Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Download - NISTgov - Computer Security Division - Computer

VIEWS: 14 PAGES: 144

									Policy Path                          Policy Setting Name
Computer Configuration\Windows       Enforce password history
Settings\Security Settings\Account
Policies\Password Policy
Computer Configuration\Windows       Maximum password age
Settings\Security Settings\Account
Policies\Password Policy
Computer Configuration\Windows       Minimum password age
Settings\Security Settings\Account
Policies\Password Policy
Computer Configuration\Windows       Minimum password length
Settings\Security Settings\Account
Policies\Password Policy
Computer Configuration\Windows       Password must meet complexity
Settings\Security Settings\Account   requirement
Policies\Password Policy
Computer Configuration\Windows       Store passwords using reversible
Settings\Security Settings\Account   encryption for all users in the domain
Policies\Password Policy
Computer Configuration\Windows       Force shutdown from a remote system
Settings\Security Settings\Account
Policies\Account Lockout Policy
Computer Configuration\Windows       Account lockout threshold
Settings\Security Settings\Account
Policies\Account Lockout Policy
Computer Configuration\Windows       Reset lockout counter after
Settings\Security Settings\Account
Policies\Account Lockout Policy
Computer Configuration\Windows       Enforce user logon restrictions
Settings\Security Settings\Account
Policies\Kerberos Policy
Computer Configuration\Windows       Maximum lifetime for service ticket
Settings\Security Settings\Account
Policies\Kerberos Policy
Computer Configuration\Windows       Maximum lifetime for user ticket
Settings\Security Settings\Account
Policies\Kerberos Policy
Computer Configuration\Windows       Maximum lifetime for user ticket
Settings\Security Settings\Account   renewal
Policies\Kerberos Policy
Computer Configuration\Windows       Maximum tolerance for computer clock
Settings\Security Settings\Account   synchronization
Policies\Kerberos Policy
Computer Configuration\Windows       Audit account logon events
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows       Audit account management
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows       Audit directory service access
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows       Audit logon events
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Audit object access
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Audit policy change
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Audit privilege use
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Audit process tracking
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Audit system events
Settings\Security Settings\Local
Policies\Audit Policy
Computer Configuration\Windows     Access this computer from the network
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Access Credential Manager as a
Settings\Security Settings\Local   trusted caller
Policies\User Rights Assignment
Computer Configuration\Windows     Act as part of the operating system
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Add workstations to a domain
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Adjust memory quotas for a process
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Allow log on locally
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Allow log on through Terminal Services
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Backup files and directories
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Bypass traverse checking
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Change the system time
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Change the time zone
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Create a pagefile
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Create a token object
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Create global objects
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Create permanent shared objects
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Create Symbolic Links
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Debug programs
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Deny access to this computer from the
Settings\Security Settings\Local   network
Policies\User Rights Assignment
Computer Configuration\Windows     Deny log on as a batch job
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Deny log on as a service
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Deny log on locally
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Deny log on through Terminal Services
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Enable computer and user accounts to
Settings\Security Settings\Local   be trusted for delegation
Policies\User Rights Assignment
Computer Configuration\Windows     Force shutdown from a remote system
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Generate security audits
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Impersonate a client after
Settings\Security Settings\Local   authentication
Policies\User Rights Assignment
Computer Configuration\Windows     Increase a process working set
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Increase scheduling authority
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Load and unload device drivers
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Lock pages in memory
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Log on as a batch job
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Log on as a service
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Log on locally
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Manage auditing and security log
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Modify an object label
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Modify firmware environment values
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Perform volume maintenance tasks
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Profile single process
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Profile system performance
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Remove computer from docking station
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Replace a process level token
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Restore files and directories
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Shut down the system
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Synchronize directory service data
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Take ownership of files or other objects
Settings\Security Settings\Local
Policies\User Rights Assignment
Computer Configuration\Windows     Accounts: Administrator account status
Settings\Security Settings\Local
Policies\Security Options
Computer Configuration\Windows     Accounts: Guest account status
Settings\Security Settings\Local
Policies\Security Options
Computer Configuration\Windows     Accounts: Limit local account use of
Settings\Security Settings\Local   blank passwords to console logon only
Policies\Security Options
Computer Configuration\Windows     Accounts: Rename administrator
Settings\Security Settings\Local   account
Policies\Security Options
Computer Configuration\Windows     Accounts: Rename guest account
Settings\Security Settings\Local
Policies\Security Options
Computer Configuration\Windows     Audit: Audit the accesss of global
Settings\Security Settings\Local   system objects
Policies\Security Options
Computer Configuration\Windows     Audit: Audit the use of Backup and
Settings\Security Settings\Local   Restore privilege
Policies\Security Options
Computer Configuration\Windows     Audit: Force audit policy subcategory
Settings\Security Settings\Local   settings (Windows Vista or later) to
Policies\Security Options          override audit policy category settings

Computer Configuration\Windows     Audit: Shut down system immediately if
Settings\Security Settings\Local   unable to log security audits
Policies\Security Options
Computer Configuration\Windows     DCOM: Machine Access Restrictions in
Settings\Security Settings\Local   Security Descriptor Definition Language
Policies\Security Options          (SDDL) syntax
Computer Configuration\Windows     DCOM: Machine Launch Restrictions in
Settings\Security Settings\Local   Security Descriptor Definition Language
Policies\Security Options          (SDDL) syntax
Computer Configuration\Windows     Devices: Allow undock without having
Settings\Security Settings\Local   to log on
Policies\Security Options
Computer Configuration\Windows     Devices: Allowed to format and eject
Settings\Security Settings\Local   removable media
Policies\Security Options
Computer Configuration\Windows     Devices: Prevent users from installing
Settings\Security Settings\Local   printer drivers
Policies\Security Options
Computer Configuration\Windows     Devices: Restrict CD-ROM access to
Settings\Security Settings\Local   locally logged-on user only
Policies\Security Options
Computer Configuration\Windows     Devices: Restrict floppy access to
Settings\Security Settings\Local   locally logged-on user only
Policies\Security Options
Computer Configuration\Windows     Devices: Unsigned driver installation
Settings\Security Settings\Local   behavior
Policies\Security Options
Computer Configuration\Windows     Domain controller: Allow server
Settings\Security Settings\Local   operators to schedule tasks
Policies\Security Options
Computer Configuration\Windows     Domain controller: LDAP server signing
Settings\Security Settings\Local   requirements
Policies\Security Options
Computer Configuration\Windows     Domain controller: Refuse machine
Settings\Security Settings\Local   account password changes
Policies\Security Options
Computer Configuration\Windows     Domain member: Digitally encrypt or
Settings\Security Settings\Local   sign secure channel data (always)
Policies\Security Options
Computer Configuration\Windows     Domain member: Digitally encrypt
Settings\Security Settings\Local   secure channel data (when possible)
Policies\Security Options
Computer Configuration\Windows     Domain member: Digitally sign secure
Settings\Security Settings\Local   channel data (when possible)
Policies\Security Options
Computer Configuration\Windows     Domain member: Disable machine
Settings\Security Settings\Local   account password changes
Policies\Security Options
Computer Configuration\Windows     Domain member: Maximum machine
Settings\Security Settings\Local   account password age
Policies\Security Options
Computer Configuration\Windows     Domain member: Require strong
Settings\Security Settings\Local   (Windows 2000 or later) session key
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Do not display last
Settings\Security Settings\Local   user name
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Do not require
Settings\Security Settings\Local   CTRL+ALT+DELETE
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Message text for
Settings\Security Settings\Local   users attempting to logon
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Message title for
Settings\Security Settings\Local   users attempting to logon
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Number of previous
Settings\Security Settings\Local   logons to cache (in case domain
Policies\Security Options          controller is not available)
Computer Configuration\Windows     Interactive logon: Prompt user to
Settings\Security Settings\Local   change password before expiration
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Require Domain
Settings\Security Settings\Local   Controller authentication to unlock
Policies\Security Options          workstation
Computer Configuration\Windows     Interactive logon: Require smart card
Settings\Security Settings\Local
Policies\Security Options
Computer Configuration\Windows     Interactive logon: Smart card removal
Settings\Security Settings\Local   behavior
Policies\Security Options
Computer Configuration\Windows     Microsoft network client: Digitally sign
Settings\Security Settings\Local   communications (always)
Policies\Security Options
Computer Configuration\Windows     Microsoft network client: Digitally sign
Settings\Security Settings\Local   communications (if server agrees)
Policies\Security Options
Computer Configuration\Windows     Microsoft network client: Send
Settings\Security Settings\Local   unencrypted password to third-party
Policies\Security Options          SMB servers
Computer Configuration\Windows     Microsoft network server: Amount of
Settings\Security Settings\Local   idle time required before suspending
Policies\Security Options          session
Computer Configuration\Windows     Microsoft network server: Digitally sign
Settings\Security Settings\Local   communications (always)
Policies\Security Options
Computer Configuration\Windows     Microsoft network server: Digitally sign
Settings\Security Settings\Local   communications (if client agrees)
Policies\Security Options
Computer Configuration\Windows     Microsoft network server: Disconnect
Settings\Security Settings\Local   clients when logon hours expire
Policies\Security Options
Computer Configuration\Windows     Network access: Allow anonymous
Settings\Security Settings\Local   SID/Name translation
Policies\Security Options
Computer Configuration\Windows     Network access: Do not allow
Settings\Security Settings\Local   anonymous enumeration of SAM
Policies\Security Options          accounts
Computer Configuration\Windows     Network access: Do not allow
Settings\Security Settings\Local   anonymous enumeration of SAM
Policies\Security Options          accounts and shares
Computer Configuration\Windows     Network access: Do not allow storage
Settings\Security Settings\Local   of credentials or .NET Passports for
Policies\Security Options          network authentication
Computer Configuration\Windows     Network access: Let Everyone
Settings\Security Settings\Local   permissions apply to anonymous users
Policies\Security Options
Computer Configuration\Windows     Network access: Named Pipes that can
Settings\Security Settings\Local   be accessed anonymously
Policies\Security Options




