Language Service Scheduler Resume by khy14500

VIEWS: 0 PAGES: 434

Language Service Scheduler Resume document sample

More Info
									             Old v4 CCE                                      CCE
  CCE ID                    CCE Description
                  Id                                      Parameters




                          The required auditing for     (1) set of accounts
                          %SystemDrive% directory      (2) events to audit
CCE-2682-3   CCE-25       should be enabled.           (3) applicability
                          The required auditing for
                          the registry key
                          HKEY_LOCAL_MACHINE\           (1) set of accounts
                          SOFTWARE should be           (2) events to audit
CCE-2796-1   CCE-899      enabled.                     (3) applicability
                          The required auditing for
                          the registry key
                          HKEY_LOCAL_MACHINE\           (1) set of accounts
                          SYSTEM should be             (2) events to audit
CCE-1840-8   CCE-727      enabled.                     (3) applicability
                                                        (1) set of accounts
                          The required permissions     (2) list of
                          for the directory %ALL%      permissions (3)
CCE-2483-6   CCE-211      should be assigned.          applicability
                          The required permissions      (1) set of accounts
                          for the directory            (2) list of
                          %AllUsersProfile% should     permissions (3)
CCE-1849-9   CCE-39       be assigned.                 applicability
                          The required permissions
                          for the directory             (1) set of accounts
                          %AllUsersProfile%\Applicat   (2) list of
                          ion Data should be           permissions (3)
CCE-2620-3   CCE-83       assigned.                    applicability
                          The required permissions
                          for the directory             (1) set of accounts
                          %AllUsersProfile%\Applicat   (2) list of
                          ion Data\Microsoft should    permissions (3)
CCE-2787-0   CCE-854      be assigned.                 applicability
                          The required permissions
                          for the directory
                          %AllUsersProfile%\Applicat
                          ion                           (1) set of accounts
                          Data\Microsoft\Crypto\DSS    (2) list of
                          HKLMKeys should be           permissions (3)
CCE-2673-2   CCE-783      assigned.                    applicability
                       The required permissions
                       for the directory
                       %AllUsersProfile%\Applicat
                       ion                           (1) set of accounts
                       Data\Microsoft\Crypto\RSA    (2) list of
                       HKLMKeys should be           permissions (3)
CCE-2782-1   CCE-713   assigned.                    applicability
                       The required permissions
                       for the directory
                       %AllUsersProfile%\Applicat    (1) set of accounts
                       ion Data\Microsoft\Dr        (2) list of
                       Watson should be             permissions (3)
CCE-2676-5   CCE-387   assigned.                    applicability
                       The required permissions
                       for the directory
                       %AllUsersProfile%\Applicat    (1) set of accounts
                       ion Data\Microsoft\Dr        (2) list of
                       Watson\drwtsn32.log          permissions (3)
CCE-1815-0   CCE-527   should be assigned.          applicability

                       The required permissions
                       for the directory             (1) set of accounts
                       %AllUsersProfile%\Applicat   (2) list of
                       ion Data\Microsoft\HTML      permissions (3)
CCE-2728-4   CCE-686   Help should be assigned.     applicability
                       The required permissions
                       for the directory
                       %AllUsersProfile%\Applicat    (1) set of accounts
                       ion                          (2) list of
                       Data\Microsoft\MediaIndex    permissions (3)
CCE-2763-1   CCE-3     should be assigned.          applicability
                       The required permissions
                       for the directory             (1) set of accounts
                       %AllUsersProfile%\Docum      (2) list of
                       ents\desktop.ini should be   permissions (3)
CCE-2768-0   CCE-356   assigned.                    applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %AllUsersProfile%\DRM        permissions (3)
CCE-2561-9   CCE-85    should be assigned.          applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %ProgramFiles% should        permissions (3)
CCE-2706-0   CCE-24    be assigned.                 applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemDrive% should be      permissions (3)
CCE-2085-9   CCE-411   assigned.                    applicability
                       The required permissions
                       for the file              (1) set of accounts
                       %SystemDrive%\AUTOEX (2) list of
                       EC.BAT should be         permissions (3)
CCE-2702-9   CCE-816   assigned.                applicability

                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemDrive%\CONFIG.       permissions (3)
CCE-2623-7   CCE-987   SYS should be assigned.     applicability
                       The required permissions
                       for the file                 (1) set of accounts
                       %SystemDrive%\Documen       (2) list of
                       ts and Settings should be   permissions (3)
CCE-2565-0   CCE-419   assigned.                   applicability
                       The required permissions
                       for the directory
                       %SystemDrive%\Documen        (1) set of accounts
                       ts and                      (2) list of
                       Settings\Administrator      permissions (3)
CCE-2115-4   CCE-120   should be assigned.         applicability
                       The required permissions
                       for the directory            (1) set of accounts
                       %SystemDrive%\Documen       (2) list of
                       ts and Settings\Default     permissions (3)
CCE-2741-7   CCE-714   User should be assigned.    applicability
                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemDrive%\IO.SYS        permissions (3)
CCE-2745-8   CCE-540   should be assigned.         applicability

                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemDrive%\MSDOS.        permissions (3)
CCE-2287-1   CCE-602   SYS should be assigned.     applicability
                       The required permissions
                       for the file                 (1) set of accounts
                       %SystemDrive%\NTBOOT        (2) list of
                       DD.SYS should be            permissions (3)
CCE-2798-7   CCE-399   assigned.                   applicability
                       The required permissions
                       for the file                 (1) set of accounts
                       %SystemDrive%\NTDETE        (2) list of
                       CT.COM should be            permissions (3)
CCE-2578-3   CCE-192   assigned.                   applicability
                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemDrive%\NTLDR         permissions (3)
CCE-2234-3   CCE-561   should be assigned.         applicability
                       The required permissions
                       for the file                 (1) set of accounts
                       %SystemDrive%\System        (2) list of
                       Volume Information should   permissions (3)
CCE-2750-8   CCE-971   be assigned.                applicability
                       The required permissions     (1) set of accounts
                       for the directory           (2) list of
                       %SystemRoot% should be      permissions (3)
CCE-2160-0   CCE-645   assigned.                   applicability
                       The required permissions
                       for the directory            (1) set of accounts
                       %SystemRoot%\Driver         (2) list of
                       Cache\I386\Driver.cab       permissions (3)
CCE-2475-2   CCE-579   should be assigned.         applicability
                       The required permissions
                       for the directory            (1) set of accounts
                       %SystemRoot%\$NtServic      (2) list of
                       ePackUninstall$ should be   permissions (3)
CCE-2387-9   CCE-505   assigned.                   applicability
                       The required permissions     (1) set of accounts
                       for the directory           (2) list of
                       %SystemRoot%\CSC            permissions (3)
CCE-2647-6   CCE-134   should be assigned.         applicability
                       The required permissions     (1) set of accounts
                       for the directory           (2) list of
                       %SystemRoot%\Debug          permissions (3)
CCE-2418-2   CCE-293   should be assigned.         applicability
                       The required permissions
                       for the directory            (1) set of accounts
                       %SystemRoot%\Debug\Us       (2) list of
                       erMode should be            permissions (3)
CCE-2329-1   CCE-94    assigned.                   applicability
                       The required permissions
                       for the directory            (1) set of accounts
                       %SystemRoot%\Debug\Us       (2) list of
                       erMode\userenv.log should   permissions (3)
CCE-2105-5   CCE-152   be assigned.                applicability
                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemRoot%\Installer      permissions (3)
CCE-2752-4   CCE-482   should be assigned.         applicability
                       The required permissions
                       for the file                 (1) set of accounts
                       %SystemRoot%\Offline        (2) list of
                       Web Pages should be         permissions (3)
CCE-2757-3   CCE-147   assigned.                   applicability
                       The required permissions     (1) set of accounts
                       for the file                (2) list of
                       %SystemRoot%\Prefetch       permissions (3)
CCE-2264-0   CCE-737   should be assigned.         applicability
                       The required permissions      (1) set of accounts
                       for the file                 (2) list of
                       %SystemRoot%\regedit.ex      permissions (3)
CCE-2175-8   CCE-795   e should be assigned.        applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\Registrati      permissions (3)
CCE-2325-9   CCE-155   on should be assigned.       applicability
                       The required permissions
                       for the directory             (1) set of accounts
                       %SystemRoot%\Registrati      (2) list of
                       on\CRMLog should be          permissions (3)
CCE-1833-3   CCE-323   assigned.                    applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\repair          permissions (3)
CCE-2805-0   CCE-873   should be assigned.          applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\security        permissions (3)
CCE-2739-1   CCE-67    should be assigned.          applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\Temp            permissions (3)
CCE-2638-5   CCE-380   should be assigned.          applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\System32        permissions (3)
CCE-2660-9   CCE-45    should be assigned.          applicability
                       The required permissions
                       for the directory             (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       arp.exe should be            permissions (3)
CCE-2052-9   CCE-600   assigned.                    applicability

                       The required permissions      (1) set of accounts
                       for the file                 (2) list of
                       %SystemRoot%\System32\       permissions (3)
CCE-2184-0   CCE-393   at.exe should be assigned.   applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       attrib.exe should be         permissions (3)
CCE-2312-7   CCE-166   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       cacls.exe should be          permissions (3)
CCE-2726-8   CCE-977   assigned.                    applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       ciadv.msc should be        permissions (3)
CCE-2250-9   CCE-272   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       Com\comexp.msc should      permissions (3)
CCE-1924-0   CCE-994   be assigned.               applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       compmgmt.msc should be     permissions (3)
CCE-2598-1   CCE-170   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       CONFIG should be           permissions (3)
CCE-1842-4   CCE-197   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       CONFIG\AppEvent.evt        permissions (3)
CCE-1846-5   CCE-765   should be assigned.        applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       CONFIG\*.evt should be     permissions (3)
CCE-2800-1   CCE-334   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       debug.exe should be        permissions (3)
CCE-2699-7   CCE-201   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       devmgmt.msc should be      permissions (3)
CCE-2844-9   CCE-386   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       dfrg.msc should be         permissions (3)
CCE-2109-7   CCE-941   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       diskmgmt.msc should be     permissions (3)
CCE-2514-8   CCE-981   assigned.                  applicability
                       The required permissions
                       for the directory              (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       dllcache should be            permissions (3)
CCE-1863-0   CCE-350   assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       drwatson.exe should be        permissions (3)
CCE-2760-7   CCE-403   assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       drwtsn32.exe should be        permissions (3)
CCE-2425-7   CCE-972   assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       edlin.exe should be           permissions (3)
CCE-1909-1   CCE-20    assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       eventcreate.exe should be     permissions (3)
CCE-2145-1   CCE-489   assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       eventtriggers.exe should      permissions (3)
CCE-2436-4   CCE-917   be assigned.                  applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       eventvwr.msc should be        permissions (3)
CCE-2704-5   CCE-846   assigned.                     applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       fsmgmt.msc should be          permissions (3)
CCE-2334-1   CCE-529   assigned.                     applicability

                       The required permissions       (1) set of accounts
                       for the file                  (2) list of
                       %SystemRoot%\System32\        permissions (3)
CCE-2229-3   CCE-264   ftp.exe should be assigned.   applicability
                       The required permissions
                       for the file                   (1) set of accounts
                       %SystemRoot%\System32\        (2) list of
                       gpedit.msc should be          permissions (3)
CCE-2621-1   CCE-819   assigned.                     applicability
                       The required permissions
                       for the directory           (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       GroupPolicy should be      permissions (3)
CCE-2876-1   CCE-789   assigned.                  applicability

                       The required permissions    (1) set of accounts
                       for the directory          (2) list of
                       %SystemRoot%\System32\     permissions (3)
CCE-2813-4   CCE-894   ias should be assigned.    applicability
                       The required permissions
                       for the directory           (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       lusrmgr.msg should be      permissions (3)
CCE-2597-3   CCE-198   assigned.                  applicability
                       The required permissions
                       for the directory           (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       MSDTC should be            permissions (3)
CCE-2747-4   CCE-634   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       nbstat.exe should be       permissions (3)
CCE-2139-4   CCE-550   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       net.exe should be          permissions (3)
CCE-2178-2   CCE-731   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       net1.exe should be         permissions (3)
CCE-2672-4   CCE-607   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       netsh.exe should be        permissions (3)
CCE-1916-6   CCE-158   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       netstat.exe should be      permissions (3)
CCE-2732-6   CCE-220   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       nslookup.exe should be     permissions (3)
CCE-2613-8   CCE-242   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       Ntbackup.exe should be     permissions (3)
CCE-2903-3   CCE-821   assigned.                  applicability
                       The required permissions
                       for the directory           (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       NTMSData should be         permissions (3)
CCE-1925-7   CCE-486   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       ntmsoprq.msc should be     permissions (3)
CCE-2727-6   CCE-548   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       ntmsmgr.msc should be      permissions (3)
CCE-2749-0   CCE-715   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       perfmon.msc should be      permissions (3)
CCE-2912-4   CCE-151   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       Rcp.exe should be          permissions (3)
CCE-2784-7   CCE-997   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       reg.exe should be          permissions (3)
CCE-2220-2   CCE-547   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       Regedt32.exe should be     permissions (3)
CCE-2833-2   CCE-865   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       regini.exe should be       permissions (3)
CCE-2855-5   CCE-543   assigned.                  applicability
                       The required permissions
                       for the file                (1) set of accounts
                       %SystemRoot%\System32\     (2) list of
                       regsvr32.exe should be     permissions (3)
CCE-2894-4   CCE-657   assigned.                  applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       Rexec.exe should be          permissions (3)
CCE-2899-3   CCE-274   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       route.exe should be          permissions (3)
CCE-2546-0   CCE-168   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       Rsh.exe should be            permissions (3)
CCE-2674-0   CCE-353   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       RSoP.msc should be           permissions (3)
CCE-2070-1   CCE-27    assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       runas.exe should be          permissions (3)
CCE-2762-3   CCE-340   assigned.                    applicability

                       The required permissions      (1) set of accounts
                       for the file                 (2) list of
                       %SystemRoot%\System32\       permissions (3)
CCE-2176-6   CCE-516   sc.exe should be assigned.   applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       Secedit.exe should be        permissions (3)
CCE-2198-0   CCE-922   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       secpol.msc should be         permissions (3)
CCE-2185-7   CCE-847   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       services.msc should be       permissions (3)
CCE-2458-8   CCE-904   assigned.                    applicability

                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\System32\       permissions (3)
CCE-2872-0   CCE-587   Setup should be assigned.    applicability
                       The required permissions
                       for the directory             (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       spool\Printers should be     permissions (3)
CCE-2753-2   CCE-692   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       subst.exe should be          permissions (3)
CCE-2788-8   CCE-921   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       systeminfo.exe should be     permissions (3)
CCE-2797-9   CCE-225   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       telnet.exe should be         permissions (3)
CCE-2691-4   CCE-159   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       tftp.exe should be           permissions (3)
CCE-2731-8   CCE-348   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       tlntsvr.exe should be        permissions (3)
CCE-1937-2   CCE-718   assigned.                    applicability
                       The required permissions
                       for the file                  (1) set of accounts
                       %SystemRoot%\System32\       (2) list of
                       wmimgmt.msc should be        permissions (3)
CCE-2857-1   CCE-154   assigned.                    applicability
                       The required permissions      (1) set of accounts
                       for the directory            (2) list of
                       %SystemRoot%\Tasks           permissions (3)
CCE-2738-3   CCE-322   should be assigned.          applicability
                       The required permissions
                       for the registry key          (1) set of accounts
                       HKEY_LOCAL_MACHINE\          (2) list of
                       SOFTWARE should be           permissions (3)
CCE-2619-5   CCE-279   assigned.                    applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\           (1) set of accounts
                       SOFTWARE\Microsoft\Cry       (2) list of
                       ptography/Calais should be   permissions (3)
CCE-2284-8   CCE-59    assigned.                    applicability
                       The required permissions
                       for the registry key         (1) set of accounts
                       HKEY_LOCAL_MACHINE\         (2) list of
                       SOFTWARE\Microsoft\MS       permissions (3)
CCE-2809-2   CCE-90    DTC should be assigned.     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\          (1) set of accounts
                       SOFTWARE\Microsoft\MS       (2) list of
                       DTC\Security\XAKey          permissions (3)
CCE-1943-0   CCE-477   should be assigned.         applicability

                       The required permissions
                       for the registry key         (1) set of accounts
                       HKEY_LOCAL_MACHINE\         (2) list of
                       SOFTWARE\Microsoft\Net      permissions (3)
CCE-2612-0   CCE-394   DDE should be assigned.     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\          (1) set of accounts
                       SOFTWARE\Microsoft\UP       (2) list of
                       nP Device Host should be    permissions (3)
CCE-2758-1   CCE-826   assigned.                   applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SOFTWARE\Microsoft\Win
                       dows                         (1) set of accounts
                       NT\CurrentVersion\Asr\Co    (2) list of
                       mmands should be            permissions (3)
CCE-2401-8   CCE-618   assigned.                   applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SOFTWARE\Microsoft\Win       (1) set of accounts
                       dows                        (2) list of
                       NT\CurrentVersion\Perflib   permissions (3)
CCE-2921-5   CCE-19    should be assigned.         applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SOFTWARE\Microsoft\Win       (1) set of accounts
                       dows                        (2) list of
                       NT\CurrentVersion\SeCEdi    permissions (3)
CCE-2392-9   CCE-363   t should be assigned.       applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SOFTWARE\Microsoft\Win         (1) set of accounts
                       dows\CurrentVersion\Grou      (2) list of
                       p Policy should be            permissions (3)
CCE-2771-4   CCE-790   assigned.                     applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SOFTWARE\Microsoft\Win        (2) list of
                       dows\CurrentVersion\Install   permissions (3)
CCE-2793-8   CCE-268   er should be assigned.        applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SOFTWARE\Microsoft\Win        (2) list of
                       dows\CurrentVersion\Polici    permissions (3)
CCE-2207-9   CCE-321   es should be assigned.        applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SOFTWARE\Microsoft\Win         (1) set of accounts
                       dows\CurrentVersion\Polici    (2) list of
                       es\Ratings should be          permissions (3)
CCE-2625-2   CCE-131   assigned.                     applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SOFTWARE\Microsoft\Win        (2) list of
                       dows\CurrentVersion\Telep     permissions (3)
CCE-2736-7   CCE-34    hony should be assigned.      applicability
                       The required permissions
                       for the registry key           (1) set of accounts
                       HKEY_LOCAL_MACHINE\           (2) list of
                       SYSTEM should be              permissions (3)
CCE-2630-2   CCE-135   assigned.                     applicability
                       The required permissions
                       for the registry key           (1) set of accounts
                       HKEY_LOCAL_MACHINE\           (2) list of
                       SYSTEM\clone should be        permissions (3)
CCE-2775-5   CCE-558   assigned.                     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Control\Class should be     permissions (3)
CCE-2300-2   CCE-837   assigned.                     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Control\Network should      permissions (3)
CCE-2172-5   CCE-9     be assigned.                  applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SYSTEM\CurrentControlSe        (1) set of accounts
                       t\Control\SecurePipeServer    (2) list of
                       s\winreg should be            permissions (3)
CCE-1960-4   CCE-934   assigned.                     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Control\Wmi\Security        permissions (3)
CCE-2859-7   CCE-53    should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Enum should be              permissions (3)
CCE-2938-9   CCE-269   assigned.                     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Hardware Profiles should    permissions (3)
CCE-2850-6   CCE-960   be assigned.                  applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\AppMgmt\Securi     permissions (3)
CCE-2590-8   CCE-613   ty should be assigned.        applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\ClipSrv\Security   permissions (3)
CCE-2484-4   CCE-930   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\CryptSvc\Securit   permissions (3)
CCE-2524-7   CCE-163   y should be assigned.         applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\DNSCache           permissions (3)
CCE-2907-4   CCE-978   should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Ersvc\Security     permissions (3)
CCE-2911-6   CCE-877   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Eventlog\Securit   permissions (3)
CCE-2555-1   CCE-683   y should be assigned.         applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\IRENUM\Securit     permissions (3)
CCE-2202-0   CCE-238   y should be assigned.         applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Netbt should be    permissions (3)
CCE-2352-3   CCE-101   assigned.                     applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Netdd\Security     permissions (3)
CCE-2634-4   CCE-788   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Netddedsdm\Se      permissions (3)
CCE-1973-7   CCE-823   curity should be assigned.    applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\RemoteAccess       permissions (3)
CCE-2603-9   CCE-246   should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Rpcss\Security     permissions (3)
CCE-2871-2   CCE-902   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Samss\Security     permissions (3)
CCE-2396-0   CCE-193   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Scarddrv\Securit   permissions (3)
CCE-1966-1   CCE-110   y should be assigned.         applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Scardsvr\Securit   permissions (3)
CCE-2696-3   CCE-661   y should be assigned.         applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SYSTEM\CurrentControlSe        (1) set of accounts
                       t\Services\SNMP\Paramete      (2) list of
                       rs\PermittedManagers          permissions (3)
CCE-2595-7   CCE-330   should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SYSTEM\CurrentControlSe        (1) set of accounts
                       t\Services\SNMP\Paramete      (2) list of
                       rs\ValidCommunities           permissions (3)
CCE-2238-4   CCE-594   should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Stisvc\Security    permissions (3)
CCE-2881-1   CCE-35    should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\
                       SYSTEM\CurrentControlSe        (1) set of accounts
                       t\Services\SysmonLog\Log      (2) list of
                       Queries should be             permissions (3)
CCE-2780-5   CCE-290   assigned.                     applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Tapisrv\Security   permissions (3)
CCE-2428-1   CCE-202   should be assigned.           applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Tcpip should be    permissions (3)
CCE-2885-2   CCE-603   assigned.                     applicability

