabled or disabled as
             appropriate for the Domain
CCE-9069-6   Profile.                   enabled/disabled
             Auditing of 'Logon-Logoff:
             Network Policy Server'
             events on success should
             be enabled or disabled as
CCE-9076-1   appropriate.                 enabled/disabled

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 13) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9079-5   disabled as appropriate.    enabled/disabled

             Validation of the 'Option
             ROM Configuration and
             Data' Platform
             Configuration Register (aka
             PCR 3) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9082-9   disabled as appropriate.    enabled/disabled



             The BitLocker 'Minimum
             password length for fixed
             data drive' setting should   number of
CCE-9087-8   be configured correctly.     characters



             The 'Do not install
             BitLocker To Go Reader on
             FAT formatted removable
             drives' setting should be
CCE-9088-6   configured correctly.     enabled/disabled



             The BitLocker 'Allow
             enhanced PINs for startup'
             setting should be
CCE-9089-4   configured correctly.      enabled/disabled


             The 'Network security:
             Allow Local System to use
             computer identity for
             NTLM' setting should be
CCE-9096-9   configured correctly.     enabled/disabled
             The 'Deny log on as a
             service' user right should
             be assigned to the
CCE-9098-5   appropriate accounts.         list of accounts

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 18) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9103-3   disabled as appropriate.    enabled/disabled


             The 'Do not install
             BitLocker To Go Reader on
             FAT formatted fixed drives'
             setting should be
CCE-9106-6   configured correctly.       enabled/disabled



             The 'Allow log on through
             Remote Desktop Services'
             user right should be
             assigned to the appropriate
CCE-9107-4   accounts.                   list of accounts

             The 'System settings: Use
             Certificate Rules on
             Windows Executables for
             Software Restriction
             Policies' setting should be
CCE-9112-4   configured correctly.         enabled/disabled



             The 'BitLocker identification
             field' setting should be
CCE-9114-0   configured correctly.         string



             The 'Network access:
             Remotely accessible
             registry paths' setting
             should be configured
CCE-9121-5   correctly.                    set of paths
             The 'Domain member:
             Maximum machine account
             password age' setting
             should be configured
CCE-9123-1   correctly.              number of days


             The 'Restore files and
             directories' user right
             should be assigned to the
CCE-9124-9   appropriate accounts.        list of accounts




             The 'Allow Standby States
             (S1-S3) When Sleeping
             (Plugged In)' setting should
CCE-9126-4   be configured correctly.     enabled/disabled


             Auditing of 'Object
             Access: Filtering Platform
             Packet Drop' events on
             success should be enabled
CCE-9133-0   or disabled as appropriate. enabled/disabled


             The 'Load and unload
             device drivers' user right
             should be assigned to the
CCE-9135-5   appropriate accounts.        list of accounts




             The 'Account lockout
             threshold' setting should be number of failed
CCE-9136-3   configured correctly.        logon attempts

             Auditing of 'Object
             Access: Kernel Object'
             events on failure should be
             enabled or disabled as
CCE-9137-1   appropriate.                enabled/disabled
             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 19) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9138-9   disabled as appropriate.    enabled/disabled


             The BitLocker 'Configure
             use of passwords for
             removable data drives'
             setting should be
CCE-9141-3   configured correctly.           enabled/disabled



             The BitLocker 'Configure
             use of passwords for fixed
             data drives' setting should
CCE-9144-7   be configured correctly.    enabled/disabled


             The 'Allowed BitLocker          list of allowed
             identification field' setting   BitLocker
             should be configured            identification field
CCE-9145-4   correctly.                      strings


             The BitLocker 'Allow data
             recovery agent' setting
             should be enabled or
             disabled as appropriate for
CCE-9146-2   removable data drives.      enabled/disabled


             The 'Omit recovery options
             from the BitLocker setup
             wizard' setting should be
             configured correctly for
CCE-9147-0   operating system drives.   enabled/disabled

             Auditing of 'Account Logon:
             Kerberos Service Ticket
             Operations' events on
             success should be enabled
CCE-9148-8   or disabled as appropriate. enabled/disabled
             The 'Modify an object label'
             user right should be
             assigned to the appropriate
CCE-9149-6   accounts.                    list of accounts


             The 'Audit: Audit the
             access of global system
             objects' setting should be
CCE-9150-4   configured correctly.         enabled/disabled

             Auditing of 'Policy Change:
             MPSSVC Rule-Level Policy
             Change' events on success
             should be enabled or
CCE-9153-8   disabled as appropriate.    enabled/disabled

             The 'Network access: Do
             not allow anonymous
             enumeration of SAM
             accounts and shares'
             setting should be
CCE-9156-1   configured correctly.         enabled/disabled
             Auditing of 'Privilege Use:
             Non Sensitive Privilege
             Use' events on failure
             should be enabled or
CCE-9159-5   disabled as appropriate.      enabled/disabled

             Validation of the 'NTFS
             Boot Block' Platform
             Configuration Register (aka
             PCR 9) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9161-1   disabled as appropriate.    enabled/disabled


             Auditing of 'Audit object
             access' events on success
             should be enabled or
CCE-9162-9   disabled as appropriate.    enabled/disabled
             Auditing of 'Privilege Use:
             Sensitive Privilege Use'
             events on failure should be
             enabled or disabled as
CCE-9172-8   appropriate.                enabled/disabled
             The BitLocker 'Require use
             of smart cards on fixed
             data drives' setting should
CCE-9173-6   be configured correctly.    enabled/disabled


             The 'Allow users to
             suspend and decrypt
             BitLocker protection on
             removable data drives'
             setting should be
CCE-9176-9   configured correctly.       enabled/disabled
             Auditing of 'System:
             Security State Change'
             events on failure should be
             enabled or disabled as
CCE-9179-3   appropriate.                enabled/disabled


             Auditing of 'Audit policy
             change' events on success
             should be enabled or
CCE-9180-1   disabled as appropriate.  enabled/disabled

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 23) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9182-7   disabled as appropriate.    enabled/disabled




             The 'Create a pagefile' user
             right should be assigned to
CCE-9185-0   the appropriate accounts. list of accounts


             The 'User Account Control:
             Run all administrators in
             Admin Approval Mode'
             setting should be
CCE-9189-2   configured correctly.      enabled/disabled
             Auditing of 'Privilege Use:
             Non Sensitive Privilege
             Use' events on success
             should be enabled or
CCE-9190-0   disabled as appropriate.      enabled/disabled
             The 'System objects:
             Strengthen default
             permissions of internal
             system objects (e.g.
             Symbolic Links)' setting
             should be configured
CCE-9191-8   correctly.                    enabled/disabled




             The 'Maximum password
             age' setting should be
CCE-9193-4   configured correctly.         number of days

             Auditing of 'System:
             System Integrity' events on
             failure should be enabled
CCE-9194-2   or disabled as appropriate. enabled/disabled



             The 'Turn off downloading
             of print drivers over HTTP'
             setting should be
CCE-9195-9   configured correctly.       enabled/disabled


             The 'Network access:
             Shares that can be
             accessed anonymously'
             setting should be
CCE-9196-7   configured correctly.         set of shares


             The 'Save BitLocker
             recovery information to AD
             DS for fixed data drives'
             setting should be
CCE-9197-5   configured correctly.      enabled/disabled
             The 'Accounts:
             Administrator account
             status' setting should be
CCE-9199-1   configured correctly.      enabled/disabled
             The BitLocker 'Allow data
             recovery agent' setting
             should be enabled or
             disabled as appropriate for
CCE-9200-7   operating system drives.    enabled/disabled



             The 'Deny write access to
             removable data drives not
             protected by BitLocker'
             setting should be
CCE-9211-4   configured correctly.       enabled/disabled


             The 'Deny log on as a
             batch job' user right should
             be assigned to the
CCE-9212-2   appropriate accounts.        list of accounts
             Auditing of 'Logon-Logoff:
             Logon' events on failure
             should be enabled or
CCE-9213-0   disabled as appropriate.     enabled/disabled


             Auditing of 'Audit directory
             service access' events on
             failure should be enabled
CCE-9214-8   or disabled as appropriate. enabled/disabled


             The 'Create a token object'
             user right should be
             assigned to the appropriate
CCE-9215-5   accounts.                   list of accounts


             Auditing of 'Object
             Access: File System'
             events on success should
             be enabled or disabled as
CCE-9217-1   appropriate.                enabled/disabled


             The 'Network access:
             Named Pipes that can be
             accessed anonymously'
             setting should be
CCE-9218-9   configured correctly.       list of named pipes
             The 'Allow access to
             BitLocker-protected fixed
             data drives from earlier
             versions of Windows '
             setting should be
CCE-9220-5   configured correctly.        enabled/disabled
             Use of the combination of
             both a Trusted Platform
             Module (TPM) startup key
             and PIN for operating
             system drives encrypted
             with BitLocker should be     allowed/required/not
CCE-9221-3   configured correctly.        allowed



             The 'Shutdown: Clear
             virtual memory pagefile'
             setting should be
CCE-9222-1   configured correctly.        enabled/disabled


             The 'Manage auditing and
             security log' user right
             should be assigned to the
CCE-9223-9   appropriate accounts.        list of accounts


             Auditing of 'Audit directory
             service access' events on
             success should be enabled
CCE-9224-7   or disabled as appropriate. enabled/disabled


             The 'Generate security
             audits' user right should be
             assigned to the appropriate
CCE-9226-2   accounts.                    list of accounts

             Auditing of 'Detailed
             Tracking: Process
             Termination' events on
             success should be enabled
CCE-9227-0   or disabled as appropriate. enabled/disabled


             The built-in Guest account
CCE-9229-6   should be correctly named. account name
             Auditing of 'Policy Change:
             Audit Policy Change'
             events on failure should be
             enabled or disabled as
CCE-9235-3   appropriate.                enabled/disabled


             The 'Do not enable
             BitLocker until recovery
             information is stored to AD
             DS for fixed data drives'
             setting should be
CCE-9236-1   configured correctly.       enabled/disabled



             The 'Deny log on locally'
             user right should be
             assigned to the appropriate
CCE-9239-5   accounts.                   list of accounts



             The 'Allow BitLocker
             without a compatible TPM'
             setting should be
CCE-9241-1   configured correctly.     enabled/disabled



             The 'Deny access to this
             computer from the network'
             user right should be
             assigned to the appropriate
CCE-9244-5   accounts.                   list of accounts

                                         (1) users and/or
                                         groups
                                         (2) allow/deny
             Rights to access DCOM       (3) local
             applications should be      access/remote
CCE-9247-8   assigned as appropriate.    access

             The 'Configure storage of
             BitLocker recovery          Backup recovery
             information to AD DS'       passwords and key
             setting should be           packages/Backup
             configured correctly for    recovery passwords
CCE-9248-6   operating system drives.    only/disabled
             The 'Network access: Do
             not allow anonymous
             enumeration of SAM
             accounts' setting should be
CCE-9249-4   configured correctly.       enabled/disabled


             The 'Domain member:
             Digitally encrypt secure
             channel data (when
             possible)' setting should be
CCE-9251-0   configured correctly.        enabled/disabled


             The 'Access this computer
             from the network' user right
             should be assigned to the
CCE-9253-6   appropriate accounts.        list of accounts



             The 'Create permanent
             shared objects' user right
             should be assigned to the
CCE-9254-4   appropriate accounts.        list of accounts


             The 'Save BitLocker
             recovery information to AD
             DS for removable data
             drives' setting should be
CCE-9256-9   configured correctly.      enabled/disabled

             Auditing of 'Account Logon:
             Kerberos Authentication
             Service' events on success
             should be enabled or
CCE-9258-5   disabled as appropriate.    enabled/disabled

             Use of the Trusted
             Platform Module (TPM) on
             startup for operating
             system drives encyrpted
             with BitLocker should be allowed/required/not
CCE-9259-3   configured correctly.    allowed
             The 'Store passwords
             using reversible encryption'
             setting should be
CCE-9260-1   configured correctly.        enabled/disabled


             The 'Microsoft network
             client: Send unencrypted
             password to third-party
             SMB servers' setting
             should be configured
CCE-9265-0   correctly.                  enabled/disabled

             The 'System cryptography:
             Use FIPS compliant
             algorithms for encryption,
             hashing, and signing'
             setting should be
CCE-9266-8   configured correctly.      enabled/disabled

             Auditing of 'Account Logon:
             Kerberos Service Ticket
             Operations' events on
             failure should be enabled
CCE-9269-2   or disabled as appropriate. enabled/disabled



             The 'Deny log on through
             Remote Desktop Services'
             user right should be
             assigned to the appropriate
CCE-9274-2   accounts.                   list of accounts

             Validation of the 'Reserved
             for Future Use' Platform
             Configuration Register (aka
             PCR 20) by the Trusted
             Platform Module (TPM)
             should be enabled or
CCE-9279-1   disabled as appropriate.    enabled/disabled


             The 'Allow users to apply
             BitLocker protection on
             removable data drives'
             setting should be
CCE-9282-5   configured correctly.       enabled/disabled
             The 'Lock pages in
             memory' user right should
             be assigned to the
CCE-9289-0   appropriate accounts.       list of accounts


             The 'Domain member:
             Disable machine account
             password changes' setting
             should be configured
CCE-9295-7   correctly.                enabled/disabled


             The 'User Account Control:
             Allow UIAccess
             applications to prompt for
             elevation without using the
             secure desktop' setting
             should be configured
CCE-9301-3   correctly.                  enabled/disabled


             The 'Devices: Restrict CD-
             ROM access to locally
             logged-on user only' setting
             should be configured
CCE-9304-7   correctly.                   enabled/disabled


             The 'Interactive logon:
             Prompt user to change
             password before expiration'
             setting should be           number of days prior
CCE-9307-0   configured correctly.       to expiration



             The 'Account lockout
             duration' setting should be
CCE-9308-8   configured correctly.       number of minutes



             The 'Take ownership of
             files or other objects' user
             right should be assigned to
CCE-9309-6   the appropriate accounts. list of accounts
             Auditing of 'Privilege Use:
             Other Privilege Use Events'
             events on failure should be
             enabled or disabled as
CCE-9314-6   appropriate.                enabled/disabled

             The 'Interactive logon: Do
             not require
             CTRL+ALT+DEL' setting
             should be configured
CCE-9317-9   correctly.                   enabled/disabled


             The 'System objects:
             Require case insensitivity
             for non-Windows
             subsystems' setting should
CCE-9319-5   be configured correctly.   enabled/disabled


             The 'Log on as a batch job'
             user right should be
             assigned to the appropriate
CCE-9320-3   accounts.                   list of accounts


             Auditing of 'Audit account
             logon events' events on
             success should be enabled
CCE-9321-1   or disabled as appropriate. enabled/disabled


             The 'Remove computer
             from docking station' user
             right should be assigned to
CCE-9326-0   the appropriate accounts. list of accounts



             The 'Microsoft network
             client: Digitally sign
             communications (always)'
             setting should be
CCE-9327-8   configured correctly.        enabled/disabled
             The 'Windows Firewall:
             Domain: Apply local
             connection security rules'
             setting should be
CCE-9329-4   configured correctly.        yes/no




             The 'Minimum password
             age' setting should be
CCE-9330-2   configured correctly.        number of days



             The 'Force shutdown from
             a remote system' user right
             should be assigned to the
CCE-9336-9   appropriate accounts.       list of accounts


             Auditing of 'Audit account
             management' events on
             success should be enabled
CCE-9339-3   or disabled as appropriate. enabled/disabled


             The 'Network Security:
             Restrict NTLM: Audit
             Incoming NTLM Traffic'
             setting should be
CCE-9340-1   configured correctly.        enabled/disabled

             The 'MSS:
             (AutoAdminLogon) Enable
             Automatic Logon (not
             recommended)' setting
             should be configured
CCE-9342-7   correctly.              enabled/disabled



             The 'Microsoft network
             client: Digitally sign
             communications (if server
             agrees)' setting should be
CCE-9344-3   configured correctly.        enabled/disabled
              The 'Allow log on locally'
              user right should be
              assigned to the appropriate
CCE-9345-0    accounts.                   list of accounts


              Auditing of 'Audit process
              tracking' events on success
              should be enabled or
CCE-9347-6    disabled as appropriate.    enabled/disabled

              The 'MSS:
              (SafeDllSearchMode)
              Enable Safe DLL search
              mode (recommended)'
              setting should be
CCE-9348-4    configured correctly.        enabled/disabled




              The 'Minimum password
              length' setting should be    number of
CCE-9357-5    configured correctly.        characters


              The 'Microsoft network
              server: Disconnect clients
              when logon hours expire'
              setting should be
CCE-9358-3    configured correctly.        enabled/disabled
              The 'Registry policy
              processing' setting should
              be enabled or disabled as
CCE-9361-7    appropriate.                 enabled/disabled


              The 'Do not apply during
              periodic background
              processing' option for
              registry policy processing
              should be enabled or
CCE-9915-0    disabled as appropriate.     enabled/disabled

            The 'Process even if the
            Group Policy objects have
            not changed' option for
            registry policy processing
            should be enabled or
CCE-10417-4 disabled as appropriate.       enabled/disabled
             Auditing of 'Detailed
             Tracking: RPC Events'
             events on failure should be
             enabled or disabled as
CCE-9364-1   appropriate.                enabled/disabled


             Auditing of 'Audit logon
             events' events on success
             should be enabled or
CCE-9365-8   disabled as appropriate.  enabled/disabled



             The 'Password must meet
             complexity requirements'
             policy should be set
CCE-9370-8   correctly.                   enabled/disabled


             The 'Domain member:
             Digitally sign secure
             channel data (when
             possible)' setting should be
CCE-9375-7   configured correctly.        enabled/disabled


             Auditing of 'Object
             Access: File Share' events
             on success should be
             enabled or disabled as
CCE-9376-5   appropriate.               enabled/disabled



             The 'Access Credential
             Manager as a trusted
             caller' user right should be
             assigned to the appropriate
CCE-9380-7   accounts.                    list of accounts


             The 'System cryptography:
             Force strong key protection
             for user keys stored on the
             computer' setting should be
CCE-9381-5   configured correctly.       enabled/disabled
             The 'Network access:
             Remotely accessible
             registry paths and sub-
             paths' setting should be
CCE-9386-4   configured correctly.        set of paths


             The 'Domain member:
             Require strong (Windows
             2000 or later) session key'
             setting should be
CCE-9387-2   configured correctly.       enabled/disabled



             The 'Profile single process'
             user right should be
             assigned to the appropriate
CCE-9388-0   accounts.                    list of accounts


             The 'Back up files and
             directories' user right
             should be assigned to the
CCE-9389-8   appropriate accounts.        list of accounts


             The 'User Account Control:
             Switch to the secure
             desktop when prompting
             for elevation' setting should
CCE-9395-5   be configured correctly.      enabled/disabled

                                          Enabled:Authenticat
             The 'Restrictions for        ed/Enabled:Authenti
             Unauthenticated RPC          cated without
             clients' setting should be   exceptions/Enabled:
CCE-9396-3   configured correctly.        None/Disabled



             The 'Reset account lockout
             counter after' setting
             should be configured
CCE-9400-3   correctly.                 number of minutes
                                        Notify for download
                                        and notify for
                                        install/Auto download
                                        and notify for
                                        install/Auto download
                                        and schedule the
              Automatic Updates should install/Allow local
              be enabled or disabled as admin to choose
CCE-9403-7    appropriate.              setting/Disabled


            The 'Scheduled install day'
            option for automatic
            updates should be set       every day/specific
CCE-10700-3 correctly.                  day of every week


              The 'Scheduled install time'
              option for automatic
              updates should be set
CCE-9924-2    correctly.                   hour of the day


              Auditing of 'Object
              Access: File Share' events
              on failure should be
              enabled or disabled as
CCE-9405-2    appropriate.               enabled/disabled


              The 'Microsoft network
              server: Amount of idle time
              required before suspending
              session' setting should be
CCE-9406-0    configured correctly.       number of minutes


              The 'Act as part of the
              operating system' user
              right should be assigned to
CCE-9407-8    the appropriate accounts. list of accounts


              The 'Interactive logon:
              Require smart card' setting
              should be configured
CCE-9410-2    correctly.                  enabled/disabled
             Auditing of 'Detailed
             Tracking: DPAPI Activity'
             events on failure should be
             enabled or disabled as
CCE-9412-8   appropriate.                enabled/disabled



             The 'Modify firmware
             environment values' user
             right should be assigned to
CCE-9417-7   the appropriate accounts. list of accounts


             The 'Accounts: Limit local
             account use of blank
             passwords to console
             logon only' setting should
CCE-9418-5   be configured correctly.     enabled/disabled



             The 'Profile system
             performance' user right
             should be assigned to the
CCE-9419-3   appropriate accounts.        list of accounts

             The 'MSS:
             (KeepAliveTime) How often
             keep-alive packets are sent
             in milliseconds' setting
             should be configured        frequency in
CCE-9426-8   correctly.                  milliseconds

             The 'Audit: Force audit
             policy subcategory settings
             (Windows Vista or later) to
             override audit policy
             category settings' setting
             should be configured
CCE-9432-6   correctly.                  enabled/disabled
                                          Allow all exceptions
                                          (least
                                          secure)/Multicast,
                                          broadcast, and
                                          ISAKMP are exempt
                                          (Best for Windows
                                          XP)/RSVP,
             The 'MSS:                    Kerberos, and
             (NoDefaultExempt)            ISAKMP are
             Configure IPSec              excempt/Only
             exemptions for various       ISAKMP is excempt
             types of network traffic.'   (recommended for
             setting should be            Windows Server
CCE-9439-1   configured correctly.        2003)/Disabled


             The 'Devices: Restrict
             floppy access to locally
             logged-on user only' setting
             should be configured
CCE-9440-9   correctly.                   enabled/disabled

             Auditing of 'Account Logon:
             Other Account Logon
             Events' events on failure
             should be enabled or
CCE-9445-8   disabled as appropriate.    enabled/disabled


             The 'Interactive logon: Do
             not display last user name'
             setting should be
CCE-9449-0   configured correctly.       enabled/disabled

             Auditing of 'Object
             Access: Other Object
             Access Events' events on
             success should be enabled
CCE-9455-7   or disabled as appropriate. enabled/disabled
             The 'MSS:
             (TcpMaxDataRetransmissi
             ons) How many times
             unacknowledged data is
             retransmitted (3
             recommended, 5 is
             default)' setting should be number of
CCE-9456-5   configured correctly.       retransmissions
             The 'MSS:
             (PerformRouterDiscovery)
             Allow IRDP to detect and       Enable only if DHCP
             configure Default Gateway      sends the Perform
             addresses (could lead to       Router Discovery
             DoS)' setting should be        option/Enabled/Disa
CCE-9458-1   configured correctly.          bled


             Auditing of 'Object
             Access: Certification
             Services' events on
             success should be enabled
CCE-9460-7   or disabled as appropriate. enabled/disabled


             The 'Log on as a service'
             user right should be
             assigned to the appropriate
CCE-9461-5   accounts.                   list of accounts


             The 'Audit: Shut down
             system immediately if
             unable to log security
             audits' setting should be
CCE-9463-1   configured correctly.          enabled/disabled

             The 'Do not display 'Install
             Updates and Shut Down'
             option in Shut Down
             Windows dialog box'
             setting should be
CCE-9464-9   configured correctly.          enabled/disabled




             The Windows Firewall
             should be enabled or
             disabled as appropriate for
CCE-9465-6   the Domain Profile.         enabled/disabled
             The 'MSS:
             (TcpMaxDataRetransmissi
             ons IPv6) How many times
             unacknowledged data is
             retransmitted (3
             recommended, 5 is
             default)' setting should be number of
CCE-9487-0   configured correctly.       retransmissions
             Auditing of 'Object
             Access: Certification
             Services' events on failure
             should be enabled or
CCE-9488-8   disabled as appropriate.    enabled/disabled

             Auditing of 'Detailed
             Tracking: RPC Events'
             events on success should
             be enabled or disabled as
CCE-9492-0   appropriate.                   enabled/disabled



             The 'Network Security:         Allow all/Deny all
             Restrict NTLM: Incoming        domain
             NTLM traffic' setting should   accounts/Deny all
CCE-9494-6   be configured correctly.       accounts
             The 'MSS:
             (DisableIPSourceRouting)
             IP source routing protection
             level (protects against
             packet spoofing)' setting      allowed/ignored
             should be configured           when IP forwarding
CCE-9496-1   correctly.                     is enabled/disabled
             Auditing of 'Account
             Management: Computer
             Account Management'
             events on success should
             be enabled or disabled as
CCE-9498-7   appropriate.                   enabled/disabled


             The 'Retain old events'
             setting should be
             configured correctly for the
CCE-9500-0   security log.                enabled/disabled

             The 'MSS: (WarningLevel)
             Percentage threshold for
             the security event log at
             which the system will
             generate a warning' setting log capacity
             should be configured        threshold as a
CCE-9501-8   correctly.                  percentage
              Auditing of 'Account Logon:
              Kerberos Authentication
              Service' events on failure
              should be enabled or
CCE-9502-6    disabled as appropriate.    enabled/disabled


              The 'Network access:
              Sharing and security model
              for local accounts' setting
              should be configured
CCE-9503-4    correctly.                  Classic/Guest only

              User-intiated solicitations
              for remote assistance (aka
              the 'Solicited Remote
              Assistance' setting) should
              be enabled or disabled as
CCE-9506-7    appropriate.                enabled/disabled

            The 'Permit remote control     Allow helpers to
            of this computer' option for   remotely control the
            the 'Solicited Remote          computer/Allow
            Assistance' setting should     helpers to only view
CCE-10519-7 be configured correctly.       the computer

            The 'Maximum ticket time
            (value)' option for the
            'Solicited Remote
            Assistance' setting should
CCE-10753-2 be configured correctly.       time value

            The 'Maximum ticket time
            (units)' option for the
            'Solicited Remote
            Assistance' setting should
CCE-10312-7 be configured correctly.       time units

              The 'Method for sending e-
              mail invitations' option for
              the 'Solicited Remote
              Assistance' setting should
CCE-9929-1    be configured correctly.     Mailto/Simple MAPI



              Windows Firewall should
              allow or block outbound
              connections by default as
              appropriate for the Domain
CCE-9509-1    Profile.                   allow/block
             The 'Do not allow drive
             redirection' setting should
CCE-9518-2   be configured correctly.      enabled/disabled

             Auditing of 'System:
             System Integrity' events on
             success should be enabled
CCE-9520-8   or disabled as appropriate. enabled/disabled

             Auditing of 'Logon-Logoff:
             Special Logon' events on
             failure should be enabled
CCE-9521-6   or disabled as appropriate. enabled/disabled



             Unicast response to
             multicast or broadcast
             requests should be
             enabled or disabled as
             appropriate for the Private
CCE-9522-4   Profile.                      enabled/disabled

                                           Disabled/Deny for
                                           domain accounts to
             The 'Network Security:        domain servers/deny
             Restrict NTLM: NTLM           for domain
             authentication in this        accounts/deny for
             domain' setting should be     domain servers/Deny
CCE-9525-7   configured correctly.         all

             Auditing of 'DS Access:
             Detailed Directory Service
             Replication' events on
             failure should be enabled
CCE-9526-5   or disabled as appropriate. enabled/disabled