Computer Configuration\Windows     Network access: Remotely accessible
Settings\Security Settings\Local   registry paths
Policies\Security Options



Computer Configuration\Windows     Network access: Remotely accessible
Settings\Security Settings\Local   registry paths and subpaths
Policies\Security Options
Computer Configuration\Windows     Network access: Restrict anonymous
Settings\Security Settings\Local   access to Named Pipes and Shares
Policies\Security Options
Computer Configuration\Windows     Network access: Shares that can be
Settings\Security Settings\Local   accessed anonymously
Policies\Security Options
Computer Configuration\Windows     Network access: Sharing and security
Settings\Security Settings\Local   model for local accounts
Policies\Security Options
Computer Configuration\Windows     Network security: Do not store LAN
Settings\Security Settings\Local   Manager hash value on next password
Policies\Security Options          change
Computer Configuration\Windows     Network security: Force logoff when
Settings\Security Settings\Local   logon hours expire
Policies\Security Options
Computer Configuration\Windows     Network security: LAN Manager
Settings\Security Settings\Local   authentication level
Policies\Security Options
Computer Configuration\Windows     Network security: LDAP client signing
Settings\Security Settings\Local   requirements
Policies\Security Options
Computer Configuration\Windows     Network security: Minimum session
Settings\Security Settings\Local   security for NTLM SSP based
Policies\Security Options          (including secure RPC) clients

Computer Configuration\Windows     Network security: Minimum session
Settings\Security Settings\Local   security for NTLM SSP based
Policies\Security Options          (including secure RPC) servers

Computer Configuration\Windows     Recovery console: Allow automatic
Settings\Security Settings\Local   administrative logon
Policies\Security Options
Computer Configuration\Windows     Recovery console: Allow floppy copy
Settings\Security Settings\Local   and access to all drives and all folders
Policies\Security Options
Computer Configuration\Windows     Shutdown: Allow system to be shut
Settings\Security Settings\Local   down without having to log on
Policies\Security Options
Computer Configuration\Windows     Shutdown: Clear virtual memory
Settings\Security Settings\Local   pagefile
Policies\Security Options
Computer Configuration\Windows     System cryptography: Use FIPS
Settings\Security Settings\Local   compliant algorithms for encryption,
Policies\Security Options          hashing, and signing
Computer Configuration\Windows     System Cryptography: Force strong key
Settings\Security Settings\Local   protection for user keys stored on the
Policies\Security Options          computer
Computer Configuration\Windows     System objects: Default owner for
Settings\Security Settings\Local   objects created by members of the
Policies\Security Options          Administrators group
Computer Configuration\Windows     System objects: Require case
Settings\Security Settings\Local   insensitivity for non-Windows
Policies\Security Options          subsystems
Computer Configuration\Windows     System objects: Strengthen default
Settings\Security Settings\Local   permissions of internal system objects
Policies\Security Options          (e.g., Symbolic Links)
Computer Configuration\Windows     System settings: Optional subsystems
Settings\Security Settings\Local
Policies\Security Options
Computer Configuration\Windows     System settings: Use Certificate Rules
Settings\Security Settings\Local   on Windows Executables for Software
Policies\Security Options          Restriction Policies
Computer Configuration\Windows     User Account Control: Admin Approval
Settings\Security Settings\Local   Mode for the Built-in Administrator
Policies\Security Options          account
Computer Configuration\Windows     User Account Control: Behavior of the
Settings\Security Settings\Local   elevation prompt for administrators in
Policies\Security Options          Admin Approval Mode

Computer Configuration\Windows     User Account Control: Behavior of the
Settings\Security Settings\Local   elevation prompt for standard users
Policies\Security Options
Computer Configuration\Windows     User Account Control: Detect
Settings\Security Settings\Local   application installations and prompt for
Policies\Security Options          elevation
Computer Configuration\Windows     User Account Control: Only elevate
Settings\Security Settings\Local   executables that are signed and
Policies\Security Options          validated
Computer Configuration\Windows     User Account Control: elevate
Settings\Security Settings\Local   UIAccess applications that are installed
Policies\Security Options          in secure locations
Computer Configuration\Windows     User Account Control: Run all
Settings\Security Settings\Local   administrators in Admin Approval Mode
Policies\Security Options
Computer Configuration\Windows     User Account Control: Switch to the
Settings\Security Settings\Local   secure desktop when prompting for
Policies\Security Options          elevation
Computer Configuration\Windows     User Account Control: Virtualize file
Settings\Security Settings\Local   and registry write failures to per-user
Policies\Security Options          locations
Computer Configuration\Windows     MSS: (AutoAdminLogon) Enable
Settings\Security Settings\Local   Automatic Logon (Not Recommended)
Policies\Security Options
Computer Configuration\Windows     MSS: (DisableIPSourceRouting) IP
Settings\Security Settings\Local   source routing protection level (protects
Policies\Security Options          against packet spoofing)
Computer Configuration\Windows     MSS: (EnableDeadGWDetect) Allow
Settings\Security Settings\Local   automatic detection of dead network
Policies\Security Options          gateways (could lead to DoS)
Computer Configuration\Windows     MSS: (EnableICMPRedirect) Allow
Settings\Security Settings\Local   ICMP redirects to override OSPF
Policies\Security Options          generated routes
Computer Configuration\Windows     MSS: (EnablePMTUDiscovery) Allow
Settings\Security Settings\Local   automatic detection of MTU size
Policies\Security Options          (possible DoS by an attacker using a
                                   small MTU)
Computer Configuration\Windows     MSS: (Hidden) Hide computer from the
Settings\Security Settings\Local   browse list (Not Recommended except
Policies\Security Options          for highly secure environments

Computer Configuration\Windows     MSS: (KeepAliveTime) How often keep-
Settings\Security Settings\Local   alive packets are sent in milliseconds
Policies\Security Options
Computer Configuration\Windows     MSS: (NoDefaultExempt) Enable
Settings\Security Settings\Local   NoDefaultExempt for IPSec Filtering
Policies\Security Options          (recommended)
Computer Configuration\Windows     MSS: (NoDriveTypeAutoRun) Disable
Settings\Security Settings\Local   Autorun for all drives (recommended)
Policies\Security Options
Computer Configuration\Windows     MSS: (NoNameReleaseOnDemand)
Settings\Security Settings\Local   Allow the computer to ignore NetBIOS
Policies\Security Options          name release requests except from
                                   WINS servers
Computer Configuration\Windows         MSS: (NtfsDisable8dot3NameCreation)
Settings\Security Settings\Local       Enable the computer to stop generating
Policies\Security Options              8.3 style filenames (recommended)


Computer Configuration\Windows         MSS: (PerformRouterDiscovery) Allow
Settings\Security Settings\Local       IRDP to detect and configure
Policies\Security Options              DefaultGateway addresses (could lead
                                       to DoS)
Computer Configuration\Windows         MSS: (SynAttackProtect) Syn attack
Settings\Security Settings\Local       protection level (protects against DoS)
Policies\Security Options
Computer Configuration\Windows         MSS:
Settings\Security Settings\Local       (TCPMaxConnectResponseRetransmis
Policies\Security Options              sions) SYN-ACK retransmissions when
                                       a connection request is not
                                       acknowledged
Computer Configuration\Windows         MSS: (TCPMaxDataRetransmissions)
Settings\Security Settings\Local       How many times unacknowledged data
Policies\Security Options              is retransmitted (3 Recommended, 5 is
                                       Default)