                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\W32time\Securit    permissions (3)
CCE-2537-9   CCE-748   y should be assigned.         applicability
                       The required permissions
                       for the registry key
                       HKEY_LOCAL_MACHINE\            (1) set of accounts
                       SYSTEM\CurrentControlSe       (2) list of
                       t\Services\Wmi\Security       permissions (3)
CCE-2057-8   CCE-907   should be assigned.           applicability
                       The required permissions       (1) set of accounts
                       for the registry key          (2) list of
                       HKEY_USERS\.DEFAULT           permissions (3)
CCE-2951-2   CCE-127   should be assigned.           applicability
                       The required permissions
                       for the registry key           (1) set of accounts
                       HKEY_USERS\.DEFAULT\          (2) list of
                       Software\Microsoft\NetDDE     permissions (3)
CCE-2845-6   CCE-483   should be assigned.           applicability

                       The required permissions
                       for the registry key
                       HKEY_USERS\.DEFAULT\           (1) set of accounts
                       Software\Microsoft\System     (2) list of
                       Certificates\Root\Protected   permissions (3)
CCE-2740-9   CCE-730   Roots should be assigned.     applicability
                       The "deny access to this
                       computer from the
                       network" user right should
                       be assigned to the correct
CCE-1978-6   CCE-898   accounts.                      (1) set of accounts

                       The "access this computer
                       from the network" user
                       right should be assigned to
CCE-2379-6   CCE-532   the correct accounts.          (1) set of accounts
                       The "act as part of the
                       operating system" user
                       right should be assigned to
CCE-2167-5   CCE-162   the correct accounts.          (1) set of accounts
                       The "back up files and
                       directories" user right
                       should be assigned to the
CCE-2299-6   CCE-931   correct accounts.              (1) set of accounts
                       The "bypass traverse
                       checking" user right should
                       be assigned to the correct
CCE-2806-8   CCE-376   accounts.                      (1) set of accounts
                       The "change the system
                       time" user right should be
                       assigned to the correct
CCE-2846-4   CCE-799   accounts.                      (1) set of accounts
                       The "create a pagefile"
                       user right should be
                       assigned to the correct
CCE-2786-2   CCE-895   accounts.                      (1) set of accounts
                       The "Create a token object"
                       user right should be
                       assigned to the correct
CCE-2791-2   CCE-926   accounts.                      (1) set of accounts
                       The "create permanent
                       shared objects" user right
                       should be assigned to the
CCE-1969-5   CCE-335   correct accounts.              (1) set of accounts
                       The "debug programs"
                       user right should be
                       assigned to the correct
CCE-2864-7   CCE-842   accounts.                      (1) set of accounts
                       The "force shutdown from
                       a remote system" user right
                       should be assigned to the
CCE-2886-0   CCE-754   correct accounts.              (1) set of accounts
                       The "generate security
                       audits" user right should be
                       assigned to the correct
CCE-2767-2   CCE-939   accounts.                      (1) set of accounts
                       The "adjust memory quotas
                       for a process" user right
                       should be assigned to the
CCE-2547-8   CCE-807   correct accounts.              (1) set of accounts
                       The "increase scheduling
                       priority" user right should
                       be assigned to the correct
CCE-2944-7   CCE-349   accounts.                      (1) set of accounts
                       The "load and unload
                       device drivers" user right
                       should be assigned to the
CCE-2446-3   CCE-860   correct accounts.              (1) set of accounts
                       The "lock pages in
                       memory" user right should
                       be assigned to the correct
CCE-2609-6   CCE-749   accounts.                      (1) set of accounts
                       The "log on as a batch job"
                       user right should be
                       assigned to the correct
CCE-2882-9   CCE-177   accounts.                      (1) set of accounts
                       The "log on as a service"
                       user right should be
                       assigned to the correct
CCE-2948-8   CCE-216   accounts.                      (1) set of accounts
                       The "log on locally" user
                       right should be assigned to
CCE-2829-0   CCE-965   the correct accounts.          (1) set of accounts
                       The "manage auditing and
                       security log" user right
                       should be assigned to the
CCE-2247-5   CCE-850   correct accounts.              (1) set of accounts
                       The "modify firmware
                       environment values" user
                       right should be assigned to
CCE-2657-5   CCE-17    the correct accounts.          (1) set of accounts
                       The "profile single process"
                       user right should be
                       assigned to the correct
CCE-2807-6   CCE-260   accounts.                      (1) set of accounts
                       The "profile system
                       performance" user right
                       should be assigned to the
CCE-2675-7   CCE-599   correct accounts.              (1) set of accounts

                       The "remove computer
                       from docking station" user
                       right should be assigned to
CCE-2335-8   CCE-656   the correct accounts.       (1) set of accounts
                       The "replace a process-
                       level token" user right
                       should be assigned to the
CCE-2860-5   CCE-667   correct accounts.             (1) set of accounts
                       The "restore files and
                       directories" user right
                       should be assigned to the
CCE-2847-2   CCE-553   correct accounts.             (1) set of accounts
                       The "shut down the
                       system" user right should
                       be assigned to the correct
CCE-2366-3   CCE-839   accounts.                     (1) set of accounts

                       The "take ownership of
                       files or other objects" user
                       right should be assigned to
CCE-2021-4   CCE-492   the correct accounts.        (1) set of accounts

                       The "synchronize directory
                       service data" user right
                       should be assigned to the
CCE-2810-0   CCE-381   correct accounts.             (1) set of accounts
                       The "deny logon locally"
                       user right should be
                       assigned to the correct
CCE-2700-3   CCE-64    accounts.                     (1) set of accounts

                       The "enable computer and
                       user accounts to be trusted
                       for delegation" user right
                       should be assigned to the
CCE-2982-7   CCE-15    correct accounts.             (1) set of accounts
                       The "add workstations to
                       domain" user right should
                       be assigned to the correct
CCE-2374-7   CCE-183   accounts.                     (1) set of accounts
                       The "allow logon through
                       Terminal Services" user
                       right should be assigned to
CCE-3004-9   CCE-883   the correct accounts.         (1) set of accounts
                       The "deny logon as a batch
                       job" user right should be
                       assigned to the correct
CCE-2898-5   CCE-165   accounts.                     (1) set of accounts
                       The "deny logon as a
                       service" user right should
                       be assigned to the correct
CCE-2792-0   CCE-597   accounts.                     (1) set of accounts
                        The "deny logon through
                        Terminal Services" user
                        right should be assigned to
CCE-2814-2   CCE-108    the correct accounts.       (1) set of accounts
                        The "perform volume
                        maintenance tasks" user
                        right should be assigned to
CCE-2960-3   CCE-314    the correct accounts.       (1) set of accounts
                        The "reset account lockout
                        counter after" policy should
                        meet minimum                   (1) number of
CCE-2466-1   CCE-733    requirements.                  minutes
                        The "account lockout
                        duration" policy should
                        meet minimum                   (1) number of
CCE-2928-0   CCE-980    requirements.                  minutes
                        The "account lockout
                        threshold" policy should
                        meet minimum                    (1) number of
CCE-2986-8   CCE-658    requirements.                  attempts
                        Auditing of "account logon"
                        events on success should
                        be enabled or disabled as
CCE-2867-0   CCE-2628   appropriate..                  enabled/disabled
                        Auditing of "account logon"
                        events on failure should be
                        enabled or disabled as
CCE-3008-0   CCE-2543   appropriate..                  enabled/disabled

                        Auditing of "account
                        management" events on
                        success should be enabled
CCE-2902-5   CCE-2000   or disabled as appropriate.. enabled/disabled

                        Auditing of "account
                        management" events on
                        failure should be enabled
CCE-2906-6   CCE-1646   or disabled as appropriate.. enabled/disabled

                        Auditing of "directory
                        service access" events on
                        success should be enabled
CCE-2933-0   CCE-2118   or disabled as appropriate.. enabled/disabled

                        Auditing of "directory
                        service access" events on
                        failure should be enabled
CCE-2206-1   CCE-2390   or disabled as appropriate.. enabled/disabled
                        Auditing of "logon" events
                        on success should be
                        enabled or disabled as
CCE-2100-6   CCE-1686   appropriate..                enabled/disabled
                        Auditing of "logon" events
                        on failure should be
                        enabled or disabled as
CCE-2343-2   CCE-1744   appropriate..                  enabled/disabled

                        Auditing of "object access"
                        events on success should
                        be enabled or disabled as
CCE-2259-0   CCE-2640   appropriate..               enabled/disabled
                        Auditing of "object access"
                        events on failure should be
                        enabled or disabled as
CCE-2766-4   CCE-1991   appropriate..               enabled/disabled

                        Auditing of "policy change"
                        events on success should
                        be enabled or disabled as
CCE-2971-0   CCE-2412   appropriate..                  enabled/disabled
                        Auditing of "policy change"
                        events on failure should be
                        enabled or disabled as
CCE-2759-9   CCE-2347   appropriate..                  enabled/disabled
                        Auditing of "privilege use"
                        events on success should
                        be enabled or disabled as
CCE-2913-2   CCE-2431   appropriate..                  enabled/disabled
                        Auditing of "privilege use"
                        events on failure should be
                        enabled or disabled as
CCE-2918-1   CCE-2584   appropriate..                  enabled/disabled

                        Auditing of "process
                        tracking" events on
                        success should be enabled
CCE-2816-7   CCE-2529   or disabled as appropriate..   enabled/disabled
                        Auditing of "process
                        tracking" events on failure
                        should be enabled or
CCE-2939-7   CCE-2617   disabled as appropriate..      enabled/disabled
                        Auditing of "system" events
                        on success should be
                        enabled or disabled as
CCE-2878-7   CCE-2420   appropriate..                  enabled/disabled
                        Auditing of "system" events
                        on failure should be
                        enabled or disabled as
CCE-2843-1   CCE-1680   appropriate..                  enabled/disabled


                        The "restrict guest access
                        to application log" policy
CCE-2116-2   CCE-299    should be set correctly.       (1) enabled/disabled
                       The application log
                       maximum size should be
CCE-2904-1   CCE-185   configured correctly..        (1) size of file

                       The "when maximum log
                       size is reached" property
                       should be set correctly for
CCE-3014-8   CCE-285   the Application log.          type of retention
                       If the Application log's
                       retention method is set to
                       "Overwrite events by days,"
                       an appropriate value
                       should be set for the
                       number of days' logs to
CCE-3019-7   CCE-951   keep.                       (1) number of days


                       The "restrict guest access
                       to security log" policy
CCE-2794-6   CCE-462   should be set correctly.      (1) enabled/disabled


                       The security log maximum
                       size should be configured
CCE-2693-0   CCE-757   correctly..                   (1) size of file

                       The "when maximum log
                       size is reached" property
                       should be set correctly for
CCE-2336-6   CCE-523   the Security log.             type of retention
                       If the Security log's
                       retention method is set to
                       "Overwrite events by days,"
                       an appropriate value
                       should be set for the
                       number of days' logs to
CCE-2966-0   CCE-682   keep.                       (1) number of days


                       The "restrict guest access
                       to system log" policy
CCE-2345-7   CCE-726   should be set correctly.      (1) enabled/disabled


                       The system log maximum
                       size should be configured
CCE-3006-4   CCE-735   correctly..                   (1) size of file

                       The "when maximum log
                       size is reached" property
                       should be set correctly for
CCE-2777-1   CCE-664   the System log.               type of retention
                       If the System log's
                       retention method is set to
                       "Overwrite events by days,"
                       an appropriate value
                       should be set for the
                       number of days' logs to
CCE-2050-3   CCE-210   keep.                       (1) number of days
                       The "maximum password
                       age" policy should meet
CCE-2920-7   CCE-871   minimum requirements.        (1) number of days
                       The "minimum password
                       age" policy should meet
CCE-2439-8   CCE-324   minimum requirements.        (1) number of days

                       The "minimum password
                       length" policy should meet
CCE-2981-9   CCE-100   minimum requirements.        (1) number of days
                       The "password must meet
                       complexity requirments"
                       policy should be set
CCE-2735-9   CCE-633   correctly.                   (1) enabled/disabled

                       The "enforce password        (1) number of
                       history" policy should meet passwords
CCE-2994-2   CCE-60    minimum requirements.       remembered

                       The "store password using
                       reversible encryption for all
                       users in the domain" policy
CCE-2889-4   CCE-479   should be set correctly.      (1) enabled/disabled


                       The startup type of the       (1)
                       Alerter service should be    disabled/manual/aut
CCE-3034-6   CCE-487   correct.                     omatic



                       The startup type of the       (1)
                       Automatic Update service     disabled/manual/aut
CCE-2937-1   CCE-496   should be correct.           omatic

                       The startup type of the
                       Background Intelligent        (1)
                       Transfer Service (BITS)      disabled/manual/aut
CCE-2818-3   CCE-148   service should be correct.   omatic


                       The startup type of the     (1)
                       ClipBook service should be disabled/manual/aut
CCE-2713-6   CCE-954   correct.                   omatic
                       The startup type of the   (1)
                       Computer Browser service disabled/manual/aut
CCE-2880-3   CCE-294   should be correct.       omatic



                       The startup type of the Fast (1)
                       User Switching service       disabled/manual/aut
CCE-2950-4   CCE-800   should be correct.           omatic


                                                    (1)
                       The startup type of the Fax disabled/manual/aut
CCE-2849-8   CCE-78    service should be correct. omatic


                       The startup type of the FTP (1)
                       Publishing service should disabled/manual/aut
CCE-2888-6   CCE-712   be correct.                 omatic


                       The startup type of the IIS    (1)
                       Admin service should be       disabled/manual/aut
CCE-3016-3   CCE-311   correct.                      omatic


                       The startup type of the     (1)
                       Indexing service should be disabled/manual/aut
CCE-2910-8   CCE-738   correct.                   omatic


                       The startup type of the        (1)
                       Messenger service should      disabled/manual/aut
CCE-2915-7   CCE-729   be correct.                   omatic
                       The startup type of the        (1)
                       .NET Framework service        disabled/manual/aut
CCE-2053-7   CCE-650   should be correct.            omatic


                       The startup type of the Net (1)
                       Logon service should be     disabled/manual/aut
CCE-2071-9   CCE-408   correct.                    omatic

                       The startup type of the
                       NetMeeting Remote              (1)
                       Desktop Sharing service       disabled/manual/aut
CCE-2896-9   CCE-232   should be correct.            omatic
                       The startup type of the        (1)
                       Print Services for Unix       disabled/manual/aut
CCE-2280-6   CCE-857   service should be correct.    omatic
                       The startup type of the
                       Remote Access Auto            (1)
                       connection Manager           disabled/manual/aut
CCE-2940-5   CCE-267   service should be correct.   omatic

                       The startup type of the
                       Remote Desktop Help           (1)
                       Session Manager service      disabled/manual/aut
CCE-2255-8   CCE-663   should be correct.           omatic

                       The startup type of the
                       Internet Connection           (1)
                       Sharing service should be    disabled/manual/aut
CCE-3026-2   CCE-672   correct.                     omatic


                       The startup type of the       (1)
                       Remote Registry service      disabled/manual/aut
CCE-3030-4   CCE-73    should be correct.           omatic

                       The startup type of the
                       Routing and Remote            (1)
                       Access service should be     disabled/manual/aut
CCE-3035-3   CCE-223   correct.                     omatic


                       The startup type of the       (1)
                       Remote Shell service         disabled/manual/aut
CCE-2427-3   CCE-522   should be correct.           omatic


                       The startup type of the       (1)
                       Simple TCP/IP service        disabled/manual/aut
CCE-2449-7   CCE-531   should be correct.           omatic

                       The startup type of the
                       Simple Mail Transport         (1)
                       Protocol (SMTP) service      disabled/manual/aut
CCE-2233-5   CCE-870   should be correct.           omatic


                       The startup type of the       (1)
                       SNMP Service service         disabled/manual/aut
CCE-2779-7   CCE-975   should be correct.           omatic


                       The startup type of the       (1)
                       SNMP Trap Service            disabled/manual/aut
CCE-2520-5   CCE-892   service should be correct.   omatic

                       The startup type of the       (1)
                       SSDP Discovery service       disabled/manual/aut
CCE-2661-7   CCE-940   should be correct.           omatic
                       The startup type of the       (1)
                       Task Scheduler service       disabled/manual/aut
CCE-2934-8   CCE-40    should be correct.           omatic


                       The startup type of the       (1)
                       Telnet service should be     disabled/manual/aut
CCE-2326-7   CCE-75    correct.                     omatic