             The 'Turn off Autoplay'
             setting should be             All drives/CD-ROM
CCE-9528-1   configured correctly.         drives/Disabled
              The 'Network access: Allow
              anonymous SID/Name
              translation' setting should
CCE-9531-5    be configured correctly.    enabled/disabled



              The 'Network Security:
              Configure encryption types
              allowed for Kerberos'
              setting should be
CCE-9532-3    configured correctly.      enabled/disabled

            The 'Require message
            integrity' option for the
            'Network security: Minimum
            session security for NTLM
            SSP based (including
            secure RPC) clients'
            setting should be enabled
CCE-9534-9 or disabled as appropriate. enabled/disabled
            The 'Require message
            confidentiality' option for
            the 'Network security:
            Minimum session security
            for NTLM SSP based
            (including secure RPC)
            clients' setting should be
            enabled or disabled as
CCE-10887-8 appropriate.                 enabled/disabled
            The 'Require NTLMv2
            session security' option for
            the 'Network security:
            Minimum session security
            for NTLM SSP based
            (including secure RPC)
            clients' setting should be
            enabled or disabled as
CCE-10777-1 appropriate.                 enabled/disabled

            The 'Require 128-bit
            encryption' option for the
            'Network security: Minimum
            session security for NTLM
            SSP based (including
            secure RPC) clients'
            setting should be enabled
CCE-10904-1 or disabled as appropriate. enabled/disabled
             The 'Network access:
             Restrict anonymous
             access to Named Pipes
             and Shares' setting should
CCE-9540-6   be configured correctly.   enabled/disabled
             Auditing of 'Account
             Management: User
             Account Management'
             events on success should
             be enabled or disabled as
CCE-9542-2   appropriate.               enabled/disabled

             Auditing of 'Object
             Access: Other Object
             Access Events' events on
             failure should be enabled
CCE-9545-5   or disabled as appropriate. enabled/disabled


             The 'Network Security:
             Restrict NTLM: Outgoing
             NTLM traffic to remote
             servers' setting should be   Allow all/Audit
CCE-9556-2   configured correctly.        all/Deny all



             The 'Turn off the Windows
             Messenger Customer
             Experience Improvement
             Program' setting should be
CCE-9559-6   configured correctly.      enabled/disabled

             Auditing of 'Detailed
             Tracking: Process
             Creation' events on
             success should be enabled
CCE-9562-0   or disabled as appropriate. enabled/disabled


             Auditing of 'Object
             Access: Filtering Platform
             Connection' events on
             failure should be enabled
CCE-9569-5   or disabled as appropriate. enabled/disabled
             The 'System settings:
             Optional subsystems'
             setting should be
CCE-9579-4   configured correctly.        List of subsystems

             Auditing of 'System: Other
             System Events' events on
             success should be enabled
CCE-9586-9   or disabled as appropriate. enabled/disabled



             Windows Firewall should
             allow or block outbound
             connections by default as
             appropriate for the Public
CCE-9588-5   Profile.                    allow/block
             Auditing of 'Account
             Management: Application
             Group Management'
             events on failure should be
             enabled or disabled as
CCE-9591-9   appropriate.                enabled/disabled




             The Windows Firewall
             should be enabled or
             disabled as appropriate for
CCE-9593-5   the Public Profile.         enabled/disabled

             Auditing of 'Policy Change:
             Other Policy Change
             Events' events on success
             should be enabled or
CCE-9596-8   disabled as appropriate.    enabled/disabled


             The 'Maximum Log Size
             (KB)' setting should be
             configured correctly for the
CCE-9603-2   application log.             size in kilobytes
                                         Disable/Enable for
                                         domain accounts to
                                         domain
             The 'Network Security:      servers/Enable for
             Restrict NTLM: Audit        domain
             NTLM authentication in this accounts/Enable for
             domain' setting should be domain
CCE-9604-0   configured correctly.       servers/Enable all
             Auditing of 'Account
             Management: Computer
             Account Management'
             events on failure should be
             enabled or disabled as
CCE-9608-1   appropriate.                enabled/disabled


             The 'User Account Control:
             Detect application
             installations and prompt for
             elevation' setting should be
CCE-9616-4   configured correctly.        enabled/disabled



             Windows Firewall should
             allow or block inbound
             connections by default as
             appropriate for the Domain
CCE-9620-6   Profile.                   allow/block

             Auditing of 'Logon-Logoff:
             Other Logon/Logoff Events'
             events on success should
             be enabled or disabled as
CCE-9622-2   appropriate.               enabled/disabled

             Auditing of 'DS Access:
             Detailed Directory Service
             Replication' events on
             success should be enabled
CCE-9628-9   or disabled as appropriate. enabled/disabled


             Auditing of 'Audit object
             access' events on failure
             should be enabled or
CCE-9629-7   disabled as appropriate.    enabled/disabled
             Auditing of 'Logon-Logoff:
             Other Logon/Logoff Events'
             events on failure should be
             enabled or disabled as
CCE-9631-3   appropriate.                enabled/disabled
             Auditing of 'Logon-Logoff:
             IPsec Quick Mode' events
             on success should be
             enabled or disabled as
CCE-9632-1   appropriate.                 enabled/disabled

             Auditing of 'Policy Change:
             Authorization Policy
             Change' events on success
             should be enabled or
CCE-9633-9   disabled as appropriate.    enabled/disabled

             Auditing of 'DS Access:
             Directory Service
             Replication' events on
             success should be enabled
CCE-9637-0   or disabled as appropriate. enabled/disabled



             The 'Turn off the "Publish
             to Web" task for files and
             folders' setting should be
CCE-9643-8   configured correctly.        enabled/disabled
             Auditing of 'Account
             Management: Distribution
             Group Management'
             events on success should
             be enabled or disabled as
CCE-9644-6   appropriate.                 enabled/disabled

             Auditing of 'Account
             Management: Other
             Account Management
             Events' events on success
             should be enabled or
CCE-9657-8   disabled as appropriate.   enabled/disabled
             Auditing of 'Logon-Logoff:
             IPsec Extended Mode'
             events on success should
             be enabled or disabled as
CCE-9661-0   appropriate.               enabled/disabled




             The 'Windows Firewall:
             Private: Apply local firewall
             rules' setting should be
CCE-9663-6   configured correctly.         yes/no
             Auditing of 'Account
             Management: Other
             Account Management
             Events' events on failure
             should be enabled or
CCE-9668-5   disabled as appropriate.     enabled/disabled




             The 'Require a Password
             When a Computer Wakes
             (Plugged In)' setting should
CCE-9670-1   be configured correctly.     enabled/disabled
             Auditing of 'Logon-Logoff:
             IPsec Quick Mode' events
             on failure should be
             enabled or disabled as
CCE-9671-9   appropriate.                 enabled/disabled


             The 'No auto-restart with
             logged on users for
             scheduled automatic
             updates installations'
             setting should be
CCE-9672-7   configured correctly.        enabled/disabled


             The 'Turn off Internet
             download for Web
             publishing and online
             ordering wizards' setting
             should be configured
CCE-9674-3   correctly.                   enabled/disabled

             The 'Prevent access to
             registry editing tools'
             setting should be
CCE-9677-6   configured correctly.        enabled/disabled
             Auditing of 'Logon-Logoff:
             Logon' events on success
             should be enabled or
CCE-9683-4   disabled as appropriate.     enabled/disabled



             The 'Hide mechanisms to
             remove zone information'
             setting should be
CCE-9684-2   configured correctly.        enabled/disabled
             The 'Windows Firewall:
             Domain: Apply local firewall
             rules' setting should be
CCE-9686-7   configured correctly.        yes/no
             Auditing of 'Account
             Management: Security
             Group Management'
             events on success should
             be enabled or disabled as
CCE-9692-5   appropriate.                 enabled/disabled



             Windows Firewall should
             allow or block inbound
             connections by default as
             appropriate for the Private
CCE-9694-1   Profile.                      allow/block

             The 'Network security:
             Force logoff when logon
             hours expire' setting should
CCE-9704-8   be configured correctly.     enabled/disabled


             The 'Shutdown: Allow
             system to be shut down
             without having to log on'
             setting should be
CCE-9707-1   configured correctly.         enabled/disabled




             The 'Windows Firewall:
             Private: Apply local
             connection security rules'
             setting should be
CCE-9712-1   configured correctly.         yes/no
             Auditing of 'Logon-Logoff:
             IPsec Main Mode' events
             on failure should be
             enabled or disabled as
CCE-9715-4   appropriate.                  enabled/disabled
             Auditing of 'Account Logon:
             Credential Validation'
             events on failure should be
             enabled or disabled as
CCE-9718-8   appropriate.                enabled/disabled
             Auditing of 'Object Access:
             Detailed File Share' events
             on success should be
             enabled or disabled as
CCE-9720-4   appropriate.                enabled/disabled

             Auditing of 'Account Logon:
             Credential Validation'
             events on success should
             be enabled or disabled as
CCE-9725-3   appropriate.                enabled/disabled


             Auditing of 'Object
             Access: Filtering Platform
             Connection' events on
             success should be enabled
CCE-9728-7   or disabled as appropriate. enabled/disabled


             The 'Password protect the
             screen saver' setting
             should be configured
CCE-9730-3   correctly.                  enabled/disabled


             The 'Do not adjust default
             option to 'Install Updates
             and Shut Down' in Shut
             Down Windows dialog box'
             setting should be
CCE-9733-7   configured correctly.      enabled/disabled

             Auditing of 'DS Access:
             Directory Service Changes'
             events on success should
             be enabled or disabled as
CCE-9734-5   appropriate.               enabled/disabled

             Auditing of 'Detailed
             Tracking: DPAPI Activity'
             events on success should
             be enabled or disabled as
CCE-9735-2   appropriate.                enabled/disabled
            The 'Require message
            integrity' option for the
            'Network security: Minimum
            session security for NTLM
            SSP based (including
            secure RPC) servers'
            setting should be enabled
CCE-9736-0 or disabled as appropriate. enabled/disabled
            The 'Require message
            confidentiality' option for
            the 'Network security:
            Minimum session security
            for NTLM SSP based
            (including secure RPC)
            servers' setting should be
            enabled or disabled as
CCE-10916-5 appropriate.                 enabled/disabled
            The 'Require NTLMv2
            session security' option for
            the 'Network security:
            Minimum session security
            for NTLM SSP based
            (including secure RPC)
            servers' setting should be
            enabled or disabled as
CCE-10281-4 appropriate.                 enabled/disabled

            The 'Require 128-bit
            encryption' option for the
            'Network security: Minimum
            session security for NTLM
            SSP based (including
            secure RPC) servers'
            setting should be enabled
CCE-10924-9 or disabled as appropriate. enabled/disabled


              Auditing of 'Object
              Access: Registry' events on
              success should be enabled
CCE-9737-8    or disabled as appropriate. enabled/disabled




              The Windows Firewall
              should be enabled or
              disabled as appropriate for
CCE-9739-4    the Private Profile.        enabled/disabled
              Auditing of 'Logon-Logoff:
              Network Policy Server'
              events on failure should be
              enabled or disabled as
CCE-9741-0    appropriate.                enabled/disabled


              Display of a notification to
              the user when Windows
              Firewall blocks network
              activity should be enabled
              or disabled as appropriate
CCE-9742-8    for the public profile.        enabled/disabled

              Auditing of 'DS Access:
              Directory Service
              Replication' events on
              failure should be enabled
CCE-9755-0    or disabled as appropriate. enabled/disabled

              Auditing of 'Logon-Logoff:
              Special Logon' events on
              success should be enabled
CCE-9763-4    or disabled as appropriate. enabled/disabled


            The Remote Desktop
            Services 'Set client
            connection encryption level'
            setting should be enabled
CCE-9764-2 or disabled as appropriate.       enabled/disabled
            The 'Encryption Level'
            option for the Remote
            Desktop Services 'Set
            client connection
            encryption level' setting
            should be configured             Low/High/Client
CCE-10779-7 correctly.                       Compatible
            Auditing of 'DS Access:
            Directory Service Access'
            events on success should
            be enabled or disabled as
CCE-9765-9 appropriate.                      enabled/disabled


              The 'Network security:
              LDAP client signing
              requirements' setting          None/Negotiate
              should be configured           signing/Require
CCE-9768-3    correctly.                     signing
             The 'Network Security:
             Allow PKU2U
             authentication requests to
             this computer to use online
             identities' setting should be
CCE-9770-9   configured correctly.         enabled/disabled



             Unicast response to
             multicast or broadcast
             requests should be
             enabled or disabled as
             appropriate for the Public
CCE-9773-3   Profile.                       enabled/disabled


             Display of a notification to
             the user when Windows
             Firewall blocks network
             activity should be enabled
             or disabled as appropriate
CCE-9774-1   for the domain profile.        enabled/disabled




             The 'Windows Firewall:
             Public: Apply local firewall
             rules' setting should be
CCE-9786-5   configured correctly.          yes/no


             Auditing of 'Object
             Access: Handle
             Manipulation' events on
             success should be enabled
CCE-9789-9   or disabled as appropriate. enabled/disabled
             Auditing of 'DS Access:
             Directory Service Access'
             events on failure should be
             enabled or disabled as
CCE-9791-5   appropriate.                enabled/disabled
             Auditing of 'Account
             Management: User
             Account Management'
             events on failure should be
             enabled or disabled as
CCE-9800-4   appropriate.                enabled/disabled
             The 'User Account Control:
             Only elevate UIAccess
             applications that are
             installed in secure
             locations' setting should be
CCE-9801-2   configured correctly.        enabled/disabled

             Auditing of 'System: IPsec
             Driver' events on failure
             should be enabled or
CCE-9802-0   disabled as appropriate.      enabled/disabled

             Auditing of 'Object
             Access: Kernel Object'
             events on success should
             be enabled or disabled as
CCE-9803-8   appropriate.                  enabled/disabled

             Auditing of 'Detailed
             Tracking: Process
             Creation' events on failure
             should be enabled or
CCE-9805-3   disabled as appropriate.      enabled/disabled

             Auditing of 'Account Logon:
             Other Account Logon
             Events' events on success
             should be enabled or
CCE-9808-7   disabled as appropriate.    enabled/disabled


             Auditing of 'Object
             Access: File System'
             events on failure should be
             enabled or disabled as
CCE-9811-1   appropriate.                enabled/disabled

             Auditing of 'Object
             Access: Application
             Generated' events on
             success should be enabled
CCE-9816-0   or disabled as appropriate. enabled/disabled




             The 'Windows Firewall:
             Public: Apply local
             connection security rules'
             setting should be
CCE-9817-8   configured correctly.         yes/no
             Auditing of 'Detailed
             Tracking: Process
             Termination' events on
             failure should be enabled
CCE-9818-6   or disabled as appropriate. enabled/disabled




             The 'Require a Password
             When a Computer Wakes
             (On Battery)' setting should
CCE-9829-3   be configured correctly.     enabled/disabled

             Auditing of 'Object
             Access: SAM' events on
             failure should be enabled
CCE-9845-9   or disabled as appropriate. enabled/disabled
             Auditing of 'System:
             Security State Change'
             events on success should
             be enabled or disabled as
CCE-9850-9   appropriate.                enabled/disabled

             Auditing of 'Object
             Access: SAM' events on
             success should be enabled
CCE-9856-6   or disabled as appropriate. enabled/disabled

             Auditing of 'System:
             Security System Extension'
             events on success should
             be enabled or disabled as
CCE-9863-2   appropriate.                enabled/disabled
             Auditing of 'Privilege Use:
             Sensitive Privilege Use'
             events on success should
             be enabled or disabled as
CCE-9878-0   appropriate.                enabled/disabled


             Auditing of 'Audit account
             logon events' events on
             failure should be enabled
CCE-9887-1   or disabled as appropriate. enabled/disabled

             Auditing of 'Policy Change:
             Filtering Platform Policy
             Change' events on success
             should be enabled or
CCE-9902-8   disabled as appropriate.    enabled/disabled
              Auditing of 'Policy Change:
              MPSSVC Rule-Level Policy
              Change' events on failure
              should be enabled or
CCE-9913-5    disabled as appropriate.    enabled/disabled


              The 'Turn off Data
              Execution Prevention for
              Explorer' setting should be
CCE-9918-4    configured correctly.       enabled/disabled

              Auditing of 'System: IPsec
              Driver' events on success
              should be enabled or
CCE-9925-9    disabled as appropriate.     enabled/disabled


              The 'Enumerate
              administrator accounts on
              elevation' setting should be
CCE-9938-2    configured correctly.        enabled/disabled



              The 'Force specific screen
              saver' setting should be
CCE-9958-0    configured correctly.      enabled/disabled

              Unsolicited offers of remote
              assistance (aka the 'Offer
              Remote Assistance'
              setting) should be
              automatically rejected or
              passed to the logged-on
              user for confirmation as
CCE-9960-6    appropriate.                 enabled/disabled

            The 'Permit remote control     Allow helpers to
            of this computer' option for   remotely control the
            the 'Offer Remote              computer/Allow
            Assistance' setting should     helpers to only view
CCE-10690-6 be configured correctly.       the computer
            The set of users and/or
            gorups allowed to make
            unsolicited offers of remote
            assistance (aka the
            'Helpers' option for the
            'Offer Remote Assistance'
            setting) should be             list of users and/or
CCE-9931-7 configured correctly.           groups
              Auditing of 'Policy Change:
              Authentication Policy
              Change' events on success
              should be enabled or
CCE-9976-2    disabled as appropriate.    enabled/disabled


              The 'Do not process the
              legacy run list' setting
              should be configured
CCE-9983-8    correctly.                  enabled/disabled



              The 'Allow users to connect
              remotely using Remote
              Desktop Services' setting
              should be configured
CCE-9985-3    correctly.                  enabled/disabled

              Auditing of 'Privilege Use:
              Other Privilege Use Events'
              events on success should
              be enabled or disabled as
CCE-9988-7    appropriate.                enabled/disabled


              Auditing of 'Audit system
              events' events on failure
              should be enabled or
CCE-9990-3    disabled as appropriate.    enabled/disabled

            Auditing of 'System:
            Security System Extension'
            events on failure should be
            enabled or disabled as
CCE-9998-6 appropriate.                  enabled/disabled
            The "IPv6 Block of
            Protocols 41" option for the
            Windows Firewall setting
            should be configured
CCE-10207-9 correctly.                   enabled/disabled
            The "IPv6 Block of UDP
            3544" option for the
            Windows Firewall setting
            should be configured
CCE-10488-5 correctly.                   enabled/disabled
            The "Log Dropped
            Packets" option for the
            Windows Firewall should
            be configured correctly for
CCE-10502-3 the Domain Profile.            (1) enabled/disabled



            The "Log Successful
            Connections" option for the
            Windows Firewall should
            be configured correctly for
CCE-10268-1 the Domain Profile.         (1) enabled/disabled



            The "Log File Path and
            Name" for the Windows
            Firewall should be
            configured correctly for the
CCE-10022-2 Domain Profile.              (1) File path



               The "Log File Size Limit"
               for the Windows Firewall
               should be configured
               correctly for the Domain
CCE-9747-7     Profile.                    (1) Size limit (KB)



            The "Log Dropped
            Packets" option for the
            Windows Firewall should
            be configured correctly for
CCE-10215-2 the Private Profile.           (1) enabled/disabled



            The "Log Successful
            Connections" option for the
            Windows Firewall should
            be configured correctly for
CCE-10611-2 the Private Profile.        enable/disabled
            The "Log File Path and
            Name" for the Windows
            Firewall should be
            configured correctly for the
CCE-10386-1 Private Profile.             (1) File path



            The "Log File Size Limit"
            for the Windows Firewall
            should be configured
            correctly for the Private
CCE-10250-9 Profile.                         (1) Size limit (KB)



               The "Log Dropped
               Packets" option for the
               Windows Firewall should
               be configured correctly for
CCE-9749-3     the Public Profile.           (1) enabled/disabled



               The "Log Successful
               Connections" option for the
               Windows Firewall should
               be configured correctly for
CCE-9753-5     the Public Profile.         (1) enable/disabled



               The "Log File Path and
               Name" for the Windows
               Firewall should be
               configured correctly for the
CCE-9926-7     Public Profile.              (1) File path



            The "Log File Size Limit"
            for the Windows Firewall
            should be configured
            correctly for the Public
CCE-10373-9 Profile.                         (1) Size limit (KB)
              The "Turn on Mapper I/O
              (LLTDIO) Driver" setting
              should be configured
CCE-9783-2    correctly.                 (1) enable/disabled



            The "Allow operation while
            in domain" setting on the
            LLTDIO Driver should be
CCE-15050-8 configured correctly.      (1) enabled/disabled


            The "Allow operation while
            in public network" setting
            on the LLTDIO Driver
            should be configured
CCE-14109-3 correctly.                 (1) enabled/disabled


            The "Prohibit operation
            while in private network"
            setting on the LLTDIO
            Driver should be configured
CCE-14718-1 correctly.                  (1) enabled/disabled



            The "Turn on Responder
            (RSPNDR) Driver" setting
            should be configured
CCE-10059-4 correctly.                   (1) enabled/disabled



            The "Allow operation while
            in domain" setting on the
            RSPNDR Driver should be
CCE-15059-9 configured correctly.      (1) enabled/disabled


            The "Allow operation while
            in public network" setting
            on the RSPNDR Driver
            should be configured
CCE-14830-4 correctly.                 (1) enabled/disabled
            The "Prohibit operation
            while in private network"
            setting on the RSPNDR
            Driver should be configured
CCE-14834-6 correctly.                  (1) enabled/disabled

            The startup type of
            Microsoft Peer-to-Peer
            Networking Services
            should be configured
CCE-10438-0 correctly.                   (1) enabled/disabled


              Installation and
              Configuration of Network
              Bridge on the DNS Domain
              Network should be properly
CCE-9953-1    configured.                (1) enabled/disabled


              Installation and
              Configuration of Network
              Bridge on the DNS Domain
              Network should be properly
CCE-9797-2    configured.                (1) enabled/disabled


            The "Require domain users
            to elevate when setting a
            network's location" setting
            should be configured
CCE-10359-8 correctly.                  (1) enabled/disabled


            The "Route all traffic
            through the internal
            network" setting should be
CCE-10509-8 configured correctly.        (1) enabled/disabled



            The "6to4 State" setting
            should be configured
CCE-10266-5 correctly.                   (1) enabled/disabled



            The "ISATAP State" setting
            for IPv6 should be
CCE-10130-3 configured correctly.      (1) enabled/disabled
            The "Teredo State" setting
            should be configured
CCE-10011-5 correctly.                 (1) enabled/disabled




            The "IP HTTPS" state
            setting should be
CCE-10764-9 configured correctly.       (1) enabled/disabled
            The "Configuration of
            wireless settings using
            Windows Connect Now"
            setting should be
            configured correctly for
            Wireless Connect Now
CCE-9879-8 over Ethernet (UPnP).        enabled/disabled


            The Windows Connect
            Now "Maximum number of
            WCN devices" setting
            should be configured
CCE-14900-5 correctly.             number of devices

            The Windows Connect
            Now "Higher precedence
            medium for devices
            discovered by multiple      WCN over Ethernet
            media" setting should be    (UPnP), WCN over
CCE-14653-0 configured appropriately.   In-band 802.11 Wi-Fi



            The Windows Connect
            Now "Ethernet (UPnP)"
            setting should be
CCE-15015-1 configured correctly.       enabled/disabled



            The Windows Connect "In-
            band 802.11 Wi-Fi" setting
            should be configured
CCE-15019-3 correctly.                 enabled/disabled
            The Windows Connect
            Now "USB Flash Drive"
            setting should be
CCE-15041-7 configured correctly.        enabled/disabled



            The Windows Connect
            Now "Windows Portable
            Device" setting should be
CCE-14411-3 configured correctly.        enabled/disabled



            The "Prohibit Access of the
            Windows Connect Now
            Wizards" setting should be
CCE-10778-9 configured correctly.       enabled/disabled


            The "Extend Point and
            Print connection to search
            Windows Update and use
            alternate connection if
            needed" setting should be
CCE-10782-1 configured correctly.        enabled/disabled


            The "Allow remote access
            to the PnP interface"
            setting should be
CCE-10769-8 configured correctly.        (1) enabled/disabled

              The "Do not send a
              Windows Error Report
              when a generic driver is
              installed on a device"
              setting should be
CCE-9901-0    configured correctly.      enabled/disabled



            The "Do not create system
            restore point when new
            device driver installed"
            setting should be
CCE-10553-6 configured correctly.     enabled/disabled
            The "Prevent device
            metadata retrieval from
            internet" setting should be
CCE-10165-9 configured correctly.         enabled/disabled

                                           (1) enabled/disabled
                                           (2) Windows Update
              The "Specify Search Order first, Windows
              for device driver source     Update last, Do not
              locations" setting should be search Windows
CCE-9919-2    configured correctly.        Update


            The "Turn off Windows
            Update device driver
            search prompt" setting
            should be configured
CCE-10694-8 correctly.                    enabled/disabled



            The "Turn Off Automatic
            Root Certificates Update"
            setting should be
CCE-10681-5 configured correctly.         enabled/disabled



              The "Turn Off Event Views
              "Events.asp" Links" setting
              should be configured
CCE-9819-4    correctly.                  enabled/disabled



            The "Turn off handwriting
            personalization data
            sharing" setting should be
CCE-10658-3 configured correctly.         enabled/disabled



            The "Turn Off Handwriting
            Reconition Error Reporting"
            setting should be
CCE-10645-0 configured correctly.       enabled/disabled
            The "Turn Off Internet
            Connection Wizard if URL
            Connection is Referring to
            Microsoft.com" setting
            should be configured
CCE-10649-2 correctly.                    enabled/disabled



            The "Turn Off Internet File
            Association Service"
            setting should be
CCE-10795-3 configured correctly.       enabled/disabled



            The "Turn Off Registration
            if URL Connection is
            Referring to Microsoft.com"
            setting should be
CCE-10160-0 configured correctly.       enabled/disabled



              The "Turn Off the 'Order
              Prints' Picture Task" setting
              should be configured
CCE-9823-6    correctly.                    enabled/disabled



              The "Turn off Windows
              Customer Experience
              Improvement Program"
              setting should be
CCE-9831-9    configured correctly.       enabled/disabled




            The "Enable Error
            Reporting" policy should be
CCE-10441-4 set correctly.              (1) enabled/disabled
            Use Classic Logon should
CCE-10591-6 be properly configured.       (1) logon type



            The "Turn on session
            logging" setting should be
CCE-10344-0 configured correctly.         enabled/disabled


              The "Microsoft Support
              Diagnostic Tool: Turn on
              MSDT interactive
              communication with
              support provider" setting
              should be configured
CCE-9842-6    correctly.                  enabled/disabled


            The "Troubleshooting:
            Allow user to access online
            troubleshooting content on
            Microsoft servers from the
            Troubleshooting Control
            Panel (via Windows Online
            Troubleshooting Service -
            WOTS)" setting should be
CCE-10606-2 configured correctly.       enabled/disabled




            The "Enable/Disable
            PerfTrack" setting should
CCE-10219-4 be configured correctly.      enabled/disabled