Computer Configuration\Windows         MSS: (WarningLevel) Percentage
Settings\Security Settings\Local       threshold for the security event log at
Policies\Security Options              which the system will generate a
                                       warning
Computer Configuration\Windows         Maximum application log size
Settings\Security Settings\Event Log

Computer Configuration\Windows         Maximum security log size
Settings\Security Settings\Event Log

Computer Configuration\Windows         Maximum system log size
Settings\Security Settings\Event Log

Computer Configuration\Windows         Prevent local guests group from
Settings\Security Settings\Event Log   accessing application log

Computer Configuration\Windows         Prevent local guests group from
Settings\Security Settings\Event Log   accessing security log

Computer Configuration\Windows         Prevent local guests group from
Settings\Security Settings\Event Log   accessing system log

Computer Configuration\Windows         Retain application log
Settings\Security Settings\Event Log

Computer Configuration\Windows         Retain security log
Settings\Security Settings\Event Log

Computer Configuration\Windows         Retain system log
Settings\Security Settings\Event Log
Computer Configuration\Windows         Retention method for application log
Settings\Security Settings\Event Log

Computer Configuration\Windows         Retention method for security log
Settings\Security Settings\Event Log

Computer Configuration\Windows         Retention method for system log
Settings\Security Settings\Event Log

Computer Configuration\Windows         Alerter
Settings\Security Settings\System
Services
Computer Configuration\Windows         ASP .NET State Service
Settings\Security Settings\System
Services
Computer Configuration\Windows         Background Intelligent Transfer Service
Settings\Security Settings\System
Services
Computer Configuration\Windows         ClipBook
Settings\Security Settings\System
Services
Computer Configuration\Windows         Computer Browser
Settings\Security Settings\System
Services
Computer Configuration\Windows         DNS Client
Settings\Security Settings\System
Services
Computer Configuration\Windows         Error Reporting Service
Settings\Security Settings\System
Services
Computer Configuration\Windows         Fast User Switching Compatibility
Settings\Security Settings\System
Services
Computer Configuration\Windows         Fax
Settings\Security Settings\System
Services
Computer Configuration\Windows         FTP Publishing Service
Settings\Security Settings\System
Services
Computer Configuration\Windows         Indexing Service
Settings\Security Settings\System
Services
Computer Configuration\Windows         Messenger
Settings\Security Settings\System
Services
Computer Configuration\Windows         NetMeeting Remote Desktop Sharing
Settings\Security Settings\System
Services
Computer Configuration\Windows         Network DDE
Settings\Security Settings\System
Services
Computer Configuration\Windows         Network DDE DSDM
Settings\Security Settings\System
Services
Computer Configuration\Windows           Remote Access Connection Manager
Settings\Security Settings\System
Services
Computer Configuration\Windows           Remote Desktop Help Session
Settings\Security Settings\System        Manager
Services
Computer Configuration\Windows           Routing and Remote Access
Settings\Security Settings\System
Services
Computer Configuration\Windows           SAP Agent
Settings\Security Settings\System
Services
Computer Configuration\Windows           Simple TCP/IP Services
Settings\Security Settings\System
Services
Computer Configuration\Windows           SSDP Discovery Service
Settings\Security Settings\System
Services
Computer Configuration\Windows           Task Scheduler
Settings\Security Settings\System
Services
Computer Configuration\Windows           Telnet
Settings\Security Settings\System
Services
Computer Configuration\Windows           Terminal Services
Settings\Security Settings\System
Services
Computer Configuration\Windows           Universal Plug and Play Device Host
Settings\Security Settings\System
Services
Computer Configuration\Windows           WebClient
Settings\Security Settings\System
Services
Computer Configuration\Windows           Wireless Configuration
Settings\Security Settings\System
Services
Computer Configuration\Windows           WMI Performance Adapter
Settings\Security Settings\System
Services
Computer Configuration\Windows           World Wide Web Publishing Service
Settings\Security Settings\System
Services
Computer Configuration\Windows           WLAN AutoConfig
Settings\Security Settings\System
Services
Computer Configuration\Windows           %SystemRoot%\regedit.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\arp.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\at.exe
Settings\Security Settings\File System
Computer Configuration\Windows         %SystemRoot%\System32\attrib.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\cacls.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\debug.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\edlin.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\eventcreate
Settings\Security Settings\File System .exe

Computer Configuration\Windows         %SystemRoot%\System32\eventtrigger
Settings\Security Settings\File System s.exe

Computer Configuration\Windows         %SystemRoot%\system32\mshta.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\net.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\net1.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\netsh.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot% \system32\rcp.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot% \system32\reg.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%
Settings\Security Settings\File System \system32\regedt32.exe

Computer Configuration\Windows         %SystemRoot%\System32\regini.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\regsvr32.ex
Settings\Security Settings\File System e

Computer Configuration\Windows         %SystemRoot%\system32\rexec.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\route.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\rsh.exe
Settings\Security Settings\File System
Computer Configuration\Windows         %SystemRoot%\system32\sc.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\secedit.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\subst.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\System32\systeminfo.
Settings\Security Settings\File System exe

Computer Configuration\Windows         %SystemRoot%\system32\tftp.exe
Settings\Security Settings\File System

Computer Configuration\Windows         %SystemRoot%\system32\tlntsvr.exe
Settings\Security Settings\File System
FDCC Windows Vista         FDCC Windows XP            FDCC-Vista-Q3-2007.zip VHD
24 passwords remembered    24 passwords remembered


60 days                    60 days


1 day                      1 day


12 characters              12 characters


Enabled                    Enabled


Disabled                   Disabled


15 minutes                 15 minutes


5 invalid logon attempts   5 invalid logon attempts


15 minutes                 15 minutes


Enabled                    Enabled


600 minutes                600 minutes


10 hours                   10 hours


7 days                     7 days


5 minutes                  5 minutes


Not Defined                Success, Failure


Not Defined                Success, Failure


Not Defined                Failure


Not Defined                Success, Failure
Not Defined                          Failure


Not Defined                          Success


Not Defined                          Failure


Not Defined                          No auditing


Not Defined                          Success


Administrators                       Administrators


Not Defined                          (Not Applicable)


(None)                               (None)


Not Defined                          Not Defined


Administrators, Local Service,       NETWORK SERVICE, LOCAL
Network Service                      SERVICE, Administrators

Administrators, Users                (Not Applicable)


Administrators, Remote Desktop       Administrators, Remote Desktop
Users                                Users

Administrators                       Administrators


Administrators, Users, Local Service, Administrators, Users
Network Service

LOCAL SERVICE, Administrators        Administrators


Local Service, Administrators, Users (Not Applicable)


Administrators                       Administrators


(None)                               (None)
Administrators, LOCAL SERVICE,   Not Defined
NETWORK SERVICE, SERVICE

(None)                           (None)


Administrators                   (Not Applicable)


(None)                           Administrators


Guests                           Guests, Support_388945a0


Guests                           Guests, Support_388945a0


(None)                           (None)


Guests                           Guests, Support_388945a0


Guests                           Guests


Not Defined                      Not Defined


Administrators                   Administrators


Network Service, Local Service   NETWORK SERVICE, LOCAL
                                 SERVICE

Administrators, SERVICE, Local   SERVICE, Administrators
Service, Network Service

Administrators, Local Service    (Not Applicable)


Administrators                   Administrators


Administrators                   Administrators


(None)                           (None)


(None)                           (None)
(None)                           NETWORK SERVICE, LOCAL
                                 SERVICE

(Not Applicable)                 Administrators, Users


Administrators                   Administrators


(None)                           (Not Applicable)


Administrators                   Administrators


Administrators                   Administrators


Administrators                   Administrators


Administrators                   Administrators


Administrators, Users            Administrators, Users


Network Service, Local Service   NETWORK SERVICE, LOCAL
                                 SERVICE

Administrators                   Administrators


Administrators, Users            Administrators, Users


(None)                           (None)


Administrators                   Administrators


Disabled                         Enabled


Disabled                         Disabled


Enabled                          Enabled


Renamed_Admin                    Renamed_Admin
Renamed_Guest      Renamed_Guest


Disabled           Disabled


                   Disabled


Enabled            (Not Applicable)



Disabled           Disabled


Not Defined        Not defined


Not Defined        Not defined


Enabled            Disabled


Administrators     Administrators


Disabled           Disabled


Disabled           Disabled


Disabled           Disabled


(Not Applicable)   Do not allow installation


(Not Applicable)   Not defined


(Not Applicable)   Not defined


(Not Applicable)   Not defined


Enabled            Enabled


Enabled            Enabled
Enabled                       Enabled


Disabled                      Disabled


30 Days                       30 Days


Enabled                       Enabled


Enabled                       Enabled


Disabled                      Disabled


############################## #############################


-- WARNING --                 -- WARNING --


2                             2


14 days                       14 days


Disabled                      Disabled


Not Defined                   Not Defined


Lock Workstation              Lock Workstation


Enabled                       Enabled


Enabled                       Enabled


Disabled                      Disabled


15 minutes                    15 minutes


Enabled                       Enabled
Enabled                               Enabled