                       The startup type of the       (1)
                       Terminal Services service    disabled/manual/aut
CCE-3043-7   CCE-974   should be correct.           omatic

                       The startup type of the
                       Universal Plug and Play       (1)
                       Device Host (UPnP)           disabled/manual/aut
CCE-3048-6   CCE-608   service should be correct.   omatic


                       The startup type of the
                       World Wide Web                (1)
                       Publishing service should    disabled/manual/aut
CCE-2942-1   CCE-758   be correct.                  omatic

                       The correct service
                       permissions for the Alerter (1) set of accounts
                       service should be           (2) list of
CCE-2076-8   CCE-669   assigned.                   permissions

                       The correct service
                       permissions for the           (1) set of accounts
                       Automatic Updates service    (2) list of
CCE-2626-0   CCE-889   should be assigned.          permissions
                       The correct service
                       permissions for the
                       Background Intelligent        (1) set of accounts
                       Transfer service should be   (2) list of
CCE-3022-1   CCE-61    assigned.                    permissions

                       The correct service
                       permissions for the         (1) set of accounts
                       ClipBook service should be (2) list of
CCE-2815-9   CCE-476   assigned.                  permissions

                       The correct service
                       permissions for the       (1) set of accounts
                       Computer Browser service (2) list of
CCE-2568-4   CCE-643   should be assigned.      permissions
                       The correct service
                       permissions for the Fax        (1) set of accounts
                       service should be             (2) list of
CCE-3071-8   CCE-87    assigned.                     permissions
                       The correct service
                       permissions for the File       (1) set of accounts
                       Shares service should be      (2) list of
CCE-2969-4   CCE-968   assigned.                     permissions

                       The correct service
                       permissions for the FTP        (1) set of accounts
                       Publishing service should     (2) list of
CCE-3057-7   CCE-4     be assigned.                  permissions

                       The correct service
                       permissions for the IIS        (1) set of accounts
                       Admin service should be       (2) list of
CCE-2563-5   CCE-792   assigned.                     permissions

                       The correct service
                       permissions for the         (1) set of accounts
                       Indexing service should be (2) list of
CCE-2836-5   CCE-444   assigned.                  permissions

                       The correct service
                       permissions for the       (1) set of accounts
                       Messenger service should (2) list of
CCE-2480-2   CCE-79    be assigned.             permissions

                       The correct service
                       permissions for the Net        (1) set of accounts
                       Logon service should be       (2) list of
CCE-2502-3   CCE-497   assigned.                     permissions

                       The correct service
                       permissions for the            (1) set of accounts
                       NetMeeting service should     (2) list of
CCE-2119-6   CCE-21    be assigned.                  permissions
                       The correct service
                       permissions for the Printer    (1) set of accounts
                       service should be             (2) list of
CCE-2976-9   CCE-109   assigned.                     permissions
                       The correct service
                       permissions for the
                       Remote Desktop Help            (1) set of accounts
                       Session Manager service       (2) list of
CCE-2990-0   CCE-915   should be assigned.           permissions
                       The correct service
                       permissions for the            (1) set of accounts
                       Remote Registry service       (2) list of
CCE-3021-3   CCE-219   should be assigned.           permissions
                       The correct service
                       permissions for the Routing
                       and Remote Access              (1) set of accounts
                       service should be             (2) list of
CCE-2141-0   CCE-779   assigned.                     permissions

                       The correct service
                       permissions for the SMTP       (1) set of accounts
                       service should be             (2) list of
CCE-2773-0   CCE-426   assigned.                     permissions

                       The correct service
                       permissions for the SNMP (1) set of accounts
                       service should be        (2) list of
CCE-2941-3   CCE-56    assigned.                permissions

                       The correct service
                       permissions for the SNMP (1) set of accounts
                       Trap service should be   (2) list of
CCE-2945-4   CCE-521   assigned.                permissions

                       The correct service
                       permissions for the Task       (1) set of accounts
                       Scheduler service should      (2) list of
CCE-3077-5   CCE-407   be assigned.                  permissions

                       The correct service
                       permissions for the Telnet     (1) set of accounts
                       service should be             (2) list of
CCE-3108-8   CCE-944   assigned.                     permissions

                       The correct service
                       permissions for the            (1) set of accounts
                       Terminal Services service     (2) list of
CCE-3130-2   CCE-605   should be assigned.           permissions
                       The correct service
                       permissions for the
                       Universal Plug and Play        (1) set of accounts
                       service should be             (2) list of
CCE-3029-6   CCE-869   assigned.                     permissions

                       The correct service
                       permissions for the WWW (1) set of accounts
                       Publishing service should (2) list of
CCE-3051-0   CCE-143   be assigned.              permissions
                       The behavior surrounding
                       Anonymous users' abiliity
                       to display lists of SAM       (1)
                       accounts and shares           restricted/unrestricte
CCE-2804-3   CCE-195   should be correct.            d
                       The behavior surrounding
                       Anonymous users' abiliity
                       to display lists of SAM       (1)
                       accounts should be            restricted/unrestricte
CCE-2147-7   CCE-318   correct.                      d

                       The behavior surrounding
                       Anonymous SID/Name
                       translation should be
CCE-2973-6   CCE-953   correct.                      (1) enabled/disabled
                       The "Anonymous access to
                       the application event log"
                       policy should be set           (1) exist/not exist
CCE-3119-5   CCE-983   correctly.                    (2) enabled/disabled
                       The "Anonymous access to
                       the system event log"
                       policy should be set           (1) exist/not exist
CCE-2890-2   CCE-142   correctly.                    (2) enabled/disabled
                       The "Anonymous access to
                       the security event log"
                       policy should be set           (1) exist/not exist
CCE-2643-5   CCE-653   correctly.                    (2) enabled/disabled

                       Use of the built-in Guest
                       account should be enabled
CCE-3040-3   CCE-332   or disabled as appropriate. (1) enabled/disabled
                       Use of the built-in
                       Administrator account
                       should be enabled or
CCE-2943-9   CCE-499   disabled as appropriate.    (1) enabled/disabled

                       The "Message title for
                       users attempting to log on"
                       policy should be set
CCE-2573-4   CCE-23    correctly.                    (1) text caption

                       The "Message text for
                       users attempting to log on"
                       policy should be set
CCE-2472-9   CCE-829   correctly.                    (1) text statement


                       Administrative Shares
                       should be properly
CCE-3137-7   CCE-512   configured.                   (1) allowed/removed
                       Automatic Execution of the
                       System Debugger should
CCE-3031-2   CCE-243   be properly configured.    (1) enabled/disabled




                       Automatic Logon should be
CCE-2776-3   CCE-283   properly configured.      (1) enabled/disabled


                       Automatic Reboot After
                       System Crash should be
CCE-2419-0   CCE-137   properly configured.        (1) enabled/disabled

                       Autoplay on all Drive Types
                       should be properly
CCE-2710-2   CCE-44    configured.                 (1) enabled/disabled
                       Autoplay for Current User
                       should be properly
CCE-2154-3   CCE-36    configured.                 (1) enabled/disabled


                       Autoplay for Default User
                       should be properly
CCE-2423-2   CCE-820   configured.                 (1) enabled/disabled


                       CD-ROM Autorun should
CCE-2925-6   CCE-344   be properly configured.     (1) enabled/disabled
                       Computer Browser
                       ResetBrowser Frames
                       should be properly
CCE-3070-0   CCE-282   configured.                 (1) enabled/ignored



                       ICMP Redirects should be
CCE-2824-1   CCE-150   properly configured.        (1) enabled/ignored
                       IP Source Routing should
CCE-3132-8   CCE-564   be properly configured.     (1) enabled/disabled



                       IRDP should be properly
CCE-2652-6   CCE-952   configured.                 (1) enabled/disabled



                       Kerberos and RSVP Traffic
                       Protected by IPSec should
CCE-3044-5   CCE-501   be properly configured.   (1) enabled/disabled

                       Dr. Watson Crash Dumps
                       should be properly
CCE-3066-8   CCE-536   configured.                 (1) enabled/disabled
                       Display Last User Name in
                       Logon Screen should be
CCE-2930-6   CCE-65    properly configured.        (1) enabled/disabled




                       System availability to
                       Master Browser should be
CCE-2952-0   CCE-139   properly configured.        (1) available/hidden




                       TCP/IP Dead Gateway
                       Detection should be
CCE-2718-5   CCE-897   properly configured.        (1) enabled/disabled




                       The TCP/IP KeepAlive
                       Time should be set          (1) number of
CCE-2559-3   CCE-188   correctly .                 milliseconds




                       The permitted number of
                       TCP/IP Maximum Half-
                       open Sockets should be       (1) number of
CCE-2453-9   CCE-333   set correctly .             sockets
                       The permitted number of
                       TCP/IP Maximum Retried
                       Half-open Sockets should      (1) number of
CCE-3114-6   CCE-751   be set correctly .           sockets




                       TCP/IP NetBIOS Name
                       Release on Request
                       Prevented should be
CCE-3118-7   CCE-817   properly configured.         (1) enabled/disabled




                       TCP/IP PMTU Discovery
                       should be properly
CCE-3017-1   CCE-998   configured.                  (1) enabled/disabled




                       TCP/IP SYN Flood Attack
                       Protection should be
CCE-2916-5   CCE-284   properly configured.         (1) enabled/disabled



                       Security Audit log warning
                       level should be properly
CCE-3061-9   CCE-125   configured.                  (1) warning level


                       Disable saving of dial-up
                       passwords should be
CCE-2444-8   CCE-156   properly configured.         (1) enabled/disabled




                       Safe DLL Search Mode
                       should be properly
CCE-2841-5   CCE-271   configured.                  (1) enabled/disabled

                       Always Wait for the
                       Network at Computer
                       Startup and Logon should
CCE-3092-4   CCE-707   be properly configured.      (1) enabled/disabled
                       Delete Roaming Cached
                       Profiles should be properly
CCE-3013-0   CCE-213   configured.                   (1) enabled/disabled


                       Use Classic Logon should
CCE-3100-5   CCE-231   be properly configured.       (1) logon type


                       Background Refresh of
                       Group Policy should be
CCE-2893-6   CCE-50    properly configured.          (1) enabled/disabled
                       Show Shared Internet
                       Connection Access UI
                       should be properly
CCE-2774-8   CCE-81    configured.                   (1) enabled/disabled


                       Installation and
                       Configuration of Network
                       Bridge on the DNS Domain
                       Network should be properly
CCE-2173-3   CCE-896   configured.                (1) enabled/disabled

                       Disallow Installation of
                       Printers Using Kernel-
                       mode Drivers should be
CCE-3087-4   CCE-574   properly configured.          (1) enabled/disabled
                       The "Allow Server
                       Operators to Schedule
                       Tasks" policy should be set
CCE-2968-6   CCE-257   correctly.                  (1) enabled/disabled

                       The built-in Administrator
                       account should be correctly
CCE-3135-1   CCE-438   named.                      (1) valid names

                       The built-in Guest account
CCE-3025-4   CCE-834   should be correctly named. (1) valid names


                       The amount of idle time
                       required before
                       disconnecting a session       (1) number of
CCE-3157-5   CCE-222   should be set correctly.      minutes

                       The "Audit the access of
                       global system objects"
                       policy should be set
CCE-3162-5   CCE-2     correctly.                    (1) enabled/disabled
                       The "Audit the use of
                       backup and restore
                       privilege" policy should be
CCE-2955-3   CCE-905   set correctly.                (1) enabled/disabled
                       The "Disable
                       CTRL+ALT+Delete
                       Requirement for Logon"
                       policy should be set
CCE-2891-0   CCE-133   correctly.                    (1) enabled/disabled




                       The "LAN Manager
                       Authentication Level" policy (1) authentication
CCE-2926-4   CCE-719   should be set correctly.     level


                       The "Prevent Users from
                       Installing Printer Drivers"
                       policy should be set
CCE-2789-6   CCE-402   correctly.                   (1) enabled/disabled
                       The "Recovery Console:
                       Allow Automatic
                       Administrative Logon"
                       policy should be set
CCE-2935-5   CCE-410   correctly.                   (1) enabled/disabled
                       The "Recovery Console:
                       Allow Floppy Copy and
                       Access to All Drives and All
                       Folders" policy should be
CCE-2957-9   CCE-76    set correctly.               (1) enabled/disabled

                       The "Restrict CD-ROM
                       Access to Locally Logged-
                       On User Only" policy
CCE-2974-4   CCE-565   should be set correctly.      (1) enabled/disabled

                       The "Restrict Floppy
                       Access to Locally Logged-
                       On User Only" policy
CCE-2873-8   CCE-463   should be set correctly.      (1) enabled/disabled


                       The "Strengthen Default
                       Permissions of Global
                       System Objects" policy
CCE-3005-6   CCE-508   should be set correctly.      (1) enabled/disabled
                       The "Secure Channel:
                       Require Strong (Windows
                       2000 or later) Session Key"
                       policy should be set
CCE-3151-8   CCE-417   correctly.                  (1) enabled/disabled

                       The "Send Unencrypted
                       Password to Connect to
                       Third-Party SMB Servers"
                       policy should be set
CCE-3049-4   CCE-228   correctly.                    (1) enabled/disabled

                       The "Unsigned Driver
                       Installation Behavior" policy
CCE-3085-8   CCE-413   should be set correctly.      (1) behavior
                       The "Users Prompted to
                       Change Password Before
                       Expiration" policy should be (1) number of days
CCE-2701-1   CCE-814   set correctly.               prior to expiration

                       The "Shut Down system
                       immediately if unable to log
                       security audits" policy
CCE-2851-4   CCE-92    should be set correctly.     (1) enabled/disabled

                       The "Allow System to be
                       Shut Down Without Having
                       to Log On" policy should be
CCE-2983-5   CCE-224   set correctly.              (1) enabled/disabled


                       The "Clear Virtual Memory
                       Pagefile at shutdown"
                       policy should be set
CCE-3128-6   CCE-422   correctly.                    (1) enabled/disabled

                       The "Digitally Sign Client
                       Communication (Always)"
                       policy should be set
CCE-3027-0   CCE-576   correctly.                    (1) enabled/disabled

                       The "Digitally Sign Client
                       Communication (When
                       Possible)" policy should be
CCE-2802-7   CCE-519   set correctly.                (1) enabled/disabled

                       The "Digitally Sign Server
                       Communication (Always)"
                       policy should be set
CCE-3053-6   CCE-171   correctly.                    (1) enabled/disabled
                       The "Digitally Sign Server
                       Communication (When
                       Possible)" policy should be
CCE-2688-0   CCE-104   set correctly.                (1) enabled/disabled



                       The "Number of Previous
                       Logons to Cache" policy       (1) number of
CCE-3106-2   CCE-773   should be set correctly.      logons


                       The "Allowed to Format
                       and Eject Removable
                       NTFS Media" policy should
CCE-3111-2   CCE-919   be set correctly.             (1) Group(s)
                       The "Secure Channel:
                       Digitally Encrypt or Sign
                       Secure Channel Data
                       (Always)" policy should be
CCE-3097-3   CCE-549   set correctly.                (1) enabled/disabled
                       The "Secure Channel:
                       Digitally Encrypt Secure
                       Channel Data (When
                       Possible)" policy should be
CCE-2996-7   CCE-161   set correctly.                (1) enabled/disabled
                       The "Secure Channel:
                       Digitally Sign Secure
                       Channel Data (When
                       Possible)" policy should be
CCE-3000-7   CCE-918   set correctly.                (1) enabled/disabled


                       The "Smart Card Removal
                       Behavior" policy should be
CCE-3133-6   CCE-443   set correctly.                (1) behavior

                       The "Prevent System
                       Maintenance of Computer
                       Account Password" policy
CCE-2313-5   CCE-831   should be set correctly.      (1) enabled/disabled

                       The "Use FIPS compliant
                       algorithms for encryption,
                       hashing, and signing"
                       policy should be set
CCE-3084-1   CCE-55    correctly.                    (1) enabled/disabled
                       The "Default owner for
                       objects created by
                       members of the
                       Administrators group"
                       policy should be set
CCE-2842-3   CCE-575   correctly.                  (1) enabled/disabled

                       The "Require Case
                       Insensitivity for Non-
                       Windows Sybsystems"
                       policy should be set
CCE-2987-6   CCE-300   correctly.                  (1) enabled/disabled

                       The "Limit local account
                       user of blank passwords to
                       console logon only" policy
CCE-2344-0   CCE-533   should be set correctly.   (1) enabled/disabled


                       The "Allow undock without
                       having to logon" policy
CCE-3009-8   CCE-186   should be set correctly.    (1) enabled/disabled

                       The "LDAP server signing
                       requirements" policy should
CCE-2551-0   CCE-710   be set correctly.           (1) enabled/disabled


                       The "LDAP client signing
                       requirements" policy should
CCE-2991-8   CCE-732   be set correctly.           (1) enabled/disabled
                       The "Refuse machine
                       account password change"
                       policy should be set
CCE-3123-7   CCE-490   correctly.               (1) enabled/disabled

                       The "Maximum machine
                       account password age"
                       policy should be set
CCE-3018-9   CCE-194   correctly.                  (1) enabled/disabled


                       The "Require Domain
                       Controller authentication to
                       unlock workstation" policy
CCE-3172-4   CCE-374   should be set correctly.     (1) enabled/disabled

                       The "Disconnect clients
                       when logon hours expire"
                       policy should be set
CCE-2692-2   CCE-278   correctly.                  (1) enabled/disabled
                       The "Do not allow storage
                       of credentials or .NET
                       Passports" policy should be
CCE-3088-2   CCE-542   set correctly.              (1) enabled/disabled

                       The "Let Everyone
                       permissions apply to
                       anonymous users" policy
CCE-3110-4   CCE-18    should be set correctly.     (1) enabled/disabled



                       The "Named Pipes that can
                       be accessed anonymously"
                       policy should be set
CCE-3150-0   CCE-136   correctly.                (1) enabled/disabled




                       The "Remotely accessible
                       registry paths" policy
CCE-3155-9   CCE-189   should be set correctly.     (1) set of paths

                       The "Shares that can be
                       accessed anonymously"
                       policy should be set
CCE-3036-1   CCE-942   correctly.                   (1) set of shares


                       The "Sharing and security
                       model for local accounts"
                       policy should be set         (1) Classic/Guest
CCE-3058-5   CCE-343   correctly.                   only
                       The "Do not store LAN
                       Manager hash value on
                       next password change"
                       policy should be set
CCE-2993-4   CCE-233   correctly.                   (1) enabled/disabled

                       The "Force logoff when
                       logon hours expire" policy
CCE-3139-3   CCE-775   should be set correctly.     (1) enabled/disabled
                       The "Minimum session
                       security for NTLM SSP
                       based clients" policy should
CCE-3156-7   CCE-674   be set correctly.            (1) enabled/disabled




                       The "Minimum session
                       security for NTLM SSP
                       based servers" policy
CCE-2799-5   CCE-766   should be set correctly.     (1) enabled/disabled



                       Local volumes should be       (1) type of
CCE-2795-3   CCE-621   formatted correctly.         formatting