            The "Configure Windows        The Domain Name
            NTP Client\NtpServer"         System (DNS) name
            setting should be             or IP address of an
CCE-10500-7 configured correctly.         NTP time source
            The "Configure Windows
            NTP Client\Type" setting      No
            should be configured          Sync/NTP/NT5DS/All
CCE-10368-9 correctly.                    Sync


              The "Configure Windows
              NTP
              Client\CrossSiteSyncFlags"
              setting should be
CCE-9892-1    configured correctly.      0/1/2


            The "Configure Windows
            NTP
            Client\ResolvePeerBackoff
            Minutes" setting should be
CCE-10756-5 configured correctly.      Number of minutes


            The "Configure Windows
            NTP
            Client\ResolvePeerBackoff Number of attempts
            MaxTimes" setting should made to resolve
CCE-10531-2 be configured correctly.  DNS name


            The "Configure Windows
            NTP
            Client\SpecialPollInterval"
            setting should be
CCE-10774-8 configured correctly.         Number of seconds



            The "Configure Windows
            NTP Client\EventLogFlags"
            setting should be
CCE-10408-3 configured correctly.     0, 1, 2, 3




            The "Turn off Program
            Inventory" setting should
CCE-10787-0 be configured correctly.      enabled/disabled
            The default behavior for
            AutoRun should be
CCE-10527-0 properly configured.          enabled/disabled



            The "Turn off Autoplay for
            non-volume devices"
            setting should be
CCE-10655-9 configured correctly.         enabled/disabled



               The "Override the More
               Gadgets Link" setting
               should be configured
CCE-9857-4     correctly.                 enabled/disabled


            The "Disable unpacking
            and installation of gadgets
            that are not digitally signed"
            setting should be
CCE-10811-8 configured correctly.          enabled/disabled



            The "Turn Off User
            Installed Windows Sidebar
            Gadgets" setting should be
CCE-10586-6 configured correctly.      enabled/disabled




            The setup log maximum
            size should be configured
CCE-10714-4 correctly.                    (1) Size limit (KB)



            The "Turn Off Downloading
            of Game Information"
            setting should be
CCE-10828-2 configured correctly.     enabled/disabled
            The "Turn off game
            updates" setting should be
CCE-10850-6 configured correctly.      enabled/disabled




            The "Set time limit for idle
            sessions" policy should be
            set correctly for Terminal    (1) Time limit
CCE-10608-8 Services.                    (minutes)



               The "Set time limit for
               disconnected sessions"
               policy should be set
               correctly for Terminal       (1) Time Limit
CCE-9858-2     Services.                   (minutes)




            The "Do not delete temp
            folder upon exit" setting
            should be configured
CCE-10856-3 correctly.                     enabled/disabled




               The "Do not use temporary
               folders per session" setting
               should be configured
CCE-9864-0     correctly.                   enabled/disabled



            The "Turn off downloading
            of enclosures" setting
            should be configured
CCE-10730-0 correctly.                enabled/disabled



            The "Turn on Basic feed
            authentication over HTTP"
            setting should be
CCE-10007-3 configured correctly.     enabled/disabled
            The "Allow indexing of
            encrypted files" setting
            should be configured
CCE-10496-8 correctly.                     enabled/disabled



              The "Prevent indexing
              uncached Exchange
              folders" setting should be
CCE-9866-5    configured correctly.        enabled/disabled



            The "Prevent Windows
            Anytime Upgrade from
            running" setting should be
CCE-10137-8 configured correctly.          enabled/disabled



              The "Configure Microsoft
              SpyNet Reporting" setting
              should be configured
CCE-9868-1    correctly.                   enabled/disabled


            The Windows Error
            Reporting "Disable
            Logging" setting should be
CCE-10157-6 configured correctly.      enabled/disabled



              The "Disable Windows
              Error Reporting" setting
              should be configured
CCE-9914-3    correctly.                   enabled/disabled



            The Windows Error
            Reporting "Display Error
            Notification" setting should
CCE-10709-4 be configured correctly.     enabled/disabled
            The Windows Error
            Reporting "Do not send
            additional data" setting
            should be configured
CCE-10824-1 correctly.                     enabled/disabled



              The "Turn off Heap
              termination on corruption"
              setting should be
CCE-9874-9    configured correctly.        enabled/disabled



            The "Turn off shell protocol
            protected mode" setting
            should be configured
CCE-10623-7 correctly.                   enabled/disabled




              The "Set Safe for Scripting"
              policy should be set
CCE-9875-6    correctly.                   (1) enabled/disabled




              The "Enable User Control
              Over Installs" policy should
CCE-9876-4    be set correctly.            (1) enabled/disabled


              The "Prohibit non-
              administrators from
              applying vendor signed
              updates" setting should be
CCE-9888-9    configured correctly.      enabled/disabled



              The "Report Logon Server
              Not Available During User
              logon" setting should be
CCE-9907-7    configured correctly.     enabled/disabled
              The "Prevent Windows
              Media DRM Internet
              Access" setting should be
CCE-9908-5    configured correctly.        enabled/disabled


            The "Do Not Show First
            Use Dialog Boxes" setting
            for Windows Media Player
            should be configured
CCE-10692-2 correctly.                enabled/disabled



            The "Disable Media Player
            for automatic updates"
            policy should be set
CCE-10602-1 correctly.                (1) enabled/disabled

                                           (1)
            The startup type of the        disabled/manual/aut
            Bluetooth service should       omatic/automatic
CCE-10661-7 be correct.                    (delayed start)

                                        (1)
                                        disabled/manual/aut
            The startup type of the Fax omatic/automatic
CCE-10150-1 service should be correct. (delayed start)

                                           (1)
            The startup type of the        disabled/manual/aut
            Homegroup Listener             omatic/automatic
CCE-10543-7 service should be correct.     (delayed start)

                                           (1)
              The startup type of the      disabled/manual/aut
              Homegroup Provider           omatic/automatic
CCE-9910-1    service should be correct.   (delayed start)

                                           (1)
            The startup type of the        disabled/manual/aut
            Media Center Extenders         omatic/automatic
CCE-10699-7 service should be correct.     (delayed start)

                                           (1)
            The startup type of the        disabled/manual/aut
            Parantal Controls service      omatic/automatic
CCE-10311-9 should be correct.             (delayed start)
                                           (1)
            The startup type of the        disabled/manual/aut
            SPP Notification Service       omatic/automatic
CCE-10443-0 service should be correct.     (delayed start)

                                      (1)
            The startup type of the   disabled/manual/aut
            Windows Biometric service omatic/automatic
CCE-10091-7 should be correct.        (delayed start)

                                       (1)
            The startup type of the    disabled/manual/aut
            WWAN AutoConfig service omatic/automatic
CCE-10844-9 should be correct.         (delayed start)
            The "add workstations to
            domain" user right should
            be assigned to the correct
CCE-10636-9 accounts.

            DEPRECATED.
            Previously: The
            "synchronize directory
            service data" user right
            should be assigned to the
            correct accounts. Note:
            According to Microsoft, this
            is only relevant to domain
            controllers and hence does
CCE-10251-7 not apply to Windows 7.

            DEPRECATED.
            Previously: The startup
            type of the Alerter service
            should be correct. Note:
            According to Microsoft, no
CCE-11164-1 such service in Windows 7.
            The startup type of the        (1)
            Background Intelligent         disabled/manual/aut
            Transfer Service (BITS)        omatic/automatic
CCE-11151-8 service should be correct.     (delayed start)
            DEPRECATED.
            Previously: The startup
            type of the ClipBook
            service should be correct.
            Note: According to
            Microsoft, no such service
CCE-11045-2 in Windows 7.
                                     (1)
            The startup type of the  disabled/manual/aut
            Computer Browser service omatic/automatic
CCE-10254-1 should be correct.       (delayed start)
            DEPRECATED.
            Previously: The Error
            Reporting Service should
            be enabled or disabled as
            appropriate. Note:
            According to Microsoft, no
            such service in Windows 7.
            See Windows Error
CCE-10674-0 Reporting.

            DEPRECATED.
            Previously: The startup
            type of the Fast User
            Switching service should
            be correct. Note:
            According to Microsoft, no
CCE-10956-1 such service in Windows 7.
                                        (1)
            The startup type of the FTP disabled/manual/aut
            Publishing service should omatic/automatic
CCE-11066-8 be correct.                 (delayed start)

            DEPRECATED.
            Previously: The startup
            type of the Indexing service
            should be correct. Note:
            According to Microsoft, no
CCE-10264-0 such service in Windows 7.
            DEPRECATED.
            Previously: The startup
            type of the Messenger
            service should be correct.
            Note: According to
            Microsoft, no such service
CCE-11235-9 in Windows 7.
            DEPRECATED.
            Previously: The startup
            type of the NetMeeting
            Remote Desktop Sharing
            service should be correct.
            Note: According to
            Microsoft, no such service
CCE-11221-9 in Windows 7.

            DEPRECATED.
            Previously: The Network
            Dynamic Data Exchange
            (DDE) service should be
            enabled or disabled as
            appropriate.Note:
            According to Microsoft, no
CCE-11226-8 such service in Windows 7.
            DEPRECATED.
            Previously: The Network
            DDE DDE Share Database
            Manager (DSDM) service
            should be enabled or
            disabled as
            appropriate.Note:
            According to Microsoft, no
CCE-11124-5 such service in Windows 7.

            The Remote Access             (1)
            Connection Manager            disabled/manual/aut
            service should be enabled     omatic/automatic
CCE-10267-3 or disabled as appropriate.   (delayed start)
            The startup type of the       (1)
            Routing and Remote            disabled/manual/aut
            Access service should be      omatic/automatic
CCE-11246-6 correct.                      (delayed start)
                                          (1)
            The startup type of the       disabled/manual/aut
            SSDP Discovery service        omatic/automatic
CCE-10271-5 should be correct.            (delayed start)
                                          (1)
            The startup type of the       disabled/manual/aut
            Task Scheduler service        omatic/automatic
CCE-10272-3 should be correct.            (delayed start)

            DEPRECATED.
            Previously: The startup
            type of the Terminal
            Services service should be
            correct. Note: According to
            Microsoft, no such service
            in Windows 7. See
CCE-10841-5 Remote Desktop Services.
            DEPRECATED.
            Previously: The startup
            type of the Universal Plug
            and Play Device Host
            (UPnP) service should be
            correct. Note: According to
            Microsoft, no such service
CCE-10577-5 in Windows 7.
                                          (1)
            The WebClient service         disabled/manual/aut
            should be enabled or          omatic/automatic
CCE-11207-8 disabled as appropriate.      (delayed start)
            DEPRECATED.
            Previously: The Wireless
            Zero Configuration service
            should be enabled or
            disabled as
            appropriate.Note:
            According to Microsoft, no
CCE-11229-2 such service in Windows 7.
            The WMI Performance              (1)
            Adapter service should be        disabled/manual/aut
            enabled or disabled as           omatic/automatic
CCE-11233-4 appropriate.                     (delayed start)
            The startup type of the          (1)
            World Wide Web                   disabled/manual/aut
            Publishing service should        omatic/automatic
CCE-11220-1 be correct.                      (delayed start)

              DEPRECATED.
              Previously: The "Prohibit
              use of Internet Connection
              Firewall on your DNS
              domain network" setting
              should be configured
              correctly.Note: According
              to Microsoft, does not apply
CCE-10282-2   to Windows 7.
              The "Internet Explorer
              Maintenance Policy
              Processing - Allow
              processing across a slow
              network connection" setting
              should be configured
CCE-10886-0   correctly.
              The "Turn off Windows
              Startup Sound" setting
              should be configured
CCE-10499-2   correctly.
              The 'Approved Installation
              Sites for ActiveX Controls'
              security mechanism should
              be enabled or disabled as
CCE-10877-9   appropriate.
              The "Do not allow Digital
              Locker to run" setting
              should be configured
CCE-10759-9   correctly.
              The startup type of the        (1)
              NetMeeting Remote              disabled/manual/aut
              Desktop Sharing service        omatic/automatic
CCE-10763-1   should be correct.             (delayed start)
              The "Turn off the
              communitication features"
              setting should be
CCE-11252-4   configured correctly. (sic)
              The "Turn off Windows
              Mail application" setting
              should be configured
CCE-10882-9   correctly.
              The "Prevent Desktop
              Shortcut Creation" setting
              for Windows Media Player
              should be configured
CCE-11027-0   correctly.
              DEPRECATED.
              Previously: Prompt for
              password on resume from
              hibernate/suspend is set
              correctly.Note: According
              to Microsoft, does not apply
              to Windows 7. See
              settings under
              System\Power
              Management\Sleep
CCE-10767-2   Settings.
              The "Prevent users from
              sharing files within their
              profile" setting should be
CCE-10644-3   configured correctly.

            The "Turn off Help Ratings"
            setting should be
CCE-10295-4 configured correctly.

            DEPRECATED in favor of
            CCE-9715-4, CCE-8956-5.
            Previously: Auditing of
            'Logon-Logoff: IPsec Main
            Mode' events on success
            should be enabled or
CCE-10939-7 disabled as appropriate.


            DEPRECATED in favor of
CCE-10551-0 CCE-9811-1, CCE-9217-1.

            DEPRECATED in favor of
            CCE-10078-4, CCE-9737-
CCE-10450-5 8.
                                                              Old v4 CCE
            CCE Technical Mechanisms
                                                                   ID




(1) GPO: Computer Configuration\Windows Settings\Local
Policies\Security Options\MSS: (AutoShareWks) Enable
Administrative Shares (recommended except for highly secure
environments)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanmanServer\Parameters\\AutoShareWks                        CCE-512


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS: (AutoReboot)
Allow Windows to automatically restart after a system crash
(recommended except for highly secure environments)
(2) Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\CrashControl\AutoReboot                                     CCE-137




(1) Commandline: auditpol.exe                                 CCE-180




(1) Commandline: auditpol.exe                                 CCE-1110




(1) Commandline: auditpol.exe                                 CCE-787




(1) Commandline: auditpol.exe                                 CCE-448
(1) GPO: User Configuration\Administrative Templates\Control
Panel\Personalization\Enable screen saver
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\Control Panel\Desktop\ScreenSaveActive                       CCE-287
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off
printing over HTTP
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws NT\Printers\DisableHTTPPrinting                             CCE-852
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\System\Retain old events
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\EventLog\System\Retain system log

(1) GPO: User Configuration\Administrative
Templates\Windows Components\Attachment Manager\Notify
antivirus programs when opening attachments
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Attachments\ScanWithAntiVirus               CCE-372
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Remote
Shell\Allow Remote Shell Access
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WinRM\Service\WinRS\AllowRemoteShellAccess




(1) Commandline: auditpol.exe                                  CCE-1283




(1) Commandline: auditpol.exe                                  CCE-1112

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit process tracking
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditProcessTracking' and precedence=1               CCE-2617
(1) Commandline: auditpol.exe                                CCE-337
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Remote Desktop
Services\Remote Desktop Session Host\Security\Do not allow
passwords to be saved
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\DisablePasswordSaving             CCE-976

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Credential User
Interface\Require trusted path for credential entry
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\CredUI\EnableSecureCredentialPrompting    CCE-255
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off
Windows Update device driver searching
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\DriverSearching\DontSearchWindowsUpdate                   CCE-927




(1) Commandline: auditpol.exe                                CCE-1244
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Remote Desktop
Services\Remote Desktop Session Host\Security\Always
prompt for password upon connection
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\fPromptForPassword                CCE-855

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit logon events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditLogonEvents' and precedence=1                 CCE-1744
(1) GPO: User Configuration\Administrative
Templates\Windows Components\Windows Explorer\Remove
Security tab
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoSecurityTab                    CCE-1022
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\Application\Retain old events
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\EventLog\Application\Retain application log                 CCE-NONE
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off Search
Companion content file updates
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Search
Companion\DisableContentFileUpdates                            CCE-818

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit policy change
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditPolicyChange' and precedence=1                  CCE-2347
(1) GPO: User Configuration\Administrative Templates\Control
Panel\Display\Screen Saver timeout
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\Control Panel\Desktop\ScreenSaveTimeOut                      CCE-481

(1) GPO: Computer Configuration\Administrative
Templates\System\Logon\Do not process the run once list
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\DisableLocalMachineRunOnce         CCE-583
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\System\Maximum Log Size (KB)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\EventLog\System\MaxSize                                     CCE-NONE

(1) GPO: User Configuration\Administrative
Templates\Windows Components\Attachment Manager\Do
not preserve zone information in file attachments
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Attachments\SaveZoneInformation             CCE-12
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit account
management
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditAccountManage' and precedence=1                 CCE-1646
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit privilege use
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditPrivilegeUse' and precedence=1                  CCE-2584
(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Procedure Call\RPC Endpoint
Mapper Client Authentication
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws NT\Rpc\EnableAuthEpResolution                               CCE-145
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\HomeGroup\Prevent the
computer from joining a homegroup
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\HomeGroup\DisableHomeGroup
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows
Update\Reschedule Automatic Updates scheduled
installations
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\RescheduleWaitTimeEnabled                  CCE-804
(1) GPO: User Configuration\Administrative
Templates\Windows Components\ Windows Explorer\Remove
CD Burning features
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoCDBurning                        CCE-113

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o1\Allow data recovery agent
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVManageDRA
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o2\Configure user storage of
BitLocker 48-digit recovery password
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVRecoveryPassword
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o0\Choose how
BitLocker-protected operating system drives can be recovered
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSRecovery
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o0\Configure TPM
platform validation profile
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\Enabled

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o11\PCR 10: Boot
Manager
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\10

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o15\PCR 14:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\14
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o0\Require additional
authentication at startup
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseAdvancedStartup
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o4\Configure TPM
startup key
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseTPMKey
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s2-o2\Select the encryption method
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\EncryptionMethod
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s6-o1\Do not allow write
access to devices configured in another organization
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVDenyCrossOrg

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit system events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditSystemEvents' and precedence=1                  CCE-2420
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Bypass
traverse checking
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeChangeNotifyPrivilege' and precedence=1           CCE-376
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o2\Configure user
storage of BitLocker 48-digit recovery password
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVRecoveryPassword
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o3\Configure user storage of
BitLocker 256-digit recovery key
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVRecoveryKey
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Change the
time zone
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeTimeZonePrivilege' and precedence=1               CCE-470
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Create global
objects
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeCreateGlobalPrivilege' and precedence=1           CCE-383
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Create
symbolic links
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeCreateSymbolicLinkPrivilege' and
precedence=1                                                   CCE-1176
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Impersonate a
client after authentication
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeImpersonatePrivilege' and precedence=1            CCE-304

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Perform
volume maintenance tasks
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeManageVolumePrivilege' and precedence=1           CCE-314


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o8\PCR 7: Computer
Manufacturer-Specific
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\7

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Accounts: Rename
administrator account                                          CCE-438
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Number of previous logons to cache (in case domain
controller is not available)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\cachedlogonscount                   CCE-773

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o13\PCR 12:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\12



(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o1\PCR 0: Core Root
of Trust of Measurement (CRTM), BIOS, and Platform
Extensions
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\0
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
server: Server SPN target name validation level
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\SMBServerNameHardeningLevel             CCE-278
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(EnableICMPRedirect) Allow ICMP redirects to override OSPF
generated routes
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\EnableICMPRedirect                             CCE-150

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o22\PCR 21:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\21

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\DCOM: Machine
Launch Restrictions in Security Descriptor Definition Language
(SDDL) syntax
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\window
s NT\DCOM\MachineLaunchRestriction                               CCE-740

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o16\PCR 15:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\15

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o5\PCR 4: Master
Boot Record (MBR) Code
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\4
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s4-o1\Require use of
smart cards on removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVEnforceUserCert
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s3-o2\Configure password
complexity for fixed data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVPassphraseComplexity

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Display user information when the session is locked.
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\DontDisplayLockedUserId
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o3\Configure TPM
startup PIN
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseTPMPIN
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o4\Omit recovery options
from the BitLocker setup wizard
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVHideRecoveryPage

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS: (Hidden) Hide
Computer From the Browse List (not recommended except for
highly secure environments)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Lanmanserver\Parameters\Hidden                               CCE-139

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(NoNameReleaseOnDemand) Allow the computer to ignore
NetBIOS name release requests except from WINS servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netbt\Parameters\NoNameReleaseOnDemand                       CCE-817
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s5-o0\Provide the unique identifiers for your
organization
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\IdentificationField
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Debug
programs
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDebugPrivilege' and precedence=1               CCE-842

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o18\PCR 17:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\17
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o2\Configure user
storage of BitLocker 48-digit recovery password
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSRecoveryPassword

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(ScreenSaverGracePeriod) The time in seconds before the
screen saver grace period expires (0 recommended)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod           CCE-830
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o4\Omit recovery
options from the BitLocker setup wizard
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVHideRecoveryPage
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Change the
system time
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeSystemtimePrivilege' and precedence=1          CCE-799
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o0\Choose how
BitLocker-protected removable drives can be recovered
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVRecovery
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s4-o0\Configure use of
smart cards on removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVAllowUserCert


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o2\PCR 1: Platform
and Motherboard Configuration and Data
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\1

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o23\PCR 22:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\22
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access: Do
not allow storage of passwords and credentials for network
authentication
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\DisableDomainCreds                                        CCE-542
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(DisableIPSourceRouting IPv6) IP source routing protection
level (protects against packet spoofing)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip6\Parameters\DisableIPSourceRouting
(3) WMI: Namespace = Windows XP; Class = ; Property = ;
Where =                                                       CCE-NONE
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s3-o1\Require password for
fixed data drive
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVEnforcePassphrase
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s3-o1\Require password
for removable data drive
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVEnforcePassphrase
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s3-o1\Minimum
characters:
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\MinimumPIN
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o3\Configure user
storage of BitLocker 256-digit recovery key
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVRecoveryKey


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o7\PCR 6: State
Transition and Wake Events
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\6

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Accounts: Guest
account status                                                  CCE-332
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s5-o0\Deny write access to fixed
drives not protected by BitLocker
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\
Microsoft\FVE\FDVDenyWriteAccess
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s4-o0\Configure use of smart
cards on fixed data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVAllowUserCert
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Replace a
process level token
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeAssignPrimaryTokenPrivilege' and
precedence=1                                                  CCE-667

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Message title for users attempting to log on
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\LegalNoticeCaption                  CCE-23
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o6\Configure storage of
BitLocker recovery information to AD DS
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVActiveDirectoryInfoToStore
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o0\Choose how BitLocker-
protected fixed drives can be recovered
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVRecovery

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o9\PCR 8: NTFS Boot
Sector
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\8
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o7\Do not enable
BitLocker until recovery information is stored to AD DS for
operating system drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSRequireActiveDirectoryBackup
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(NtfsDisable8dot3NameCreation) Enable the computer to stop
generating 8.3 style filenames (recommended)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
FileSystem\NtfsDisable8dot3NameCreation                            CCE-511

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o3\PCR 2: Options
ROM Code
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\2

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Audit: Audit the use of
Backup and Restore privilege
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\fullprivilegeauditing                                          CCE-905
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s1-o1\Configure the default folder path:
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\DefaultRecoveryFolderPath

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Allow LocalSystem NULL session fallback
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security: LAN
Manager authentication level
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\LmCompatibilityLevel                                           CCE-719

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Recovery console:
Allow automatic administrative logon
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\securitylevel              CCE-410
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Admin Approval Mode for the Built-in Administrator account
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\FilterAdministratorToken                  CCE-1078


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Behavior of the elevation prompt for standard users
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\ConsentPromptBehaviorUser                 CCE-1067

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Virtualize file and registry write failures to per-user locations
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\EnableVirtualization                      CCE-673
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Require Domain Controller authentication to unlock
workstation
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ForceUnlockLogon                         CCE-374




(1) Commandline: auditpol.exe                                       CCE-801

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
server: Digitally sign communications (if client agrees)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\enablesecuritysignature                    CCE-104




(1) Commandline: auditpol.exe                                       CCE-1048
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Devices: Allow
undock without having to log on
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\undockwithoutlogon                CCE-186

(1) GPO: Computer Configuration\Administrative
Templates\System\Power Management\Sleep Settings\Allow
Standby States (S1-S3) When Sleeping (On Battery)
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Po
wer\PowerSettings\abfc2519-3608-4c2a-94ea-
171b0ed546ab\DCSettingIndex




(1) Commandline: auditpol.exe                               CCE-982




(1) Commandline: auditpol.exe                               CCE-1264


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o12\PCR 11:
BitLocker Access Control
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\11



(1) Commandline: auditpol.exe                               CCE-493




(1) Commandline: auditpol.exe                               CCE-362




(1) Commandline: auditpol.exe                               CCE-379
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Object Access\Audit Policy: Object Access: Detailed
File Share

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Devices: Allowed to
format and eject removable media
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD                           CCE-919
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Outbound
connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\DefaultOutboundAction                   CCE-32
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Display a
notification
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\DisableNotifications                    CCE-38
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s4-o0\Prevent memory overwrite on restart
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\MorBehavior
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o5\Save BitLocker
recovery information to AD DS for operating system drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSActiveDirectoryBackup

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Enforce password
history
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName='PasswordHistorySize' And precedence=1                    CCE-60
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Add server exceptions in this domain
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\DCAllowedNTLMServers


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Enable
computer and user accounts to be trusted for delegation
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeEnableDelegationPrivilege' and precedence=1        CCE-15

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access: Let
Everyone permissions apply to anonymous users
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\EveryoneIncludesAnonymous                                   CCE-18

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security: Do
not store LAN Manager hash value on next password change
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\NoLMHash                                                    CCE-233

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Recovery console:
Allow floppy copy and access to all drives and all folders
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\setcommand              CCE-76
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s3-o2\Configure password
complexity for removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVPassphraseComplexity




(1) Commandline: auditpol.exe                                   CCE-1207
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Behavior of the elevation prompt for administrators in Admin
Approval Mode
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\ConsentPromptBehaviorAdmin             CCE-1063
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o6\Configure storage of
BitLocker recovery information to AD DS
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVActiveDirectoryInfoToStore

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Message text for users attempting to log on
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\LegalNoticeText                        CCE-829

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Digitally encrypt or sign secure channel data (always)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\requiresignorseal                           CCE-549
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s3-o3\Minimum password
length for removable data drive
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVPassphraseLength
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o3\Configure user
storage of BitLocker 256-digit recovery key
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSRecoveryKey
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s5-o0\Control use of
Bitlocker on removable drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVConfigureBDE
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Increase
scheduling priority
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeIncreaseBasePriorityPrivilege' and
precedence=1                                                     CCE-349
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o7\Do not enable
BitLocker until recovery information is stored to AD DS for
removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVRequireActiveDirectoryBackup
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Inbound
connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\DefaultInboundAction                    CCE-338
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Shut down the
system
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeShutdownPrivilege' and precedence=1                 CCE-839


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Only elevate executables that are signed and validated
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\ValidateAdminCodeSignatures            CCE-1104




(1) Commandline: auditpol.exe                                    CCE-1282
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Devices: Prevent
users from installing printer drivers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Print\Providers\LanMan Print
Services\Servers\AddPrinterDrivers                           CCE-402
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Add remote server exceptions for NTLM
authentication
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\ClientAllowedNTLMServers