Enabled                               Enabled


Disabled                              Disabled


Enabled                               Enabled


Enabled                               Enabled


Enabled                               Enabled


Disabled                              Disabled


netlogon, lsarpc, samr, browser       COMNAP
                                      COMNODE
                                      SQL\QUERY
                                      SPOOLSS
                                      LLSRPC
                                      browser

System\CurrentControlSet\Control\Pr #############################
oductOptions,
System\CurrentControlSet\Control\Se
rver Applications,
Software\Microsoft\Windows
NT\CurrentVersion
############################## (Not Applicable)


Enabled                               (Not Applicable)


(None)                                COMCFG, DFS$


Classic – Local users authenticate as Classic - Local users authenticate
themselves                            as themselves

Enabled                               Enabled


Enabled                               Enabled


Send NTLMv2 Response only.            Send NTLM v2 Response
Refuse LM and NTLM                    only/Refuse LM & NTLM
Negotiate Signing                  Negotiate Signing


Require NTLMv2 session security,   Require message integrity
Require 128 bit encryption         Require message confidentiality
                                   Require NTLMv2 session security
                                   Require 128-bit encryption
Require NTLMv2 session security,   Require message integrity
Require 128 bit encryption         Require message confidentiality
                                   Require NTLMv2 session security
                                   Require 128-bit encryption
Disabled                           Disabled


Disabled                           Disabled


Enabled                            Enabled


Disabled                           Disabled


Enabled                            Enabled


(Not Applicable)                   (Not applicable)


Not Defined                        Object Creator


Enabled                            Enabled


Enabled                            Enabled


Not Defined                        (Not applicable)


Not Defined                        (Not applicable)


Enabled                            (Not applicable)


Prompt for consent                 (Not applicable)



Prompt for credentials             (Not applicable)
Enabled                               (Not applicable)


Disabled                              (Not applicable)


Enabled                               (Not applicable)


Enabled                               (Not applicable)


Enabled                               (Not applicable)


Enabled                               (Not applicable)


Disabled                              Disabled


Highest Protection, source routing is Highest Protection, source routing is
automatically disabled.               automatically disabled.

Disabled                              Disabled


Disabled                              Disabled


Enabled                               Enabled



Enabled                               Not defined



300000 or 5 minutes (recommended) 300000 or 5 minutes
                                  (recommended)

Mulitcast, Broadcast, and ISAKMP      Not defined
are exempt (Best for Windows XP)

255, disable autorun for all drives   255, disable autorun for all drives


Enabled                               Enabled
Disabled                             Disabled




Disabled                             Disabled



Enabled: Connections timeout sooner Enabled: Connections timeout
if a SYN attack is detected         sooner if a SYN attack is detected

Enabled: 3 & 6 seconds, half-open    Enabled: 3&6 second, half-open
connections dropped after 21         connections droped after 21
seconds                              seconds


Enabled: 3                           Enabled: 3




90%                                  90%



Not Defined                          16384 kilobytes


Not Defined                          81920 kilobytes


Not Defined                          16384 kilobytes


Not Defined                          (Not Applicable)


Not Defined                          (Not Applicable)


Not Defined                          (Not Applicable)


Not Defined                          Enabled


Not Defined                          Enabled


Not Defined                          Enabled
Not Defined   Not defined


Not Defined   Not defined


Not Defined   Not defined


Not Defined   Disabled


Not Defined   Not Defined


Not Defined   Manual


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Not defined


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled


Not Defined   Disabled
Not Defined      Disabled


Not Defined      Not Defined


Not Defined      Disabled


Not Defined      Not Defined


Not Defined      Not Defined


Not Defined      Disabled


Not Defined      Disabled


Not Defined      Disabled


Not Defined      Manual


Not Defined      Disabled


Not Defined      Disabled


Not Defined      Disabled


Not Defined      Manual


Not Defined      Disabled


Disabled         (Not Applicable)


Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full
Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full
Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full

Not Configured   Administators: Full
                 System: Full
FDCC-XP-Q3-2007.zip VHD   FDCC-Vista-Q3-2007-GPOs   FDCC-XP-Q3-2007-GPOs
disabled in VHD (default Windows
setting)
FDCC-Vista-Q3-2007-SCAP-Data   FDCC-XP-Q3-2007-SCAP-Data   CCE Number
CPE Number   SP 800-53 Controls   GPO File Name
Comment