                       The "Current user
                       screensaver timeout" policy
CCE-2980-1   CCE-830   should be set correctly.    (1) time in seconds
                       The "Default user
                       screensaver" policy should
CCE-3099-9   CCE-623   be set correctly.            (1) enabled/disabled

                       The "Default user
                       screensaver timeout" policy
CCE-2764-9   CCE-517   should be set correctly.    (1) time in seconds

                       The "Default user
                       screensaver secure" policy
CCE-3161-7   CCE-433   should be set correctly.   (1) enabled/disabled
                       The "Default user
                       screensaver active" policy
CCE-2901-7   CCE-103   should be set correctly.   (1) enabled/disabled
                       The "Current user
                       screensaver" policy should
CCE-3170-8   CCE-54    be set correctly.            (1) enabled/disabled

                       The "Current user
                       screensaver timeout" policy
CCE-3064-3   CCE-221   should be set correctly.    (1) time in seconds
                       The "Current user
                       screensaver secure" policy
CCE-2526-2   CCE-235   should be set correctly.   (1) enabled/disabled
                       The "Current user
                       screensaver active" policy
CCE-2174-1   CCE-287   should be set correctly.   (1) enabled/disabled

                       The "Always Install with
                       Elevated Privileges" policy
CCE-2552-8   CCE-736   should be set correctly.      (1) enabled/disabled


                       The "Set Safe for Scripting"
                       policy should be set
CCE-2830-8   CCE-261   correctly.                   (1) enabled/disabled
                       The "Enable User Control
                       Over Installs" policy should
CCE-3094-0   CCE-415   be set correctly.            (1) enabled/disabled

                       The "Enable User to Use
                       Media Source While
                       Elevated" policy should be
CCE-3011-4   CCE-107   set correctly.                (1) enabled/disabled

                       The "Allow Administrator to
                       Install from Terminal
                       Services Session" policy
CCE-3020-5   CCE-256   should be set correctly.    (1) enabled/disabled

                       The "Enable User to Patch
                       Elevated Products" policy
CCE-2293-9   CCE-662   should be set correctly.      (1) enabled/disabled


                       The "Cache Transforms in
                       Secure Location" policy
CCE-3068-4   CCE-424   should be set correctly.      (1) enabled/disabled

                       The "Disable Media Player
                       for automatic updates"
                       policy should be set
CCE-2826-6   CCE-455   correctly.                 (1) enabled/disabled
                       The "Prevent Codec
                       Download" policy should be
                       set correctly for Windows
CCE-3117-9   CCE-124   MediaPlayer.               (1) enabled/disabled
                       The "Do Not Allow
                       Windows Messenger to be
                       Run" policy should be set
CCE-2684-9   CCE-802   correctly.                    (1) enabled/disabled

                       The "Do Not Automatically
                       Start Windows Messenger"
                       policy should be set
CCE-2455-4   CCE-309   correctly.                (1) enabled/disabled
                       The "Prohibit New Task
                       Creation" policy should be
                       set correctly for the Task
CCE-2711-0   CCE-578   Scheduler.                    (1) enabled/disabled
                       The "Limit Users to One
                       Remote Session" policy
                       should be set correctly for
CCE-2354-9   CCE-507   Terminal Services.            (1) enabled/disabled
                       The "Limit Number of
                       Connections" policy should     (1) Maximum
                       be set correctly for          number of
CCE-3129-4   CCE-80    Terminal Services.            connections allowed

                       The "Do Not Allow New
                       Client Connections" policy
                       should be set correctly for
CCE-3028-8   CCE-401   Terminal Services.            (1) enabled/disabled
                       The "Do Not Allow Local
                       Administrators to
                       Customize Permissions"
                       policy should be set
                       correctly for Terminal
CCE-2407-5   CCE-824   Services.                     (1) enabled/disabled
                       The "Remote Control
                       Settings" policy should be
                       set correctly for Terminal
CCE-2808-4   CCE-190   Services.                     (1) enabled/disabled
                       The "Always Prompt Client
                       for Password upon
                       Connection" policy should
                       be set correctly for
CCE-2949-6   CCE-855   Terminal Services.            (1) enabled/disabled

                       The "Set Client connection
                       Encryption Level" policy
                       should be set correctly for
CCE-3116-1   CCE-397   Terminal Services.            (1) encryption level

                       The "Do not Use Temp
                       folders per Session" policy
                       should be set correctly for
CCE-2997-5   CCE-670   Terminal Services.            (1) enabled/disabled
                       The "Do not Delete Temp
                       folder on exit" policy should
                       be set correctly for
CCE-2892-8   CCE-961   Terminal Services.              (1) enabled/disabled
                       The "Set time limit for
                       disconnected sessions"
                       policy should be set
                       correctly for Terminal           (1) Time Limit
CCE-2961-1   CCE-920   Services.                       (minutes)
                       The "Set time limit for idle
                       sessions" policy should be
                       set correctly for Terminal       (1) Time limit
CCE-3124-5   CCE-123   Services.                       (minutes)
                       The "Allow Reconnection
                       from Original Client Only"
                       policy should be set
                       correctly for Terminal
CCE-2210-3   CCE-524   Services.                       (1) enabled/disabled
                       The "Terminate session
                       when time limits are
                       reached" policy should be
                       set correctly for Terminal
CCE-2959-5   CCE-568   Services.                       (1) enabled/disabled
                       The "Enable Keep-Alive
                       Messages" policy should
                       be set correctly for
CCE-3109-6   CCE-705   Terminal Services.              (1) enabled/disabled

                       The "Allow Solicited
                       Remote Assistance" policy
                       should be set correctly for
CCE-3007-2   CCE-859   Terminal Services.              (1) enabled/disabled

                       The "Allow Unsolicited
                       Remote Assistance" policy
                       should be set correctly for
CCE-3012-2   CCE-434   Terminal Services.              (1) enabled/disabled
                       The "Enable Error
                       Reporting" policy should be
CCE-3038-7   CCE-592   set correctly.              (1) enabled/disabled
                       The "Enforce user logon
                       restrictions" policy should
CCE-3188-0   CCE-227   be set correctly.               (1) enabled/disabled
                       The "Maximum Service
                       Ticket Litfetime" policy        (1) number of
CCE-2708-6   CCE-6     should be set correctly.        minutes
                       The "Maximum User Ticket
                       Lifetime" policy should be
CCE-2803-5   CCE-37    set correctly.                  (1) number of hours
                       The "Maximum User
                       Renewal Lifetime" policy
CCE-3063-5   CCE-33    should be set correctly.      (1) number of days
                       The "Maximum tolerance
                       for computer clock
                       synchronization" policy       (1) number of
CCE-3208-6   CCE-588   should be set correctly.      minutes
                       The "Create global objects"
                       user right should be
                       assigned to the correct
CCE-3107-0   CCE-383   accounts.                     (1) set of accounts
                       The "Impersonate a client
                       after authentication" user
                       right should be assigned to
CCE-2737-5   CCE-304   the correct accounts.         (1) set of accounts
                       The "DCOM: Machine
                       access Restrictions in
                       Security Descriptor
                       Definition Language
                       (SDDL) syntax" setting
                       should be configured
CCE-3010-6   CCE-458   correctly.
                       The "DCOM: Machine
                       Launch Restrictions in the
                       Security Descriptor
                       Definition Language
                       (SDDL) syntax" security
                       option should be set
CCE-2662-5   CCE-740   correctly.
                       The "Display user
                       information when the
                       session is locked" setting
                       should be configured
CCE-2917-3   CCE-22    correctly.
                       The "Interactive logon:
                       Requre smart card" setting
                       should be configured
CCE-3186-4   CCE-828   correctly.                    enabled/disabled

                       The "Network access:
                       Restrict anonymous
                       access to named pipes and
                       shares" setting should be
CCE-2834-0   CCE-638   configured correctly.

                       The "System cryptography:
                       Force strong key protection
                       for user keys stored on the
                       computer" setting should
CCE-2992-6   CCE-647   be configured correctly.
                       The "System settings:
                       optional subsystems"
                       setting should be
CCE-2705-2   CCE-48    configured correctly.
                       the "System settings: Use
                       Certificate Rules on
                       Windows Executables for
                       Software Restriction
                       Polices" setting should be
CCE-2723-5   CCE-572   configured correctly.




                       MSS:(TCPMaxConnectRes
                       ponseRetransmission)
                       SYN-ACK retansmissions
                       when a connection request (1) number of
CCE-2213-7   CCE-577   is not acknowledged       seconds

                       MSS:(TCPMaxDataRetran
                       smissions) How many
                       times unacknowledged          (1) number of
CCE-2239-2   CCE-872   data is retransmitted         seconds
                       Membership in the Backup
                       Operators group should be
                       assigned to the appropriate
CCE-2690-6   CCE-506   accounts.                     (1) list of accounts
                       Membership in the Power
                       Users group should be
                       assigned to the appropriate
CCE-2862-1   CCE-990   accounts.                     (1) list of accounts

                       Membership in the Remote
                       Desktop Users group
                       should be assigned to the
CCE-3136-9   CCE-250   appropriate accounts.         (1) list of accounts
                       The Application Layer
                       Gateway Service should be      (1)
                       enabled or disabled as        disabled/manual/aut
CCE-3171-6   CCE-43    appropriate.                  omatic
                       The Application
                       Management service             (1)
                       should be enabled or          disabled/manual/aut
CCE-3047-8   CCE-167   disabled as appropriate.      omatic
                       The Cryptographic
                       Services service should be     (1)
                       enabled or disabled as        disabled/manual/aut
CCE-3113-8   CCE-585   appropriate.                  omatic
                       The DHCP Client service        (1)
                       should be enabled or          disabled/manual/aut
CCE-2756-5   CCE-484   disabled as appropriate.      omatic
                       The Distributed Link
                       Tracking Client service        (1)
                       should be enabled or          disabled/manual/aut
CCE-3153-4   CCE-651   disabled as appropriate.      omatic

                       The Distributed
                       Transaction Coordinator        (1)
                       service should be enabled     disabled/manual/aut
CCE-3184-9   CCE-303   or disabled as appropriate.   omatic
                       The DNS Client service         (1)
                       should be enabled or          disabled/manual/aut
CCE-2985-0   CCE-436   disabled as appropriate.      omatic

                       The Error Reporting            (1)
                       Service should be enabled     disabled/manual/aut
CCE-3236-7   CCE-774   or disabled as appropriate.   omatic
                       The Event Log service          (1)
                       should be enabled or          disabled/manual/aut
CCE-3140-1   CCE-435   disabled as appropriate.      omatic

                       The Help and Support           (1)
                       service should be enabled     disabled/manual/aut
CCE-2301-0   CCE-950   or disabled as appropriate.   omatic
                       The Human Interface
                       Device Access service          (1)
                       should be enabled or          disabled/manual/aut
CCE-3003-1   CCE-118   disabled as appropriate.      omatic
                       The IMAPI CD-Burning
                       COM Service should be          (1)
                       enabled or disabled as        disabled/manual/aut
CCE-2716-9   CCE-624   appropriate.                  omatic

                       The Infrared Monitor         (1)
                       service should be enabled disabled/manual/aut
CCE-3223-5   CCE-453   or disabled as appropriate. omatic

                       The IPSEC Services           (1)
                       service should be enabled disabled/manual/aut
CCE-3245-8   CCE-72    or disabled as appropriate. omatic

                       The Logical Disk Manager (1)
                       service should be enabled disabled/manual/aut
CCE-3294-6   CCE-988   or disabled as appropriate. omatic

                       The Logical Disk Manager
                       Administrative Service         (1)
                       should be enabled or          disabled/manual/aut
CCE-3073-4   CCE-891   disabled as appropriate.      omatic
                       The MS Software Shadow
                       Copy Provider service          (1)
                       should be enabled or          disabled/manual/aut
CCE-3065-0   CCE-900   disabled as appropriate.      omatic
                       The Network Connections (1)
                       service should be enabled disabled/manual/aut
CCE-2840-7   CCE-671   or disabled as appropriate. omatic

                       The Network Dynamic Data
                       Exchange (DDE) service         (1)
                       should be enabled or          disabled/manual/aut
CCE-3131-0   CCE-217   disabled as appropriate.      omatic
                       The Network DDE DDE
                       Share Database Manager
                       (DSDM) service should be       (1)
                       enabled or disabled as        disabled/manual/aut
CCE-3122-9   CCE-768   appropriate.                  omatic
                       The Network Location
                       Awareness (NLA) service        (1)
                       should be enabled or          disabled/manual/aut
CCE-3267-2   CCE-825   disabled as appropriate.      omatic
                       The NT LM Security
                       Support Provider service       (1)
                       should be enabled or          disabled/manual/aut
CCE-3056-9   CCE-472   disabled as appropriate.      omatic
                       The Performance Logs and
                       Alerts service should be       (1)
                       enabled or disabled as        disabled/manual/aut
CCE-3144-3   CCE-265   appropriate.                  omatic
                       The Portable Media Serial
                       Number Service service         (1)
                       should be enabled or          disabled/manual/aut
CCE-3289-6   CCE-759   disabled as appropriate.      omatic

                       The Protected Storage          (1)
                       service should be enabled     disabled/manual/aut
CCE-3205-2   CCE-697   or disabled as appropriate.   omatic
                       The QoS RSVP service           (1)
                       should be enabled or          disabled/manual/aut
CCE-3206-0   CCE-706   disabled as appropriate.      omatic

                       The Remote Access
                       Connection Manager             (1)
                       service should be enabled     disabled/manual/aut
CCE-3104-7   CCE-750   or disabled as appropriate.   omatic
                       The Remote Procedure
                       Call (RPC) service should      (1)
                       be enabled or disabled as     disabled/manual/aut
CCE-3126-0   CCE-993   appropriate.                  omatic

                       The Remote Procedure
                       Call (RPC) Locator service (1)
                       should be enabled or       disabled/manual/aut
CCE-3148-4   CCE-164   disabled as appropriate.   omatic
                        The Removable Storage        (1)
                        service should be enabled disabled/manual/aut
CCE-2567-6   CCE-741    or disabled as appropriate. omatic

                        The Secondary Logon            (1)
                        service should be enabled     disabled/manual/aut
CCE-2823-3   CCE-172    or disabled as appropriate.   omatic
                        The Security Accounts
                        Manager service should be      (1)
                        enabled or disabled as        disabled/manual/aut
CCE-3074-2   CCE-679    appropriate.                  omatic
                        The Server service should      (1)
                        be enabled or disabled as     disabled/manual/aut
CCE-3219-3   CCE-102    appropriate.                  omatic
                        The Smart Card service         (1)
                        should be enabled or          disabled/manual/aut
CCE-3241-7   CCE-98     disabled as appropriate.      omatic

                        The Smart Card Helper          (1)
                        service should be enabled     disabled/manual/aut
CCE-2831-6   CCE-1001   or disabled as appropriate.   omatic
                        The System Event
                        Notification service should    (1)
                        be enabled or disabled as     disabled/manual/aut
CCE-2835-7   CCE-772    appropriate.                  omatic

                        The System Restore             (1)
                        Service should be enabled     disabled/manual/aut
CCE-2321-8   CCE-450    or disabled as appropriate.   omatic
                        The TCP/IP NetBIOS
                        Helper service should be       (1)
                        enabled or disabled as        disabled/manual/aut
CCE-3274-8   CCE-665    appropriate.                  omatic
                        The Telephony service          (1)
                        should be enabled or          disabled/manual/aut
CCE-2811-8   CCE-428    disabled as appropriate.      omatic
                        The Themes service             (1)
                        should be enabled or          disabled/manual/aut
CCE-3195-5   CCE-956    disabled as appropriate.      omatic
                        The Uninterruptable Power
                        Supply service should be       (1)
                        enabled or disabled as        disabled/manual/aut
CCE-3221-9   CCE-366    appropriate.                  omatic

                        The Upload Manager           (1)
                        service should be enabled disabled/manual/aut
CCE-2988-4   CCE-652    or disabled as appropriate. omatic

                        The Volume Shadow Copy (1)
                        service should be enabled disabled/manual/aut
CCE-3146-8   CCE-538    or disabled as appropriate. omatic
                       The WebClient service          (1)
                       should be enabled or          disabled/manual/aut
CCE-3291-2   CCE-305   disabled as appropriate.      omatic

                       The Windows Audio              (1)
                       service should be enabled     disabled/manual/aut
CCE-3256-5   CCE-851   or disabled as appropriate.   omatic
                       The Windows Image
                       Acquisition (WIA) service      (1)
                       should be enabled or          disabled/manual/aut
CCE-2639-3   CCE-234   disabled as appropriate.      omatic

                       The Windows Installer        (1)
                       service should be enabled disabled/manual/aut
CCE-3159-1   CCE-890   or disabled as appropriate. omatic

                       The Windows Management
                       Instrumentation service   (1)
                       should be enabled or     disabled/manual/aut
CCE-3163-3   CCE-912   disabled as appropriate. omatic

                       The Windows Management
                       Instrumentation Driver
                       Extensions service should (1)
                       be enabled or disabled as disabled/manual/aut
CCE-3203-7   CCE-815   appropriate.              omatic

                       The Windows Time service       (1)
                       should be enabled or          disabled/manual/aut
CCE-2599-9   CCE-560   disabled as appropriate.      omatic
                       The Wireless Zero
                       Configuration service          (1)
                       should be enabled or          disabled/manual/aut
CCE-2494-3   CCE-604   disabled as appropriate.      omatic
                       The WMI Performance
                       Adapter service should be      (1)
                       enabled or disabled as        disabled/manual/aut
CCE-3265-6   CCE-745   appropriate.                  omatic
                       The Workstation service        (1)
                       should be enabled or          disabled/manual/aut
CCE-2397-8   CCE-296   disabled as appropriate.      omatic

                       MSS:
                       (NtfsDisable8dot3NameCr
                       eation) Enable the
                       computer to stop
                       generating 8.3 style
CCE-2683-1   CCE-511   filenames.              (1) reg_dword

                       RPC Endpiont Mapper
                       Client Authentication (SP2
CCE-2956-1   CCE-145   only)                      (1) enabled/disabled
                       Restrictions for
                       Unauthenticated RPC
CCE-3273-0   CCE-423   clients (SP2 only)          (1) enabled/disabled
                       Domain Profile: Protect all
                       network connections (SP2
CCE-3154-2   CCE-806   only)                       (1) enabled/disabled

                       Domain Profile: Do not
CCE-3194-8   CCE-969   allow exceptions (SP2 only) (1) enabled/disabled

                       Domain Profile: Allow local
CCE-2828-2   CCE-502   program exceptions          (1) enabled/disabled


                                                      (1) enabled/disabled
                       Domain Profile: Allow          (2) subnets for
CCE-2476-0   CCE-771   remote administration          internal support only
                       Domain Profile: Allow file
                       and printer sharing
CCE-3247-4   CCE-555   exception (SP2 only)           (1) enabled/disabled
                       Domain Profile: Allow
                       ICMP exceptions (SP2
CCE-3141-9   CCE-277   only)                          (1) enabled/disabled


                       Domain Profile: Allow          (1) enabled/disabled
                       Remote Desktop exception       (2) subnets for
CCE-3304-3   CCE-832   (SP2 only)                     internal support only
                       Domain Profile: Allow
                       UPnP framework exception
CCE-3176-5   CCE-590   (SP2 only)                     (1) enabled/disabled
                       The "Windows Firewall:
                       Prohibit notifications"
                       setting should be
                       configured correctly for the
CCE-3198-9   CCE-762   Domain Profile.                (1) enabled/disabled