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
server: Digitally sign communications (always)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\requiresecuritysignature            CCE-171


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o6\PCR 5: Master
Boot Record (MBR) Partition Table
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\5
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Increase a
process working set
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeIncreaseWorkingSetPrivilege' and
precedence=1                                                 CCE-1027

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o17\PCR 16:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\16
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s1-o0\Allow access to
BitLocker-protected removable data drives from earlier
versions of Windows
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVDiscoveryVolumeType




(1) Commandline: auditpol.exe                                 CCE-369



(1) Commandline: auditpol.exe                                 CCE-996
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s7-o1\Object identifier
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\CertificateOID

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit privilege use
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditPrivilegeUse' and precedence=1                 CCE-2431
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Smart card removal behavior
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\scremoveoption                     CCE-443

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Adjust
memory quotas for a process
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeIncreaseQuotaPrivilege' and precedence=1         CCE-807
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Allow
unicast response
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\DisableUnicastResponsesToMultica
stBroadcast                                                   CCE-696
(1) Commandline: auditpol.exe                                CCE-NONE

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o14\PCR 13:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\13


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o4\PCR 3: Option
ROM Configuration and Data
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\3
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s3-o3\Minimum password length
for fixed data drive
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVPassphraseLength

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s1-o1\Do not install
BitLocker To Go Reader on FAT formatted removable drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVNoBitLockerToGoReader
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s1-o0\Allow enhanced
PINs for startup
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseEnhancedPin

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Allow Local System to use computer identity for NTLM
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\UseMachineId
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Deny log on
as a service
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDenyServiceLogonRight' and precedence=1             CCE-597

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o19\PCR 18:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\18
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s1-o1\Do not install BitLocker To
Go Reader on FAT formatted fixed drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVNoBitLockerToGoReader

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Allow log on
through Remote Desktop Services
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeRemoteInteractiveLogonRight' and
precedence=1                                                     CCE-883
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System settings: Use
Certificate Rules on Windows Executables for Software
Restriction Policies
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\Safer\CodeIdentifiers\AuthenticodeEnabled                     CCE-572
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s5-o1\BitLocker identification field
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\IdentificationFieldString


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Remotely accessible registry paths
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
SecurePipeServers\Winreg\AllowedExactPaths\Machine               CCE-189
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Maximum machine account password age
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\maximumpasswordage                        CCE-194
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Restore files
and directories
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeRestorePrivilege' and precedence=1                CCE-553

(1) GPO: Computer Configuration\Administrative
Templates\System\Power Management\Sleep Settings\Allow
Standby States (S1-S3) When Sleeping (Plugged In)
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Po
wer\PowerSettings\abfc2519-3608-4c2a-94ea-
171b0ed546ab\ACSettingIndex




(1) Commandline: auditpol.exe                                  CCE-385
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Load and
unload device drivers
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeLoadDriverPrivilege' and precedence=1             CCE-860

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Account Lockout Policy\Account
lockout threshold
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName='LockoutBadCount' And precedence=1                     CCE-658




(1) Commandline: auditpol.exe                                  CCE-1305
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o20\PCR 19:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\19
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s3-o0\Configure use of
passwords for removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVPassphrase
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s3-o0\Configure use of
passwords for fixed data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVPassphrase
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\s5-o2\Allowed BitLocker identification field
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\SecondaryIdentificationField
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o1\Allow data recovery
agent
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVManageDRA
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o4\Omit recovery
options from the BitLocker setup wizard
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSHideRecoveryPage




(1) Commandline: auditpol.exe                                CCE-NONE
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Modify an
object label
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeRelabelPrivilege' and precedence=1               CCE-1023
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Audit: Audit the
access of global system objects
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\AuditBaseObjects                                          CCE-2




(1) Commandline: auditpol.exe                                 CCE-203
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access: Do
not allow anonymous enumeration of SAM accounts and
shares
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\RestrictAnonymous                                         CCE-195




(1) Commandline: auditpol.exe                                 CCE-404

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o10\PCR 9: NTFS
Boot Block
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\9

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit object access
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditObjectAccess' and precedence=1                 CCE-2640




(1) Commandline: auditpol.exe                                 CCE-1258
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s4-o1\Require use of smart
cards on fixed data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVEnforceUserCert
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s5-o2\Allow users to
suspend and decrypt BitLocker protection on removable data
drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVDisableBDE




(1) Commandline: auditpol.exe                                    CCE-1139

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit policy change
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditPolicyChange' and precedence=1                    CCE-2412

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o24\PCR 23:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\23

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Create a
pagefile
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeCreatePagefilePrivilege' and precedence=1           CCE-895

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Run all administrators in Admin Approval Mode
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\EnableLUA                              CCE-1050
(1) Commandline: auditpol.exe                                     CCE-391
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System objects:
Strengthen default permissions of internal system objects (e.g.
Symbolic Links)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Session Manager\ProtectionMode                                    CCE-508

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Maximum
password age
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName = 'MaximumPasswordAge' And precedence=1                   CCE-871




(1) Commandline: auditpol.exe                                     CCE-336
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off
downloading of print drivers over HTTP
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws NT\Printers\DisableWebPnPDownload                              CCE-887

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Shares that can be accessed anonymously
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\NullSessionShares                        CCE-942
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o5\Save BitLocker recovery
information to AD DS for fixed data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVActiveDirectoryBackup

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Accounts:
Administrator account status                                      CCE-499
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o1\Allow data
recovery agent
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSManageDRA

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s6-o0\Deny write access
to removable data drives not protected by BitLocker
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\
Microsoft\FVE\RDVDenyWriteAccess
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Deny log on
as a batch job
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDenyBatchLogonRight' and precedence=1             CCE-165



(1) Commandline: auditpol.exe                                  CCE-1097
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit directory service
access
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditDSAccess' and precedence=1                      CCE-2390
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Create a
token object
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeCreateTokenPrivilege' and precedence=1            CCE-926




(1) Commandline: auditpol.exe                                  CCE-1085

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Named Pipes that can be accessed anonymously
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\NullSessionPipes                      CCE-136
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s1-o0\Allow access to BitLocker-
protected fixed data drives from earlier versions of Windows
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVDiscoveryVolumeType
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o5\Configure TPM
startup key and PIN
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseTPMKeyPIN
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Shutdown: Clear
virtual memory pagefile
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Session Manager\Memory
Management\ClearPageFileAtShutdown                              CCE-422
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Manage
auditing and security log
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeSecurityPrivilege' and precedence=1                CCE-850
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit directory service
access
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditDSAccess' and precedence=1                       CCE-2118
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Generate
security audits
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeAuditPrivilege' and precedence=1                   CCE-939




(1) Commandline: auditpol.exe                                   CCE-416

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Accounts: Rename
guest account                                                   CCE-834
(1) Commandline: auditpol.exe                                    CCE-991
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Fixed Data Drives\s2-o7\Do not enable BitLocker
until recovery information is stored to AD DS for fixed data
drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\FDVRequireActiveDirectoryBackup

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Deny log on
locally
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDenyInteractiveLogonRight' and precedence=1         CCE-64
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o1\Allow BitLocker
without a compatible TPM
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\EnableBDEWithNoTPM


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Deny access
to this computer from the network
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDenyNetworkLogonRight' and precedence=1             CCE-898
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\DCOM: Machine
Access Restrictions in Security Descriptor Definition Language
(SDDL) syntax
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\window
s NT\DCOM\MachineAccessRestriction                               CCE-458
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s2-o6\Configure storage
of BitLocker recovery information to AD DS
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\OSActiveDirectoryInfoToStore
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access: Do
not allow anonymous enumeration of SAM accounts
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\RestrictAnonymousSAM                                      CCE-318

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Digitally encrypt secure channel data (when possible)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\sealsecurechannel                        CCE-601
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Access this
computer from the network
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeNetworkLogonRight' and precedence=1              CCE-532

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Create
permanent shared objects
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeCreatePermanentPrivilege' and precedence=1       CCE-335
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s2-o5\Save BitLocker
recovery information to AD DS for removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVActiveDirectoryBackup




(1) Commandline: auditpol.exe                                 CCE-NONE
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s5-o2\Configure TPM
startup
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\UseTPM
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Store passwords
using reversible encryption
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingBoolean; Property = Setting; Where =
KeyName = 'ClearTextPassword' And precedence=1                  CCE-479


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
client: Send unencrypted password to third-party SMB servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanmanWorkstation\Parameters\EnablePlainTextPassword           CCE-228
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System cryptography:
Use FIPS compliant algorithms for encryption, hashing, and
signing
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\FIPSAlgorithmPolicy\Enabled                                 CCE-55




(1) Commandline: auditpol.exe

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Deny log on
through Remote Desktop Services
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeDenyRemoteInteractiveLogonRight' and
precedence=1                                                    CCE-108

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Operating System Drives\s4-o21\PCR 20:
Reserved for Future Use
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\PlatformValidation\20
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\BitLocker Drive
Encryption\Removable Data Drives\s5-o1\Allow users to apply
BitLocker protection on removable data drives
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FV
E\RDVAllowBDE
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Lock pages in
memory
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeLockMemoryPrivilege' and precedence=1               CCE-749

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Disable machine account password changes
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\disablepasswordchange                       CCE-831


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Allow UIAccess applications to prompt for elevation without
using the secure desktop
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Policies\System\EnableUIADesktopToggle             CCE-NONE

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Devices: Restrict CD-
ROM access to locally logged-on user only
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms                        CCE-565

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Prompt user to change password before expiration
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\passwordexpirywarning                 CCE-814
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Account Lockout Policy\Account
lockout duration
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName='LockoutDuration' And precedence=1                       CCE-980

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Take
ownership of files or other objects
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeTakeOwnershipPrivilege' and precedence=1            CCE-492
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Privilege Use\Audit Policy: Privilege Use: Other
Privilege Use Events
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon: Do
not require CTRL+ALT+DEL
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\DisableCAD                              CCE-133

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System objects:
Require case insensitivity for non-Windows subsystems
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Session Manager\Kernel\ObCaseInsensitive                          CCE-300
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Log on as a
batch job
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeBatchLogonRight' and precedence=1                    CCE-177

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit account logon events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditAccountLogon' and precedence=1                     CCE-2628
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Remove
computer from docking station
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeUndockPrivilege' and precedence=1                    CCE-656


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
client: Digitally sign communications (always)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanmanWorkstation\Parameters\RequireSecuritySignature            CCE-576
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Apply
local connection security rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge          CCE-584

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Minimum password
age
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName = 'MinimumPasswordAge' And precedence=1              CCE-324

(1) GPO: Computer Configuration\Windows Settings\Local
Policies\User Rights Assignment\Force shutdown from a
remote system
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeRemoteShutdownPrivilege' and precedence=1       CCE-754
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit account
management
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditAccountManage' and precedence=1               CCE-2000

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Audit Incoming NTLM Traffic
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\AuditReceivingNTLMTraffic
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(AutoAdminLogon) Enable Automatic Logon (not
recommended)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AutoAdminLogon                    CCE-283


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
client: Digitally sign communications (if server agrees)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanmanWorkstation\Parameters\EnableSecuritySignature        CCE-519
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Allow log on
locally
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeInteractiveLogonRight' and precedence=1          CCE-965

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit process tracking
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditProcessTracking' and precedence=1              CCE-2529
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(SafeDllSearchMode) Enable Safe DLL search mode
(recommended)
(2) Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Session Manager\SafeDllSearchMode                           CCE-271

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Minimum password
length
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName = 'MinimumPasswordLength' And precedence=1            CCE-100

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
server: Disconnect clients when logon hours expire
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\enableforcedlogoff                   CCE-278


(1) GPO: Computer Configuration\Administrative
Templates\System\Group Policy\Registry policy processing      CCE-584

(1) GPO: Computer Configuration\Administrative
Templates\System\Group Policy\Registry policy processing\Do
not apply during periodic background processing
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\Group Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}\NoBackgroundPolicy

(1) GPO: Computer Configuration\Administrative
Templates\System\Group Policy\Registry policy processing
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\Group Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}\NoGPOListChanges                                CCE-584
(1) Commandline: auditpol.exe                                   CCE-1365

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit logon events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditLogonEvents' and precedence=1                    CCE-1686

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Password Policy\Password must
meet complexity requirements
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingBoolean; Property = Setting; Where =
KeyName = 'PasswordComplexity' And precedence=1                 CCE-633

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Digitally sign secure channel data (when possible)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\signsecurechannel                          CCE-614




(1) Commandline: auditpol.exe                                   CCE-1372

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Access
Credential Manager as a trusted caller
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeTrustedCredManAccessPrivilege' and
precedence=1                                                    CCE-389
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System cryptography:
Force strong key protection for user keys stored on the
computer
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptog
raphy\ForceKeyProtection                                        CCE-647
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Remotely accessible registry paths and sub-paths
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
SecurePipeServers\Winreg\AllowedPaths\Machine                    CCE-1185

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Domain member:
Require strong (Windows 2000 or later) session key
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\requirestrongkey                            CCE-417
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Profile single
process
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeProfileSingleProcessPrivilege' and
precedence=1                                                     CCE-260
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Back up files
and directories
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeBackupPrivilege' and precedence=1                   CCE-931

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Switch to the secure desktop when prompting for elevation
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\PromptOnSecureDesktop                  CCE-230
(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Procedure Call\Restrictions for
Unauthenticated RPC clients
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws NT\Rpc\RestrictRemoteClients                                  CCE-423

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Account Policies\Account Lockout Policy\Reset
account lockout counter after
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingNumeric; Property = Setting; Where =
KeyName='ResetLockoutCount' And precedence=1                     CCE-733
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\Configure
Automatic Updates
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\AUOptions                                   CCE-306
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\Configure
Automatic Updates
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\AUOptions                                   CCE-306
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\Configure
Automatic Updates
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\AUOptions                                   CCE-306




(1) Commandline: auditpol.exe                                   CCE-1033
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Microsoft network
server: Amount of idle time required before suspending
session
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\autodisconnect                         CCE-222
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Act as part of
the operating system
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeTcbPrivilege' and precedence=1                     CCE-162
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon:
Require smart card
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\scforceoption                         CCE-828
(1) Commandline: auditpol.exe                                    CCE-699
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Modify
firmware environment values
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeSystemEnvironmentPrivilege' and
precedence=1                                                     CCE-17

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Accounts: Limit local
account use of blank passwords to console logon only
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\LimitBlankPasswordUse                                        CCE-533

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Profile system
performance
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeSystemProfilePrivilege' and precedence=1            CCE-599
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(KeepAliveTime) How often keep-alive packets are sent in
milliseconds
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\KeepAliveTime                                  CCE-188

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Audit: Force audit
policy subcategory settings (Windows Vista or later) to
override audit policy category settings
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\scenoapplylegacyauditpolicy                                  CCE-111
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(NoDefaultExempt) Configure IPSec exemptions for various
types of network traffic.
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\IPSEC\NoDefaultExempt                                           CCE-501

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Devices: Restrict
floppy access to locally logged-on user only
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies                      CCE-463




(1) Commandline: auditpol.exe                                    CCE-226
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Interactive logon: Do
not display last user name
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\DontDisplayLastUserName                CCE-65




(1) Commandline: auditpol.exe                                    CCE-642
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(TcpMaxDataRetransmissions) How many times
unacknowledged data is retransmitted (3 recommended, 5 is
default)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\TcpMaxDataRetransmissions                      CCE-872
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(PerformRouterDiscovery) Allow IRDP to detect and configure
Default Gateway addresses (could lead to DoS)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\PerformRouterDiscovery                       CCE-952




(1) Commandline: auditpol.exe                                  CCE-1345
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Log on as a
service
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_UserPrivilegeRight; Property = AccountList; Where =
UserRight='SeServiceLogonRight' and precedence=1               CCE-216

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Audit: Shut down
system immediately if unable to log security audits
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\crashonauditfail                                           CCE-92
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\Do not
display 'Install Updates and Shut Down' option in Shut Down
Windows dialog box
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\NoAUShutdownOption                         CCE-1
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Firewall
state
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\EnableFirewall                        CCE-NONE
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(TcpMaxDataRetransmissions IPv6) How many times
unacknowledged data is retransmitted (3 recommended, 5 is
default)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip6\Parameters\TcpMaxDataRetransmissions                   CCE-NONE
(1) Commandline: auditpol.exe                                  CCE-1261




(1) Commandline: auditpol.exe                                  CCE-1219

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Incoming NTLM traffic
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\RestrictReceivingNTLMTraffic
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(DisableIPSourceRouting) IP source routing protection level
(protects against packet spoofing)
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\DisableIPSourceRouting                       CCE-564




(1) Commandline: auditpol.exe                                  CCE-1070
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\Security\Retain old events
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\EventLog\Security\Retain security log

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS: (WarningLevel)
Percentage threshold for the security event log at which the
system will generate a warning
(2) Registry Key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Eventlog\Security\WarningLevel                              CCE-125
(1) Commandline: auditpol.exe

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Sharing and security model for local accounts
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\ForceGuest                                              CCE-343

(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Solicited Remote
Assistance
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Window
s NT\Terminal Services\fAllowToGetHelp                      CCE-859



(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Solicited Remote
Assistance



(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Solicited Remote
Assistance



(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Solicited Remote
Assistance



(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Solicited Remote
Assistance
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain:
Outbound connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\DefaultOutboundAction              CCE-485
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Terminal Services\Terminal
Server\Device and Resource Redirection\Do not allow drive
redirection
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\fDisableCdm                        CCE-648




(1) Commandline: auditpol.exe                                 CCE-856




(1) Commandline: auditpol.exe                                 CCE-1038
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Allow
unicast response
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\DisableUnicastResponsesToMulticas
tBroadcast                                                    CCE-70


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: NTLM authentication in this domain
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\RestrictNTLMInDomain




(1) Commandline: auditpol.exe                                 CCE-1186
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\AutoPlay Policies\Turn off
Autoplay
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoDriveTypeAutoRun                CCE-44
(1) GPO: Computer Configuration\Windows Settings\Local
Policies\Security Options\Network access: Allow anonymous
SID/Name translation
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_SecuritySettingBoolean; Property = Setting; Where =
KeyName='LSAAnonymousNameLookup' and precedence=1            CCE-953

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Configure encryption types allowed for Kerberos
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\Kerberos\Parameters\SupportedEn
cryptionTypes


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) clients
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinClientSec                                  CCE-674


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) clients
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinClientSec                                  CCE-674


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) clients
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinClientSec                                  CCE-674


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) clients
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinClientSec                                  CCE-674
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network access:
Restrict anonymous access to Named Pipes and Shares
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\restrictnullsessaccess              CCE-638




(1) Commandline: auditpol.exe                                CCE-1043




(1) Commandline: auditpol.exe                                CCE-1026

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Outgoing NTLM traffic to remote servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\RestrictSendingNTLMTraffic
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off the
Windows Messenger Customer Experience Improvement
Program
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messen
ger\Client\CEIP                                              CCE-722




(1) Commandline: auditpol.exe                                CCE-913




(1) Commandline: auditpol.exe                                CCE-744
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\System settings:
Optional subsystems
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Session Manager\SubSystems\optional                            CCE-48




(1) Commandline: auditpol.exe                                  CCE-1332
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Outbound
connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\DefaultOutboundAction                 CCE-342




(1) Commandline: auditpol.exe                                  CCE-1016
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Firewall
state
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\EnableFirewall                        CCE-295




(1) Commandline: auditpol.exe                                  CCE-205
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\Application\Maximum Log Size (KB)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\EventLog\Application\MaxSize                                CCE-NONE
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Restrict NTLM: Audit NTLM authentication in this domain
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Netlogon\Parameters\AuditNTLMInDomain




(1) Commandline: auditpol.exe                                    CCE-840

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Detect application installations and prompt for elevation
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\EnableInstallerDetection               CCE-1128
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Inbound
connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\DefaultInboundAction                    CCE-249




(1) Commandline: auditpol.exe                                    CCE-378




(1) Commandline: auditpol.exe                                    CCE-207

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit object access
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditObjectAccess' and precedence=1                    CCE-1991




(1) Commandline: auditpol.exe                                    CCE-1208
(1) Commandline: auditpol.exe                                 CCE-1257




(1) Commandline: auditpol.exe                                 CCE-187




(1) Commandline: auditpol.exe                                 CCE-881
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off the
"Publish to Web" task for files and folders
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoPublishingWizard                CCE-1009




(1) Commandline: auditpol.exe                                 CCE-515




(1) Commandline: auditpol.exe                                 CCE-206




(1) Commandline: auditpol.exe                                 CCE-1028
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Apply
local firewall rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\AllowLocalPolicyMerge               CCE-117
(1) Commandline: auditpol.exe                                  CCE-1202
(1) GPO: Computer Configuration\Administrative
Templates\System\Power Management\Sleep
Settings\Require a Password When a Computer Wakes
(Plugged In)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\
PowerSettings\0e796bdb-100d-47d6-a2d5-
f7d2daa51f51\ACSettingIndex




(1) Commandline: auditpol.exe                                  CCE-1274

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\No auto-
restart with logged on users for scheduled automatic updates
installations
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers              CCE-641
(1) GPO: Computer Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off
Internet download for Web publishing and online ordering
wizards
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoWebServices                      CCE-691
(1) GPO: User Configuration\Administrative
Templates\System\Prevent access to registry editing tools
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\DisableRegistryTools                 CCE-405



(1) Commandline: auditpol.exe                                  CCE-1284

(1) GPO: User Configuration\Administrative
Templates\Windows Components\Attachment Manager\Hide
mechanisms to remove zone information
(2) Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Attachments\HideZoneInfoOnProperties        CCE-58
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Apply
local firewall rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\AllowLocalPolicyMerge                  CCE-400




(1) Commandline: auditpol.exe                                   CCE-1118
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Inbound
connections
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\DefaultInboundAction                  CCE-29


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Force logoff when logon hours expire                            CCE-775

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Shutdown: Allow
system to be shut down without having to log on
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\ShutdownWithoutLogon                  CCE-224

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Apply
local connection security rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge            CCE-199




(1) Commandline: auditpol.exe                                   CCE-351
(1) Commandline: auditpol.exe                                  CCE-229

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Object Access\Audit Policy: Object Access: Detailed
File Share




(1) Commandline: auditpol.exe                                  CCE-1141




(1) Commandline: auditpol.exe                                  CCE-717

(1) GPO: User Configuration\Administrative Templates\Control
Panel\Personalization\Password protect the screen saver
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\Control Panel\Desktop\ScreenSaverIsSecure                    CCE-949

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Update\Do not
adjust default option to 'Install Updates and Shut Down' in
Shut Down Windows dialog box
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\WindowsUpdate\AU\NoAUAsDefaultShutdownOption                CCE-989




(1) Commandline: auditpol.exe                                  CCE-317




(1) Commandline: auditpol.exe                                  CCE-1413
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinServerSec                                      CCE-766


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinServerSec                                      CCE-766


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinServerSec                                      CCE-766


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
Minimum session security for NTLM SSP based (including
secure RPC) servers
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\MSV1_0\NTLMMinServerSec                                      CCE-766




(1) Commandline: auditpol.exe                                    CCE-1138
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile\Windows Firewall: Private: Firewall
state
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PrivateProfile\EnableFirewall                         CCE-7
(1) Commandline: auditpol.exe
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Display a
notification
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\DisableNotifications                   CCE-390




(1) Commandline: auditpol.exe                                   CCE-247




(1) Commandline: auditpol.exe                                   CCE-371
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Remote Desktop
Services\Remote Desktop Session Host\Security\Set client
connection encryption level
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\MinEncryptionLevel
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Remote Desktop
Services\Remote Desktop Session Host\Security\Set client
connection encryption level
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\MinEncryptionLevel                   CCE-397




(1) Commandline: auditpol.exe                                   CCE-1199

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network security:
LDAP client signing requirements
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LDAP\LDAPClientIntegrity                                       CCE-732
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\Network Security:
Allow PKU2U authentication requests to this computer to use
online identities
(2) Registry Key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\pku2u\AllowOnlineID
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Allow
unicast response
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\DisableUnicastResponsesToMulticast
Broadcast                                                         CCE-414
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile\Windows Firewall: Domain: Display
a notification
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\DomainProfile\DisableNotifications                     CCE-1047
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Apply local
firewall rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\AllowLocalPolicyMerge                    CCE-421




(1) Commandline: auditpol.exe                                     CCE-1363




(1) Commandline: auditpol.exe                                     CCE-459




(1) Commandline: auditpol.exe                                     CCE-924
(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Only elevate UIAccess applications that are installed in secure
locations
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\EnableSecureUIAPaths                    CCE-986




(1) Commandline: auditpol.exe                                     CCE-1314




(1) Commandline: auditpol.exe                                     CCE-1288




(1) Commandline: auditpol.exe                                     CCE-1079




(1) Commandline: auditpol.exe                                     CCE-214




(1) Commandline: auditpol.exe                                     CCE-1340




(1) Commandline: auditpol.exe                                     CCE-1322

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile\Windows Firewall: Public: Apply local
connection security rules
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
wsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge               CCE-437
(1) Commandline: auditpol.exe                                     CCE-1250
(1) GPO: Computer Configuration\Administrative
Templates\System\Power Management\Sleep
Settings\Require a Password When a Computer Wakes (On
Battery)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\
PowerSettings\0e796bdb-100d-47d6-a2d5-
f7d2daa51f51\DCSettingIndex




(1) Commandline: auditpol.exe                                     CCE-451




(1) Commandline: auditpol.exe                                     CCE-1121




(1) Commandline: auditpol.exe                                     CCE-446




(1) Commandline: auditpol.exe                                     CCE-1270




(1) Commandline: auditpol.exe                                     CCE-488

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit account logon events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditAccountLogon' and precedence=1                     CCE-2543




(1) Commandline: auditpol.exe                                     CCE-1042
(1) Commandline: auditpol.exe                                  CCE-879
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Windows Explorer\Turn off
Data Execution Prevention for Explorer
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\Explorer\NoDataExecutionPrevention




(1) Commandline: auditpol.exe                                  CCE-1177
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Credential User
Interface\Enumerate administrator accounts on elevation
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\CredUI\EnumerateAdministrators              CCE-935

(1) GPO: User Configuration\Administrative Templates\Control
Panel\Personalization\Force specific screen saver
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\Control Panel\Desktop\SCRNSAVE.EXE                           CCE-54



(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Offer Remote
Assistance
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Window
s NT\Terminal Services\fAllowUnsolicited                       CCE-434
(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Offer Remote
Assistance
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Window
s NT\Terminal Services\fAllowUnsolicited


(1) GPO: Computer Configuration\Administrative
Templates\System\Remote Assistance\Offer Remote
Assistance
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Window
s NT\Terminal Services\fAllowUnsolicited
(1) Commandline: auditpol.exe                               CCE-388

(1) GPO: Computer Configuration\Administrative
Templates\System\Logon\Do not process the legacy run list
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\DisableLocalMachineRun          CCE-503

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Remote Desktop
Services\Remote Desktop Session Host\Connections\Allow
users to connect remotely using Remote Desktop Services
(2) Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\Terminal Services\fDenyTSConnections               CCE-401


(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Privilege Use\Audit Policy: Privilege Use: Other
Privilege Use Events