Manual Verification


Manual Verification


Manual Verification


Manual Verification


Manual Verification
Manual Verification


Manual Verification



Manual Verification
Manual Verification


Manual Verification


Manual Verification


Manual Verification


Manual Verification


Manual Verification
Policy Path                                           Policy Setting Name                       FDCC Windows Vista   FDCC Windows XP             FDCC-Vista-Q3-2007.zip VHD
Computer Configuration\Administrative                 Turn on Mapper I/O (LLTDIO) driver        Disabled             (Not Applicable)
Templates\Network\Link-Layer Topology Discovery
Computer Configuration\Administrative                 Turn on Responder (RSPNDR) driver Disabled                     (Not Applicable)
Templates\Network\Link-Layer Topology Discovery
Computer Configuration\Administrative                 Turn Off Microsoft Peer-to-Peer           Enabled              Enabled
Templates\Network\Microsoft Peer-to-Peer Networking   Networking Services
Services
Computer Configuration\Administrative                 Prohibit installation and configuration   Enabled              Enabled
Templates\Network\Network Connections                 of Network Bridge on your DNS
                                                      domain network
Computer Configuration\Administrative                 Prohibit use of Internet Connection       Enabled              Enabled
Templates\Network\Network Connections                 Firewall on your DNS domain
                                                      network
Computer Configuration\Administrative                 Prohibit use of Internet Connection       Enabled              Enabled
Templates\Network\Network Connections                 Sharing on your DNS domain
                                                      network
Computer Configuration\Administrative                 Windows Firewall: Allow file and          (Not Applicable)     Disabled
Templates\Network\Network Connections\Windows         printer sharing exception
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow ICMP              (Not Applicable)     Enabled: Allow inbound
Templates\Network\Network Connections\Windows         exceptions                                                     echo requests
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow local port        (Not Applicable)     Disabled
Templates\Network\Network Connections\Windows         exceptions
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow local             (Not Applicable)     Disabled
Templates\Network\Network Connections\Windows         program exceptions
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow logging           (Not Applicable)     Enabled: Log dropped
Templates\Network\Network Connections\Windows                                                                        packets,Log successful
Firewall\Domain Profile                                                                                              connections,Log file path
                                                                                                                     and
                                                                                                                     name:%systemroot%\domai
                                                                                                                     nfw.log,size limit:16384
Computer Configuration\Administrative                 Windows Firewall: Allow remote            (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows         administration exception
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow Remote            (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows         Desktop exception
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Allow UPnP              (Not Applicable)     Disabled
Templates\Network\Network Connections\Windows         framework exception
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Define port             (Not Applicable)     Not Configured
Templates\Network\Network Connections\Windows         exceptions
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Prohibit                (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows         notifications
Firewall\Domain Profile
Computer Configuration\Administrative                 Windows Firewall: Prohibit unicast        (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows         response to multicast or broadcast
Firewall\Domain Profile                               requests
Computer Configuration\Administrative           Windows Firewall: Protect all network (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows   connections
Firewall\Domain Profile
Computer Configuration\Administrative           Windows Firewall: Allow file and        (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   printer sharing exception
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow ICMP            (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   exceptions
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow local port      (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   exceptions
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow local           (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   program exceptions
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow Remote          (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   Administration Exception
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow Remote          (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   Desktop exception
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Allow UPnP            (Not Applicable)   Disabled
Templates\Network\Network Connections\Windows   framework exception
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Do not allow          (Not Applicable)   Enabled
Templates\Network\Network Connections\Windows   exceptions
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Prohibit              (Not Applicable)   Enabled
Templates\Network\Network Connections\Windows   notifications
Firewall\Standard Profile
Computer Configuration\Administrative           Windows Firewall: Prohibit unicast    (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows   response to multicast or broadcast
Firewall\Standard Profile                       requests
Computer Configuration\Administrative           Windows Firewall: Protect all network (Not Applicable)     Enabled
Templates\Network\Network Connections\Windows   connections
Firewall\Standard Profile
Computer Configuration\Administrative           Configuration of wireless settings      Disabled           (Not Applicable)
Templates\Network\Windows Connect Now           using Windows Connect Now
Computer Configuration\Administrative           Prohibit Access of the Windows          Enabled            (Not Applicable)
Templates\Network\Windows Connect Now           Connect Now wizards
Computer Configuration\Administrative           Allow remote access to the PnP          Disabled           (Not Applicable)
Templates\System\Device Installation            interface
Computer Configuration\Administrative           Do not create system restore point      Disabled           (Not Applicable)
Templates\System\Device Installation            when new device driver installed
Computer Configuration\Administrative           Do not send a Windows Error Report      Enabled            (Not Applicable)
Templates\System\Device Installation            when a generic driver is installed on
                                                a device
Computer Configuration\Administrative           Turn off Windows Update device          Enabled            (Not Applicable)
Templates\System\Driver Installation            driver search prompt
Computer Configuration\Administrative           Display Error Notification              (Not Applicable)   Disabled
Templates\System\Error Reporting
Computer Configuration\Administrative        Internet Explorer Maintenance policy Enabled: All three options checked.   Not Defined
Templates\System\Group Policy                processing                           Allow prcessing across a slow
                                                                                  network connection. Do not apply
                                                                                  during periodic background
                                                                                  processing. Process even if the
                                                                                  Group Policy objects have not
                                                                                  changed.
Computer Configuration\Administrative        Registry policy processing           Enabled                               Enabled
Templates\System\Group Policy
Computer Configuration\Administrative        Turn off Automatic Root Certificates    Enabled                            Enabled
Templates\System\Internet Communication      Update
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off downloading of print drivers   Enabled                            Enabled
Templates\System\Internet Communication      over HTTP
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off Event Viewer "Events.asp"      Disabled                           Disabled
Templates\System\Internet Communication      links
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off handwriting recognition error Enabled                             (Not Applicable)
Templates\System\Internet Communication      reporting
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off Internet Connection Wizard     Enabled                            Enabled
Templates\System\Internet Communication      if URL connection is referring to
Management\Internet Communication settings   Microsoft.com
Computer Configuration\Administrative        Turn off Internet download for Web      Enabled                            Enabled
Templates\System\Internet Communication      publishing and online ordering
Management\Internet Communication settings   wizards
Computer Configuration\Administrative        Turn off Internet File Association      Enabled                            Enabled
Templates\System\Internet Communication      service
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off printing over HTTP             Enabled                            Enabled
Templates\System\Internet Communication
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off Registration if URL            Enabled                            Enabled
Templates\System\Internet Communication      connection is referring to
Management\Internet Communication settings   Microsoft.com
Computer Configuration\Administrative        Turn off Search Companion content       Enabled                            Enabled
Templates\System\Internet Communication      file updates
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off the "Order Prints" picture     Enabled                            Enabled
Templates\System\Internet Communication      task
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off the "Publish to Web" task for Enabled                             Enabled
Templates\System\Internet Communication      files and folders
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off the Windows Messenger          Enabled                            Enabled
Templates\System\Internet Communication      Customer Experience Improvement
Management\Internet Communication settings   Program
Computer Configuration\Administrative        Turn off Windows Error Reporting        Enabled                            Enabled
Templates\System\Internet Communication
Management\Internet Communication settings
Computer Configuration\Administrative        Turn off Windows Movie Maker            Enabled                            Enabled
Templates\System\Internet Communication      automatic codec downloads
Management\Internet Communication settings
Computer Configuration\Administrative              Turn off Windows Movie Maker         Enabled                               Enabled
Templates\System\Internet Communication            online Web links
Management\Internet Communication settings
Computer Configuration\Administrative              Turn off Windows Movie Maker         Enabled                               Enabled
Templates\System\Internet Communication            saving to online video hosting
Management\Internet Communication settings         provider
Computer Configuration\Administrative              Turn off Windows Update device       Enabled                               Enabled
Templates\System\Internet Communication            driver searching
Management\Internet Communication settings
Computer Configuration\Administrative              Always use classic logon             Enabled                               Enabled
Templates\System\Logon
Computer Configuration\Administrative              Do not process the run once list     Enabled                               Enabled
Templates\System\Logon
Computer Configuration\Administrative              Don't display the Getting Started    Enabled                               Enabled
Templates\System\Logon                             welcome screen at logon
Computer Configuration\Administrative              Turn off Windows Startup Sound       Enabled                               (Not Applicable)
Templates\System\Logon
Computer Configuration\Administrative              Require a Password When a            Enabled                               (Not Applicable)
Templates\System\Power Management\Sleep Settings   Computer Wakes (On Battery)

Computer Configuration\Administrative              Require a Password When a            Enabled                               (Not Applicable)
Templates\System\Power Management\Sleep Settings   Computer Wakes (Plugged In)

Computer Configuration\Administrative              Offer Remote Assistance              Disabled                              Disabled
Templates\System\Remote Assistance
Computer Configuration\Administrative              Solicited Remote Assistance          Disabled                              Disabled
Templates\System\Remote Assistance
Computer Configuration\Administrative              Turn on session logging              Enabled                               (Not Applicable)
Templates\System\Remote Assistance
Computer Configuration\Administrative              Restrictions for Unauthenticated     Enabled: Authenticated                Enabled: Authenticated
Templates\System\Remote Procedure Call             RPC clients
Computer Configuration\Administrative              RPC Endpoint Mapper Client           Enabled                               Enabled
Templates\System\Remote Procedure Call             Authentication
Computer Configuration\Administrative              Approved Installation Sites for      Not Defined, but a recommended         (Not Applicable)
Templates\Windows Components\ActiveX Installer     ActiveX Controls                     setting. Enabled: Add sites trusted to
Service                                                                                 download ActiveX Controls to this list
                                                                                        (Recommended Setting)

Computer Configuration\Administrative              Turn off Autoplay                    Enabled:All Drives                    (Not Applicable)
Templates\Windows Components\AutoPlay Policies
Computer Configuration\Administrative              Enumerate administrator accounts     Disabled                              (Not Applicable)
Templates\Windows Components\Credential User       on elevation
Interface
Computer Configuration\Administrative              Do not allow Digital Locker to run   Enabled                               (Not Applicable)
Templates\Windows Components\Digital Locker
Computer Configuration\Administrative              Maximum Log Size (KB)                32768                                 (Not Applicable)
Templates\Windows Components\Event Log
Service\Application
Computer Configuration\Administrative              Maximum Log Size (KB)                81920                                 (Not Applicable)
Templates\Windows Components\Event Log
Service\Security
Computer Configuration\Administrative              Maximum Log Size (KB)                32768                                 (Not Applicable)
Templates\Windows Components\Event Log
Service\Setup
Computer Configuration\Administrative            Maximum Log Size (KB)                   32768                               (Not Applicable)
Templates\Windows Components\Event Log
Service\System
Computer Configuration\Administrative            Turn off downloading of game            Enabled                             (Not Applicable)
Templates\Windows Components\Game Explorer       information
Computer Configuration\Administrative            Disable "Configuring History"           Enabled:40 days                     Enabled, 40 days
Templates\Windows Components\Internet Explorer
Computer Configuration\Administrative            Disable Automatic Install of Internet   Enabled                             Enabled
Templates\Windows Components\Internet Explorer   Explorer components
Computer Configuration\Administrative            Disable changing Automatic              Enabled                             Enabled
Templates\Windows Components\Internet Explorer   Configuration settings
Computer Configuration\Administrative            Disable Periodic Check for Internet     Enabled                             Enabled
Templates\Windows Components\Internet Explorer   Explorer software updates
Computer Configuration\Administrative            Disable showing the splash screen       Enabled                             Enabled
Templates\Windows Components\Internet Explorer
Computer Configuration\Administrative            Disable software update shell           Enabled                             Enabled
Templates\Windows Components\Internet Explorer   notifications on program launch
Computer Configuration\Administrative            Do not allow users to enable or         Disabled                            Disabled
Templates\Windows Components\Internet Explorer   disable add-ons
Computer Configuration\Administrative            Make proxy settings per-machine         Disabled                            Disabled
Templates\Windows Components\Internet Explorer   (rather than per-user)
Computer Configuration\Administrative            Prevent participation in the Customer   Enabled                             Enabled
Templates\Windows Components\Internet Explorer   Experience Improvement Program