                       The "Log Dropped
                       Packets" option for the
                       Windows Firewall should
                       be configured correctly for
CCE-2965-2   CCE-251   the Domain Profile.            (1) enabled/disabled
                       The log file path and name
                       for the Windows Firewall
                       should be configured
                       correctly for the Domain
CCE-2923-1   CCE-793   Profile.                   (1) File path



                       The log file size limit for the
                       Windows Firewall should
                       be configured correctly for
CCE-2958-7   CCE-57    the Domain Profile.             (1) Size limit (KB)


                       The "Log Successful
                       Connections" option for the
                       Windows Firewall should
                       be configured correctly for
CCE-3090-8   CCE-617   the Domain Profile.         (1) enabled/disabled
                       Unicast response to
                       multicast or broadcast
                       requests should be
                       enabled or disabled as
                       appropriate for the Domain
CCE-2972-8   CCE-696   Profile.                    (1) enabled/disabled

                       Domain Profile: Define port
CCE-2866-2   CCE-114   exceptions (SP2 only)       (1) enabled/disabled

                       Domain Profile: Allow local
CCE-3258-1   CCE-370   port exceptions (SP2 only) (1) enabled/disabled
                       Standard Profile: Protect all
                       network connections (SP2
CCE-3284-7   CCE-273   only)                         (1) enabled/disabled

                       Standard Profile: Do not
CCE-3179-9   CCE-440   allow exceptions (SP2 only) (1) enabled/disabled
                       Standard Profile: Allow
                       local program exceptions
CCE-3183-1   CCE-352   (SP2 only)                  (1) enabled/disabled
                       Standard Profile: Allow
                       remote administration
CCE-2954-6   CCE-467   exception (SP2 only)        (1) enabled/disabled
                       Standard Profile: Allow file
                       and printer sharing
CCE-3262-3   CCE-626   exception (SP2 only)         (1) enabled/disabled
                                                    (1) enabled/ Allow
                                                    outboud source
                                                    quench, Allow
                                                    inbound echo
                       Standard Profile: Allow      request, Allow
                       ICMP exceptions (SP2         outbound packet too
CCE-3081-7   CCE-797   only)                        big
                       Standard Profile: Allow
                       Remote Desktop exception
CCE-3213-6   CCE-354   (SP2 only)                   (1) enabled/disabled
                       Standard Profile: Allow
                       UPnP framework exception
CCE-3235-9   CCE-266   (SP2 only)                   (1) enabled/disabled
                       The "Windows Firewall:
                       Prohibit notifications"
                       setting should be
                       configured correctly for the
CCE-3134-4   CCE-901   Standard Profile.            (1) enabled/disabled


                       The "Log Dropped
                       Packets" option for the
                       Windows Firewall should
                       be configured correctly for
CCE-3280-5   CCE-945   the Standard Profile.       (1) enabled/disabled
                       The log file path and name
                       for the Windows Firewall
                       should be configured
                       correctly for the Standard
CCE-3174-0   CCE-609   Profile.                    (1) file path

                       The log file size limit for the
                       Windows Firewall should
                       be configured correctly for
CCE-3055-1   CCE-160   the Standard Profile.           (1) Size limit (KB)

                       The "Log Successful
                       Connections" option for the
                       Windows Firewall should
                       be configured correctly for
CCE-2707-8   CCE-962   the Standard Profile.       (1) enabled/disabled
                       Unicast response to
                       multicast or broadcast
                       requests should be
                       enabled or disabled as
                       appropriate for the
CCE-3103-9   CCE-632   Standard Profile.           (1) enabled/disabled
                        Standard Profile: Define
CCE-3231-8   CCE-196    port exceptions (SP2 only)   (1) enabled/disabled
                        Standard Profile: Allow
                        local port exceptions (SP2
CCE-2989-2   CCE-77     only)                        (1) enabled/disabled
                        The startup type of the
                        Internet Connection
                        Firewall service should be
CCE-3037-9   CCE-530    correct.                     (1) enabled/disabled
                        Restricted Groups have       (1) Group
CCE-2856-3   CCE-301    been set on the system       enumeration
                        The required permissions
                        for the file                 (1) set of accounts
                        %SystemRoot%\System32\       (2) list of
                        mshta.exe should be          permissions (3)
CCE-4952-8   CCE-1225   assigned.                    applicability
                        The startup type of
                        Microsoft Peer-to-Peer
                        Networking Services
                        should be configured
CCE-5194-6   CCE-86     correctly.                   enabled/disabled
                        The "Prohibit use of
                        Internet Connection
                        Firewall on your DNS
                        domain network" setting
                        should be configured
CCE-5022-9   CCE-241    correctly.                   enabled/disabled


                        The "Display Error
                        Notification" setting should
CCE-5136-7   CCE-259    be configured correctly.     enabled/disabled
                        The "Internet Explorer
                        Maintenance Policy
                        Processing - Allow
                        processing across a slow
                        network connection" setting
                        should be configured
CCE-4665-6   CCE-365    correctly.                   enabled/disabled




                        Group Policy - Registry
CCE-5053-4   CCE-584    policy processing
                        The "Turn Off Automatic
                        Root Certificates Update"
                        setting should be
CCE-5054-2   CCE-858    configured correctly.        enabled/disabled
                        Turn off downloading of
CCE-5200-1   CCE-887    print drivers over HTTP
                        The "Turn Off Event Views
                        'Events.asp' Links" setting
                        should be configured
CCE-4953-6   CCE-263    correctly.                  enabled/disabled
                        The "Turn Off Internet
                        Connection Wizard if URL
                        Connection is Referring to
                        Microsoft.com" setting
                        should be configured
CCE-4707-6   CCE-1055   correctly.                  enabled/disabled

                        Turn off Internet download
                        for Web publishing and
CCE-5099-7   CCE-691    online ordering wizards
                        The "Turn Off Internet File
                        Association Service"
                        setting should be
CCE-5121-9   CCE-1064   configured correctly.       enabled/disabled



CCE-4513-8   CCE-852    Turn off printing over HTTP

                        The "Turn Off Registration
                        if URL Connection is
                        Referring to Microsoft.com"
                        setting should be
CCE-4641-7   CCE-88     configured correctly.       enabled/disabled

                        Turn off Search
                        Companion content file
CCE-5055-9   CCE-818    updates
                        The "Turn Off the 'Order
                        Prints' Picture Task" setting
                        should be configured
CCE-5072-4   CCE-375    correctly.                    enabled/disabled
                        The "Turn off the 'Publish
                        to Web' task for files and
                        folders" setting should be
CCE-4887-6   CCE-1009   configured correctly.         enabled/disabled
                        Turn off the Windows
                        Messenger Customer
                        Experience Improvement
CCE-4224-2   CCE-722    Program
                        The "Turn Off Windows
                        Movies Maker Automatic
                        Codec Downloads" setting
                        should be configured
CCE-4242-4   CCE-1040   correctly.                  enabled/disabled
                        The "Turn Off Windows
                        Movie Maker Online Web
                        Links" setting should be
CCE-4732-4   CCE-1062   configured correctly.       enabled/disabled
                        The "Turn Off Windows
                        Movie Maker Saving to
                        Online Video Hosting
                        Provider" setting should be
CCE-4997-3   CCE-93     configured correctly.       enabled/disabled


                        Turn off Windows Update
CCE-5014-6   CCE-927    device driver searching



                        Logon - Do not process the
CCE-5032-8   CCE-583    run once list
                        The "Don't Display the
                        Getting Started Welcome
                        Screen at Logon" setting
                        should be configured
CCE-5160-7   CCE-1020   correctly.                 enabled/disabled

                        The "Prevent IIS
                        Installation" setting should
CCE-4262-2   CCE-474    be configured correctly.       enabled/disabled
                        The "Turn off downloading
                        of enclosures" setting
                        should be configured
CCE-4581-5   CCE-767    correctly.                     enabled/disabled
                        The "Do not allow
                        passwords to be saved"
                        setting should be
                        configured correctly for
CCE-4849-6   CCE-976    Terminal Services.
                        The "Turn off shell protocol
                        protected mode" setting
                        should be configured
CCE-4270-5   CCE-480    correctly.                     enabled/disabled
                        The "Prohibit non-
                        administrators from
                        applying vendor signed
                        updates" setting should be
CCE-5025-2   CCE-612    configured correctly.          enabled/disabled
                        The "Do Not Show First
                        Use Dialog Boxes" setting
                        for Windows Media Player
                        should be configured
CCE-4791-0   CCE-1140   correctly.                 enabled/disabled
                        The "Prevent Desktop
                        Shortcut Creation" setting
                        for Windows Media Player
                        should be configured
CCE-4482-6   CCE-313    correctly.                 enabled/disabled

                        The "Current user
                        screensaver secure" policy
CCE-4500-5   CCE-949    should be set correctly.   (1) enabled/disabled
                        Prompt for password on
                        resume from
                        hibernate/suspend should
CCE-4390-1   CCE-509    be set correctly.
                        Do not preserve zone
                        information in file
                        attachments should be set
CCE-4412-3   CCE-12     correcly.


                        Hide mechanisms to
                        remove zone information
CCE-5042-7   CCE-58     should be set correcly.

                        Notify antivirus programs
                        when opening attachments
CCE-5059-1   CCE-372    should be set correcly.
                                        DISA Gold
            CCE Technical Mechanisms
                                       Disk for WXP



                                       ?



(1) defined by the object's SACL
                                       ?




(1) defined by the object's SACL
                                       ?




(1) defined by the object's SACL

                                       File Auditing -
                                       Must Have ACE
(1) defined by the object's DACL       (CID:269)
                                       ?



(1) defined by the object's DACL
                                       ?




(1) defined by the object's DACL
                                       ?




(1) defined by the object's DACL
                                       ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL


                                   System Drive ACL
(1) defined by the object's DACL   (CID:2000)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL



                                   Driver.cab ACL
(1) defined by the object's DACL   (CID:4083)
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   regedit.exe ACL
(1) defined by the object's DACL   (CID:2001)
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL



(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL



                                   arp.exe ACL
(1) defined by the object's DACL   (CID:2002)



                                   at.exe ACL
(1) defined by the object's DACL   (CID:2003)



                                   attrib.exe ACL
(1) defined by the object's DACL   (CID:2004)



                                   cacls.exe ACL
(1) defined by the object's DACL   (CID:2005)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL



                                   Eventlog ACL
(1) defined by the object's DACL   (CID:225)



                                   debug.exe ACL
(1) defined by the object's DACL   (CID:2006)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL



                                   edlin.exe ACL
(1) defined by the object's DACL   (CID:2007)



                                   eventcreate.exe
(1) defined by the object's DACL   ACL (CID:2008)



                                   eventtriggers.exe
(1) defined by the object's DACL   ACL (CID:2009)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL




(1) defined by the object's DACL   ftp.exe ACL (CID:2010)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL




                                   nbtstat.exe ACL
(1) defined by the object's DACL   (CID:2011)




                                   net.exe ACL
(1) defined by the object's DACL   (CID:2012)




                                   net1.exe ACL
(1) defined by the object's DACL   (CID:2013)




                                   netsh.exe ACL
(1) defined by the object's DACL   (CID:2014)




                                   netstat.exe ACL
(1) defined by the object's DACL   (CID:2015)




                                   nslookup.exe ACL
(1) defined by the object's DACL   (CID:2016)
                                   ntbackup.exe ACL
(1) defined by the object's DACL   (CID:2017)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL




                                   rcp.exe ACL
(1) defined by the object's DACL   (CID:2018)




                                   reg.exe ACL
(1) defined by the object's DACL   (CID:2019)




                                   regedt32.exe ACL
(1) defined by the object's DACL   (CID:2020)



                                   regini.exe ACL
(1) defined by the object's DACL   (CID:2021)



                                   regsvr32.exe ACL
(1) defined by the object's DACL   (CID:2022)
                                   rexec.exe ACL
(1) defined by the object's DACL   (CID:2023)



                                   route.exe ACL
(1) defined by the object's DACL   (CID:2024)



                                   rsh.exe ACL
(1) defined by the object's DACL   (CID:2025)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL



                                   sc.exe ACL
(1) defined by the object's DACL   (CID:2026)



                                   secedit.exe ACL
(1) defined by the object's DACL   (CID:2027)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL



                                   subst.exe ACL
(1) defined by the object's DACL   (CID:2028)



                                   systeminfo.exe
(1) defined by the object's DACL   ACL (CID:2029)



                                   telnet.exe ACL
(1) defined by the object's DACL   (CID:2030)



                                   tftp.exe ACL
(1) defined by the object's DACL   (CID:2031)



                                   tlntsvr.exe ACL
(1) defined by the object's DACL   (CID:2032)
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL




                                   Winreg ACL
(1) defined by the object's DACL   (CID:237)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL




                                   SNMP - Permitted
                                   Managers
(1) defined by the object's DACL   (CID:1033)




                                   SNMP
                                   Communities
(1) defined by the object's DACL   (CID:4046)
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?



(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                   ?




(1) defined by the object's DACL
                                                                 User Right Check
(1) defined by the SeDenyNetworkLogonRight setting in Local      deny access from
or Group Policy                                                  network (CID:162)


                                                                 User Right Check
(1) defined by the SeNetworkLogonRight setting in Local or       Logon on network
Group Policy                                                     (CID:152)

                                                                 User Right Check
(1) defined the SeTcbPrivilege setting in by Local or Group      act as OS
Policy                                                           (CID:153)


(1) defined the SeBackupPrivilege setting in by Local or         User Right Check
Group Policy                                                     Backup (CID:155)
                                                                 User Right Check
                                                                 Bypass Traverse
(1) defined the SeChangeNotifyPrivilege setting in by Local or   Checking
Group Policy                                                     (CID:156)

                                                                 User Right Check
(1) defined the SeSystemTimePrivilege setting in by Local or     change system
Group Policy                                                     time (CID:157)

                                                                 User Right Check
(1) defined the SeCreatePagefilePrivilege setting in by Local    create pagefile
or Group Policy                                                  (CID:158)

                                                                 User Right Check
(1) defined the SeCreateTokenPrivilege setting in by Local or    create token object
Group Policy                                                     (CID:159)
                                                                 User Right Check
                                                                 create permanent
(1) defined the SeCreatePermanentPrivilege setting in by         shared objects
Local or Group Policy                                            (CID:160)

                                                                 User Right Check
(1) defined the SeDebugPrivilege setting in by Local or Group    debug programs
Policy                                                           (CID:161)

                                                                 User Right Check
(1) defined the SeRemoteShutdownPrivilege setting in by          remote shutdown
Local or Group Policy                                            (CID:165)

                                                                 User Right Check
(1) defined the SeAuditPrivilege setting in by Local or Group    generate security
Policy                                                           audits (CID:173)
                                                                  User Right Check
(1) defined the SeIncreaseQuotaPrivilege setting in by Local      increase quotas
or Group Policy                                                   (CID:166)
                                                                  User Right Check
                                                                  increase
(1) defined the SeIncreaseBasePriorityPrivilege setting in by     scheduling priority
Local or Group Policy                                             (CID:167)
                                                                  User Right Check
                                                                  load and unload
(1) defined the SeLoadDriverPrivilege setting in by Local or      device drivers
Group Policy                                                      (CID:168)

                                                                  User Right Check
(1) defined the SeLockMemoryPrivilege setting in by Local or      lock pages in
Group Policy                                                      memory (CID:169)

                                                                  User Right Check
(1) defined the SeBatchLogonRight setting in by Local or          log on as a batch
Group Policy                                                      job (CID:170)

                                                                  User Right Check
(1) defined the SeServiceLogonRight setting in by Local or        log on as a service
Group Policy                                                      job (CID:171)
                                                                  User Right Check
(1) defined the SeInteractiveLogonRight setting in by Local or    log on locally
Group Policy                                                      (CID:172)
                                                                  ?

(1) defined the SeSecurityPrivilege setting in by Local or
Group Policy

                                                                  User Right Check
(1) defined the SeSystemEnvironmentPrivilege setting in by        modify firmware
Local or Group Policy                                             (CID:174)

                                                                  User Right Check
(1) defined the SeProfileSingleProcessPrivilege setting in by     Profile single
Local or Group Policy                                             process (CID:175)
                                                                  User Right Check
                                                                  Profile system
(1) defined the SeSystemProfilePrivilege setting in by Local or   performance
Group Policy                                                      (CID:176)



(1) defined the SeUndockPrivilege setting in by Local or          User Right Check
Group Policy                                                      undock (CID:177)
                                                                User Right replace
(1) defined the SeAssignPrimaryTokenPrivilege setting in by     process token
Local or Group Policy                                           (CID:178)


(1) defined the SeRestorePrivilege setting in by Local or       User Right restore
Group Policy                                                    (CID:179)


(1) defined the SeShutdownPrivilege setting in by Local or      User Right shut
Group Policy                                                    down (CID:180)


                                                                User Right take
(1) defined the SeTakeOwnershipPrivilege setting in by Local    ownership
or Group Policy                                                 (CID:182)



(1) defined the SeSynchAgentPrivilege setting in by Local or    User Right synch
Group Policy                                                    directory (CID:181)

                                                                User Right Check
(1) defined the SeDenyInteractiveLogonRight setting in by       deny logon locally
Local or Group Policy                                           (CID:163)


                                                                User Right Check
                                                                allow trust for
(1) defined the SeEnableDelegationPrivilege setting in by       delegation
Local or Group Policy                                           (CID:164)

                                                                User Right Check
(1) defined the SeMachineAccountPrivilege setting in by Local   Add wkstn to
or Group Policy                                                 domain (CID:154)

                                                                User Right allow
(1) defined the SeRemoteInteractiveLogonRight setting in by     logon terminal
Local or Group Policy                                           service (CID:737)
                                                                ?

(1) defined the SeDenyBatchLogonRight setting in by Local or
Group Policy
                                                                ?

(1) defined the SeDenyServiceLogonRight setting in by Local
or Group Policy
                                                              User Right deny
(1) defined the SeDenyRemoteInteractiveLogonRight setting     logon terminal
in by Local or Group Policy                                   service (CID:738)
                                                              User Right perform
                                                              volume
(1) defined the SeManageVolumePrivilege setting in by Local   maintenance
or Group Policy                                               (CID:739)



                                                              Lockout Reset
(1) defined by Local or Group Policy                          (CID:45)


                                                              Lockout Duration
(1) defined by Local or Group Policy                          (CID:44)


                                                              Lockout Count
(1) defined by Local or Group Policy                          (CID:43)


                                                              Account logon
(1) defined by Local or Group Policy                          auditing (CID:49)


                                                              Account logon
(1) defined by Local or Group Policy                          auditing (CID:49)


                                                              Account
                                                              management
(1) defined by Local or Group Policy                          auditing (CID:51)


                                                              Account
                                                              management
(1) defined by Local or Group Policy                          auditing (CID:51)
                                                              ?




(1) defined by Local or Group Policy
                                                              ?