(1) GPO: Computer Configuration\Windows Settings\Security
Settings\Local Policies\Audit Policy\Audit system events
(2) WMI: Namespace = root\rsop\computer; Class =
RSOP_AuditPolicy; Property = Success, Failure; Where =
Category='AuditSystemEvents' and precedence=1               CCE-1680




(1) Commandline: auditpol.exe                               CCE-1102

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Outbound
Rules\IPv6 Block of Protocols 41                            CCE-1795

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Outbound
Rules\IPv6 Block of UDP 3544                                CCE-1293
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Logging\Log dropped
packets
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainPr
ofile\LogDroppedPackets                                          CCE-251
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Logging\Logged
successful connections
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainPr
ofile\LogSuccessfulConnections                                   CCE-617

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Logging\Name
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainPr
ofile\LogFilePath                                                CCE-793

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Logging\Size limit (KB)
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainPr
ofile\LogFileSize                                                CCE-57
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile Tab\Logging\Log dropped
packets
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivatePr
ofile\LogDroppedPackets                                          CCE-325
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile Tab\Logging\Logged
successful connections
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivatePr
ofile\LogSuccessfulConnections                                   CCE-327
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile Tab\Logging\Name
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivatePr
ofile\LogFilePath                                                 CCE-999

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile Tab\Logging\Size limit (KB)
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivatePr
ofile\LogFileSize                                                 CCE-1091
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile Tab\Logging\Log dropped
packets
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProf
ile\LogDroppedPackets                                             CCE-1165
(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile Tab\Logging\Logged
successful connections
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProf
ile\LogSuccessfulConnections                                      CCE-534

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile Tab\Logging\Name
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProf
ile\LogFilePath                                                   CCE-1263

(1) GPO Settings: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile Tab\Logging\Size limit (KB)
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProf
ile\LogFileSize                                                   CCE-1313
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\LLTD\EnableLLT
DIO
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver -
Allow operation while in domain
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDI
OOnDomain,
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver -
Allow operation while in public network
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDI
OOnPublicNet,
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver -
Prohibit operation while in private network
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLT
DIOOnPrivateNet

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Responder (RSPNDR) Driver
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\LLTD\EnableRsp
ndr
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Responder (RSPNDR) Driver -
Allow Operation while in Domain
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowRspnd
rOnDomain,
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Responder (RSPNDR) Driver -
Allow operation while in public network
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowRspnd
rOnPublicNet,
 (1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Link-Layer
Topology Discovery\Turn on Responder (RSPNDR) Driver -
Prohibit operation while in private network
(2)
HKLM\Software\Policies\Microsoft\Windows\LLTD\ProhibitRsp
ndrOnPrivateNet
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Microsoft
Peer-to-Peer Networking Services\Turn off Microsoft Peer-to-
Peer Networking Services
(2) Registry Key:
HKLM\Software\policies\Microsoft\Peernet\Disabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Network
Connections\Prohibit installation and configuration of Network
Bridge on your DNS domain network
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Network
Connections\NC_AllowNetBridge_NLA
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Network
Connections\Prohibit use of Internet Connection Sharing on
your DNS domain network
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Network
Connections\NC_ShowSharedAccessUI
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Network
Connections\Require domain users to elevate when setting a
network"s location
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Network
Connections\NC_StdDomainUserSetLocation
GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Network
Connections\Route all traffic through the internal network
Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\Force_Tunneling
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\TCPIP
Settings\IPv6 Transition Technologies\6to4 State
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\6to4_State
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\TCPIP
Settings\IPv6 Transition Technologies\ISATAP State
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\ISATAP_State
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\TCPIP
Settings\IPv6 Transition Technologies\Teredo State
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\Teredo_State
GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\TCPIP
Settings\IPv6 Transition Technologies\IP HTTPS
Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState,
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transiti
on\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientUrl
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\
EnableRegistrars
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2)
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\
MaxWCNDeviceNumber,
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2)
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\
HigherPrecedenceRegistrar
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\
DisableUPnPRegistrar
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2) Registry
Key:HKLM\Software\Policies\Microsoft\Windows\WCN\Registr
ars\DisableInBand802DOT11Registrar
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
Registry Key: HKLM\Software\Policy
(2)
cies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigR
egistrar
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Configuration of wireless settings using
Windows Connect Now
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\
DisableWPDRegistrar
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Network\Windows
Connect Now\Prohibit Access of the Windows Connect Now
wizards
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\WCN\UI\Disable
WcnUi

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Printers\Extend Point
and Print connection to search Windows Update and use
alternate connection if needed
(2) Registry Key: HKLM\Software\Policies\Microsoft\Windows
NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdat
e
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Device
Installation\Allow remote access to the PnP interface
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Setti
ngs\AllowRemoteRPC
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Device
Installation\Do not send a Windows Error Report when a
generic driver is installed on a device
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Setti
ngs\DisableSendGenericDriverNotFoundToWER
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Device
Installation\Prevent creation of a system restore point during
device activity that would normally prompt creation of a restore
point
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Setti
ngs\DisableSystemRestore
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Device
Installation\Prevent device metadata retrieval from internet
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Device
Metadata\PreventDeviceMetadataFromNetwork
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Device
Installation\Specify Search Order for device driver source
locations
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\DriverSearching\
SearchOrderConfig
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Driver
Installation\Turn off Windows Update device driver search
prompt
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\DriverSearching\
DontPromptForWindowsUpdate
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Automatic Root Certificates Update
(2) Registry Key:
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRo
ot\DisableRootAutoUpdate
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Event Viewer "Events.asp" links
(2) Registry Key:
HKLM\Software\Policies\Microsoft\EventViewer\MicrosoftEven
tVwrDisableLinks
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off handwriting personalization data sharing
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\TabletPC\Prevent
HandwritingDataSharing
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off handwriting recognition error reporting
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\HandwritingError
Reports\PreventHandwritingErrorReports
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Internet Connection Wizard if URL
connection is referring to Microsoft.com
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Internet
Connection Wizard\ExitOnMSICW
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Internet File Association service
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\NoInternetOpenWith
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn Off Registration if URL Connection is Referring
to Microsoft.com
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Registration
Wizard Control\NoRegistration
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off the "Order Prints" picture task
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\NoOnlinePrintsWizard
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Windows Customer Experience Improvement
Program
(2) Registry Key:
HKLM\Software\Policies\Microsoft\SQMClient\Windows\CEIP
Enable
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Internet
Communications Management\Internet Communication
settings\Turn off Windows Error Reporting
(2) Registry Key:
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\D
oReport,
HKLM\Software\Policies\Microsoft\Windows\Windows Error
Reporting\Disabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Logon\Always
use classic logon
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\S
ystem\LogonType

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Remote
Assistance\Turn on session logging
(2) Registry Key: HKLM\Software\policies\Microsoft\Windows
NT\Terminal Services\LoggingEnabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative
Templates\System\Troubleshooting and Diagnostics\Microsoft
Support Diagnostic Tool\Microsoft Support Diagnostic Tool:
Turn on MSDT interactive communication with support
provider
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiag
nosticsProvider\Policy\DisableQueryRemoteServer

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative
Templates\System\Troubleshooting and Diagnostics\Scripted
Diagnostics\Troubleshooting: Allow user to access online
troubleshooting content on Microsoft servers from the
Troubleshooting Control Panel (via Windows Online
Troubleshooting Service - WOTS)
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiag
nosticsProvider\Policy\EnableQueryRemoteServer

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative
Templates\System\Troubleshooting and Diagnostics\Windows
Performance PerfTrack\Enable/Disable PerfTrack
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40
da-b965-4fc3-8781-
88dd50a6299d}\ScenarioExecutionEnabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\NtpServer
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\Parameters\NtpS
erver
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\Type
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\Parameters\Type
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\CrossSiteSyncFlags
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\Nt
pClient\CrossSiteSyncFlags
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\ResolvePeerBackoffMinutes
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\Nt
pClient\ResolvePeerBackoffMinutes
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\ResolvePeerBackoffMaxTimes
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\Nt
pClient\ResolvePeerBackoffMaxTimes
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\SpecialPollInterval
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\Nt
pClient\SpecialPollInterval
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\System\Windows
Time Service\Time Providers\Configure Windows NTP
Client\EventLogFlags
(2) Registry Key:
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\Nt
pClient\EventLogFlags
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Application Compatibility\Turn off Program
Inventory
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\AppCompat\Disa
bleInventory
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\AutoPlay Policies\Default behavior for AutoRun
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\NoAutorun
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\AutoPlay Policies\Turn off Autoplay for non-
volume devices
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Explorer\NoAutop
layfornonVolume
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Desktop Gadgets\Override the More Gadgets
link
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\W
indows\Sidebar\OverrideMoreGadgetsLink
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Desktop Gadgets\Restrict unpacking installation
of gadgets that are not digitally signed
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\W
indows\Sidebar\TurnOffUnsignedGadgets
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Desktop Gadgets\Turn Off user-installed desktop
gadgets
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\W
indows\Sidebar\TurnOffUserInstalledGadgets
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Event Log Service\Setup\Maximum Log Size
(KB)
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup\
MaxSize
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Game Explorer\Turn off downloading of game
information
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\GameUX\Downlo
adGameInfo
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Game Explorer\Turn off game updates
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\GameUX\GameU
pdateOptions
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop
Session Host\Session Time Limits\Set time limit for active but
idle Remote Desktop Services sessions
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services\MaxIdleTime
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop
Session Host\Session Time Limits\Set time limit for
disconnected sessions
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services\MaxDisconnectionTime
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop
Session Host\Temporary Folders\Do not delete temp folder
upon exit
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services\DeleteTempDirsOnExit
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Remote Desktop Services\Remote Desktop
Session Host\Temporary Folders\Do not use temporary
folders per session
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services\PerSessionTempDir


(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\RSS Feeds\Turn off downloading of enclosures
(2) Registry Key: HKLM\Software\Policies\Microsoft\Internet
Explorer\Feeds\DisableEnclosureDownload

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\RSS Feeds\Turn on Basic feed authentication
over HTTP
(2) Registry Key: HKLM\Software\Policies\Microsoft\Internet
Explorer\Feeds\AllowBasicAuthInClear
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Search\Allow indexing of encrypted files
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Windows
Search\AllowIndexingEncryptedStoresOrItems
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Search\Enable indexing uncached Exchange
folders
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Windows
Search\PreventIndexingUncachedExchangeFolders
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Anytime Upgrade\Prevent Windows
Anytime Upgrade from running
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\WAU\Disabled

(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Defender\Configure Microsoft SpyNet
Reporting
(2) Registry Key: HKLM\Software\Policies\Microsoft\Windows
Defender\SpyNet\SpyNetReporting
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Disable Logging
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows
Error Reporting\LoggingDisabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Disable Windows Error
Reporting
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows
Error Reporting\Disabled
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Display Error
Notification
(2) Registry Key:
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\S
howUI
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Do not send additional
data
(2) Registry Key:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows
Error Reporting\DontSendAdditionalData
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Explorer\Turn off heap termination on
corruption
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Explorer\NoHeap
TerminationOnCorruption
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Explorer\Turn off shell protocol
protected mode
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\PreXPSP2ShellProtocolBehavior
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Installer\Disable IE security prompt for
Windows Installer scripts
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Installer\SafeForS
cripting
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Installer\Enable user control over
installs
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Installer\EnableU
serControl
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Installer\Prohibit non-administrators
from applying vender signed updates
(2) Registry Key:
HKLM\Software\Policies\Microsoft\Windows\Installer\DisableL
UAPatching
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Logon Options\Report when logon
server was not available during user logon
(2) Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\S
ystem\ReportControllerMissing
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Media Digital Rights
Management\Prevent Windows Media DRM Internet Access
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WMDRM\DisableOnline
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Media Player\Do Not Show First Use
Dialog Boxes
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\Grou
pPrivacyAcceptance
(1) GPO Settings: Local Computer Policy\Computer
Configuration\Administrative Templates\Windows
Components\Windows Media Player\Prevent Automatic
Updates
(2) Registry Key:
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\Disa
bleAutoUpdate
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\bthserv\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Fax\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\HomeGroupListener\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\HomeGroupProvider\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Mcx2Svc\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\WPCSvc\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\sppuinotify\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\WbioSrvc\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\WwanSvc\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy

Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Add
workstations to a domain




Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Synchronize
directory service data




Computer Configuration\Windows Settings\Security
Settings\System Services\Alerter

Computer Configuration\Windows Settings\Security
Settings\System Services\Background Intelligent Transfer
Service




Computer Configuration\Windows Settings\Security
Settings\System Services\ClipBook


Computer Configuration\Windows Settings\Security
Settings\System Services\Computer Browser
Computer Configuration\Windows Settings\Security
Settings\System Services\Error Reporting Service




Computer Configuration\Windows Settings\Security
Settings\System Services\Fast User Switching Compatibility


Computer Configuration\Windows Settings\Security
Settings\System Services\FTP Publishing Service




Computer Configuration\Windows Settings\Security
Settings\System Services\Indexing Service




Computer Configuration\Windows Settings\Security
Settings\System Services\Messenger




Computer Configuration\Windows Settings\Security
Settings\System Services\NetMeeting Remote Desktop
Sharing




Computer Configuration\Windows Settings\Security
Settings\System Services\Network DDE
Computer Configuration\Windows Settings\Security
Settings\System Services\Network DDE DSDM


Computer Configuration\Windows Settings\Security
Settings\System Services\Remote Access Connection
Manager


Computer Configuration\Windows Settings\Security
Settings\System Services\Routing and Remote Access


Computer Configuration\Windows Settings\Security
Settings\System Services\SSDP Discovery Service


Computer Configuration\Windows Settings\Security
Settings\System Services\Task Scheduler




Computer Configuration\Windows Settings\Security
Settings\System Services\Terminal Services




Computer Configuration\Windows Settings\Security
Settings\System Services\Universal Plug and Play Device
Host


Computer Configuration\Windows Settings\Security
Settings\System Services\WebClient
Computer Configuration\Windows Settings\Security
Settings\System Services\Wireless Zero Configuration


Computer Configuration\Windows Settings\Security
Settings\System Services\WMI Performance Adapter


Computer Configuration\Windows Settings\Security
Settings\System Services\World Wide Web Publishing Service




Computer Configuration\Administrative
Templates\Network\Network Connections\Prohibit use of
Internet Connection Firewall on your DNS domain network




Computer Configuration\Administrative
Templates\System\Group Policy\Internet Explorer
Maintenance policy processing


Computer Configuration\Administrative
Templates\System\Logon\Turn off Windows Startup Sound


Computer Configuration\Administrative Templates\Windows
Components\ActiveX Installer Service\Approved Installation
Sites for ActiveX Controls


Computer Configuration\Administrative Templates\Windows
Components\Digital Locker\Do not allow Digital Locker to run


Computer Configuration\Administrative Templates\Windows
Components\NetMeeting\Disable remote Desktop Sharing
Computer Configuration\Administrative Templates\Windows
Components\Windows Mail\Turn off the communities features


Computer Configuration\Administrative Templates\Windows
Components\Windows Mail\Turn off Windows Mail application


Computer Configuration\Administrative Templates\Windows
Components\Windows Media Player\Prevent Desktop
Shortcut Creation




User Configuration\Administrative Templates\System\Power
Management\Prompt for password on resume from hibernate /
suspend

User Configuration\Administrative Templates\Windows
Components\Network Sharing\Prevent users from sharing files
within their profile.

User Configuration\Administrative Templates\System\Internet
Communication Management\Internet Communication
Settings\Turn off Help Ratings




Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Logon/Logoff\Audit IPsec Main Mode

Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Global Object Access Auditing\Audit File System

Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Global Object Access Auditing\Audit Registry
 Microsoft Security Compliance
                                               Microsoft Security Compliance
Management Toolkit for Windows
                                             Management Toolkit for Windows 7,
  7, Version 1.0: "Windows 7
                                              Version 1.0: "Windows 7 Security
Security Baseline Settings.xlsm"
                                                       Baseline.xml"
          spreadsheet



                                          Setting Index #111: This setting controls the
                                          hidden administrative shares on a server. By
                                          default, when Windows networking is active on a
                                          server, Windows will create hidden administrative
Worksheet: Computer Policy Settings; Row: shares—which is undesirable on highly secure
57                                        servers.




                                          Setting Index #110: This entry appears as MSS:
                                          (AutoReboot) Allow Windows to automatically
                                          restart after a system crash (recommended
Worksheet: Computer Policy Settings; Row: except for highly secure environments) in the
94                                        SCE.

                                            Setting Index #396: The policy setting for this
                                            audit category determines whether to audit
                                            Authentication Policy changes on computers
                                            running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 37   operating systems.

                                            Setting Index #395: The Policy Change audit
                                            category determines whether to audit every
                                            incident of a change to user rights assignment
                                            policies, Windows Firewall policies, Trust policies,
Worksheet: Audit Policy Settings; Row: 36   or changes to the Audit policy itself.

                                            Setting Index #400: The policy setting for this
                                            audit category determines whether to audit Other
                                            Policy Change events on computers running
                                            Windows Vista or later Windows operating
Worksheet: Audit Policy Settings; Row: 41   systems.

                                            Setting Index #397: The policy setting for this
                                            audit category determines whether to audit
                                            Authorization Policy changes on computers
                                            running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 38   operating systems.
                                             Setting Index #504: This policy setting allows you
Worksheet: User Policy Settings; Row: 12     to manage whether or not screen savers run.



                                          Setting Index #240: This policy setting allows you
                                          to disable the client computer’s ability to print over
Worksheet: Computer Policy Settings; Row: HTTP, which allows the computer to print to
185                                       printers on the intranet as well as the Internet.




Worksheet: Computer Policy Settings; Row:
207                                       Setting Index #517




                                             Setting Index #282: Antivirus programs are
                                             mandatory in many environments and provide a
Worksheet: User Policy Settings; Row: 5      strong defense against attack.




Worksheet: Computer Policy Settings; Row: Setting Index #1026: Configures access to remote
5                                         shells.
                                          Setting Index #378: This settings determines
                                          whether to audit the event of a user who accesses
                                          an object that has a specified system access
                                          control list (SACL), effectively enabling auditing to
                                          take place. It is targeted to Registry Object
Worksheet: Audit Policy Settings; Row: 26 access events.

                                             Setting Index #399: The policy setting for this
                                             audit category determines whether to audit
                                             Filtering Platform Policy changes on computers
                                             running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 39    operating systems.



                                             Setting Index #22: This policy setting determines
                                             whether to audit detailed tracking information for
Worksheet: Audit Policy Settings; Row: 63    process events.
                                            Setting Index #367: This policy setting in the
                                            System audit category determines whether to
                                            audit Other System events on computers that are
                                            running Windows Vista or later versions of
Worksheet: Audit Policy Settings; Row: 4    Windows.




                                          Setting Index #267: This policy setting helps
Worksheet: Computer Policy Settings; Row: prevent Terminal Services clients from saving
201                                       passwords on a computer.


                                          Setting Index #246: This policy setting determines
                                          whether users must first press CTRL+ALT+DEL
                                          to establish a trusted path before typing account
Worksheet: Computer Policy Settings; Row: and password information to log on to computers
191                                       in the environment.



                                          Setting Index #243: This policy setting specifies
                                          whether Windows will search Windows Update for
Worksheet: Computer Policy Settings; Row: device drivers when no local drivers for a device
188                                       are present.

                                            Setting Index #383: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to Handle
Worksheet: Audit Policy Settings; Row: 23   Manipulation on Windows objects.




                                          Setting Index #270: This policy setting specifies
Worksheet: Computer Policy Settings; Row: whether Terminal Services always prompts the
197                                       client computer for a password upon connection.




                                            Setting Index #18: This setting audits and logs
Worksheet: Audit Policy Settings; Row: 59   logon events as they occur.



                                            Setting Index #363: This policy setting disables
                                            the Security tab on the file and folder properties
Worksheet: User Policy Settings; Row: 7     dialog boxes in Windows Explorer.
Worksheet: Computer Policy Settings; Row:
203                                       Setting Index #515



                                          Setting Index #241: This policy setting specifies
                                          whether Search Companion should automatically
Worksheet: Computer Policy Settings; Row: download content updates during local and
186                                       Internet searches.

                                            Setting Index #20: This policy setting determines
                                            whether to audit every incident of a change to
                                            user rights assignment policies, Windows Firewall
                                            policies, Trust policies, or changes to the Audit
Worksheet: Audit Policy Settings; Row: 61   policy itself.

                                            Setting Index #502: If the Screen Saver Timeout
                                            setting is enabled, then the screen saver will be
                                            launched when the specified amount of time has
Worksheet: User Policy Settings; Row: 11    passed since the last user action.




Worksheet: Computer Policy Settings; Row: Setting Index #231: This policy setting controls
176                                       the default behavior of the AutoPlay setting.



                                          Setting Index #507: This policy requires Windows
Worksheet: Computer Policy Settings; Row: Vista or later versions of Windows, it specifies the
206                                       maximum size of the log file in kilobytes.

                                            Setting Index #280: This policy setting allows you
                                            to manage whether Windows marks file
                                            attachments from Internet Explorer or Microsoft
                                            Outlook® Express with information about their
                                            zone of origin (such as restricted, Internet,
Worksheet: User Policy Settings; Row: 3     intranet, or local).



                                            Setting Index #16: This policy setting determines
                                            whether to audit each account management event
Worksheet: Audit Policy Settings; Row: 57   on a computer.
                                             Setting Index #21: This policy setting determines
                                             whether to audit each instance of a user
Worksheet: Audit Policy Settings; Row: 62    exercising a user right.


                                          Setting Index #236: This policy setting allows
                                          client computers that communicate with this
Worksheet: Computer Policy Settings; Row: computer to be forced to provide authentication
181                                       before an RPC communication is established.




Worksheet: Computer Policy Settings; Row: Setting Index #932: Controls if a computer can be
208                                       joined to a HomeGroup



                                          Setting Index #277: This policy setting determines
                                          the amount of time before previously scheduled
Worksheet: Computer Policy Settings; Row: Automatic Update installations will proceed after
195                                       system startup.



                                             Setting Index #362: This policy setting removes
                                             the built-in Windows Vista features that allow
Worksheet: User Policy Settings; Row: 6      users to burn CDs through Windows Explorer.



                                           Setting Index #1040: This is a setting option.
                                           Refer to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
8                                          fixed data drives can be recovered



                                           Setting Index #1050: This is a setting option.
                                           Refer to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
9                                          fixed data drives can be recovered
Worksheet: Bitlocker Policy Settings; Row:
23                                         Setting Index #852:




Worksheet: Bitlocker Policy Settings; Row:
32                                         Setting Index #862:




                                           Setting Index #873: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
35                                         profile




                                           Setting Index #877: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
39                                         profile




Worksheet: Bitlocker Policy Settings; Row:
57                                         Setting Index #887:



                                           Setting Index #891: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Require additional authentication at
61                                         startup


                                           Setting Index #821: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose drive encryption method and
85                                         cipher strength
                                           Setting Index #917: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Deny write access to removable data
83                                         drives not protected by BitLocker

                                             Setting Index #23: This policy setting allows you
                                             to monitor system events that succeed and fail,
                                             and provides a record of these events that may
                                             help determine instances of unauthorized system
Worksheet: Audit Policy Settings; Row: 64    access.

                                          Setting Index #31: This policy setting allows users
                                          who do not have the special "Traverse Folder"
                                          access permission to "pass through" folders when
Worksheet: Computer Policy Settings; Row: they browse an object path in the NTFS file
11                                        system or the registry.



                                           Setting Index #901: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
67                                         removable data drives can be recovered



                                           Setting Index #1037: This is a setting option.
                                           Refer to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
10                                         fixed data drives can be recovered




Worksheet: Computer Policy Settings; Row: Setting Index #33: This setting determines which
36                                        users can change the time zone of the computer.

                                          Setting Index #36: This policy setting determines
                                          whether users can create global objects that are
                                          available to all sessions. Users can still create
Worksheet: Computer Policy Settings; Row: objects that are specific to their own session if
15                                        they do not have this user right.




Worksheet: Computer Policy Settings; Row: Setting Index #38: This policy setting determines
37                                        which users can create symbolic links.
                                          Setting Index #48: The policy setting allows
                                          programs that run on behalf of a user to
                                          impersonate that user (or another specified
Worksheet: Computer Policy Settings; Row: account) so that they can act on behalf of the
21                                        user.


                                          Setting Index #57: This policy setting allows users
                                          to manage the system's volume or disk
                                          configuration, which could allow a user to delete a
Worksheet: Computer Policy Settings; Row: volume and cause data loss as well as a denial-of-
28                                        service condition.




                                           Setting Index #870: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
55                                         profile

                                          Setting Index #69: This policy setting provides the
Worksheet: Computer Policy Settings; Row: ability to change the default administrator user
51                                        name.




                                          Setting Index #97: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether a user can log on to a Windows domain
78                                        using cached account information.




                                           Setting Index #875: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
37                                         profile




                                           Setting Index #863: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
33                                         profile
                                          Setting Index #108: This policy setting controls
                                          the level of validation a computer with shared
                                          folders or printers performs on the service
                                          principal name provided by the client computer
Worksheet: Computer Policy Settings; Row: when it establishes a session using the server
92                                        message block (SMB) protocol




                                          Setting Index #115: The entry appears as MSS:
Worksheet: Computer Policy Settings; Row: (EnableICMPRedirect) Allow ICMP redirects to
96                                        override OSPF generated routes in the SCE.




                                           Setting Index #884: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
47                                         profile




                                          Setting Index #76: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users or groups might launch or activate
64                                        DCOM applications remotely or locally.




                                           Setting Index #878: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
40                                         profile




                                           Setting Index #867: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
52                                         profile
                                           Setting Index #912: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of smart cards on
78                                         removable data drives



                                           Setting Index #846: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for fixed
17                                         data drives




Worksheet: Computer Policy Settings; Row:
142                                       Setting Index #918:



                                           Setting Index #890: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Require additional authentication at
60                                         startup



                                           Setting Index #840: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
11                                         fixed data drives can be recovered




                                          Setting Index #116: The registry value entry
                                          appears as MSS: (Hidden) Hide Computer From
Worksheet: Computer Policy Settings; Row: the Browse List (not recommended except for
97                                        highly secure environments) in the SCE.



                                          Setting Index #120: The registry value entry
                                          appears as MSS: (NoNameReleaseOnDemand)
                                          Allow the computer to ignore NetBIOS name
Worksheet: Computer Policy Settings; Row: release requests except from WINS servers in the
100                                       SCE.
Worksheet: Bitlocker Policy Settings; Row:
87                                         Setting Index #826:

                                          Setting Index #39: This policy setting determines
                                          which user accounts will have the right to attach a
                                          debugger to any process or to the kernel, which
Worksheet: Computer Policy Settings; Row: provides complete access to sensitive and critical
17                                        operating system components.




                                           Setting Index #880: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
42                                         profile



                                           Setting Index #854: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
25                                         operating system drives can be recovered




                                          Setting Index #124: The entry appears as MSS:
                                          (ScreenSaverGracePeriod) The time in seconds
Worksheet: Computer Policy Settings; Row: before the screen saver grace period expires (0
104                                       recommended) in the SCE.