Computer Configuration\Administrative            Prevent performance of First Run        Enabled: Go directly to home page   Enabled: Go directly to
Templates\Windows Components\Internet Explorer   Customize settings                                                          home page
Computer Configuration\Administrative            Security Zones: Do not allow users to   Enabled                             Enabled
Templates\Windows Components\Internet Explorer   add/delete sites
Computer Configuration\Administrative            Security Zones: Do not allow users to   Enabled                             Enabled
Templates\Windows Components\Internet Explorer   change policies
Computer Configuration\Administrative            Security Zones: Use only machine        Enabled                             Enabled
Templates\Windows Components\Internet Explorer   settings
Computer Configuration\Administrative            Turn off "Delete Browsing History"      Enabled                             Enabled
Templates\Windows Components\Internet Explorer   functionality
Computer Configuration\Administrative            Turn off Crash Detection                Enabled                             Enabled
Templates\Windows Components\Internet Explorer
Computer Configuration\Administrative            Turn off Managing Phishing filter       Enabled:Off                         Enabled (Off)
Templates\Windows Components\Internet Explorer
Computer Configuration\Administrative            Turn off the Security Settings Check Disabled                               Disabled
Templates\Windows Components\Internet Explorer   feature
Computer Configuration\Administrative            Prevent ignoring certificate errors  Enabled                                Enabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel
Computer Configuration\Administrative            Allow active content from CDs to run Disabled                               Disabled
Templates\Windows Components\Internet            on user machines
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative            Allow Install On Demand (Internet       Disabled                            Disabled
Templates\Windows Components\Internet            Explorer)
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative            Allow software to run or install even if Disabled                           Disabled
Templates\Windows Components\Internet            the signature is invalid
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Allow third-party browser extensions   Disabled          Disabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Automatically check for Internet       Disabled          Disabled
Templates\Windows Components\Internet                    Explorer updates
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Check for server certificate           Enabled           Enabled
Templates\Windows Components\Internet                    revocation
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Check for signatures on downloaded Enabled               Enabled
Templates\Windows Components\Internet                    programs
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Do not allow resetting Internet        Enabled           Enabled
Templates\Windows Components\Internet                    Explorer settings
Explorer\Internet Control Panel\Advanced Page
Computer Configuration\Administrative                    Intranet Sites: Include all network    Disabled          Disabled
Templates\Windows Components\Internet                    paths (UNCs)
Explorer\Internet Control Panel\Security Page
Computer Configuration\Administrative                    Site to Zone Assignment List           Not Configured    Not Configured
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page
Computer Configuration\Administrative                    Access data sources across domains Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow cut, copy or paste operations    Enabled:Disable   Enabled:Disable
Templates\Windows Components\Internet                    from the clipboard via script
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow drag and drop or copy and        Enabled:Disable   Enabled:Disable
Templates\Windows Components\Internet                    paste files
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow font downloads                   Enabled:Disable   Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow installation of desktop items    Enabled:Disable   Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow script-initiated windows without Enabled:Disable   Enabled:Disable
Templates\Windows Components\Internet                    size or position constraints
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow Scriptlets                       Enabled:Disable   Enabled: Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Allow status bar updates via script    Disabled          Disabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Automatic prompting for file             Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet                    downloads
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Download signed ActiveX controls         Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Download unsigned ActiveX controls Enabled:Disable              Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Initialize and script ActiveX controls   Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                    not marked as safe
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Java permissions                         Enabled:Disable Java   Enabled:Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Launching applications and files in      Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                    an IFRAME
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Logon options                            Enabled: Prompt for    Enabled:Prompt for user and
Templates\Windows Components\Internet                                                             Username/Password      password
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Loose or un-compiled XAML files          Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Navigate sub-frames across different Disabled                   Disabled
Templates\Windows Components\Internet                    domains
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Open files based on content, not file    Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                    extension
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Software channel permissions             Enabled:High Safety    Enabled:High Safety
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Turn Off First-Run Opt-In                Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Turn on Protected Mode                   Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Use Pop-up Blocker                     Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Userdata persistence                   Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Web Browser Applications               Disabled               Disabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone
Computer Configuration\Administrative                    Web sites in less privileged Web       Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                    content zones can navigate into this
Explorer\Internet Control Panel\Security Page\Internet   zone
Zone
Computer Configuration\Administrative                    Display mixed content                  Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone
Computer Configuration\Administrative                    Java permissions                       Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone
Computer Configuration\Administrative                    Display mixed content                  Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone
Computer Configuration\Administrative                    Java permissions                       Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone
Computer Configuration\Administrative                    Display mixed content                  Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Internet Zone
Computer Configuration\Administrative                    Download signed ActiveX controls       Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Internet Zone
Computer Configuration\Administrative                    Java permissions                       Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Internet Zone
Computer Configuration\Administrative                    Display mixed content                  Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Intranet Zone
Computer Configuration\Administrative                    Java permissions                       Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Intranet Zone
Computer Configuration\Administrative                      Display mixed content                 Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Local Machine Zone
Computer Configuration\Administrative                      Java permissions                      Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Local Machine Zone
Computer Configuration\Administrative                      Display mixed content                 Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Restricted Sites Zone
Computer Configuration\Administrative                      Java permissions                      Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Restricted Sites Zone
Computer Configuration\Administrative                      Allow status bar updates via script   Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Trusted Sites Zone
Computer Configuration\Administrative                      Display mixed content                 Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Trusted Sites Zone
Computer Configuration\Administrative                      Java permissions                      Enabled:Disable Java   Enabled: Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-
Down Trusted Sites Zone
Computer Configuration\Administrative                      Access data sources across domains Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow active scripting                Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow binary and script behaviors     Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow cut, copy or paste operations   Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                      from the clipboard via script
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow drag and drop or copy and       Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet                      paste files
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow file downloads                  Enabled:Disable        Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow font downloads                     Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow installation of desktop items      Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow META REFRESH                       Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow script-initiated windows without Enabled:Disable             Enabled:Disable
Templates\Windows Components\Internet                      size or position constraints
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Allow status bar updates via script      Disabled                  Disabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Automatic prompting for file             Enabled:Enable            Enabled:Enable
Templates\Windows Components\Internet                      downloads
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Download signed ActiveX controls         Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Download unsigned ActiveX controls Enabled:Disable                 Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Initialize and script ActiveX controls   Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet                      not marked as safe
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Java permissions                         Enabled:Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Launching applications and files in      Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet                      an IFRAME
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Logon options                            Enabled:Anonymous logon   Enabled:Anonymous logon
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Loose or un-compiled XAML files          Enabled:Disable           Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Navigate sub-frames across different Enabled:Disable          Enabled:Disable
Templates\Windows Components\Internet                      domains
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Open files based on content, not file   Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet                      extension
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Run .NET Framework-reliant              Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet                      components not signed with
Explorer\Internet Control Panel\Security Page\Restricted   Authenticode
Sites Zone
Computer Configuration\Administrative                      Run .NET Framework-reliant              Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet                      components signed with
Explorer\Internet Control Panel\Security Page\Restricted   Authenticode
Sites Zone
Computer Configuration\Administrative                      Run ActiveX controls and plugins        Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Script ActiveX controls marked safe     Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet                      for scripting
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Scripting of Java applets               Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Software channel permissions            Enabled:High Safety   Enabled:High Safety
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Turn Off First-Run Opt-In               Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Turn on Protected Mode                  Enabled:Enable        Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Use Pop-up Blocker                      Enabled:Enable        Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Userdata persistence                    Enabled:Disable       Enabled:Disable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                      Web Browser Applications                Disabled              Disabled
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone
Computer Configuration\Administrative                       Web sites in less privileged Web       Enabled:Disable        Enabled:Disabled
Templates\Windows Components\Internet                       content zones can navigate into this
Explorer\Internet Control Panel\Security Page\Restricted    zone
Sites Zone
Computer Configuration\Administrative                       Display mixed content                  Enabled:Enable         Enabled:Enable
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone
Computer Configuration\Administrative                       Java permissions                       Enabled:Disable Java   Enabled:Disable Java
Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone
Computer Configuration\Administrative                       Turn off changing the URL to be        Enabled:blank          Enabled:blank
Templates\Windows Components\Internet                       displayed for checking updates to
Explorer\Internet Settings\Component Updates\Periodic       Internet Explorer and Internet Tools
check for updates to Internet Explorer and Internet Tools

Computer Configuration\Administrative                       Turn off configuring the update check Enabled:30              Enabled:30
Templates\Windows Components\Internet                       interval (in days)
Explorer\Internet Settings\Component Updates\Periodic
check for updates to Internet Explorer and Internet Tools

Computer Configuration\Administrative                       Enable Native XMLHttp Support          Disabled               Disabled
Templates\Windows Components\Internet
Explorer\Security Features
Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling
Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature

Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction
Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation
Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install

Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download

Computer Configuration\Administrative                       Internet Explorer Processes            Enabled                Enabled
Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security
Restrictions
Computer Configuration\Administrative               Prevent IIS installation                Enabled               Enabled
Templates\Windows Components\Internet Information
Services
Computer Configuration\Administrative               Disable remote Desktop Sharing          Enabled               Enabled
Templates\Windows Components\NetMeeting
Computer Configuration\Administrative               Turn off Untrusted Content              Enabled               (Not Applicable)
Templates\Windows Components\Online Assistance
Computer Configuration\Administrative               Turn off downloading of enclosures      Enabled               Enabled
Templates\Windows Components\RSS Feeds
Computer Configuration\Administrative               Allow indexing of encrypted files       Disabled              (Not Applicable)
Templates\Windows Components\Search
Computer Configuration\Administrative               Prevent indexing uncached          Enabled                    (Not Applicable)
Templates\Windows Components\Search                 Exchange folders
Computer Configuration\Administrative               Do not allow passwords to be saved (Not Applicable)           Enabled
Templates\Windows Components\Terminal
Services\Client
Computer Configuration\Administrative               Set client connection encryption level (Not Applicable)       Enabled:High Level
Templates\Windows Components\Terminal
Services\Encryption and Security
Computer Configuration\Administrative               Do not allow passwords to be saved Enabled                    (Not Applicable)
Templates\Windows Components\Terminal
Services\Remote Desktop Connection Client
Computer Configuration\Administrative               Set time limit for disconnected         (Not Applicable)      Enabled: 1 minute
Templates\Windows Components\Terminal               sessions
Services\Session
Computer Configuration\Administrative               Sets a time limit for active but idle   (Not Applicable)      Enabled: 15 minutes
Templates\Windows Components\Terminal               Terminal Services sessions
Services\Session
Computer Configuration\Administrative               Set time limit for disconnected         Enabled: 1 minute     (Not Applicable)
Templates\Windows Components\Terminal               sessions
Services\Session Time Limits
Computer Configuration\Administrative               Sets a time limit for active but idle   Enabled: 15 minutes   (Not Applicable)
Templates\Windows Components\Terminal               Terminal Services sessions
Services\Session Time Limits
Computer Configuration\Administrative               Do not allow drive redirection          Enabled               (Not Applicable)
Templates\Windows Components\Terminal
Services\Terminal Server\Device and Resource
Redirection
Computer Configuration\Administrative               Always prompt client for password       Enabled               (Not Applicable)
Templates\Windows Components\Terminal               upon connection
Services\Terminal Server\Security
Computer Configuration\Administrative               Set client connection encryption level Enabled:High Level     (Not Applicable)
Templates\Windows Components\Terminal
Services\Terminal Server\Security
Computer Configuration\Administrative               Configure Microsoft Spynet              Disabled              (Not Applicable)
Templates\Windows Components\Windows Defender       Reporting
Computer Configuration\Administrative               Disable Logging                         Disabled              (Not Applicable)
Templates\Windows Components\Windows Error
Reporting
Computer Configuration\Administrative               Disable Windows Error Reporting         Enabled               (Not Applicable)
Templates\Windows Components\Windows Error
Reporting
Computer Configuration\Administrative                Display Error Notification           Disabled                (Not Applicable)
Templates\Windows Components\Windows Error
Reporting
Computer Configuration\Administrative                Do not send additional data          Enabled                 (Not Applicable)
Templates\Windows Components\Windows Error
Reporting
Computer Configuration\Administrative                Turn off heap termination on         Disabled                (Not Applicable)
Templates\Windows Components\Windows Explorer        corruption
Computer Configuration\Administrative                Turn off shell protocol protected    Disabled                Disabled
Templates\Windows Components\Windows Explorer        mode
Computer Configuration\Administrative                Disable IE security prompt for       Disabled                Disabled
Templates\Windows Components\Windows Installer       Windows Installer scripts
Computer Configuration\Administrative                Enable user control over installs    Disabled                Disabled
Templates\Windows Components\Windows Installer
Computer Configuration\Administrative                Prohibit non-administrators from     Enabled                 Enabled
Templates\Windows Components\Windows Installer       applying vendor signed updates
Computer Configuration\Administrative                Report when logon server was not     Enabled                 (Not Applicable)
Templates\Windows Components\Windows Logon           available during user logon
Options
Computer Configuration\Administrative                Turn off the communities features    Enabled                 (Not Applicable)
Templates\Windows Components\Windows Mail
Computer Configuration\Administrative                Turn off Windows Mail application    Enabled                 (Not Applicable)
Templates\Windows Components\Windows Mail
Computer Configuration\Administrative                Prevent Windows Media DRM            Enabled                 Not Configured
Templates\Windows Components\Windows Media Digital   Internet Access
Rights Management
Computer Configuration\Administrative                Do Not Show First Use Dialog Boxes Enabled                   Enabled
Templates\Windows Components\Windows Media Player

Computer Configuration\Administrative             Prevent Automatic Updates               Enabled                 Enabled
Templates\Windows Components\Windows Media Player

Computer Configuration\Administrative             Prevent Desktop Shortcut Creation       Enabled                 Enabled
Templates\Windows Components\Windows Media Player

Computer Configuration\Administrative                Turn off Windows Meeting Space       Enabled                 (Not Applicable)
Templates\Windows Components\Windows Meeting
Space
Computer Configuration\Administrative                Do not allow Windows Messenger to Enabled                    Enabled
Templates\Windows Components\Windows Messenger       be run

Computer Configuration\Administrative                Do not automatically start Windows   Enabled                 Enabled
Templates\Windows Components\Windows Messenger       Messenger initially

Computer Configuration\Administrative                Disable unpacking and installation of Enabled                (Not Applicable)
Templates\Windows Components\Windows Sidebar         gadgets that are not digitally signed.

Computer Configuration\Administrative                Override the More Gadgets Link       Enabled:"about:blank"   (Not Applicable)
Templates\Windows Components\Windows Sidebar
Computer Configuration\Administrative                Turn Off User Installed Windows      Enabled                 (Not Applicable)
Templates\Windows Components\Windows Sidebar         Sidebar Gadgets
Computer Configuration\Windows Settings\Security Disable ISATAP, Teredo, and 6to4          0x1                                   (Not Applicable)
Settings\Local Policies\Security Options         tunneling protocols
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\S
ervices\tcpip6\Parameters\DisableComponents
Computer Configuration\Windows Settings\Security IPv6 Block of Protocols 41                General: Enabled and Block the       (Not Applicable)
Settings\Windows Firewall with Advanced                                                    connections; Programs and Services:
Security\Windows Firewall with Advanced                                                    All programs that meet the specified
Security\Outbound Rules                                                                    conditions; Protocols and Ports:
                                                                                           Protocols type IPv6; Scope: Any IP
                                                                                           addresses; Advanced: All profiles

Computer Configuration\Windows Settings\Security      IPv6 Block of UDP 3544               General: Enabled and Block the       (Not Applicable)
Settings\Windows Firewall with Advanced                                                    connections; Programs and Services:
Security\Windows Firewall with Advanced                                                    All programs that meet the specified
Security\Outbound Rules                                                                    conditions; Protocols and Ports:
                                                                                           Protocols type UDP, Local port 3544,
                                                                                           Remote port All Ports ; Scope: Any
                                                                                           IP addresses; Advanced: All profiles

Computer Configuration\Windows Settings\Security      Log dropped packets                  Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Logging
Computer Configuration\Windows Settings\Security      Logged successful connections        Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Logging
Computer Configuration\Windows Settings\Security      Name                                 %windir%\system32\logfiles\firewall\d (Not Applicable)
Settings\Windows Firewall with Advanced                                                    omainfirewall
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Logging
Computer Configuration\Windows Settings\Security      Size limit (KB)                      16,384                                (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Logging
Computer Configuration\Windows Settings\Security      Display a notification               Yes (default)                         (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Settings\Firewall settings
Computer Configuration\Windows Settings\Security      Apply local connection security rules No                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security      Apply local firewall rules           No                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security       Allow unicast response               No                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\Settings\Unicast response
Computer Configuration\Windows Settings\Security       Firewall State                       On                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\State
Computer Configuration\Windows Settings\Security       Inbound connections                  Block (default)                       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\State
Computer Configuration\Windows Settings\Security       Outbound connections                 Allow (default)                       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Domain Profile
Tab\State
Computer Configuration\Windows Settings\Security       Log dropped packets                  Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Logged successful connections        Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Name                                 %windir%\system32\logfiles\firewall\p (Not Applicable)
Settings\Windows Firewall with Advanced                                                     rivatefirewall
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Size limit (KB)                      16,384                                (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Display a notification               Yes (default)                         (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Settings\Firewall settings
Computer Configuration\Windows Settings\Security       Apply local connection security rules No                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security       Apply local firewall rules      No                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security       Allow unicast response          No                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\Settings\Unicast response
Computer Configuration\Windows Settings\Security       Firewall State                  On                                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\State
Computer Configuration\Windows Settings\Security       Inbound connections             Block (default)                       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\State
Computer Configuration\Windows Settings\Security       Outbound connections            Allow (default)                       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Private Profile
Tab\State
Computer Configuration\Windows Settings\Security       Log dropped packets             Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Logged successful connections   Yes                                   (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Name                            %windir%\system32\logfiles\firewall\p (Not Applicable)
Settings\Windows Firewall with Advanced                                                ublicfirewall
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Logging