(1) defined by Local or Group Policy


                                                              logon auditing
(1) defined by Local or Group Policy                          (CID:53)
                                                             logon auditing
(1) defined by Local or Group Policy                         (CID:53)



                                                             object access
(1) defined by Local or Group Policy                         auditing (CID:55)


                                                             object access
(1) defined by Local or Group Policy                         auditing (CID:55)



                                                             policy change
(1) defined by Local or Group Policy                         auditing (CID:56)


                                                             policy change
(1) defined by Local or Group Policy                         auditing (CID:56)


                                                             priv use auditing
(1) defined by Local or Group Policy                         (CID:58)


                                                             priv use auditing
(1) defined by Local or Group Policy                         (CID:58)
                                                             ?




(1) defined by Local or Group Policy
                                                             ?



(1) defined by Local or Group Policy


                                                             system event
(1) defined by Local or Group Policy                         auditing (CID:59)


                                                             system event
(1) defined by Local or Group Policy                         auditing (CID:59)
                                                             Anonymous
(1)                                                          Access to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic           Security Event
es\EventLog\Application\RestrictGuestAccess (2) defined by   Log value
Group Policy                                                 (CID:479)
(1) defined by the Windows Event Log (2) defined by Group
Policy (3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Application log size
es\EventLog\Application\MaxSize                                 (CID:82)

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Application log
es\EventLog\Application\Retention (2) defined by Group Policy   retention (CID:85)




                                                                Anonymous
(1)                                                             Access to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Security Event
es\EventLog\Security\RestrictGuestAccess (2) defined by         Log value
Group Policy                                                    (CID:477)
(1) defined by the Windows Event Log (2) defined by Group
Policy (3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Security log size
es\EventLog\Security\MaxSize                                    (CID:80)

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Security log
es\EventLog\Application\Retention (2) defined by Group Policy   retention (CID:83)




                                                                Anonymous
(1)                                                             Access to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              Security Event
es\EventLog\System\RestrictGuestAccess (2) defined by           Log value
Group Policy                                                    (CID:482)
(1) defined by the Windows Event Log (2) defined by Group
Policy (3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              System log size
es\EventLog\System\MaxSize                                      (CID:81)

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic              System log
es\EventLog\Application\Retention (2) defined by Group Policy   retention (CID:84)
                                                                   Maximum
                                                                   Password Age
(1) defined by Local or Group Policy                               (CID:40)
                                                                   Minimum
                                                                   Password Age
(1) defined by Local or Group Policy                               (CID:41)


                                                                   Password Length
(1) defined by Local or Group Policy                               (CID:39)
                                                                   ?



(1) defined by Local or Group Policy


                                                                   Password History
(1) defined by Local or Group Policy                               (CID:42)


                                                                   Reversible Pwd
                                                                   Encryption
(1) defined by Local or Group Policy                               (CID:232)
(1)                                                                ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Alerter\Start (2) defined by the Services Administrative Tool
(3) definied by Group Policy
                                                                   ?
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window
s\WindowsUpdate\AU\NoAutoUpdate (2) defined by the
Services Administrative Tool (3) definied by Group Policy
(1)                                                                ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\BITS\Start (2) defined by the Services Administrative Tool
(3) definied by Group Policy
 (1)                                                               ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\ClipSrv\Start (2) defined by the Services Administrative
Tool (3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Browser\Start (2) defined by the Services Administrative           Computer Browser
Tool (3) definied by Group Policy                                     Disabled (CID:22)

(1)
                                                                      Fast User
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                    Swithcing
es\FastUserSwitchingCompatibility\Start (2) defined by the            Compatibility
Services Administrative Tool (3) definied by Group Policy             Disabled (CID:729)
(1)                                                                   ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Fax\Start (2) defined by the Services Administrative Tool
(3) definied by Group Policy                                      s
 (1)                                                                  ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\MSFTPSVC\Start (2) defined by the Services
Administrative Tool (3) definied by Group Policy
                                                                      Internet
(1)
                                                                      Information
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                    System Installed -
es\IISADMIN\Start (2) defined by the Services Administrative          IIS Admin
Tool (3) definied by Group Policy                                     (CIS:4066)
(1)                                                                   ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\CiSvc\Start (2) defined by the Services Administrative Tool
(3) definied by Group Policy
 (1)
                                                                      Windows
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                    Messenger
es\Messenger\Start (2) defined by the Services Administrative         Internet Access
Tool (3) definied by Group Policy                                     (CIS:4036)

(1) defined by the Services Administrative Tool (2) definied by       .NET Framework
Group Policy                                                          service (CIS:4035)
(1)                                                                   ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Netlogon\Start (2) defined by the Services Administrative
Tool (3) definied by Group Policy
(1)
                                                                      NetMeeting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                    Romote Desktop
es\mnmsrvc\Start (2) defined by the Services Administrative           Sharing Disabled
Tool (3) definied by Group Policy                                     (CIS:730)
                                                                      Print Services for
(1) defined by the Services Administrative Tool (2) definied by       Unix Service
Group Policy                                                          (CIS:4031)
                                                                  Remote Access
                                                                  Auto Connection
(1) defined by the Services Administrative Tool (2) definied by   Manager Disabled
Group Policy                                                      (CIS:731)
(1)
                                                                  Remote Desktop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                Help Session
es\RDSessMgr\Start (2) defined by the Services                    Manager Disabled
Administrative Tool (3) definied by Group Policy                  (CIS:732)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Start (2) defined by the Services
Administrative Tool (3) definied by Group Policy
(1)                                                               ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\RemoteRegistry\Start (2) defined by the Services
Administrative Tool (3) definied by Group Policy
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                Routing and
es\RemoteAccess\Start (2) defined by the Services                 Remote Access
Administrative Tool (3) definied by Group Policy                  Disabled (CIS:733)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\RshSvc\Start (2) defined by the Services Administrative        Remote Shell
Tool (3) definied by Group Policy                                 Service (CIS:24)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SIMPTCP\Start (2) defined by the Services Administrative       Simple TCP/IP
Tool (3) definied by Group Policy                                 Service (CIS:25)
(1)                                                               ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SMTPSVC\Start (2) defined by the Services Administrative
Tool (3) definied by Group Policy
(1)
                                                                  Management and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                Monitoring Tools
es\SNMP\Start (2) defined by the Services Administrative Tool     Installed - SNMP
(3) definied by Group Policy                                      Service (CIS:4071)
 (1)
                                                                  Management and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic                Monitoring Tools
es\SNMPTRAP\Start (2) defined by the Services                     Installed - SNMP
Administrative Tool (3) definied by Group Policy                  Trap (CIS:4072)

                                                                  SSDP Discovery
(1) defined by the Services Administrative Tool (2) definied by   Service Disabled
Group Policy                                                      (CIS:734)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Schedule\Start (2) defined by the Services Administrative   Task Scheduler
Tool (3) definied by Group Policy                              Check (CIS:28)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\TlntSvr\Start (2) defined by the Services Administrative    23 - Telnet
Tool (3) definied by Group Policy                              Disabled (CIS:23)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\TermService\Start (2) defined by the Services               Terminal Services
Administrative Tool (3) definied by Group Policy               Disabled (CIS:735)
(1)                                                            ?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\upnphost\Start (2) defined by the Services Administrative
Tool (3) definied by Group Policy
                                                               Internet
                                                               Information Sytem
(1)
                                                               Installed - World
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic             Wide Web
es\W3SVC\Start (2) defined by the Services Administrative      Publishing
Tool (3) definied by Group Policy                              (CIS:4067)
                                                               ?




(1) set via Security Templates (2) definied by Group Policy
                                                               ?




(1) set via Security Templates (2) definied by Group Policy
                                                               ?




(1) set via Security Templates (2) definied by Group Policy
                                                               ?




(1) set via Security Templates (2) definied by Group Policy
                                                               ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy


                                                              File Shares
(1) set via Security Templates (2) definied by Group Policy   (CIS:230)
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy


                                                              Printer ACL
(1) set via Security Templates (2) definied by Group Policy   (CIS:229)
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
                                                              ?




(1) set via Security Templates (2) definied by Group Policy
(1)                                                            Restrict
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro             Anonymous value
l\Lsa\RestrictAnonymous (2) defined by Local or Group Policy   (CIS:97)
(1)                                                            ?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Lsa\RestrictAnonymousSAM (2) defined by Local or Group
Policy
                                                               ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro
l\Lsa\AnonymousNameLookup (2) defined by Local or Group

(1)                                                            Anon Access to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic             Application log
es\EventLog\Application                                        (CIS:78)

(1)                                                            Anon Access to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic             Security log
es\EventLog\System                                             (CIS:79)

(1)                                                            Anon Access to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic             System log
es\EventLog\Security                                           (CIS:77)



                                                               Guest Account
(1) Local Users and Groups MMC                                 Disabled (CIS:29)
                                                               ?



(1) Local Users and Groups MMC
(1)                                                            ?

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\LegalNoticeCaption (2) defined by
Local or Group Policy
 (1)                                                           ?
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\LegalNoticeText (2) defined by
Local or Group Policy
                                                               ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\LanmanServer\Parameters\AutoShareWks
                                                     CIS: Automatic
(1)                                                  Execution of the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows        System Debugger
NT\CurrentVersion\AEDebug\Auto                       value (CIS:749)


                                                     Admin Autologon
                                                     password values
                                                     not exist:
                                                     HKEY_LOCAL_M
                                                     ACHINE\Software\
                                                     Microsoft\Windows
                                                     NT\CurrentVersion
                                                     \Winlogon\Default
                                                     Password; Admin
                                                     Autologon Value:
                                                     HKEY_LOCAL_M
(1)                                                  ACHINE\*\AutoAd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows        minLogon
NT\CurrentVersion\Winlogon\AutoAdminLogon            (CIS:188, 189)

                                                     CIS: Disable
(1)                                                  Reboot After
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro   Crash value
l\CrashControl\AutoReboot                            (CID:755)
(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C      Autoplay value
urrentVersion\Policies\Explorer\NoDriveTypeAutoRun   (CID:103)
 (1)                                                 ?
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Cu
rrentVersion\Policies\Explorer\NoDriveTypeAutoRun
                                                     Disable Media
                                                     Autoplay
(1)                                                  (HKEY_USER-
HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur    .Default hive)
rentVersion\Policies\Explorer\NoDriveTypeAutoRun     Value (CID:752)
                                                     ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\CDrom\Autorun
                                                     ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\MrxSmb\Parameters\RefuseReset
                                                     ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
esTcpip\Parameters\EnableICMPRedirect
                                                     ?



(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\DisableIPSourceRouting
                                                     ?
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\PerformRouterDiscovery

                                                     CIS: Enable IPSec
                                                     secuiryt for
(1)                                                  Kerberos RSVP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic   Traffic value
es\IPSEC\NoDefaultExempt                             (CID:758)
                                                     CIS: Allow Dr.
(1)                                                  Watson Crash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DrWatson\C     Dumps value
reateCrashDump                                       (CID:746)
 (1)                                                 ?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\DontDisplayLastUserName

                                                     CIS: Hide
                                                     computer Name
(1)                                                  from other domain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic   controllers value
es\Lanmanserver\Parameters\Hidden                    (CID:761)
                                                     ?


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\EnableDeadGWDetect
                                                     ?


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\KeepAliveTime
                                                     ?



(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\TcpMaxHalfOpen
                                                        ?




(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\TcpMaxHalfOpenRetried
                                                        ?



(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Netbt\Parameters\NoNameReleaseOnDemand
                                                        ?


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\EnablePMTUDiscovery
                                                        ?


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Tcpip\Parameters\SynAttackProtect



(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Eventlog\Security\WarningLevel

(1)                                                     Disable saving of
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services    dial up password
\Rasman\Parameters\DisableSavePassword                  (CID:105)



(1)                                                     Safe DLL Search
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Sessio      Mode value
n Manager\SafeDllSearchMode                             (CID:774)
                                                        Always Wait for
                                                        the Network at
(1)                                                     Computer Startup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   and Logon
s NT\CurrentVersion\Winlogon\SyncForegroundPolicy       (CID:927)
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows           Cached Profiles
NT\DeleteRoamingCache                                       value (CID:93)
(1)                                                         Always Use
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre         Classic Logon
ntVersion\Policies\system\LogonType                         (CID:924)

                                                            Turn Off
(1)                                                         Background
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window       Refresh of Group
s\CurrentVersion\Policies\system\DisableBkGndGroupPolicy    Policy (CID:930)

(1)                                                         Internet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window       Connection
s\Network Connections\NC_ShowSharedAccessUI                 Sharing (CID:942)

                                                            Prohibit Installation
                                                            and Configuration
                                                            of Network Bridge
(1)                                                         on the DNS
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window       Domain Network
s\Network Connections\NC_AllowNetBridge_NLA                 (CID:945)
                                                            Disallow
                                                            Installation of
(1)                                                         Printers Using
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window       Kernel-mode
s NT\Printers\KMPrintersAreBlocked                          Drivers (CID:948)
                                                            ?



(1) defined by Local or Group Policy

                                                            Administrator
                                                            Account Renamed
(1) defined by Local or Group Policy                        (CID:30)

                                                            Guest Account
(1) defined by Local or Group Policy                        Renamed (CID:31)

(1)
                                                            Amount of idle
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services        time before
\LanManServer\Parameters\AutoDisconnect (2) defined by      disconnecting
Local or Group Policy                                       value (CID:213)
                                                            ?
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\AuditBaseObjects (2) defined by Local or Group Policy
                                                                 ?
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy
(1)                                                              ?

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\DisableCAD (2) defined by Local or
Group Policy




(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\             LMCompatibility
Lsa\LMCompatibilityLevel (2) defined by Local or Group Policy    Value (CID:123)
 (1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Print\Providers\LanMan Print                                     Print Driver
Services\Servers\AddPrinterDrivers (2) defined by Local or       Installation value
Group Policy                                                     (CID:99)


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows                Recovery Console
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2)        Autologon value
defined by Local or Group Policy                                 (CID:117)


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows                Recovery Console
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2)           Full Access Value
defined by Local or Group Policy                                 (CID:119)
                                                                 ?

(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms (2) defined by
Local or Group Policy


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies (2) defined by       Floppy Allocation
Local or Group Policy                                            (CID:89)

(1)
                                                                 Strength
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\             permissions on
Session Manager\ProtectionMode (2) defined by Local or           GSO value
Group Policy                                                     (CID:204)
                                                             Domain member:
(1)
                                                             Require strong
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services         (Windows 2000 or
\Netlogon\Parameters\RequireStrongKey (2) defined by Local   later) session key
or Group Policy                                              value (CID:770)

(1)
                                                             Send unencrypted
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services         password to 3rd
\LanmanWorkstation\Parameters\EnablePlainTextPassword        party SMB value
(2) defined by Local or Group Policy                         (CID:207)

                                                             Unsigned Driver
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Driver             Behavior Value
Signing\Policy (2) defined by Local or Group Policy          (CID:127)

(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows            Password
NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2)         Expiration value
defined by Local or Group Policy                             (CID:199)

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\         Crash on audit fail
Lsa\CrashOnAuditFail (2) defined by Local or Group Policy    Value (CID:121)
 (1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre          Shutdown before
ntVersion\Policies\System\ShutdownWithoutLogon (2) defined   logon Check
by Local or Group Policy                                     (CID:217)
 (1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
Session Manager\Memory
Management\ClearPageFileAtShutdown (2) defined by Local      Clear Pagefile
or Group Policy                                              value (CID:101)
 (1)                                                         ?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanmanWorkstation\Parameters\RequireSecuritySignature
(2) defined by Local or Group Policy
 (1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services         Enable Security
\LanmanWorkstation\Parameters\EnableSecuritySignature (2)    Signature Value
defined by Local or Group Policy                             (CID:113)
 (1)                                                         ?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\RequireSecuritySignature (2)
defined by Local or Group Policy
(1)                                                            ?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\EnableSecuritySignature (2)
defined by Local or Group Policy



(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount (2) defined       Logon Caching
by Local or Group Policy                                       value (CID:91)



(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows              NTFS Media
NT\CurrentVersion\Winlogon\AllocateDASD (2) defined by         Ejection value
Local or Group Policy                                          (CID:2010)
                                                               Digitally encrypt or
(1)
                                                               sign secure
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services           channel data
\Netlogon\Parameters\RequireSignOrSeal (2) defined by Local    (always) value
or Group Policy                                                (CID:743)
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services           Sign Secure
\Netlogon\Parameters\SealSecureChannel (2) defined by          Channel Traffic
Local or Group Policy                                          Value (CID:109)
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services           Sign Secure
\Netlogon\Parameters\SignSecureChannel (2) defined by          Channel Traffic
Local or Group Policy                                          Value (CID:107)

(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows              Smart Card
NT\CurrentVersion\Winlogon\ScRemoveOption (2) defined by       Removal Behavior
Local or Group Policy                                          Value (CID:125)
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services           Disable password
\Netlogon\Parameters\DisablePasswordChange (2) defined by      change Value
Local or Group Policy                                          (CID:111)
                                                               Use FIPS
                                                               compliant
                                                               algorithms for
(1)                                                            encryption,
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\           hashing, and
Lsa\FIPSAlgorithmPolicy (2) defined by Local or Group Policy   signing (CID:804)
                                                              Default owner for
(1)
                                                              objects created by
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          members of the
Lsa\NoDefaultAdminOwner (2) defined by Local or Group         Administrators
Policy                                                        group (CID:807)
                                                              System Object:
                                                              Require Case
(1)
                                                              Insensitivity for
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          Non-Windows
Session Manager\Kernel\ObCaseInsensitive (2) defined by       Subsystems
Local or Group Policy                                         (CID:810)
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          Limit Blank
Lsa\LimitBlankPasswordUse (2) defined by Local or Group       Passwords value
Policy                                                        (CID:764)
(1)                                                           ?
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\System\UndockWithoutLogon (2) defined by
Local or Group Policy
                                                              ?



(1) defined by Local or Group Policy
(1)
                                                              LDAP client
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services          signing
\LDAP\LDAPClientIntegrity (2) defined by Local or Group       requirements
Policy                                                        (CID:795)
                                                              ?



(1) defined by Local or Group Policy
                                                              Accounts:
(1)
                                                              Maximum machine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services          account password
\Netlogon\Parameters\MaximumPasswordAge (2) defined by        age value
Local or Group Policy                                         (CID:767)

                                                              Domain Controller
                                                              Authentication to
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows             Unlock
NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) defined       Workstation Value
by Local or Group Policy                                      (CID:777)
(1)
                                                              Automatically log
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services          off user when
\LanManServer\Parameters\EnableForcedLogoff (2) defined       logon time expires
by Local or Group Policy                                      value (CID:210)
                                                              Do not allow
                                                              storage of
                                                              credentials or
                                                              .NET Passports for
(1)                                                           network
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          authentication
Lsa\DisableDomainCreds (2) defined by Local or Group Policy   value (CID:780)
                                                              Let Everyone
(1)
                                                              permissions apply
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          to anonymous
Lsa\EveryoneIncludesAnonymous (2) defined by Local or         users Value
Group Policy                                                  (CID:783)
                                                              ?

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\NullSessionPipes (2) defined by
Local or Group Policy
                                                              ?