                                           Setting Index #903: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
69                                         removable data drives can be recovered


                                          Setting Index #32: This policy setting determines
                                          which users and groups can change the time and
Worksheet: Computer Policy Settings; Row: date on the internal clock of the computers in your
12                                        environment.
Worksheet: Bitlocker Policy Settings; Row:
65                                         Setting Index #899:




Worksheet: Bitlocker Policy Settings; Row:
77                                         Setting Index #911:




                                           Setting Index #864: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
44                                         profile




                                           Setting Index #885: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
48                                         profile




                                          Setting Index #132: This policy setting controls
Worksheet: Computer Policy Settings; Row: authentication credential storage and passwords
109                                       on the local system.




                                          Setting Index #521: The entry appears as MSS:
                                          (DisableIPSourceRouting) IPv6 source routing
Worksheet: Computer Policy Settings; Row: protection level (protects against packet spoofing)
140                                       in the SCE.
                                           Setting Index #845: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for fixed
16                                         data drives



                                           Setting Index #908: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for
74                                         removable data drives



                                           Setting Index #861: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure minimum PIN length for
31                                         startup



                                           Setting Index #902: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
68                                         removable data drives can be recovered




                                           Setting Index #869: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
54                                         profile


Worksheet: Computer Policy Settings; Row: Setting Index #67: This policy setting determines
55                                        whether the Guest account is enabled or disabled.




Worksheet: Bitlocker Policy Settings; Row:
21                                         Setting Index #850:
Worksheet: Bitlocker Policy Settings; Row:
19                                         Setting Index #848:

                                          Setting Index #61: This policy setting allows one
                                          process or service to start another service or
                                          process with a different security access token,
                                          which can be used to modify the security access
Worksheet: Computer Policy Settings; Row: token of that sub-process and result in the
32                                        escalation of privileges.




                                          Setting Index #96: This policy setting allows text
Worksheet: Computer Policy Settings; Row: to be specified in the title bar of the window that
83                                        users see when they log on to the system.



                                           Setting Index #842: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
13                                         fixed data drives can be recovered




Worksheet: Bitlocker Policy Settings; Row:
7                                          Setting Index #1035:




                                           Setting Index #871: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
56                                         profile




                                           Setting Index #859: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
30                                         operating system drives can be recovered
                                          Setting Index #121: This registry value entry
                                          appears as MSS:
                                          (NtfsDisable8dot3NameCreation) Enable the
Worksheet: Computer Policy Settings; Row: computer to stop generating 8.3 style filenames
101                                       (recommended) in the SCE.




                                           Setting Index #865: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
50                                         profile



                                          Setting Index #72: This policy setting determines
                                          whether to audit the use of all user privileges,
Worksheet: Computer Policy Settings; Row: including Backup and Restore, when the Audit
60                                        privilege use setting is in effect.


                                           Setting Index #819: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose default folder for recovery
84                                         password




Worksheet: Computer Policy Settings; Row: Setting Index #919: Allow NTLM to fall back to
143                                       NULL session when used with LocalSystem.
                                          Setting Index #142: This policy setting specifies
                                          the type of challenge/response authentication for
                                          network logons. LAN Manager (LM)
                                          authentication is the least secure method; it
                                          allows encrypted passwords to be cracked
Worksheet: Computer Policy Settings; Row: because they can be easily intercepted on the
117                                       network.



                                          Setting Index #146: This policy setting allows the
                                          administrator account to automatically log on to
Worksheet: Computer Policy Settings; Row: the recovery console when it is invoked during
120                                       startup.
                                          Setting Index #157: This policy setting configures
                                          whether the built-in Administrator account runs in
                                          Admin Approval Mode. The default behavior
                                          varies because Windows Vista configures the
Worksheet: Computer Policy Settings; Row: built-in Administrator account dependant on
127                                       specific installation criteria.




                                          Setting Index #159: This setting determines the
                                          behavior of Windows Vista when a logged on user
Worksheet: Computer Policy Settings; Row: attempts to complete a task that requires raised
129                                       privileges.

                                          Setting Index #165: This setting allows the user to
                                          create specific locations where the virtualization of
                                          file and registry write failures can be stored. This
                                          setting is specific to UAC compatibility. See the
Worksheet: Computer Policy Settings; Row: security guides for more information about this
135                                       setting.




                                          Setting Index #99: When this policy setting is
Worksheet: Computer Policy Settings; Row: enabled, a domain controller must authenticate
80                                        the domain account used to unlock the computer.




                                            Setting Index #405: This policy setting audits
Worksheet: Audit Policy Settings; Row: 42   Application Group Management events.



                                          Setting Index #107: This policy setting determines
                                          if the server side SMB service is able to sign SMB
Worksheet: Computer Policy Settings; Row: packets if it is requested to do so by a client that
90                                        attempts to establish a connection.




                                            Setting Index #404: This policy setting audits
Worksheet: Audit Policy Settings; Row: 44   Distribution Group Management events.
                                          Setting Index #77: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether a portable computer can be undocked if
65                                        the user does not log on to the system.




Worksheet: Bitlocker Policy Settings; Row:
3                                          Setting Index #816:

                                            Setting Index #408: This policy setting in the DS
                                            Access audit category enables reports to result
                                            when changes to create, modify, move, or
                                            undelete operations are performed on objects in
Worksheet: Audit Policy Settings; Row: 50   Active Directory Domain Services (AD DS).

                                            Setting Index #371: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the Logon-
Worksheet: Audit Policy Settings; Row: 8    Logoff Account Lockout setting.




                                           Setting Index #874: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
36                                         profile
                                           Setting Index #370: This audit category generates
                                           events that record the creation and destruction of
                                           logon sessions. This setting targets the Logoff
Worksheet: Audit Policy Settings; Row: 12 event settings.

                                            Setting Index #374: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the IPsec
Worksheet: Audit Policy Settings; Row: 9    Extended Mode settings.
                                            Setting Index #382: This setting determines
                                            whether to audit the event of a user who accesses
                                            an object that has a specified system access
                                            control list (SACL), effectively enabling auditing to
                                            take place. It targets application generated
Worksheet: Audit Policy Settings; Row: 17   events.
Worksheet: Audit Policy Settings; Row: 28   Setting Index #930:




                                          Setting Index #78: This policy setting determines
Worksheet: Computer Policy Settings; Row: who is allowed to format and eject removable
66                                        media.


                                          Setting Index #192: This profile only applies if a
                                          user with local administrator privileges assigns it
                                          to a network that was previously set to use the
                                          Public profile. Microsoft recommends only
Worksheet: Computer Policy Settings; Row: changing the profile to Private for a trusted
163                                       network.


                                          Setting Index #193: This profile only applies if a
                                          user with local administrator privileges assigns it
                                          to a network that was previously set to use the
                                          Public profile. Microsoft recommends only
Worksheet: Computer Policy Settings; Row: changing the profile to Private for a trusted
164                                       network.




Worksheet: Bitlocker Policy Settings; Row:
86                                         Setting Index #825:



                                           Setting Index #857: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
28                                         operating system drives can be recovered



                                          Setting Index #1: This policy setting determines
                                          the number of renewed, unique passwords that
                                          have to be associated with a user account before
Worksheet: Domain Policy Settings; Row: 3 you can reuse an old password.
                                          Setting Index #924: This policy setting allows you
                                          to create an exception list of servers in this
                                          domain to which clients are allowed to use NTLM
                                          pass-through authentication if the "Network
Worksheet: Computer Policy Settings; Row: Security: Restrict NTLM: Deny NTLM
148                                       authentication in this domain" is set.




                                          Setting Index #45: This policy setting allows users
Worksheet: Computer Policy Settings; Row: to change the Trusted for Delegation setting on a
19                                        computer object in Active Directory.




                                          Setting Index #133: This policy setting determines
Worksheet: Computer Policy Settings; Row: what additional permissions are assigned for
110                                       anonymous connections to the computer



                                          Setting Index #140: This policy setting determines
                                          whether the LAN Manager (LM) hash value for the
Worksheet: Computer Policy Settings; Row: new password is stored when the password is
116                                       changed.




Worksheet: Computer Policy Settings; Row: Setting Index #147: This policy setting makes the
121                                       Recovery Console SET command available.



                                           Setting Index #909: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for
75                                         removable data drives

                                            Setting Index #372: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the IPsec
Worksheet: Audit Policy Settings; Row: 10   Main Mode settings.
                                          Setting Index #1048: This setting determines the
                                          behavior of Windows Vista when a logged on
Worksheet: Computer Policy Settings; Row: administrator attempts to complete a task that
128                                       requires raised privileges.



                                           Setting Index #905: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
71                                         removable data drives can be recovered




                                          Setting Index #95: This policy setting specifies a
Worksheet: Computer Policy Settings; Row: text message that displays to users when they log
82                                        on.



                                          Setting Index #86: This policy setting determines
                                          whether all secure channel traffic that is initiated
Worksheet: Computer Policy Settings; Row: by the domain member must be signed or
70                                        encrypted.



                                           Setting Index #910: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for
76                                         removable data drives



                                           Setting Index #855: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
26                                         operating system drives can be recovered
Worksheet: Bitlocker Policy Settings; Row:
79                                         Setting Index #913:




                                          Setting Index #50: This policy setting allows users
Worksheet: Computer Policy Settings; Row: to change the amount of processor time that a
22                                        process uses.




                                           Setting Index #906: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
72                                         removable data drives can be recovered




Worksheet: Computer Policy Settings; Row:
169                                       Setting Index #198:


                                          Setting Index #63: This policy setting determines
                                          which users who are logged on locally can use the
Worksheet: Computer Policy Settings; Row: Shut Down command to shut down the operating
33                                        system.


                                          Setting Index #161: This setting enables the
                                          prevention of the execution of unsigned or
                                          invalidated applications. Before enabling this
                                          setting, it is essential that administrators are
Worksheet: Computer Policy Settings; Row: certain that all required applications are signed
131                                       and valid.

                                            Setting Index #371: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the Logon-
Worksheet: Audit Policy Settings; Row: 8    Logoff Account Lockout setting.
Worksheet: Computer Policy Settings; Row: Setting Index #79: This setting controls which
67                                        groups has the right to install printer drivers.

                                          Setting Index #923: This policy setting allows you
                                          to create an exception list of remote servers to
                                          which clients are allowed to use NTLM
                                          authentication if the "Network Security: Restrict
Worksheet: Computer Policy Settings; Row: NTLM: Outgoing NTLM traffic to remote servers"
147                                       policy setting is configured.




                                          Setting Index #106: This policy setting determines
Worksheet: Computer Policy Settings; Row: if the server side SMB service is required to
89                                        perform SMB packet signing.




                                           Setting Index #868: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
53                                         profile

                                          Setting Index #49: This policy setting determines
                                          which user accounts can increase or decrease
                                          the size of a process’s working set. The working
                                          set of a process is the set of memory pages
Worksheet: Computer Policy Settings; Row: currently visible to the process in physical random
43                                        access memory (RAM).




                                           Setting Index #879: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
41                                         profile
Worksheet: Bitlocker Policy Settings; Row:
63                                         Setting Index #897:




                                            Setting Index #403: This policy setting audits
Worksheet: Audit Policy Settings; Row: 46   Security Group Management events.
                                            Setting Index #370: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the Logoff
Worksheet: Audit Policy Settings; Row: 12   event settings.


                                           Setting Index #833: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Validate smart card certificate usage
90                                         rule compliance



                                            Setting Index #21: This policy setting determines
                                            whether to audit each instance of a user
Worksheet: Audit Policy Settings; Row: 62   exercising a user right.



                                          Setting Index #101: This policy setting determines
Worksheet: Computer Policy Settings; Row: what happens when the smart card for a logged
81                                        on user is removed from the smart card reader.




                                          Setting Index #27: This policy setting allows a
Worksheet: Computer Policy Settings; Row: user to adjust the maximum amount of memory
9                                         that is available to a process.




                                          Setting Index #187: This option determines if this
                                          computer can receive unicast responses to
                                          multicast or broadcast messages that it initiates.
Worksheet: Computer Policy Settings; Row: Unsolicited unicast responses are blocked
158                                       regardless of this setting.
                                            Setting Index #520: This audit category generates
                                            events that record the creation and destruction of
Worksheet: Audit Policy Settings; Row: 16   logon sessions.




                                           Setting Index #876: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
38                                         profile




                                           Setting Index #866: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
51                                         profile



                                           Setting Index #847: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of passwords for fixed
18                                         data drives



                                           Setting Index #898: This is a setting option. Refer
                                           to the following parent setting for additional
                                           information: Allow access to BitLocker-protected
Worksheet: Bitlocker Policy Settings; Row: removable data drives on earlier versions of
64                                         Windows




Worksheet: Bitlocker Policy Settings; Row:
22                                         Setting Index #851:



                                          Setting Index #920: This policy setting allows
                                          Local System services that use Negotiate to use
Worksheet: Computer Policy Settings; Row: the computer identity when reverting to NTLM
144                                       authentication.
                                          Setting Index #42: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether services can be launched in the context
39                                        of the specified account.




                                           Setting Index #881: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
43                                         profile



                                           Setting Index #1047: This is a setting option.
                                           Refer to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Do not install BitLocker To Go
6                                          Reader on FAT formatted fixed drives




                                          Setting Index #29: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users or groups have the right to log on as
35                                        a Terminal Services client.


                                          Setting Index #156: This policy setting determines
                                          whether digital certificates are processed when
                                          software restriction policies are enabled and a
Worksheet: Computer Policy Settings; Row: user or process attempts to run software with an
138                                       .exe file name extension.


                                           Setting Index #827: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Provide the unique identifiers for your
88                                         organization




                                          Setting Index #135: This policy setting determines
                                          which registry paths will be accessible after
Worksheet: Computer Policy Settings; Row: referencing the WinReg key to determine access
112                                       permissions to the paths.
                                          Setting Index #90: This policy setting determines
Worksheet: Computer Policy Settings; Row: the maximum allowable age for a computer
74                                        account password.


                                          Setting Index #62: This policy setting determines
                                          which users can bypass file, directory, registry,
Worksheet: Computer Policy Settings; Row: and other persistent object permissions when
46                                        restoring backed up files and directories.




Worksheet: Bitlocker Policy Settings; Row:
4                                          Setting Index #817:

                                            Setting Index #385: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to dropped
Worksheet: Audit Policy Settings; Row: 22   packet events by the Filtering Platform.



                                          Setting Index #51: This policy setting allows users
Worksheet: Computer Policy Settings; Row: to dynamically load a new device driver on a
23                                        system.




                                            Setting Index #8: This policy setting determines
Worksheet: Domain Policy Settings; Row:     the number of failed logon attempts before a
10                                          lockout occurs.
                                            Setting Index #379: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to Kernal
Worksheet: Audit Policy Settings; Row: 24   Object access processes.
                                           Setting Index #882: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
45                                         profile




Worksheet: Bitlocker Policy Settings; Row:
73                                         Setting Index #907:




Worksheet: Bitlocker Policy Settings; Row:
15                                         Setting Index #844:


                                           Setting Index #828: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Provide the unique identifiers for your
89                                         organization



                                           Setting Index #900: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
66                                         removable data drives can be recovered



                                           Setting Index #856: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
27                                         operating system drives can be recovered



                                            Setting Index #519: The Account Logon audit
                                            category generates events for credential
Worksheet: Audit Policy Settings; Row: 54   validation.
                                          Setting Index #1027: This privilege determines
                                          which user accounts can modify the integrity label
Worksheet: Computer Policy Settings; Row: of objects, such as files, registry keys, or
27                                        processes owned by other users.
                                          Setting Index #71: This policy setting creates a
                                          default system access control list (SACL) for
                                          system objects such as mutexes (mutual
                                          exclusive), events, semaphores, and MS-DOS
Worksheet: Computer Policy Settings; Row: devices, and causes access to these system
59                                        objects to be audited.

                                            Setting Index #398: The policy setting for this
                                            audit category determines whether to audit
                                            MPSSVC Rule-Level Policy changes on
                                            computers running Windows Vista or later
Worksheet: Audit Policy Settings; Row: 40   Windows operating systems.




                                          Setting Index #131: This policy setting controls
Worksheet: Computer Policy Settings; Row: the ability of anonymous users to enumerate SAM
108                                       accounts as well as shares.

                                            Setting Index #389: This setting applies to the
                                            Non Sensitive Privilege Use subcategory of
                                            events. You can use it to audit users exercising
Worksheet: Audit Policy Settings; Row: 29   user rights.




                                           Setting Index #872: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
34                                         profile




                                            Setting Index #19: This policy setting audits and
Worksheet: Audit Policy Settings; Row: 60   logs object access.

                                            Setting Index #388: This setting applies to the
                                            Sensitive Privilege Use subcategory of events.
                                            You can use it to audit users exercising user
Worksheet: Audit Policy Settings; Row: 30   rights.
                                           Setting Index #849: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure use of smart cards on fixed
20                                         data drives




                                           Setting Index #915: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Control use of BitLocker on
81                                         removable drives
                                           Setting Index #368: This policy setting in the
                                           System audit category determines whether to
                                           audit Security State changes on computers that
                                           are running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 5   operating systems.

                                            Setting Index #20: This policy setting determines
                                            whether to audit every incident of a change to
                                            user rights assignment policies, Windows Firewall
                                            policies, Trust policies, or changes to the Audit
Worksheet: Audit Policy Settings; Row: 61   policy itself.




                                           Setting Index #886: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
49                                         profile




Worksheet: Computer Policy Settings; Row: Setting Index #34: This policy setting allows users
13                                        to change the size of the pagefile.




                                          Setting Index #163: This is the setting that turns
Worksheet: Computer Policy Settings; Row: on or off UAC. Disabling this setting effectively
133                                       disables UAC.
                                            Setting Index #389: This setting applies to the
                                            Non Sensitive Privilege Use subcategory of
                                            events. You can use it to audit users exercising
Worksheet: Audit Policy Settings; Row: 29   user rights.




                                          Setting Index #154: This policy setting determines
Worksheet: Computer Policy Settings; Row: the strength of the default discretionary access
126                                       control list (DACL) for objects.




                                          Setting Index #2: This policy setting defines how
                                          long a user can use their password before it
Worksheet: Domain Policy Settings; Row: 4 expires.

                                            Setting Index #365: This policy setting in the
                                            System audit category determines whether to
                                            audit System Integrity changes on computers that
Worksheet: Audit Policy Settings; Row: 7    are running Windows Vista.

                                          Setting Index #238: This policy setting controls
                                          whether the computer can download print driver
                                          packages over HTTP. To set up HTTP printing,
                                          printer drivers that are not available in the
Worksheet: Computer Policy Settings; Row: standard operating system installation might need
182                                       to be downloaded over HTTP.




                                          Setting Index #138: This policy setting determines
Worksheet: Computer Policy Settings; Row: which network shares can be accessed by
114                                       anonymous users.



                                           Setting Index #841: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
12                                         fixed data drives can be recovered

                                          Setting Index #66: This policy setting enables or
Worksheet: Computer Policy Settings; Row: disables the built-in Administrator account during
54                                        normal operation.
                                           Setting Index #853: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
24                                         operating system drives can be recovered




Worksheet: Bitlocker Policy Settings; Row:
82                                         Setting Index #916:



                                          Setting Index #41: This policy setting determines
Worksheet: Computer Policy Settings; Row: which accounts will not be able to log on to the
38                                        computer as a batch job.
                                          Setting Index #369: This audit category generates
                                          events that record the creation and destruction of
                                          logon sessions. This setting targets the Logon
Worksheet: Audit Policy Settings; Row: 13 settings.


                                            Setting Index #17: This policy setting determines
                                            whether to audit user access to an Active
                                            Directory object that has its own specified system
Worksheet: Audit Policy Settings; Row: 58   access control list (SACL).



                                          Setting Index #35: This policy setting allows a
Worksheet: Computer Policy Settings; Row: process to create an access token, which may
14                                        provide elevated rights to access sensitive data.

                                            Setting Index #377: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to File System
Worksheet: Audit Policy Settings; Row: 20   object access processes.



                                          Setting Index #134: This policy setting determines
                                          which communication sessions, or pipes, will
Worksheet: Computer Policy Settings; Row: have attributes and permissions that allow
111                                       anonymous access.
Worksheet: Bitlocker Policy Settings; Row:
5                                          Setting Index #1039:



                                           Setting Index #892: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Require additional authentication at
62                                         startup




                                          Setting Index #149: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether the virtual memory pagefile is cleared
122                                       when the system is shut down.



                                          Setting Index #55: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users can change the auditing options for
25                                        files and directories and clear the Security log.


                                            Setting Index #17: This policy setting determines
                                            whether to audit user access to an Active
                                            Directory object that has its own specified system
Worksheet: Audit Policy Settings; Row: 58   access control list (SACL).



                                          Setting Index #47: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users or processes can generate audit
42                                        records in the Security log.
                                          Setting Index #391: Detailed Tracking audit
                                          category determines whether to audit detailed
                                          tracking information for events such as program
                                          activation, process exit, handle duplication, and
                                          indirect object access. This setting deals with
Worksheet: Audit Policy Settings; Row: 34 Process Termination.


Worksheet: Computer Policy Settings; Row: Setting Index #70: This setting allows the name of
52                                        the guest account to change.
                                            Setting Index #395: The Policy Change audit
                                            category determines whether to audit every
                                            incident of a change to user rights assignment
                                            policies, Windows Firewall policies, Trust policies,
Worksheet: Audit Policy Settings; Row: 36   or changes to the Audit policy itself.




                                           Setting Index #843: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
14                                         fixed data drives can be recovered




                                          Setting Index #43: This security setting
Worksheet: Computer Policy Settings; Row: determines which users are prevented from
40                                        logging on at the computer.



                                           Setting Index #888: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Require additional authentication at
58                                         startup




                                          Setting Index #40: This policy setting prohibits
                                          users from connecting to a computer from across
Worksheet: Computer Policy Settings; Row: the network, which would allow users to access
18                                        and potentially modify data remotely.




                                          Setting Index #75: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users or groups might access DCOM
63                                        application remotely or locally.



                                           Setting Index #858: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
29                                         operating system drives can be recovered
                                          Setting Index #130: This policy setting controls
                                          the ability of anonymous users to enumerate the
Worksheet: Computer Policy Settings; Row: accounts in the Security Accounts Manager
107                                       (SAM).



                                          Setting Index #87: This policy setting determines
                                          whether a domain member should attempt to
Worksheet: Computer Policy Settings; Row: negotiate encryption for all secure channel traffic
71                                        that it initiates.




Worksheet: Computer Policy Settings; Row: Setting Index #24: This setting allows other users
7                                         on the network to connect to the computer.




Worksheet: Computer Policy Settings; Row: Setting Index #37: This policy setting allows users
16                                        to create directory objects in the object manager.



                                           Setting Index #904: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Choose how BitLocker-protected
70                                         removable data drives can be recovered



                                            Setting Index #518: The Account Logon audit
                                            category generates events for credential
Worksheet: Audit Policy Settings; Row: 53   validation.



                                           Setting Index #889: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Require additional authentication at
59                                         startup
                                          Setting Index #6: This policy setting determines
                                          whether the operating system stores passwords in
                                          a way that uses reversible encryption, which
                                          provides support for application protocols that
                                          require knowledge of the user's password for
Worksheet: Domain Policy Settings; Row: 8 authentication purposes.



                                          Setting Index #104: Disable this policy setting to
                                          prevent the SMB redirector from sending plaintext
                                          passwords during authentication to third-party
Worksheet: Computer Policy Settings; Row: SMB servers that do not support password
87                                        encryption.

                                          Setting Index #530: This policy setting determines
                                          whether the Transport Layer Security/Secure
                                          Sockets Layer (TLS/SSL) Security Provider
                                          supports only the
Worksheet: Computer Policy Settings; Row: TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher
124                                       suite.



                                            Setting Index #519: The Account Logon audit
                                            category generates events for credential
Worksheet: Audit Policy Settings; Row: 54   validation.




                                          Setting Index #1046: This policy setting
Worksheet: Computer Policy Settings; Row: determines whether users can log on as Terminal
41                                        Services clients.




                                           Setting Index #883: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Configure TPM platform validation
46                                         profile



                                           Setting Index #914: This is a setting option. Refer
                                           to the following parent setting for additional
Worksheet: Bitlocker Policy Settings; Row: information: Control use of BitLocker on
80                                         removable drives
                                          Setting Index #52: This policy setting allows a
                                          process to keep data in physical memory, which
Worksheet: Computer Policy Settings; Row: prevents the system from paging the data to
24                                        virtual memory on disk.




                                          Setting Index #89: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether a domain member can periodically
73                                        change its computer account password.



                                          Setting Index #534: Windows Vista SP1 includes
                                          a new Security Policy (UAC: Allow UAccess),
                                          which allows applications to prompt for elevation
                                          without using the secure desktop. This allows a
Worksheet: Computer Policy Settings; Row: remote helper to enter administrative credentials
139                                       during a Remote Assistance session.




                                          Setting Index #80: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether a CD-ROM is accessible to both local
68                                        and remote users simultaneously.




                                          Setting Index #98: This policy setting determines
Worksheet: Computer Policy Settings; Row: how far in advance users are warned that their
79                                        password will expire.


                                          Setting Index #7: This policy setting determines
                                          the length of time that must pass before a locked
                                          account is unlocked and a user can try to log on
Worksheet: Domain Policy Settings; Row: 9 again.


                                          Setting Index #65: This policy setting allows users
                                          to take ownership of files, folders, registry keys,
                                          processes, or threads. This user right bypasses
Worksheet: Computer Policy Settings; Row: any permissions that are in place to protect
47                                        objects and give ownership to the specified user.
                                            Setting Index #931: This setting applies to Other
                                            Privilege Use Events subcategory of events. You
Worksheet: Audit Policy Settings; Row: 31   can use it to audit users exercising user rights.


                                          Setting Index #94: When this setting is configured
                                          to Enabled, users are not required to use the
Worksheet: Computer Policy Settings; Row: CTRL+ALT+DEL key combination to log on to the
77                                        network.

                                          Setting Index #153: Determines whether case
                                          insensitivity is enforced for all subsystems.
                                          Example is case insensitivity for other
                                          subsystems, such as the Portable Operating
Worksheet: Computer Policy Settings; Row: System Interface for UNIX (POSIX) which are
125                                       normally case sensitive.



                                          Setting Index #53: This policy setting allows
Worksheet: Computer Policy Settings; Row: accounts to log on using the task scheduler
44                                        service.


                                            Setting Index #15: This policy setting determines
                                            whether to audit each instance of a user who logs
                                            on to or off from another computer that validates
Worksheet: Audit Policy Settings; Row: 56   the account.



                                          Setting Index #60: This policy setting allows the
Worksheet: Computer Policy Settings; Row: user of a portable computer to click Eject PC on
31                                        the Start menu to undock the computer.




                                          Setting Index #102: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether packet signing is required by the SMB
85                                        client component.
                                          Setting Index #189: This setting controls whether
                                          local administrators are allowed to create
                                          connection security rules that apply with other
Worksheet: Computer Policy Settings; Row: connection security rules enforced by Group
160                                       Policy.