Computer Configuration\Windows Settings\Security       Size limit (KB)                 16,384                                (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Logging
Computer Configuration\Windows Settings\Security       Display a notification          Yes (default)                         (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Settings\Firewall settings
Computer Configuration\Windows Settings\Security      Apply local connection security rules No                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security      Apply local firewall rules            No                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Settings\Rule merging
Computer Configuration\Windows Settings\Security      Allow unicast response                No                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\Settings\Unicast response
Computer Configuration\Windows Settings\Security      Firewall State                        On                    (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\State
Computer Configuration\Windows Settings\Security      Inbound connections                   Block (default)       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\State
Computer Configuration\Windows Settings\Security      Outbound connections                  Allow (default)       (Not Applicable)
Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced
Security\Windows Firewall Properties\Public Profile
Tab\State
User Configuration\Administrative Templates\Control   Password protect the screen saver     Enabled               Enabled
Panel\Display
User Configuration\Administrative Templates\Control   Screen Saver timeout                  Enabled:900 seconds   Enabled:900
Panel\Display
User Configuration\Administrative                     Prompt for password on resume from    Enabled               Enabled
Templates\System\Power Management                     hibernate / suspend
User Configuration\Administrative Templates\Windows   Do not preserve zone information in   Disabled              Disabled
Components\Attachment Manager                         file attachments
User Configuration\Administrative Templates\Windows   Hide mechanisms to remove zone        Enabled               Enabled
Components\Attachment Manager                         information
User Configuration\Administrative Templates\Windows   Notify antivirus programs when        Enabled               Enabled
Components\Attachment Manager                         opening attachments
User Configuration\Administrative Templates\Windows   Configure Outlook Express             Disabled              Disabled
Components\Internet Explorer
User Configuration\Administrative Templates\Windows   Disable AutoComplete for forms        Enabled               Enabled
Components\Internet Explorer
User Configuration\Administrative Templates\Windows   Disable external branding of Internet Enabled               Enabled
Components\Internet Explorer                          Explorer
User Configuration\Administrative Templates\Windows   Disable Internet Connection wizard    Enabled               Enabled
Components\Internet Explorer
User Configuration\Administrative Templates\Windows   Disable the Reset Web Settings        Enabled               Enabled
Components\Internet Explorer                          feature
User Configuration\Administrative Templates\Windows     Turn on the auto-complete feature for Disabled             Disabled
Components\Internet Explorer                            user names and passwords on forms

User Configuration\Administrative Templates\Windows     Turn off page transitions            Enabled               Enabled
Components\Internet Explorer\Internet Settings\Advanced
Settings\Browsing
User Configuration\Administrative Templates\Windows     Turn on the Internet Connection      Disabled              Disabled
Components\Internet Explorer\Internet Settings\Advanced Wizard Auto Detect
Settings\Internet Connection Wizard Settings

User Configuration\Administrative Templates\Windows     Prevent users from sharing files     Enabled               (Not Applicable)
Components\Network Sharing                              within their profile.
VISTA AUDIT POLICY: Account Management                  Application Group Management         No auditing           (Not Applicable)

VISTA AUDIT POLICY: Account Management                  Computer Account Management          Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Account Management                  Distribution Group Management        No auditing           (Not Applicable)

VISTA AUDIT POLICY: Account Management                  Other Account Management Events      Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Account Management                  Security Group Management            Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Account Management                  User Account Management              Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Detailed Tracking                   DPAPI Activity                       No auditing           (Not Applicable)

VISTA AUDIT POLICY: Detailed Tracking                   Process Creation                     Success               (Not Applicable)

VISTA AUDIT POLICY: Detailed Tracking                   Process Termination                  No auditing           (Not Applicable)

VISTA AUDIT POLICY: Detailed Tracking                   RPC Events                           No auditing           (Not Applicable)

VISTA AUDIT POLICY: DS Access                           Detailed Directory Service           No auditing           (Not Applicable)
                                                        Replication
VISTA AUDIT POLICY: DS Access                           Directory Service Access             No auditing           (Not Applicable)

VISTA AUDIT POLICY: DS Access                           Directory Service Changes            No auditing           (Not Applicable)

VISTA AUDIT POLICY: DS Access                           Directory Service Replication        No auditing           (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        Account Lockout                      No auditing           (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        IPsec Extended Mode                  No auditing           (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        IPsec Main Mode                      No auditing           (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        IPsec Quick Mode                     No auditing           (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        Logoff                               Success               (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        Logon                                Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Logon/Logoff                        Other Logon/Logoff Events            No auditing           (Not Applicable)
VISTA AUDIT POLICY: Logon/Logoff    Special Logon                      Success               (Not Applicable)

VISTA AUDIT POLICY: Object Access   Application Generated              No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Certification Services             No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   File Share                         No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   File System                        Failure               (Not Applicable)

VISTA AUDIT POLICY: Object Access   Filtering Platform Connection      No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Filtering Platform Packet Drop     No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Handle Manipulation                No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Kernel Object                      No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Other Object Access Events         No auditing           (Not Applicable)

VISTA AUDIT POLICY: Object Access   Registry                           Failure               (Not Applicable)

VISTA AUDIT POLICY: Object Access   SAM                                No auditing           (Not Applicable)

VISTA AUDIT POLICY: Policy Change   Audit Policy Change                Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: Policy Change   Authentication Policy Change       Success               (Not Applicable)

VISTA AUDIT POLICY: Policy Change   Authorization Policy Change        No auditing           (Not Applicable)

VISTA AUDIT POLICY: Policy Change   Filtering Platform Policy Change   No auditing           (Not Applicable)

VISTA AUDIT POLICY: Policy Change   MPSSVC Rule-Level Policy Change No auditing              (Not Applicable)

VISTA AUDIT POLICY: Policy Change   Other Policy Change Events         No auditing           (Not Applicable)

VISTA AUDIT POLICY: Privilege Use   Non Sensitive Privilege Use        No auditing           (Not Applicable)

VISTA AUDIT POLICY: Privilege Use   Other Privilege Use Events         No auditing           (Not Applicable)

VISTA AUDIT POLICY: Privilege Use   Sensitive Privilege Use            Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: System          IPsec Driver                       Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: System          Other System Events                No auditing           (Not Applicable)

VISTA AUDIT POLICY: System          Security State Change              Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: System          Security System Extension          Success and Failure   (Not Applicable)

VISTA AUDIT POLICY: System          System Integrity                   Success and Failure   (Not Applicable)
FDCC-XP-Q3-2007.zip VHD   FDCC-Vista-Q3-2007-GPOs   FDCC-XP-Q3-2007-GPOs   FDCC-XP-Q3-2007-SCAP-Data   FDCC-XP-Q3-2007-SCAP-Data   CCE Number
CPE Number   SP 800-53 Controls   GPO Name                            Comments
                                  FDCC Q3 2007 Vista-Specific
                                  Additional Settings
                                  FDCC Q3 2007 Vista-Specific
                                  Additional Settings
                                  FDCC Q3 2007 Additional Settings


                                  FDCC Q3 2007 Additional Settings


                                  FDCC Q3 2007 Additional Settings


                                  FDCC Q3 2007 Additional Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings




                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings


                                  FDCC Q3 2007 XP Firewall Settings
FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 XP Firewall Settings


FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 XP-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings




FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings
FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings




FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings   Enabled at domain level, not
                            configured locally

FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings




FDCC Q3 2007 IE7 Settings




FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings



FDCC Q3 2007 IE7 Settings   Had difference between XP and
                            Vista. Vista Disabled, XP Enabled.
                            SCAP assumed Enabled.

FDCC Q3 2007 IE7 Settings   Had difference between XP and
                            Vista. Vista Disabled, XP Enabled.
                            SCAP assumed Enabled.

FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings




FDCC Q3 2007 Additional Settings




FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Vista-Specific
Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Additional Settings


FDCC Q3 2007 Vista-Specific
Additional Settings

FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista-Specific
Additional Settings
FDCC Q3 2007 Vista Firewall
Settings




FDCC Q3 2007 Vista Firewall
Settings




FDCC Q3 2007 Vista Firewall
Settings
FDCC Q3 2007 Vista Firewall
Settings




FDCC Q3 2007 Vista Firewall
Settings
FDCC Q3 2007 Vista Firewall
Settings




FDCC Q3 2007 Vista Firewall
Settings
FDCC Q3 2007 Vista Firewall
Settings




FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 Additional Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings

FDCC Q3 2007 IE7 Settings
FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings


FDCC Q3 2007 IE7 Settings




FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy
FDCC Q3 2007 Vista Granular Audit
Policy

								
To top