(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
SecurePipeServers\Winreg\AllowedPathsHKLM (2) defined by
Local or Group Policy
 (1)                                                          ?
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\LanManServer\Parameters\NullSessionShares (2) defined by
Local or Group Policy


                                                              Sharing and
(1)                                                           security model for
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          local accounts
Lsa\ForceGuest (2) defined by Local or Group Policy           Value (CID:786)
                                                              Do not store LAN
                                                              Manager hash
(1)                                                           value on next
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\          password change
Lsa\NoLMHash (2) defined by Local or Group Policy             (CID:789)

                                                              Logon Time
                                                              Enforcement
(1) defined by Local or Group Policy                          (CID:46)
(1)
                                                       Minimum session
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\   security for NTLM
Lsa\MSV1_0\NTLMMinClientSec (2) defined by Local or    SSP based clients
Group Policy                                           (CID:798)




(1)
                                                       Minimum session
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\   security for NTLM
Lsa\MSV1_0\NTLMMinServerSec (2) defined by Local or    SSP based
Group Policy                                           servers (CID:801)

                                                       Non-NTFS
                                                       Partition
(1) Disk Management MMC                                (CID:10)




(1) HKEY_CURRENT_USER\Control
Panel\Desktop\ScreenSaveTimeOut
                                                       Default user
(1) HKEY_USER\.DEFAULT\Control                         scrnsave.exe
Panel\Desktop\SCRNSAVE.EXE                             (CID:67)
                                                       Default user
                                                       screensaver
(1) HKEY_USER\.DEFAULT\Control                         timeout (CID:68,
Panel\Desktop\ScreenSaveTimeOut                        71)

                                                       Default user
(1) HKEY_USER\.DEFAULT\Control                         screensaver
Panel\Desktop\ScreenSaverIsSecure                      secure (CID:69)
                                                       Default user
(1) HKEY_USER\.DEFAULT\Control                         screensaver active
Panel\Desktop\ScreenSaveActive                         (CID:70)
                                                       Current user
(1) HKEY_CURRENT_USER\Control                          scrnsave.exe
Panel\Desktop\SCRNSAVE.EXE                             (CID:76)

                                                       Current user
(1) HKEY_CURRENT_USER\Control                          screensaver
Panel\Desktop\ScreenSaveTimeOut                        timeout (CID:74)
                                                        Current user
(1) HKEY_CURRENT_USER\Control                           screensaver
Panel\Desktop\ScreenSaverIsSecure                       secure (CID:72)
                                                        Current user
(1) HKEY_CURRENT_USER\Control                           screensaver active
Panel\Desktop\ScreenSaveActive                          (CID:73)

(1)                                                     Always Install with
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Elevated Privileges
s\Installer\AlwaysInstallElevated                       (CID:888)

                                                        Disable IE Security
(1)                                                     Prompt for
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Windows Installer
s\Installer\SafeForScripting\                           Scripts (CID:891)
 (1)                                                    Enable User
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Control Over
s\Installer\EnableUserControl                           Installs (CID:894)

                                                        Enable User to
(1)                                                     Use Media Source
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   While Elevated
s\Installer\AllowLockDownMedia                          (CID:900)

                                                        Allow Admin to
(1)                                                     Install from
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Terminal Services
s\Installer\EnableAdminTSRemote                         Session (CID:906)
                                                        Enable User to
(1)                                                     Patch Elevated
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Products
s\Installer\AllowLockDownPatch                          (CID:903)

                                                        Cache Transforms
(1)                                                     in Secure Location
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   on Workstation
s\Installer\TransformSecure                             (CID:908)

                                                        Disable Media
(1)                                                     Player for XP
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   automatic Updates
sMediaPlayer\DisableAutoupdate                          (CID:912)

(1)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window    951 - Prevent
sMediaPlayer\PreventCodecDownload                       Codec Download
                                                        Do Not Allow
(1)                                                     Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messen   Messenger to be
ger\Client\PreventRun                                   Run (CID:915)

                                                        918 - Do Not
(1)                                                     Automatically Start
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messen   Windows
ger\Client\PreventAutoRun                               Messenger Initially

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo    Prohibit New Task
ws\Task Scheduler5.0\Task Creation                      Creation (CID:843)
(1)                                                     Limit Users to One
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Remote Session
s NT\Terminal Services\fSingleSessionPerUser            (CID:849)

(1)                                                     Limit Number of
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Connections
s NT\Terminal Services\MaxInstanceCount                 (CID:852)


(1)                                                     Do Not Allow New
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Client Connections
s NT\Terminal Services\fDenyTSConnections               (CID:855)


                                                        Do Not Allow Local
(1)                                                     Administrators to
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Customize
s NT\Terminal Services\fWritableTSCCPermTab             (CID:858)

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo    Remote Control
ws NT\Terminal Services\Shadow                          Settings (CID:861)
                                                        Always Prompt
                                                        Client for
(1)                                                     Password upon
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Connection
s NT\Terminal Services\fPromptForPassword               (CID:864)

                                                        Set Client
(1)                                                     Connection
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Encryption
s NT\Terminal Services\MinEncryptionLevel               (CID:867)


(1)                                                     Do Not Use Temp
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Folders per
s NT\Terminal Services\PerSessionTempDir                Session (CID:870)
(1)                                                     Do Not Delete
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Temp Folder upon
s NT\Terminal Services\DeleteTempDirsOnExit             Exit (CID:873)

                                                        Set Time Limit for
(1)                                                     Disconnected
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Sessions
s NT\Terminal Services\MaxDisconnectionTime             (CID:876)

(1)                                                     Set Time Limit for
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Idle Sessions
s NT\Terminal Services\MaxIdleTime                      (CID:879)

                                                        Allow
(1)                                                     Reconnection from
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Original Client
s NT\Terminal Services\fReconnectSame                   Only (CID:882)

                                                        Terminate Session
(1)                                                     When Time Limits
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   are Reached
s NT\Terminal Services\fResetBroken                     (CID:885)

(1)                                                     Keep-Alive
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Messages
s NT\Terminal Services\KeepAliveEnable                  (CID:846)


(1)                                                     Solicited Remote
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Assistance
s NT\Terminal Services\fAllowToGetHelp                  (CID:933)

                                                        Unsolicited
(1)                                                     Remote
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Window   Assistance
s NT\Terminal Services\fAllowUnsolicited                (CID:936)
 (1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHeal   Report Errors
th\ErrorReporting\DoReport                              (CID:939)
                                                        ?



                                                        ?



                                                        ?
                                                            ?



                                                            ?




(1)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\S
ystem\SCForceOption
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions



HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\Tcpip\Parameters\TcpMaxDataRetransmissions




(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy
(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy                                                    `


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy
(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy
(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy

(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy
(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy



(1) defined by the Services Administrative Tool (2) definied by
Group Policy




(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy


(1) defined by the Services Administrative Tool (2) definied by
Group Policy




HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
FileSystem\NtfsDisable8dot3NameCreation


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\RPC\EnableAuthEpResolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows NT\RPC\RestrictRemoteClients
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\En
ableFirewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Do
NotAllowExceptions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Au
thorizedApplications\AllowUserPrefMerge


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\En
abled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Se
rvices\FileAndPrint\Enabled




HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Se
rvices\RemoteDesktop\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Se
rvices\UPnPFramework\Enabled


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Di
sableNotifications
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Lo
gging\LogDroppedPackets (2) Computer
Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Domain Profile\Windows
Firewall: Allow Logging - Log Dropped Packets
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Lo
gging\LogFilePath (2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging - Log
file path and name (3) Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Logging\Name
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Lo
gging\LogFileSize (2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging -
Size limit (KB)
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Lo
gging\LogSuccessfulConnections (2) Computer
Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Domain Profile\Windows
Firewall: Allow Logging - Log successful connections



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Di
sableUnicastResponsesToMulticastBroadcast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Gl
oballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Gl
oballyOpenPorts\AllowUserPrefMerge
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\E
nableFirewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\D
oNotAllowExceptions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\A
uthorizedApplications\AllowUserPrefMerge
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\S
ervices\RemoteDesktop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\S
ervices\RemoteDesktop\Enabled




HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\I
CMPSettings\*
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\S
ervices\RemoteDesktop\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\S
ervices\UPnPFramework\Enabled


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\D
isableNotifications
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\L
ogging\LogDroppedPackets (2) Computer
Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Standard Profile\Windows
Firewall: Allow Logging - Log Dropped Packets


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\L
ogging\LogFilePath


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\L
ogging\LogFileSize



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\L
ogging\LogSuccessfulConnections



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\D
isableUnicastResponsesToMulticastBroadcast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
GloballyOpenPorts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
GloballyOpenPorts\AllowUserPrefMerge


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\SharedAccess\Parameters\FirewallPolicy




(1) defined by the object's DACL



(2)HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peer
net\Disabled



GPO Setting: Computer Configuration\Administrative
Templates\Network\Network Connections\Prohibit use of
Internet Connection Firewall on your DNS domain network
GPO Settings: Computer Configuration\Administrative
Templates\System\Error Reporting\Display Error Notification,
Computer Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Display Error
Notification




GPO Setting: Computer Configuration\Administrative
Templates\System\Group Policy\Internet Explorer
Maintenance Policy Processing
(1) Computer Configuration\Administrative
Templates\System\Group Policy
(2)HKLM\Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}!NoBackgroundPolicy,
HKLM\Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}!NoGPOListChanges


(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Syst
emCertificates\AuthRoot\DisableRootAutoUpdate
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableWebPnPDownload


(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Even
tViewer\MicrosoftEventVwrDisableLinks




(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dows\Internet Connection Wizard\ExitOnMSICW
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
\Explorer!NoWebServices


(2)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\NoInternetOpenWith
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableHTTPPrinting




(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dows\Registration Wizard Control\NoRegistration
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Policies\Microsoft\SearchCompanion!Disab
leContentFileUpdates


(2)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\NoOnlinePrintsWizard

(2)[HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER]
\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Expl
orer\NoPublishingWizard

(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP
(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dowsMovieMaker\CodecDownload


(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dowsMovieMaker\WebHelp



(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dowsMovieMaker\WebPublish
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)HKLM\Software\Policies\Microsoft\Windows\DriverSearchin
g!DontSearchWindowsUpdate
(1) Computer Configuration\Administrative
Templates\System\Logon
(2)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOn
ce



(2)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\NoWelcomeScreen


(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dows NT\IIS\PreventIISInstall


(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Inter
net Explorer\Feeds\DisableEnclosureDownload
(1) Computer Configuration\Administrative
Templates\Windows Components\Terminal Services\Remote
Desktop Connection
(2)HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\DisablePasswordSaving


(2)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior



(2)HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win
dows\Installer\DisableLUAPatching
GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Media Player\Do
Not Show First Use Dialog Boxes


GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Media
Player\Prevent Desktop Shortcut Creation


(1) HKEY_CURRENT_USER\Control
Panel\Desktop\ScreenSaverIsSecure
(1) User Configuration\Administrative
Templates\System\Power Mangement
(2)HKEY_CURRENT_USER\Software\Policies\Microsoft\Wind
ows\System\Power\PromptPasswordOnResume
(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur
rentVersion\Policies\Attachments\SaveZoneInformation

(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur
rentVersion\Policies\Attachments\HideZoneInfoOnProperties
(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur
rentVersion\Policies\Attachments\ScanWithAntiVirus
                                                         CIS WXP Pro
NSA Security Guide                                     Benchmark v2.01
                                 CIS WXP Pro
 for WXP (NSA-XP-                                     (CIS_WindowsXP_
                                Benchmark v1.3
  C44-026-02.pdf)                                     Benchmark_v2.01.
                                                             pdf)

?


                            4.4.3.1 %SystemDrive%
?

                            4.4.3.2
                            HKEY_LOCAL_MACHINE\Soft
                            ware
?

                            4.4.3.3
                            HKEY_LOCAL_MACHINE\Syst
                            em
?




%AllUsersProfile%



%AllUsersProfile%\Applica
tion Data



%AllUsersProfile%\Applica
tion Data\Microsoft



%AllUsersProfile%\Applica
tion
Data\Microsoft\Crypto\DSS
HKLMKeys
%AllUsersProfile%\Applica
tion
Data\Microsoft\Crypto\RSA
HKLMKeys



%AllUsersProfile%\Applica
tion Data\Microsoft\Dr
Watson



%AllUsersProfile%\Applica
tion Data\Microsoft\Dr
Watson\drwtsn32.log



%AllUsersProfile%\Applica
tion Data\Microsoft\HTML
Help



%AllUsersProfile%\Applica
tion Data\Microsoft\Media
Index



%AllUsersProfile%\Docum
ents\desktop.ini



%AllUsersProfile%\DRM



%ProgramFiles%



%SystemDrive%               4.4.1.1 %SystemDrive%
%SystemDrive%\autoexec.
bat




%SystemDrive%\config.sys



%SystemDrive%\Documen
ts and Settings



%SystemDrive%\Documen
ts and
Settings\Administrator


%SystemDrive%\Documen
ts and Settings\Default
User



%SystemDrive%\io.sys



%SystemDrive%\msdos.sy
s



%SystemDrive%\ntbootdd.
sys



%SystemDrive%\ntdetect.c
om



%SystemDrive%\ntldr
%SystemDrive%\System
Volume Information



%SystemRoot%
?




%SystemRoot%\$NtServic
ePackUninstall$



%SystemRoot%\CSC



%SystemRoot%\Debug



%SystemRoot%\Debug\Us
erMode
                         ?


%SystemRoot%\Debug\Us
erMode\userenv.log



%SystemRoot%\Installer



%SystemRoot%\Offline
Web Pages



%SystemRoot%\Prefetch
%SystemRoot%\regedit.ex 4.4.1.17
e                       %SystemRoot%\regedit.exe


%SystemRoot%\Registrati
on



%SystemRoot%\Registrati
on\CRMLog



%SystemRoot%\repair



%SystemRoot%\security



%SystemRoot%\Temp



%SystemRoot%\system32



%SystemRoot%\system32\
arp.exe


                       4.4.1.2
%SystemRoot%\system32\ %SystemRoot%\system32\at.e
at.exe                 xe
?

                          4.4.1.3
                          %SystemRoot%\system32\attri
                          b.exe
?

                          4.4.1.4
                          %SystemRoot%\system32\cacl
                          s.exe
%SystemRoot%\system32\
ciadv.msc



%SystemRoot%\system32\
Com\comexp.msc



%SystemRoot%\system32\
compmgmt.msc



%SystemRoot%\system32\
config
?




?

                         4.4.1.5
                         %SystemRoot%\system32\deb
                         ug.exe



%SystemRoot%\system32\
devmgmt.msc



%SystemRoot%\system32\
dfrg.msc



%SystemRoot%\system32\
diskmgmt.msc



%SystemRoot%\system32\
dllcache
?

                         4.4.1.6
                         %SystemRoot%\system32\drw
                         atson.exe
?

                         4.4.1.7
                         %SystemRoot%\system32\drw
                         tsn32.exe
?

                         4.4.1.8
                         %SystemRoot%\system32\edli
                         n.exe
?

                         4.4.1.9
                         %SystemRoot%\system32\eve
                         ntcreate.exe
?

                         4.4.1.10
                         %SystemRoot%\system32\eve
                         nttriggers.exe



%SystemRoot%\system32\
eventvwr.msc



%SystemRoot%\system32\
fsmgmt.msc
?

                         4.4.1.11
                         %SystemRoot%\system32\ftp.
                         exe




%SystemRoot%\system32\
gpedit.msc




%SystemRoot%\system32\
Group Policy
%SystemRoot%\system32\
ias



%SystemRoot%\system32\
lusrmgr.msg



%SystemRoot%\system32\
MSDTC



%SystemRoot%\system32\
nbstat.exe
?




?

                         4.4.1.12
                         %SystemRoot%\system32\net.
                         exe
?

                         4.4.1.13
                         %SystemRoot%\system32\net
                         1.exe



                       4.4.1.14
%SystemRoot%\system32\ %SystemRoot%\system32\net
netsh.exe              sh.exe




%SystemRoot%\system32\
netstat.exe




%SystemRoot%\system32\
nslookup.exe
%SystemRoot%\system32\
Ntbackup.exe




%SystemRoot%\system32\
NTMSData



%SystemRoot%\system32\
ntmsoprq.msc



%SystemRoot%\system32\
ntmsmgr.msc



%SystemRoot%\system32\
perfmon.msc


                       4.4.1.15
%SystemRoot%\system32\ %SystemRoot%\system32\rcp.
rcp.exe                exe



                       4.4.1.16
%SystemRoot%\system32\ %SystemRoot%\system32\reg.
reg.exe                exe


                       4.4.1.18
%SystemRoot%\system32\ %SystemRoot%\system32\reg
regedt32.exe           edt32.exe



%SystemRoot%\system32\
regini.exe
?

                         4.4.1.19
                         %SystemRoot%\system32\reg
                         svr32.exe
                       4.4.1.20
%SystemRoot%\system32\ %SystemRoot%\system32\rex
rexec.exe              ec.exe



%SystemRoot%\system32\
route.exe


                       4.4.1.21
%SystemRoot%\system32\ %SystemRoot%\system32\rsh.
rsh.exe                exe



%SystemRoot%\system32\
RSoP.msc
?

                         4.4.1.22
                         %SystemRoot%\system32\run
                         as.exe
?

                         4.4.1.23
                         %SystemRoot%\system32\sc.e
                         xe



%SystemRoot%\system32\
secedit.exe



%SystemRoot%\system32\
secpol.msc



%SystemRoot%\system32\
services.msc



%SystemRoot%\system32\
Setup
%SystemRoot%\system32\
spool\Printers
?

                         4.4.1.24
                         %SystemRoot%\system32\sub
                         st.exe



%SystemRoot%\system32\
systeminfo.exe
?

                         4.4.1.25
                         %SystemRoot%\system32\teln
                         et.exe


                       4.4.1.26
%SystemRoot%\system32\ %SystemRoot%\system32\tftp.
tftp.exe               exe
?