                                          Setting Index #3: This policy setting determines
                                          the number of days that you must use a password
Worksheet: Domain Policy Settings; Row: 5 before you can change it.




                                          Setting Index #46: This policy setting allows users
Worksheet: Computer Policy Settings; Row: to shut down Windows Vista–based computers
20                                        from remote locations on the network.



                                            Setting Index #16: This policy setting determines
                                            whether to audit each account management event
Worksheet: Audit Policy Settings; Row: 57   on a computer.




Worksheet: Computer Policy Settings; Row: Setting Index #925: This policy setting allows you
149                                       to audit incoming NTLM traffic.


                                          Setting Index #109: The registry value entry
                                          AutoAdminLogon was added to the template file
                                          in the
Worksheet: Computer Policy Settings; Row: HKEY_LOCAL_MACHINE\Software\Microsoft\Wi
93                                        ndows NT\CurrentVersion\Winlogon\ registry key




                                          Setting Index #103: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether the SMB client will attempt to negotiate
86                                        SMB packet signing.
                                          Setting Index #28: This policy setting determines
Worksheet: Computer Policy Settings; Row: which users can interactively log on to computers
34                                        in your environment.



                                            Setting Index #22: This policy setting determines
                                            whether to audit detailed tracking information for
Worksheet: Audit Policy Settings; Row: 63   process events.




                                          Setting Index #123: The entry appears as MSS:
Worksheet: Computer Policy Settings; Row: (SafeDllSearchMode) Enable Safe DLL search
103                                       mode (recommended) in the SCE.




                                          Setting Index #4: This policy setting determines
                                          the least number of characters that make up a
Worksheet: Domain Policy Settings; Row: 6 password for a user account.


                                          Setting Index #1043: This policy setting
                                          determines whether to disconnect users who are
                                          connected to the local computer outside their user
Worksheet: Computer Policy Settings; Row: account’s valid logon hours. It affects the SMB
91                                        component.


Worksheet: Computer Policy Settings; Row: Setting Index #232: This policy setting determines
177                                       when registry policies are updated.




Worksheet: Computer Policy Settings; Row: Setting Index #232: This policy setting determines
177                                       when registry policies are updated.




Worksheet: Computer Policy Settings; Row: Setting Index #232: This policy setting determines
177                                       when registry policies are updated.
                                            Setting Index #393: The Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events, such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting is focused on
Worksheet: Audit Policy Settings; Row: 35   RPC events.




                                            Setting Index #18: This setting audits and logs
Worksheet: Audit Policy Settings; Row: 59   logon events as they occur.




                                          Setting Index #5: This policy setting checks all
                                          new password to ensure that they meet basic
Worksheet: Domain Policy Settings; Row: 7 requirements for strong password.



                                          Setting Index #88: This policy setting determines
                                          whether a domain member should attempt to
Worksheet: Computer Policy Settings; Row: negotiate whether all secure channel traffic that it
72                                        initiates must be digitally signed.

                                            Setting Index #384: This setting determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. This setting is targeted to
Worksheet: Audit Policy Settings; Row: 19   File Share access operations.




                                          Setting Index #581: This security setting is used
Worksheet: Computer Policy Settings; Row: by Credential Manager during Backup and
48                                        Restore.




                                          Setting Index #150: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether users' private keys (such as their S-
136                                       MIME keys) require a password to be used.
                                          Setting Index #136: This policy setting determines
                                          which registry paths and sub-paths will be
                                          accessible when an application or process
Worksheet: Computer Policy Settings; Row: references the WinReg key to determine access
50                                        permissions.


                                          Setting Index #91: When this policy setting is
                                          enabled, a secure channel can only be
                                          established with domain controllers that are
Worksheet: Computer Policy Settings; Row: capable of encrypting secure channel data with a
75                                        strong (128-bit) session key.

                                          Setting Index #58: This policy setting determines
                                          which users can use tools to monitor the
                                          performance of non-system processes. if System
                                          Monitor is configured to collect data using
Worksheet: Computer Policy Settings; Row: Windows Management Instrumentation (WMI)
29                                        this setting is required.



                                          Setting Index #30: This policy setting allows users
Worksheet: Computer Policy Settings; Row: to circumvent file and directory permissions to
10                                        back up the system.


                                          Setting Index #164: This setting helps to prevent
                                          malicious use of the elevation prompt. The
                                          Windows Vista secure desktop can only run
Worksheet: Computer Policy Settings; Row: SYSTEM processes, which generally eliminates
134                                       messages from malicious software.


                                          Setting Index #235: This policy setting configures
                                          the RPC Runtime on an RPC server to restrict
Worksheet: Computer Policy Settings; Row: unauthenticated RPC clients from connecting to
180                                       the RPC server.




                                            Setting Index #9: This policy setting determines
Worksheet: Domain Policy Settings; Row:     the length of time before the Account lockout
11                                          threshold resets to zero.
                                          Setting Index #274: This policy setting specifies
                                          whether computers in your environment will
Worksheet: Computer Policy Settings; Row: receive security updates from Windows Update or
192                                       WSUS


                                          Setting Index #274: This policy setting specifies
                                          whether computers in your environment will
Worksheet: Computer Policy Settings; Row: receive security updates from Windows Update or
192                                       WSUS


                                          Setting Index #274: This policy setting specifies
                                          whether computers in your environment will
Worksheet: Computer Policy Settings; Row: receive security updates from Windows Update or
192                                       WSUS

                                            Setting Index #384: This setting determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. This setting is targeted to
Worksheet: Audit Policy Settings; Row: 19   File Share access operations.



                                          Setting Index #105: This policy setting allows you
                                          to specify the amount of continuous idle time that
Worksheet: Computer Policy Settings; Row: must pass in an SMB session before the session
88                                        is suspended because of inactivity.


                                          Setting Index #25: This policy setting allows a
                                          process to assume the identity of any user and
Worksheet: Computer Policy Settings; Row: thus gain access to the resources that the user is
8                                         authorized to access.




Worksheet: Computer Policy Settings; Row: Setting Index #100: This policy setting requires
84                                        users to log on to a computer with a smart card.
                                            Setting Index #392: The Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting deals with the
Worksheet: Audit Policy Settings; Row: 32   DPAPI Activity.


                                          Setting Index #56: This policy setting allows users
                                          to configure the system-wide environment
                                          variables that affect hardware configuration. This
Worksheet: Computer Policy Settings; Row: information is typically stored in the Last Known
26                                        Good Configuration.



                                          Setting Index #68: This policy setting determines
                                          whether local accounts that are not password
Worksheet: Computer Policy Settings; Row: protected can be used to log on from locations
58                                        other than the physical computer console

                                          Setting Index #59: This policy setting allows users
                                          to use tools to view the performance of different
                                          system processes, which could be abused to
                                          allow attackers to determine a system's active
Worksheet: Computer Policy Settings; Row: processes and provide insight into the potential
30                                        attack surface of the computer.



                                          Setting Index #117: The registry value entry
                                          appears as MSS: (KeepAliveTime) How often
Worksheet: Computer Policy Settings; Row: keep-alive packets are sent in milliseconds
98                                        (300,000 is recommended) in the SCE.



                                          Setting Index #73: This policy setting allows
                                          administrators to enable the more precise auditing
                                          capabilities present in Windows Vista. Uses
Worksheet: Computer Policy Settings; Row: subcategory setting to override audit policy
62                                        categories.
                                          Setting Index #118: The entry appears as MSS:
Worksheet: Computer Policy Settings; Row: (NoDefaultExempt) Configure IPSec exemptions
99                                        for various types of network traffic in the SCE.




                                          Setting Index #81: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether removable floppy media are accessible to
69                                        both local and remote users simultaneously.



                                            Setting Index #413: This policy setting audits
                                            logon events other than credential validation and
Worksheet: Audit Policy Settings; Row: 55   Kerberos Ticket Events.

                                          Setting Index #93: This policy setting determines
                                          whether the account name of the last user to log
                                          on to the client computers in your organization will
Worksheet: Computer Policy Settings; Row: be displayed in each computer's respective
76                                        Windows logon screen.
                                          Setting Index #387: This settings determines
                                          whether to audit the event of a user who accesses
                                          an object that has a specified system access
                                          control list (SACL), effectively enabling auditing to
                                          take place. It is targeted to Other Object Access
Worksheet: Audit Policy Settings; Row: 25 events.



                                          Setting Index #127: This registry value entry
                                          appears as MSS: (TcpMaxDataRetransmissions)
                                          How many times unacknowledged data is
Worksheet: Computer Policy Settings; Row: retransmitted (3 recommended, 5 is default) in the
105                                       SCE.
                                          Setting Index #122: This registry value entry
                                          appears as MSS: (PerformRouterDiscovery) Allow
Worksheet: Computer Policy Settings; Row: IRDP to detect and configure Default Gateway
102                                       addresses (could lead to DoS) in the SCE.

                                            Setting Index #381: This policy determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to the
Worksheet: Audit Policy Settings; Row: 18   certification services processes.



                                          Setting Index #54: This policy setting allows
Worksheet: Computer Policy Settings; Row: accounts to start network services or register a
45                                        process as a service running on the system.




                                          Setting Index #74: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether the system shuts down if it is unable to
61                                        log Security events.



                                          Setting Index #273: This policy setting allows you
                                          to manage whether the Install Updates and Shut
Worksheet: Computer Policy Settings; Row: Down option is displayed in the Shut Down
193                                       Windows dialog box.




                                          Setting Index #183: Select On to allow Windows
                                          Firewall to filter network traffic. Select Off to
Worksheet: Computer Policy Settings; Row: prevent Windows Firewall from using any firewall
154                                       rules or connection security rules for this profile.



                                          Setting Index #522: This registry value entry
                                          appears as MSS: (TcpMaxDataRetransmissions)
                                          IPv6 How many times unacknowledged data is
Worksheet: Computer Policy Settings; Row: retransmitted (3 recommended, 5 is default) in the
141                                       SCE.
                                            Setting Index #381: This policy determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to the
Worksheet: Audit Policy Settings; Row: 18   certification services processes.
                                            Setting Index #393: The Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events, such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting is focused on
Worksheet: Audit Policy Settings; Row: 35   RPC events.




Worksheet: Computer Policy Settings; Row: Setting Index #927: This policy setting allows you
151                                       to deny or allow incoming NTLM traffic.



                                          Setting Index #112: The entry appears as MSS:
                                          (DisableIPSourceRouting) IP source routing
Worksheet: Computer Policy Settings; Row: protection level (protects against packet spoofing)
95                                        in the SCE.




                                            Setting Index #402: This policy setting audits
Worksheet: Audit Policy Settings; Row: 43   Computer Account Management events.




Worksheet: Computer Policy Settings; Row: Setting Index #516: This policy requires Windows
205                                       Vista or later versions of Windows




                                          Setting Index #128: The entry appears as MSS:
                                          (WarningLevel) Percentage threshold for the
Worksheet: Computer Policy Settings; Row: security event log at which the system will
106                                       generate a warning in the SCE.
                                            Setting Index #518: The Account Logon audit
                                            category generates events for credential
Worksheet: Audit Policy Settings; Row: 53   validation.




                                          Setting Index #139: This policy setting determines
Worksheet: Computer Policy Settings; Row: how network logons that use local accounts are
115                                       authenticated.



                                          Setting Index #234: This policy setting determines
                                          whether remote assistance may be solicited from
Worksheet: Computer Policy Settings; Row: computers running Windows operating systems in
179                                       your environment.


                                          Setting Index #234: This policy setting determines
                                          whether remote assistance may be solicited from
Worksheet: Computer Policy Settings; Row: computers running Windows operating systems in
179                                       your environment.


                                          Setting Index #234: This policy setting determines
                                          whether remote assistance may be solicited from
Worksheet: Computer Policy Settings; Row: computers running Windows operating systems in
179                                       your environment.


                                          Setting Index #234: This policy setting determines
                                          whether remote assistance may be solicited from
Worksheet: Computer Policy Settings; Row: computers running Windows operating systems in
179                                       your environment.


                                          Setting Index #234: This policy setting determines
                                          whether remote assistance may be solicited from
Worksheet: Computer Policy Settings; Row: computers running Windows operating systems in
179                                       your environment.




                                          Setting Index #185: This setting determines the
Worksheet: Computer Policy Settings; Row: behavior for outbound connections that do not
156                                       match an outbound firewall rule.
                                          Setting Index #269: This policy setting prevents
Worksheet: Computer Policy Settings; Row: users from sharing the local drives on their client
199                                       computers to Terminal Servers that they access.

                                            Setting Index #365: This policy setting in the
                                            System audit category determines whether to
                                            audit System Integrity changes on computers that
Worksheet: Audit Policy Settings; Row: 7    are running Windows Vista.
                                            Setting Index #375: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the special
                                            settings defined in the Windows Vista Security
Worksheet: Audit Policy Settings; Row: 15   Guide.




                                          Setting Index #194: This is an advanced security
                                          setting for the Windows Firewall that you can use
Worksheet: Computer Policy Settings; Row: to allow unicast responses on computers running
165                                       Windows Vista.



                                          Setting Index #928: This policy setting allows you
                                          to deny or allow NTLM authentication within a
                                          domain from this domain controller. This policy
Worksheet: Computer Policy Settings; Row: does not affect interactive logon to this domain
153                                       controller.


                                            Setting Index #410: This policy setting in the DS
                                            Access audit category enables domain controllers
                                            to report detailed information about information
Worksheet: Audit Policy Settings; Row: 48   that replicates between domain controllers.


                                          Setting Index #244: Autoplay starts to read from a
                                          drive as soon as you insert media in the drive,
Worksheet: Computer Policy Settings; Row: which causes the setup file for programs or audio
189                                       media to start immediately.
                                          Setting Index #129: This policy setting determines
                                          whether an anonymous user can request security
Worksheet: Computer Policy Settings; Row: identifier (SID) attributes for another user, or use
56                                        a SID to obtain its corresponding user name.




                                          Setting Index #922: This policy setting allows you
Worksheet: Computer Policy Settings; Row: to set the encryption types that Kerberos is
146                                       allowed to use.




                                          Setting Index #144: This policy setting determines
                                          the minimum application-to-application
Worksheet: Computer Policy Settings; Row: communications security standards for client
119                                       computers.




                                          Setting Index #144: This policy setting determines
                                          the minimum application-to-application
Worksheet: Computer Policy Settings; Row: communications security standards for client
119                                       computers.




                                          Setting Index #144: This policy setting determines
                                          the minimum application-to-application
Worksheet: Computer Policy Settings; Row: communications security standards for client
119                                       computers.




                                          Setting Index #144: This policy setting determines
                                          the minimum application-to-application
Worksheet: Computer Policy Settings; Row: communications security standards for client
119                                       computers.
                                          Setting Index #137: When enabled, this policy
                                          setting restricts anonymous access to only those
                                          shares and pipes that are named in the Network
                                          access: Named pipes that can be accessed
Worksheet: Computer Policy Settings; Row: anonymously and Network access: Shares that
113                                       can be accessed anonymously settings.




                                            Setting Index #401: This policy setting audits
Worksheet: Audit Policy Settings; Row: 47   Account Management events.
                                            Setting Index #387: This settings determines
                                            whether to audit the event of a user who accesses
                                            an object that has a specified system access
                                            control list (SACL), effectively enabling auditing to
                                            take place. It is targeted to Other Object Access
Worksheet: Audit Policy Settings; Row: 25   events.



                                          Setting Index #929: This policy setting allows you
                                          to deny or audit outgoing NTLM traffic from this
Worksheet: Computer Policy Settings; Row: Windows 7 or this Windows Server 2008 R2
152                                       computer to any Windows remote server.




                                          Setting Index #242: This policy setting specifies
                                          whether Windows Messenger can collect
Worksheet: Computer Policy Settings; Row: anonymous information about how the Windows
187                                       Messenger software and service is used.
                                          Setting Index #394: The Detailed Tracking audit
                                          category determines whether to audit detailed
                                          tracking information for events such as program
                                          activation, process exit, handle duplication, and
                                          indirect object access. This setting deals with
Worksheet: Audit Policy Settings; Row: 33 Process Creation.

                                            Setting Index #386: This setting determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to connections
Worksheet: Audit Policy Settings; Row: 21   to the Filtering Platform.
                                          Setting Index #155: This policy setting determines
Worksheet: Computer Policy Settings; Row: which subsystems are used to support
137                                       applications in your environment.
                                          Setting Index #367: This policy setting in the
                                          System audit category determines whether to
                                          audit Other System events on computers that are
                                          running Windows Vista or later versions of
Worksheet: Audit Policy Settings; Row: 4  Windows.


                                          Setting Index #199: This setting determines the
                                          behavior for outbound connections that do not
                                          match an outbound firewall rule. If Outbound
                                          connections are set to Block and deploy the
Worksheet: Computer Policy Settings; Row: firewall policy by using a GPO, cannot receive
170                                       subsequent Group Policy updates.




                                            Setting Index #405: This policy setting audits
Worksheet: Audit Policy Settings; Row: 42   Application Group Management events.




                                          Setting Index #197: Windows Firewall with
Worksheet: Computer Policy Settings; Row: Advanced Security uses the settings for this
168                                       profile to filter network traffic.

                                            Setting Index #400: The policy setting for this
                                            audit category determines whether to audit Other
                                            Policy Change events on computers running
                                            Windows Vista or later Windows operating
Worksheet: Audit Policy Settings; Row: 41   systems.



                                          Setting Index #505: This policy requires Windows
Worksheet: Computer Policy Settings; Row: Vista or later versions of Windows, it specifies the
202                                       maximum size of the log file in kilobytes.
                                          Setting Index #926: This policy setting allows you
Worksheet: Computer Policy Settings; Row: to audit NTLM authentication in a domain from
150                                       this domain controller.




                                            Setting Index #402: This policy setting audits
Worksheet: Audit Policy Settings; Row: 43   Computer Account Management events.



                                          Setting Index #160: This setting determines how
                                          Windows Vista responds to application installation
Worksheet: Computer Policy Settings; Row: requests. Application installation requires an
130                                       elevation of privilege.




                                          Setting Index #184: This setting determines the
Worksheet: Computer Policy Settings; Row: behavior for inbound connections that do not
155                                       match an inbound firewall rule.



                                            Setting Index #376: This audit category generates
                                            events that record the creation and destruction of
Worksheet: Audit Policy Settings; Row: 14   logon sessions.


                                            Setting Index #410: This policy setting in the DS
                                            Access audit category enables domain controllers
                                            to report detailed information about information
Worksheet: Audit Policy Settings; Row: 48   that replicates between domain controllers.




                                            Setting Index #19: This policy setting audits and
Worksheet: Audit Policy Settings; Row: 60   logs object access.


                                            Setting Index #376: This audit category generates
                                            events that record the creation and destruction of
Worksheet: Audit Policy Settings; Row: 14   logon sessions.
                                            Setting Index #373: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets IPsec Quick
Worksheet: Audit Policy Settings; Row: 11   Mode settings.

                                            Setting Index #397: The policy setting for this
                                            audit category determines whether to audit
                                            Authorization Policy changes on computers
                                            running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 38   operating systems.


                                            Setting Index #409: This policy setting for the DS
                                            Access audit category enables reports to result
                                            when replication between two domain controllers
Worksheet: Audit Policy Settings; Row: 51   starts and ends.


                                          Setting Index #237: This policy setting specifies
                                          whether the tasks Publish this file to the Web,
                                          Publish this folder to the Web, and Publish the
Worksheet: Computer Policy Settings; Row: selected items to the Web are available from File
183                                       and Folder Tasks in Windows folders.




                                            Setting Index #404: This policy setting audits
Worksheet: Audit Policy Settings; Row: 44   Distribution Group Management events.




                                            Setting Index #406: This policy setting audits
Worksheet: Audit Policy Settings; Row: 45   Other Account Management events.

                                            Setting Index #374: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the IPsec
Worksheet: Audit Policy Settings; Row: 9    Extended Mode settings.


                                          Setting Index #195: This profile only applies if a
                                          user with local administrator privileges assigns it
                                          to a network that was previously set to use the
                                          Public profile. Microsoft recommends only
Worksheet: Computer Policy Settings; Row: changing the profile to Private for a trusted
166                                       network.
                                            Setting Index #406: This policy setting audits
Worksheet: Audit Policy Settings; Row: 45   Other Account Management events.




                                          Setting Index #1029: Specifies whether or not the
Worksheet: Computer Policy Settings; Row: user is prompted for a password when the system
4                                         resumes from sleep.

                                            Setting Index #373: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets IPsec Quick
Worksheet: Audit Policy Settings; Row: 11   Mode settings.




Worksheet: Computer Policy Settings; Row: Setting Index #1049: Setting controls the auto-
194                                       restart functionality of the operating system




                                          Setting Index #239: Setting controls whether
Worksheet: Computer Policy Settings; Row: Windows will download a list of providers for the
184                                       Web publishing and online ordering wizards.


                                            Setting Index #278: This policy setting disables
                                            the Windows registry editors Regedit.exe and
Worksheet: User Policy Settings; Row: 8     Regedt32.exe.
                                            Setting Index #369: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the Logon
Worksheet: Audit Policy Settings; Row: 13   settings.




                                            Setting Index #281: This policy setting allows you
                                            to manage whether users can manually remove
Worksheet: User Policy Settings; Row: 4     the zone information from saved file attachments.
                                          Setting Index #188: This setting controls whether
                                          local administrators are allowed to create local
Worksheet: Computer Policy Settings; Row: firewall rules that apply together with firewall rules
159                                       configured by Group Policy.




                                             Setting Index #403: This policy setting audits
Worksheet: Audit Policy Settings; Row: 46    Security Group Management events.


                                          Setting Index #191: This setting determines the
                                          behavior for inbound connections that do not
                                          match an inbound firewall rule. This profile only
                                          applies if a user with local administrator privileges
Worksheet: Computer Policy Settings; Row: assigns it to a network that was previously set to
162                                       use the Public profile.
                                          Setting Index #141: This policy setting, which
                                          determines whether to disconnect users who are
                                          connected to the local computer outside their user
Worksheet: Computer Policy Settings; Row: account’s valid logon hours, affects the SMB
53                                        component.




                                          Setting Index #148: This policy setting determines
Worksheet: Computer Policy Settings; Row: whether a computer can be shut down when a
123                                       user is not logged on.



                                          Setting Index #196: This profile only applies if a
                                          user with local administrator privileges assigns it
                                          to a network that was previously set to use the
                                          Public profile. Microsoft recommends only
Worksheet: Computer Policy Settings; Row: changing the profile to Private for a trusted
167                                       network.

                                             Setting Index #372: This audit category generates
                                             events that record the creation and destruction of
                                             logon sessions. This setting targets the IPsec
Worksheet: Audit Policy Settings; Row: 10    Main Mode settings.
                                            Setting Index #411: The Account Logon audit
                                            category generates events for credential
                                            validation. These events occur on the computer
Worksheet: Audit Policy Settings; Row: 52   that is authoritative for the credentials.




Worksheet: Audit Policy Settings; Row: 28   Setting Index #930:


                                            Setting Index #411: The Account Logon audit
                                            category generates events for credential
                                            validation. These events occur on the computer
Worksheet: Audit Policy Settings; Row: 52   that is authoritative for the credentials.

                                            Setting Index #386: This setting determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to connections
Worksheet: Audit Policy Settings; Row: 21   to the Filtering Platform.




                                            Setting Index #500: If this setting is enabled, then
Worksheet: User Policy Settings; Row: 9     all screen savers are password protected.




                                          Setting Index #275: This policy setting allows you
                                          to manage whether the Install Updates and Shut
Worksheet: Computer Policy Settings; Row: Down option is displayed in the Shut Down
196                                       Windows dialog box.

                                            Setting Index #408: This policy setting in the DS
                                            Access audit category enables reports to result
                                            when changes to create, modify, move, or
                                            undelete operations are performed on objects in
Worksheet: Audit Policy Settings; Row: 50   Active Directory Domain Services (AD DS).
                                            Setting Index #392: The Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting deals with the
Worksheet: Audit Policy Settings; Row: 32   DPAPI Activity.
Worksheet: Computer Policy Settings; Row: Setting Index #145: This setting controls the
49                                        encrypion used in RPC.




Worksheet: Computer Policy Settings; Row: Setting Index #145: This setting controls the
49                                        encrypion used in RPC.




Worksheet: Computer Policy Settings; Row: Setting Index #145: This setting controls the
49                                        encrypion used in RPC.




Worksheet: Computer Policy Settings; Row: Setting Index #145: This setting controls the
49                                        encrypion used in RPC.
                                          Setting Index #378: This settings determines
                                          whether to audit the event of a user who accesses
                                          an object that has a specified system access
                                          control list (SACL), effectively enabling auditing to
                                          take place. It is targeted to Registry Object
Worksheet: Audit Policy Settings; Row: 26 access events.


                                          Setting Index #190: This profile only applies if a
                                          user with local administrator privileges assigns it
                                          to a network that was previously set to use the
                                          Public profile. Microsoft recommends only
Worksheet: Computer Policy Settings; Row: changing the profile to Private for a trusted
161                                       network.
                                            Setting Index #520: This audit category generates
                                            events that record the creation and destruction of
Worksheet: Audit Policy Settings; Row: 16   logon sessions.




                                          Setting Index #200: Setting displays notifications
Worksheet: Computer Policy Settings; Row: to the user when a program is blocked from
171                                       receiving inbound connections.


                                            Setting Index #409: This policy setting for the DS
                                            Access audit category enables reports to result
                                            when replication between two domain controllers
Worksheet: Audit Policy Settings; Row: 51   starts and ends.
                                            Setting Index #375: This audit category generates
                                            events that record the creation and destruction of
                                            logon sessions. This setting targets the special
                                            settings defined in the Windows Vista Security
Worksheet: Audit Policy Settings; Row: 15   Guide.


                                          Setting Index #271: This policy setting specifies
                                          whether the computer that is about to host the
                                          remote connection will enforce an encryption level
Worksheet: Computer Policy Settings; Row: for all data sent between it and the client
198                                       computer for the remote session.


                                          Setting Index #271: This policy setting specifies
                                          whether the computer that is about to host the
                                          remote connection will enforce an encryption level
Worksheet: Computer Policy Settings; Row: for all data sent between it and the client
198                                       computer for the remote session.

                                            Setting Index #407: This policy setting in the DS
                                            Access audit category enables reports to result
                                            when Active Directory Domain Services (AD DS)
Worksheet: Audit Policy Settings; Row: 49   objects are accessed.




                                          Setting Index #143: This policy setting determines
Worksheet: Computer Policy Settings; Row: the level of data signing that is requested on
118                                       behalf of clients that issue LDAP BIND requests.
                                          Setting Index #921: This policy will be turned off
                                          by default on domain joined machines. This would
                                          disallow the online identities to be able to
Worksheet: Computer Policy Settings; Row: authenticate to the domain joined machine in
145                                       Windows 7.




                                          Setting Index #201: Controls whether computer
Worksheet: Computer Policy Settings; Row: receives unicast responses to its outgoing
172                                       multicast or broadcast messages.




                                          Setting Index #186: Select this option to have
                                          Windows Firewall with Advanced Security display
Worksheet: Computer Policy Settings; Row: notifications to the user when a program is
157                                       blocked from receiving inbound connections.




                                          Setting Index #202: This setting controls whether
                                          local administrators are allowed to create local
Worksheet: Computer Policy Settings; Row: firewall rules that apply with other firewall rules
173                                       enforced by Group Policy.

                                            Setting Index #383: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to Handle
Worksheet: Audit Policy Settings; Row: 23   Manipulation on Windows objects.

                                            Setting Index #407: This policy setting in the DS
                                            Access audit category enables reports to result
                                            when Active Directory Domain Services (AD DS)
Worksheet: Audit Policy Settings; Row: 49   objects are accessed.




                                            Setting Index #401: This policy setting audits
Worksheet: Audit Policy Settings; Row: 47   Account Management events.
                                          Setting Index #162: This setting helps protect a
                                          Windows Vista–based computer by only allowing
                                          applications installed in a secure location, such as
Worksheet: Computer Policy Settings; Row: the Program Files or the Windows\System32
132                                       folders, to run with elevated privileges.

                                            Setting Index #366: This policy setting in the
                                            System audit category determines whether to
                                            audit IPsec Driver events on computers that are
Worksheet: Audit Policy Settings; Row: 3    running Windows Vista.
                                            Setting Index #379: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to Kernal
Worksheet: Audit Policy Settings; Row: 24   Object access processes.
                                            Setting Index #394: The Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting deals with
Worksheet: Audit Policy Settings; Row: 33   Process Creation.



                                            Setting Index #413: This policy setting audits
                                            logon events other than credential validation and
Worksheet: Audit Policy Settings; Row: 55   Kerberos Ticket Events.

                                            Setting Index #377: This settings determines
                                            whether to audit the event of a user who attempts
                                            to access an object that has a specified system
                                            access control list (SACL), effectively enabling
                                            auditing to take place. It is targeted to File System
Worksheet: Audit Policy Settings; Row: 20   object access processes.
                                            Setting Index #382: This setting determines
                                            whether to audit the event of a user who accesses
                                            an object that has a specified system access
                                            control list (SACL), effectively enabling auditing to
                                            take place. It targets application generated
Worksheet: Audit Policy Settings; Row: 17   events.




                                          Setting Index #203: This setting controls whether
                                          local administrators are allowed to create
                                          connection security rules that apply with other
Worksheet: Computer Policy Settings; Row: connection security rules enforced by Group
174                                       Policy.
                                            Setting Index #391: Detailed Tracking audit
                                            category determines whether to audit detailed
                                            tracking information for events such as program
                                            activation, process exit, handle duplication, and
                                            indirect object access. This setting deals with
Worksheet: Audit Policy Settings; Row: 34   Process Termination.




                                          Setting Index #1028: Specifies whether or not the
Worksheet: Computer Policy Settings; Row: user is prompted for a password when the system
3                                         resumes from sleep.
                                          Setting Index #380: The policy setting controls
                                          whether to audit users who have accessed the
                                          Security Accounts Manager (SAM) object on
                                          computers running Windows Vista or later
Worksheet: Audit Policy Settings; Row: 27 Windows operating systems.
                                          Setting Index #368: This policy setting in the
                                          System audit category determines whether to
                                          audit Security State changes on computers that
                                          are running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 5  operating systems.
                                          Setting Index #380: The policy setting controls
                                          whether to audit users who have accessed the
                                          Security Accounts Manager (SAM) object on
                                          computers running Windows Vista or later
Worksheet: Audit Policy Settings; Row: 27 Windows operating systems.

                                            Setting Index #364: This policy setting in the
                                            System audit category determines whether to
                                            audit Security System Extension changes on
                                            computers that are running Windows Vista or
Worksheet: Audit Policy Settings; Row: 6    later Windows operating systems.

                                            Setting Index #388: This setting applies to the
                                            Sensitive Privilege Use subcategory of events.
                                            You can use it to audit users exercising user
Worksheet: Audit Policy Settings; Row: 30   rights.


                                            Setting Index #15: This policy setting determines
                                            whether to audit each instance of a user who logs
                                            on to or off from another computer that validates
Worksheet: Audit Policy Settings; Row: 56   the account.

                                            Setting Index #399: The policy setting for this
                                            audit category determines whether to audit
                                            Filtering Platform Policy changes on computers
                                            running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 39   operating systems.
                                            Setting Index #398: The policy setting for this
                                            audit category determines whether to audit
                                            MPSSVC Rule-Level Policy changes on
                                            computers running Windows Vista or later
Worksheet: Audit Policy Settings; Row: 40   Windows operating systems.


                                          Setting Index #1030: Disabling data execution
                                          prevention can allow certain legacy plug-in
Worksheet: Computer Policy Settings; Row: applications to function without terminating
6                                         Explorer.

                                            Setting Index #366: This policy setting in the
                                            System audit category determines whether to
                                            audit IPsec Driver events on computers that are
Worksheet: Audit Policy Settings; Row: 3    running Windows Vista.



                                          Setting Index #245: By default, all administrator
Worksheet: Computer Policy Settings; Row: accounts are displayed when you attempt to
190                                       elevate a running application.




                                            Setting Index #1031: This policy setting allows
Worksheet: User Policy Settings; Row: 10    you to manage whether or not screen savers run.




                                          Setting Index #233: This policy setting determines
                                          whether an IT support person can offer remote
Worksheet: Computer Policy Settings; Row: assistance to fix issues on computers in your
178                                       environment without explicit user requests.


                                          Setting Index #233: This policy setting determines
                                          whether an IT support person can offer remote
Worksheet: Computer Policy Settings; Row: assistance to fix issues on computers in your
178                                       environment without explicit user requests.




                                          Setting Index #233: This policy setting determines
                                          whether an IT support person can offer remote
Worksheet: Computer Policy Settings; Row: assistance to fix issues on computers in your
178                                       environment without explicit user requests.
                                            Setting Index #396: The policy setting for this
                                            audit category determines whether to audit
                                            Authentication Policy changes on computers
                                            running Windows Vista or later Windows
Worksheet: Audit Policy Settings; Row: 37   operating systems.


                                          Setting Index #230: This policy setting causes the
                                          run list, which is a list of programs that Windows
Worksheet: Computer Policy Settings; Row: Vista runs automatically when it starts, to be
175                                       ignored.




                                          Setting Index #268: This policy setting allows you
Worksheet: Computer Policy Settings; Row: to control if users can connect to a computer
200                                       using Terminal Services or Remote Desktop.



                                            Setting Index #931: This setting applies to Other
                                            Privilege Use Events subcategory of events. You
Worksheet: Audit Policy Settings; Row: 31   can use it to audit users exercising user rights.

                                            Setting Index #23: This policy setting allows you
                                            to monitor system events that succeed and fail,
                                            and provides a record of these events that may
                                            help determine instances of unauthorized system
Worksheet: Audit Policy Settings; Row: 64   access.

                                            Setting Index #364: This policy setting in the
                                            System audit category determines whether to
                                            audit Security System Extension changes on
                                            computers that are running Windows Vista or
Worksheet: Audit Policy Settings; Row: 6    later Windows operating systems.
                   USGCB Beta 2010-08-31 XCCDF
Microsoft Online
                       (USGCB-Windows-7-
Documentation
                         x86_xccdf.xml)
Rule 'enable_screen_saver'




Rule 'turn_off_printing_over_http'




Rule
'notify_antivirus_programs_when_openin
g_attachments'
Rule
'do_not_allow_passwords_to_be_saved'




Rule
'always_prompt_for_password_upon_con
nection'
Rule
'turn_off_search_companion_content_file
_updates'




Rule 'screen_saver_timeout'




Rule 'maximum_system_log_size'




Rule
'do_not_preserve_zone_information_in_t
he_attachments'
                                   Rule
                                   'rpc_endpoint_mapper_client_authenticati
                                   on'



                                   Rule
                                   'prevent_the_computer_from_joining_a_h
                                   omegroup'




                                   Rule
                                   'reschedule_automatic_updates_schedul
                                   ed_installations'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'bypass_traverse_checking'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'change_the_time_zone'




                                   Rule 'create_global_objects'




                                   Rule 'create_symbolic_links'
                                   Rule
                                   'impersonate_a_client_after_authenticatio
                                   n'




                                   Rule
                                   'perform_volume_maintainance_tasks'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule
                                   'accounts_rename_administrator_accoun
                                   t'



                                   Rule
                                   'interactive_logon_number_of_previous_l
                                   ogons_to_cache_in_case_domain_contr
                                   oller_is_unavailable'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule
                                   'microsoft_network_server_server_spn_t
                                   arget_name_validation_level'



                                   Rule
                                   'mss_enableicmpredirect_allow_icmp_re
                                   directs_to_override_ospf_generated_rout
                                   es'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule
                                   'mss_hidden_hide_computer_from_the_b
                                   rowser_list'




                                   Rule
                                   'mss_nonamereleaseondemand_allow_c
                                   omputer_to_ignore_netbios_name_relea
                                   se_requests_except_from_wins_server'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'debug_programs'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'mss_screensavergraceperiod_the_time_
                                   in_seconds_before_the_screen_saver_gr
                                   ace_period_expires'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'change_the_system_time'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px


                                   Rule
                                   'network_access_do_not_allow_storage_
                                   of_passwords_and_credentials_for_netw
                                   ork_authentication'




                                   Rule
                                   'mss_disableipsourceroutingipv6_ip_sour
                                   ce_routing_protection_level'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px


                                   Rule 'accounts_guest_account_status'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'replace_a_process_level_token'




                                   Rule
                                   'interactive_logon_message_title_for_use
                                   rs_attempting_to_log_on'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'audit_audit_the_use_of_backup_and_re
                                   store_privilege'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'network_security_allow_localsystem_null
                                   _session_fallback'




                                   Rule
                                   'network_security_lanmanager_authentic
                                   ation_level'




                                   Rule
                                   'recovery_console_allow_automatic_admi
                                   nistratiive_logon'
Rule
'user_account_control_admin_approval_
mode_for_the_built_in_administrator_acc
ount'




Rule
'user_account_control_behavior_of_the_
elevation_prompt_for_standard_users'



Rule
'user_account_control_virtualize_file_and
_registry_write_failures_to_per_user_loc
ations'



Rule
'interactive_logon_require_domain_contr
oller_authentication_to_unlock_workstati
on'




Rule
'microsoft_network_server_digitally_sign_
communications_if_client_agrees'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'enforce_password_history'
                                   Rule
                                   'network_access_let_everyone_permissio
                                   ns_apply_to_anonymous_user'




                                   Rule
                                   'network_security_do_not_store_lanmana
                                   ger_hash_on_next_password_change'




                                   Rule
                                   'recovery_console_allow_floppy_copy_an
                                   d_access_to_all_drives_and_folders'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule
                                   'user_account_control_behavior_of_the_
                                   elevation_prompt_for_administrators_in_
                                   admin_approval_mode'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'interactive_logon_message_text_for_use
                                   rs_attempting_to_log_on'




                                   Rule
                                   'domain_member_digitally_encrypt_or_si
                                   gn_secure_channel_data_always'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'increase_scheduling_priority'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'shut_down_the_system'




                                   Rule
                                   'user_account_control_only_elevate_appl
                                   ications_that_are_signed_and_validated'
                                   Rule
                                   'devices_prevent_users_from_installing_
                                   printer_drivers'




                                   Rule
                                   'microsoft_network_server_digitally_sign_
                                   communications_always'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'increase_a_process_working_set'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule
                                   'interactive_logon_smart_card_removal_
                                   behavior'




                                   Rule
                                   'adjust_memory_quotas_for_a_process'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'network_security_allow_localsystem_to_
                                   use_computer_identity_for_ntlm'
                                   Rule 'deny_log_on_as_a_service'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule
                                   'allow_log_on_through_remote_desktop_
                                   services'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule
                                   'network_access_remotely_accessible_re
                                   gistry_paths'
Rule
'domain_member_maximum_machine_a
ccount_password_age'




Rule 'restore_files_and_directories'




Rule 'load_and_unload_device_drivers'




Rule 'account_lockout_threshold'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule 'modify_an_object_label'



                                   Rule
                                   'audit_audit_the_access_of_global_syste
                                   m_objects'




                                   Rule
                                   'network_access_do_not_allow_anonymo
                                   us_enumeration_of_sam_accounts_and_
                                   shares'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'create_a_pagefile'




                                   Rule
                                   'user_account_control_run_all_administra
                                   tors_in_admin_approval_mode'
                                   Rule
                                   'system_objects_strengthen_default_per
                                   missions_on_internal_system_objects'




                                   Rule 'maximum_password_age'




                                   Rule
                                   'turn_off_downloading_of_print_drivers_o
                                   ver_http'




                                   Rule
                                   'network_access_shares_that_can_be_a
                                   ccessed_anonymously'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px

                                   Rule
                                   'accounts_administrator_account_status'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'deny_log_on_as_a_batch_job'




                                   Rule 'create_a_token_object'




                                   Rule
                                   'network_access_named_pipes_that_can
                                   _be_accessed_anonymously'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px



                                   Rule
                                   'shutdown_clear_virtual_memory_pagefil
                                   e'




                                   Rule 'manage_auditing_and_security_log'




                                   Rule 'generate_security_audits'




                                   Rule 'accounts_rename_guest_account'
http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule 'deny_log_on_locally'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




                                   Rule
                                   'deny_access_this_computer_from_the_
                                   network'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule
                                   'network_acces_do_not_allow_anonymo
                                   us_enumeration_of_sam_accounts'




                                   Rule
                                   'domain_member_digitally_encrypt_secur
                                   e_channel_data_when_possible'



                                   Rule
                                   'access_this_computer_from_the_networ
                                   k'




                                   Rule 'create_permanent_shared_objects'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
                                   Rule
                                   'store_passwords_using_reversible_encr
                                   yption'




                                   Rule
                                   'microsoft_network_client_send_unencry
                                   pted_password_to_third_party_smb_serv
                                   ers'



                                   Rule
                                   'system_cryptography_use_fips_complia
                                   nt_algorithms_for_encryption_hashing_a
                                   nd_signing'




                                   Rule
                                   'deny_log_on_through_remote_desktop_
                                   services'




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px




http://technet.microsoft.com/en-
us/library/ee706521(WS.10).as
px
Rule 'lock_pages_in_memory'




Rule
'domain_member_disable_machine_acco
unt_password_changes'




Rule
'user_account_control_allow_uiaccess_a
pplications_to_prompt_for_elevation_with
out_using_the_secure_desktop'




Rule
'devices_restrict_cdrom_access_to_locall
y_logged_on_users'




Rule
'interactive_logon_prompt_user_to_chan
ge_password_before_expiration'




Rule 'account_lockout_duration'




Rule
'take_ownership_of_files_or_other_object
s'
Rule
'interactive_logon_do_not_require_ctrl_alt
_del'




Rule
'system_objects_require_case_insensitivi
ty_for_non_windows_subsystems'




Rule 'log_on_as_a_batch_job'




Rule
'remove_computer_from_docking_station
'




Rule
'microsoft_network_client_digitally_sign_
communications_always'
Rule 'minimum_password_age'




Rule
'force_shutdown_from_a_remote_system
'




Rule
'mss_autoadminlogon_enable_automatic
_admin_logon'




Rule
'microsoft_network_client_digitally_sign_
communications_if_server_agrees'
Rule 'allow_log_on_locally'




Rule
'mss_safedllsearchmode_enable_safe_dl
l_search_mode'




Rule 'minimum_password_length'




Rule
'microsoft_network_server_disconnect_cl
ients_when_logons_expire'



Rule 'registry_policy_processing'
Rule
'password_must_meeet_complexity_requ
irements'




Rule
'domain_member_digitally_sign_secure_
channel_data_when_possible'
Rule
'network_access_remotely_accessible_re
gistry_paths_and_sub_paths'




Rule
'domain_member_require_strong_windo
ws_2000_or_later_session_key'




Rule 'profile_single_process'




Rule 'back_up_files_and_directories'



Rule
'user_account_control_switch_to_the_se
cure_desktop_when_prompting_for_elev
ation'



Rule
'restrictions_for_unauthenticated_rpc_clie
nts'




Rule 'account_lockout_reset'
http://technet.microsoft.com/en-
us/library/cc720539(WS.10).as Rule 'configure_automatic_updates'
px



http://technet.microsoft.com/en-
us/library/cc720539(WS.10).as
px



http://technet.microsoft.com/en-
us/library/cc720539(WS.10).as
px




                                   Rule
                                   'microsoft_network_server_amount_of_id
                                   le_time_required_before_suspending_se
                                   ssion'




                                   Rule
                                   'act_as_part_of_the_operating_system'
Rule
'modify_firmware_environment_variables'




Rule
'accounts_limit_local_account_use_of_bl
ank_passwords_to_console_logon_only'




Rule 'profile_system_performance'




Rule
'mss_keepalivetime_how_often_keep_ali
ve_packets_are_sent_in_milliseconds'




Rule
'audit_force_policy_subcategory_settings
_to_override_audit_policy_category_setti
ngs'
                                Rule
                                'mss_nodefaultexempt_configure_ipsec_
                                exemptions_for_various_types_of_netwo
http://support.microsoft.com/kb rk_traffic'
/811832



                              Rule
                              'devices_restrict_floppy_access_to_locall
                              y_logged_on_users'




                              Rule
                              'interactive_logon_do_not_display_last_u
                              ser_name'




                              Rule
                              'mss_tcpmaxdataretransmissions_how_
                              many_times_unacknowledged_data_is_r
                              etransmitted'
Rule
'mss_performrouterdiscovery_allow_irdp_
to_detect_andconfigure_default_default_
gateway_address'




Rule 'log_on_as_a_service'




Rule
'do_not_display_install_updates_and_shu
t_down_option_in_shut_down_windows_
dialog_box'




Rule
'mss_tcpmaxdataretransmissionsipv6_ho
w_many_times_unacknowledged_data_is
_retransmitted'
Rule
'mss_disableipsourcerouting_ip_source_r
outing_protection_level'




Rule
'mss_warninglevel_percentage_threshold
_for_the_security_event_log_at_which_th
e_system_will_generate_a_warning'
Rule
'network_access_sharing_and_security_
model_for_local_accounts'




Rule 'solicited_remote_assistance'
Rule 'turn_off_autoplay'
Rule
'network_access_allow_anonymous_sid_
name_translation'




Rule
'network_security_configure_encryption_t
ypes_allowed_for_kerberos'




Rule
'network_security_minimum_session_sec
urity_for_ntlm_ssp_based_including_sec
ure_rpc_clients'
Rule
'network_access_restrict_anonymous_ac
cess_to_named_pipes_and_shares'




Rule
'turn_off_the_windows_messenger_custo
mer_experience_improvement_program'
Rule 'maximum_application_log_size'
Rule
'user_account_control_detect_application
_installation_and_prompt_for_elevation'
Rule
'turn_off_the_publish_to_web_task_for_fil
es_and_folders'
Rule
'require_a_password_when_computer_w
akes_plugged_in'




Rule
'no_auto_restart_with_logged_on_users_
for_scheduled_automatic_updates_install
ations'




Rule
'turn_off_internet_download_for_web_pu
blishing_and_online_ordering_wizards'




Rule
'hide_mechanisms_to_remove_zone'
Rule
'network_security_force_logoff_when_log
on_hours_expire'




Rule
'shutdown_allow_system_to_be_shutdow
n_without_having_to_log_on'
Rule
'password_protect_the_screen_saver'
Rule
'network_security_minimum_session_sec
urity_for_ntlm_ssp_based_including_sec
ure_rpc_servers'
Rule
'set_client_connection_encryption_level'




Rule
'network_security_ldap_client_signing_re
quirements'
Rule
'network_security_allow_pku2u_authentic
ation_requests_to_this_computer_to_use
_online_identities'
Rule
'user_account_control_only_elevate_uiac
cess_applications_that_are_installed_in_
secure_locations'
Rule
'require_a_password_when_computer_w
akes_on_battery'
Rule
'turn_off_data_execution_prevention_for_
explorer'




Rule
'enumerate_administrator_accounts_on_
elevation'




Rule 'offer_remote_assistance'
Rule
'allow_users_to_connect_remotely_using
_remote_desktop_services'
Rule 'turn_on_mapper_io_lltdio_driver'




Rule 'turn_on_responder_rspndr_driver'
Rule
'turn_off_microsoft_peer_to_peer_networ
king_services'



Rule
'prohibit_installation_and_configuration_o
f_network_bridge_on_your_dns_domain_
network'




Rule
'require_domain_users_to_elevate_when
_setting_a_networks_location'



Rule
'route_all_traffic_through_the_internal_ne
twork'




Rule '_6to4_state'




Rule 'isatap_state'
Rule 'teredo_state'




Rule 'ip_https'




Rule
'configuration_of_wireless_settings_using
_windows_connect_now'
Rule
'prohibit_access_to_the_windows_conne
ct_now_wizards'




Rule
'extend_point_and_print_connection_to_s
earch_windows_update_and_use_alterna
te_connection_if_needed'



Rule
'allow_remote_access_to_the_pnp_interf
ace'



Rule
'do_not_send_a_windows_error_report_
when_a_generic_driver_is_installed_on_
a_device'



Rule
'prevent_creation_of_a_system_restore_
point_during_device_activity_that_would_
normally_prompt_creation_of_a_restore_
point'
Rule
'prevent_device_metadata_retrieval_from
_the_internet'




Rule
'specify_search_order_for_device_driver
_source_locations'




Rule
'turn_off_event_viewer_events_asp_links'




Rule
'turn_off_handwriting_personalization_dat
a_sharing'
Rule
'turn_off_handwriting_recognition_error_r
eporting'
Rule
'turn_off_internet_connection_wizard_if_u
rl_connection_is_referring_to_microsoft_
com'




Rule
'turn_off_internet_file_association_wizard'




Rule
'turn_off_registration_if_url_connection_is
_referring_to_microsoft_com'




Rule
'turn_off_the_order_prints_picture_task'




Rule
'turn_off_the_windows_customer_experie
nce_improvement_program'




Rule 'turn_off_windows_error_reporting'
Rule 'always_use_classic_logon'




Rule 'turn_on_session_logging'




Rule
'microsoft_support_diagnostic_tool_turn_
on_msdt_interactive_communication_wit
h_support_provider'




Rule
'troubleshooting_allow_user_to_access_
online_troubleshooting_content_on_micr
osoft_servers_from_the_troubleshooting_
control_panel'




Rule 'enable_disable_perftrack'




Rule 'configure_windows_ntp_client'
Rule 'turn_off_program_inventory'
Rule 'default_behavior_for_autorun'




Rule
'turn_off_autoplay_for_non_volume_devi
ces'




Rule 'override_the_more_gadgets_link'




Rule
'restrict_unpacking_installation_of_gadge
ts_that_are_not_digitally_signed'




Rule
'turn_off_user_installed_desktop_gadget
s'




Rule 'maximum_setup_log_size'




Rule
'turn_off_downloading_of_game_informat
ion'
Rule 'turn_off_game_updates'




Rule
'set_time_limit_for_active_but_idle_remot
e_desktop_services_sessions'




Rule
'set_time_limit_for_disconnected_session
s'




Rule
'do_not_delete_temp_folders_upon_exit'




Rule
'do_not_use_temporary_folders_per_ses
sion'




Rule
'turn_off_downloading_of_enclosures'
Rule 'allow_indexing_of_encrypted_files'




Rule
'enable_indexing_uncached_exchange_f
olders'




Rule
'prevent_windows_anytime_upgrade_fro
m_running'




Rule
'configure_microsoft_spynet_reporting'




Rule 'disable_logging'




Rule 'disable_windows_error_reporting'




Rule 'disable_error_notifications'
Rule 'do_not_send_additional_data'




Rule
'turn_off_heap_terminiation_on_corruptio
n'




Rule
'turn_off_shell_protocol_protected_mode'




Rule
'disable_ie_security_prompt_for_windows
_installer_scripts'




Rule 'enable_user_control_over_installs'




Rule
'prohibit_non_administrators_from_applyi
ng_vendor_signed_updates'




Rule
'report_when_logon_server_was_not_ava
ilable_during_user_logon'
Rule
'prevent_windows_media_drm_internet_a
ccess'




Rule
'do_not_show_first_use_dialog_boxes'




Rule 'prevent_automatic_updates'




Rule 'bluetooth_support_service'




Rule 'fax_service'




Rule 'homegroup_listener_service'




Rule 'homegroup_provider_service'




Rule 'media_center_extender_service'




Rule 'parental_controls_service'
USGCB Beta 2010-08-31 OVAL
   (USGCB-Windows-7-
      x86_oval.xml)
Definition
'oval:gov.nist.usgcb.windowsseven:def:
236'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
272'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
275'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
238'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
268'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
252'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
271'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
100214'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
16'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
18'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
21'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
23'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
32'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
42'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
53'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
73'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
127'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
132'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
24'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
136'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
17'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
88'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
51'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
46'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
72'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
56'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
102'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
106'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
113'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
115'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
121'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
75'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
82'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
4'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
89'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
100'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
107'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
114'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
71'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
63'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
34'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
48'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
117'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
60'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
81'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
33'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
76'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
12'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
27'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
140'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
14'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
91'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
67'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
47'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
35'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
2'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
40'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
55'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
87'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
19'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
119'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
112'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
5'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
229'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
94'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
26'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
20'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
90'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
109'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
39'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
31'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
54'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
28'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
25'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
86'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
64'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
22'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
9'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
79'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
110'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
29'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
36'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
66'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
61'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
74'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
1'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
49'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
70'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
111'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
37'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
45'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
77'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
6'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
30'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
122'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
78'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
13'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
135'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
7'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
83'

Definition
'oval:gov.nist.usgcb.windowsseven:def:
227'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
8'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
65'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
92'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
68'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
43'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
15'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
120'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
251'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
3'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
301'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
80'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
11'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
41'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
52'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
44'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
129'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
57'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
130'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
62'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
69'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
137'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
134'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
38'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
100212'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
123'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
139'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
95'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
249'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
259'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
85'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
104'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
93'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
241'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
265'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
116'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
240'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
247'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
100213'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
234'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
101'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
108'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
105'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
276'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
103'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
118'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
246'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
291'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
261'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
248'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
207'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
208'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
209'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
210'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
212'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
213'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
214'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
215'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
216'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
217'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
218'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
219'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
220'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
221'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
222'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
223'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
224'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
225'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
230'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
232'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
231'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
233'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
235'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
237'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
239'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
243'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
245'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
250'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
253'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
254'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
255'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
100215'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
257'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
258'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
260'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
262'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
263'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
264'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
267'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
269'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
270'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
277'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
278'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
279'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
280'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
281'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
283'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
284'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
285'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
286'



Definition
'oval:gov.nist.usgcb.windowsseven:def:
287'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
288'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
289'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
290'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
292'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
293'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
294'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
295'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
296'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
297'
Definition
'oval:gov.nist.usgcb.windowsseven:def:
298'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
299'




Definition
'oval:gov.nist.usgcb.windowsseven:def:
300'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
142'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
143'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
144'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
145'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
146'


Definition
'oval:gov.nist.usgcb.windowsseven:def:
147'

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:316
posted:12/4/2011
language:English
pages:416
liamei12345 liamei12345 http://
About