                         4.4.1.27
                         %SystemRoot%\system32\tlnts
                         vr.exe



%SystemRoot%\system32\
wmimgmt.msc



%SystemRoot%\Tasks



HKEY_LOCAL_MACHINE\
SOFTWARE            4.4.2.1 HKLM\Software



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Cry
ptography\Calais
HKEY_LOCAL_MACHINE\ 4.4.2.9
SOFTWARE\Microsoft\MS HKLM\Software\Microsoft\MSD
DTC                   TC



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\MS
DTC\Security\XAKey



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Net
DDE



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\UP
nP Device Host



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win
dows
NT\CurrentVersion\Asr\Co
mmands



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win
dows
NT\CurrentVersion\Perflib


HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win      4.4.2.11
dows                        HKLM\SOFTWARE\Microsoft\
NT\CurrentVersion\SeCEdi    Windows
t                           NT\CurrentVersion\SeCEdit
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win
dows\CurrentVersion\Grou
p Policy



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win 4.4.2.2
dows\CurrentVersion\Instal HKLM\Software\Microsoft\Win
ler                        dows\CurrentVersion\Installer



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win 4.4.2.3
dows\CurrentVersion\Polici HKLM\Software\Microsoft\Win
es                         dows\CurrentVersion\Policies



HKEY_LOCAL_MACHINE\          4.4.2.8
SOFTWARE\Microsoft\Win       HKLM\SOFTWARE\Microsoft\
dows\CurrentVersion\Polici   Windows\CurrentVersion\Polici
es\Ratings                   es\Ratings



HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Win
dows\CurrentVersion\Telep
hony



HKEY_LOCAL_MACHINE\
SYSTEM              4.4.2.4 HKLM\System



HKEY_LOCAL_MACHINE\
SYSTEM\clone



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Control\Class
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Control\Network



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Control\SecurePipeServer
s\winreg



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Control\Wmi\Security



HKEY_LOCAL_MACHINE\ 4.4.2.5
SYSTEM\CurrentControlSe HKLM\System\CurrentControlS
t\Enum                  et\Enum



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Hardware Profiles



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\AppMgmt\Securi
ty




HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\ClipSrv\Security



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\CryptSvc\Securit
y
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\DNSCache



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Ersvc\Security



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Eventlog\Securit
y



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\IRENUM\Securit
y



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Netbt



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Netdde\Security



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Netddedsdm\Se
curity



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\RemoteAccess
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Rpcss\Security




HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Samss\Security



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Scarddrv\Securit
y



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Scardsvr\Securit
y


                              4.4.2.6
HKEY_LOCAL_MACHINE\           HKLM\System\CurrentControlS
SYSTEM\CurrentControlSe       et\Services\CurrentControlSet\
t\Services\SNMP\Paramet       Services\SNMP\Parameters\P
ers\PermittedManagers         ermittedManagers


                              4.4.2.7
HKEY_LOCAL_MACHINE\           HKLM\System\CurrentControlS
SYSTEM\CurrentControlSe       et\Services\CurrentControlSet\
t\Services\SNMP\Paramet       Services\SNMP\Parameters\V
ers\ValidCommunities          alidCommunities



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Stisvc\Security
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\SysmonLog\Log
Queries




HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Tapisrv\Security



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Tcpip



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\W32time\Securit
y



HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSe
t\Services\Wmi\Security



HKEY_USER\.DEFAULT



HKEY_USER\.DEFAULT\S
oftware\Microsoft\NetDDE



HKEY_USER\.DEFAULT\S          4.4.2.10
oftware\Microsoft\SystemC     HKEY_USER\.Default\Softwar
ertificates\Root\ProtectedR   e\Microsoft\SystemCertificates\
oots                          Root\ProtectedRoots
Deny access to this
computer from the            4.2.13 Deny access to this
network: Not Defined         computer from the network


Access this computer from
a network: Administrators, 4.2.1 Access this computer
Users                      from the network


Act as part of the operating 4.2.2 Act as part of the
system                       operating system


Back up files and           4.2.6 Back up files and
directories: Administrators directories


Bypass traverse checking:
Users                     4.2.7 Bypass traverse checking


Change the system time:
Administrators               4.2.8 Change the system time


Create a pagefile:
Administrators               4.2.9 Create a pagefile


Create a token object: No
One                          4.2.10 Create a token object


Create permanent shared      4.2.11 Create permanent
objects: No One              shared objects




Debug programs: No One       4.2.12 Debug Programs

Force shutdown from a
remote system:               4.2.19 Force shutdown from a
Administrators               remote system

Generate security audits:
LOCAL SERVICE,
NETWORK SERVICE              4.2.20 Generate security audits
Adjust memory quotas for
a process:
Administrators,NETWORK
SERVICE, LOCAL           4.2.4 Adjust memory quotas
SERVICE                  for a process


Increase scheduling         4.2.21 Increase scheduling
priority: Administrators    priority


Load and unload device      4.2.22 Load and unload device
drivers: Administrators     drivers


Lock pages in memory: No
One                      4.2.23 Lock pages in memory


Log on as a batch job: No
One                         4.2.24 Log on as a batch job


Log on as a service:
Network Service             4.2.25 Log on as a service

Log on locally:
Administrators, Users       4.2.26 Log on locally


Manage auditing and          4.2.27 Manage auditing and
security log: Administrators security log

Modify firmware
environment variables:      4.2.28 Modify firmware
Administrators              environment values


Profile single process:
Administrators              4.2.30 Profile single process

Profile system
performance:                4.2.31 Profile system
Administrators              performance


Remove computer from
docking station:            4.2.32 Remove computer from
Administrators, Users       docking station
Replace a process level
token: LOCAL SERVICE,        4.2.33 Replace a process level
NETWORK SERVICE              token


Restore files and           4.2.34 Restore files and
directories: Administrators directories


Shut down the system:
Administrators, Users        4.2.35 Shut down the system


Take ownership of files or
other objects:               4.2.37 Take ownership of file
Administrators               or other objects




Synchronize directory        4.2.36 Synchronize directory
service data: No One         service data


Deny logon locally: Not
Defined                      4.2.16 Deny logon locally




Enable computer and user 4.2.18 Enable computer and
accounts to be trusted for user accounts to be trusted for
delegation: No One         delegation


Add workstations to          4.2.3 Add workstations to
domain                       domain


Allow logon through       4.2.5 Allow logon through
Terminal Services: No One terminal services


Deny logon as a batch job: 4.2.14 Deny logon as a batch
No One                     job


Deny logon as a service:
No One                       4.2.15 Deny logon as a service
Deny logon through
Terminal Services:          4.2.17 Deny logon through
Everyone                    Terminal Service

Perform volume
maintenance tasks:          4.2.29 Perform volume
Administrators              maintenance tasks



Reset account lockout       2.2.3.3 Reset Account Lockout
counter after (15 min.)     After


Account lockout duration    2.2.3.1 Account Lockout
(15 minutes)                Duration


Account lockout threshold   2.2.3.2 Account Lockout
(3 invalid attempts)        Threshold


Audit account logon events 2.2.1.1 Audit Account Logon
(Success, Failure)         Events


Audit account logon events 2.2.1.1 Audit Account Logon
(Success, Failure)         Events


Audit account
management (Success,        2.2.1.2 Audit Account
Failure)                    Management


Audit account
management (Success,        2.2.1.2 Audit Account
Failure)                    Management



Audit directory service     2.2.1.3 Audit Directory Service
access (No auditing)        Access



Audit directory service     2.2.1.3 Audit Directory Service
access (No auditing)        Access


Audit logon events
(Success, Failure)          2.2.1.4 Audit Logon Events
Audit logon events
(Success, Failure)           2.2.1.4 Audit Logon Events



Audit object access
(Failure)                    2.2.1.5 Audit Object Access


Audit object access
(Failure)                    2.2.1.5 Audit Object Access



Audit policy change
(Success, Failure)           2.2.1.6 Audit Policy Change


Audit policy change
(Success, Failure)           2.2.1.6 Audit Policy Change



Audit privilege use (Failure) 2.2.1.7 Audit Privilege Use



Audit privilege use (Failure) 2.2.1.7 Audit Privilege Use



Audit process tracking (No
Auditing)                  2.2.1.8 Audit Process Tracking


Audit process tracking (No
Auditing)                  2.2.1.8 Audit Process Tracking


Audit system events
(Success, Failure)           2.2.1.9 Audit System Events


Audit system events
(Success, Failure)           2.2.1.9 Audit System Events



Restrict guest access to     2.2.4.1.2 Restrict Guest
application Log              Access
Maximum application log    2.2.4.1.1 Maximum Event Log
size                       Size



Retention method for       2.2.4.1.3 Log Retention
application Log            Method




Retain application log     2.2.4.1.4 Log Retention



Restrict guest access to   2.2.4.2.2 Restrict Guest
security Log               Access



                          2.2.4.2.1 Maximum Event Log
Maximum security log size Size



Retention method for       2.2.4.2.3 Log Retention
security log               Method




Retain security log        2.2.4.2.4 Log Retention



Restrict guest access to   2.2.4.3.2 Restrict Guest
system Log                 Access



                           2.2.4.3.1 Maximum Event Log
Maximum system log size    Size



Retention method for       2.2.4.3.3 Log Retention
system log                 Method
Retain system log           2.2.4.3.4 Log Retention
                            2.1.2 Maximum Password Age,
Maximum Password Age        2.2.2.2 Maximum Password
(90)                        Age

Minimum Password Age        2.2.2.1 Minimum Password
(1)                         Age

                        2.1.1 Minimum Password
Minimum Password Length Length, 2.2.2.3 Minimum
(12)                    Password Length

Passwords must meet
complexity requirements
(Enabled)                   2.2.2.4 Password Complexity


Enforce password history
(24 passwords)              2.2.2.5 Password History

Store password using
reversible encryption for all
users in the domain           2.2.2.6 Store Passwords using
(Disabled)                    Reversible Encryption
?



                            4.1.1 Alerter
?




                            4.1.2 Automatic Updates
?

                            4.1.3 Background Intelligent
                            Transfer Service
?



                            4.1.4 Clipbook
?



    4.1.5 Computer Browser
?




    4.1.6 Fax Service
?




?



    4.1.7 FTP Publishing Service
?



    4.1.8 IIS Admin Service
?



    4.1.9 Indexing Service
?



    4.1.10 Messenger
?


?



    4.1.11 Net Logon
?

    4.1.12 NetMeeting Remote
    Desktop Sharing
?
?




?

    4.1.13 Remote Desktop Help
    Session Manager




?

    4.1.14 Remote Registry
    Service
?

    4.1.15 Routing and Remote
    Access
?




?




?

    4.1.16 Simple Mail Transfer
    Protocol (SMTP)
?

    4.1.17 Simple Network
    Management Protocol (SNMP)
    Service
?
    4.1.18 Simple Network
    Management Protocol (SNMP)
    Trap
?
?



    4.1.19 Task Scheduler
?



    4.1.20 Telnet
?



    4.1.21 Terminal Services
?

    4.1.22 Universal Plug and Play
    Device Host
?



    4.1.23 World Wide Web
    Publishing Services
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?




?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?




?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
?   4.1 Available Services
    (Permissions on services listed
    here: Administrators: Full
    Control; System: Read, Start,
    Stop, and Pause)
Network access: Do not
allow anonymous
enumeration of SAM         3.1.3 Network Access: Do not
accounts and shares:       allow Anonymous Enumeration
Enabled                    of SAM Accounts and Shares

Network access: Do not
allow anonymous            3.1.2 Network Access: Do not
enumeration of SAM         allow Anonymous Enumeration
accounts: Enabled          of SAM Accounts


Network access: Allow      3.1.1 Network Access: Allow
anonymous SID/Name         Anonymous SID/Name
translation: Disabled      Translation
?




?




?




Accounts: Guest account    3.2.1.2 Accounts: Guest
status: Disabled           Account Status


Accounts: Administrator    3.2.1.1 Accounts:
account status: Enabled    Administrator Account Status


Interactive logon: Message 3.2.1.27 Interactive Logon:
title for users attempting to Message Title for Users
log on                        Attempting to Log On


Interactive logon: Message 3.2.1.26 Interactive Logon:
test for users attempting to Message Text for Users
log on: <Configure Locally> Attempting to Log On
?
                           3.2.2.9 Remove administrative
                           shares on workstation
                           (Professional)
?
                          3.2.2.2 Disable Automatic
                          Execution of the System
                          Debugger




Interactive logon: Allow
Automatic Administator
Logon -
HKEY_LOCAL_MACHINE\
Software\Microsoft\Windo
ws
NT\CurrentVersion\Winlog 3.2.2.6 Disable Automatic
on\AutoAdminLogon = 0    Logon
?
                          3.2.2.7 Disable automatic
                          reboots after a Blue Screen of
                          Death
?
                          3.2.2.3 Disable autoplay from
                          any disk type, regardless of
                          application
?
                          3.2.2.4 Disable autoplay for
                          current user
?


                          3.2.2.5 Disable autoplay for the
                          default profile
?                         3.2.2.8 Disable CD Autorun:
                          HKLM\System\CurrentControlS
                          et\Services\Cdrom\Autorun
                          (REG_DWORD)
?
                          3.2.2.10 Protect against
                          Computer Browser Spoofing
                          Attacks
?


                          3.2.2.13 Ensure ICMP Routing
                          via shortest path first
?




                           3.2.2.11 Protect against source-
                           routing spoofing
?


                           3.2.2.17 Ensure Router
                           Discovery is Disabled
?



                           3.2.2.21 Enable IPSec to
                           protect Kerberos RSVP Traffic
?

                           3.2.2.1 Suppress Dr. Watson
                           Crash Dumps
Interactive logon: Do no
display last user name -   3.2.1.24 Interactive Logon: Do
Enabled                    Not Display Last User Name
?                          3.2.2.22 Hide workstation from
                           Network Browser listing:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Lanmanserver\Parameters\Hi
                           dden
?                          3.2.2.12 Protect the Default
                           Gateway network setting:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Tcpip\Parameters\EnableDea
                           dGWDetect
?                          3.2.2.15 Manage Keep-alive
                           times:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSEt\Service
                           s\Tcpip\Parameters\KeepAlive
                           Time
?                          3.2.2.19 SYN Attack protection
                           – Manage TCP Maximum half-
                           open sockets:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Tcpip\Parameters\TcpMaxHalf
                           Open
?
                           3.2.2.20 SYN Attack protection
                           – Manage TCP Maximum half-
                           open retired sockets:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Tcpip\Parameters\TcpMaxHalf
                           OpenRetried
?                          3.2.2.16 Protect Against
                           Malicious Name-Release
                           Attacks:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Netbt\Parameters\NoNameRel
                           easeOnDemand
?                          3.2.2.14 Help protect against
                           packet fragmentation:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Tcpip\Parameters\EnablePMT
                           UDiscovery
?                          3.2.2.18 Protect against SYN
                           Flood attacks:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Services
                           \Tcpip\Parameters\SynAttackP
                           rotect




                           3.2.2.23 Enable Safe DLL
                           Search Mode:
                           HKEY_LOCAL_MACHINE\Syst
                           em\CurrentControlSet\Control\
System objects: Set safe   Session
search path for DLLs       Manager\SafeDllSearchMode
?
?



?



?




?




?




?




Domain controller: Allow
server operators to         3.2.1.15 Domain Controller:
schedule tasks: Not         Allow Server Operators to
Defined                     Schedule Tasks

Accounts: Rename
administrator account:      3.2.1.4 Accounts: Rename
Administrator               Administrator Account
Accounts: Rename guest
account: <Configure         3.2.1.5 Accounts: Rename
locally>                    Guest Account


Microsoft network server:   3.2.1.35 Microsoft Network
Amount of idle time         Server: Amount of Idle Time
required before             Required Before Disconnecting
suspending session          Session


Audit: Audit the access of
global system objects: Not 3.2.1.6 Audit: Audit the access
Defined                    of global system objects
Audit: Audit the use of
Backup and Restore            3.2.1.7 Audit: Audit the use of
privilege: Not Defined        backup and restore privilege


Interactive logon: Do not
require CTRL+ALT+DEL:         3.2.1.25 Interactive Logon: Do
Disabled                      not require CTRL+ALT+DEL



Network security: LAN
Manager authentication
level: Send LM & NTLM -       3.2.1.47 Network Security:
use NTLMv2 session            LAN Manager Authentication
security if negotiated        Level



Devices: Prevent users        3.2.1.11 Devices: Prevent
from installing printer       users from installing printer
drivers: Enabled              drivers


Recovery console: Allow       3.2.1.51 Recovery Console:
automatic administrative      Allow Automatic Administrative
logon: Disabled               Logon

Recovery console: Allow
floppy copy and access to     3.2.1.52 Recovery Console:
all drives and all folders:   Allow Floppy Copy and Access
Disabled                      to All Drives and All Folders


Devices: Restrict CD-ROM 3.2.1.12 Devices: Restrict CD-
access to locally logged-on ROM Access to Locally
user only: Enabled          Logged-On User Only


Devices: Restrict floppy    3.2.1.13 Devices: Restrict
access to locally logged-on Floppy Access to Locally
user only: Enabled          Logged-On User Only

System objects:
Strengthen default
permissions of internal       3.2.1.58 System objects:
system objects (e.g.          Strengthen default permissions
Symbolic Links): Enabled      of internal system objects
Domain member: Require 3.2.1.23 Domain Member:
strong (Windows 2000 or Require Strong (Windows
later) session key: Enabled 2000 or later) Session Key


Microsoft network client:    3.2.1.34 Microsoft Network
Send unencrypted             Client: Send Unencrypted
password to third-party      Password to Connect to Third-
SMB servers                  Party SMB Server

Devices: Unsigned driver
installation behavior: Warn 3.2.1.14 Devices: Unsigned
but allow installation      Driver Installation Behavior


Interactive logon: Prompt    3.2.1.29 Interactive Logon:
user to change password      Prompt User to Change
before expiration: 14 days   Password Before Expiration


Audit: Shut down system      3.2.1.8 Audit: Shut Down
immediately if unable to log system immediately if unable
security audits: Disabled    to log security alerts


Shutdown: Allow system to 3.2.1.53 Shutdown: Allow
be shut down without      System to be Shut Down
having to log on: Enabled Without Having to Log On




Shutdown: Clear virtual   3.2.1.54 Shutdown: Clear
memory pagefile: Disabled Virtual Memory Pagefile


Microsoft network client:    3.2.1.32 Microsoft Network
Digitally sign               Client: Digitally sign
communications (always)      communications (always)

Microsoft network client:    3.2.1.33 Microsoft Network
Digitally sign               Client: Digitally sign
communications (if server    communications (if server
agrees)                      agrees)


Microsoft network server:    3.2.1.36 Microsoft Network
Digitally sign               Server: Digitally sign
communications (always)      communications (always)
Microsoft network server:   3.2.1.37 Microsoft Network
Digitally sign              Server: Digitally sign
communications (if client   communications (if client
agrees): Enabled            agrees)

Interactive logon: Number
of previous logons to
cache (in case domain         3.2.1.28 Interactive Logon:
controller is not available): Number of Previous Logons to
0 logons                      Cache



Devices: Allowed to format 3.2.1.10 Devices: Allowed to
and eject removable        format and eject removable
media: Administrators      media

Domain member: Digitally
encrypt or sign secure     3.2.1.18 Domain Member:
channel data (always): Not Digitally Encrypt or Sign
Defined                    Secure Channel Data (Always)

Domain member: Digitally
encrypt secure channel      3.2.1.19 Domain Member:
data (when possible):       Digitally Encrypt Secure
Enabled                     Channel Data (When Possible)


Domain member: Digitally    3.2.1.20 Domain Member:
sign secure channel data    Digitally Sign Secure Channel
(when possible): Enabled    Data (When Possible)


Interactive logon: Smart
card removal behavior:      3.2.1.31 Interactive Logon:
Lock Workstation            Smart Card Removal Behavior


Domain member: Disable 3.2.1.21 Domain Member:
machine account password Disable Machine Account
changes:Disabled         Password Changes


System cryptography: Use    3.2.1.55 System Cryptography:
FIPS compliant algorithms   Use FIPS compliant algorithms
for encryption, hashing,    for encryption, hashing, and
and signing: Enabled        signing
System objects: Default
owner for objects created     3.2.1.56 System objects:
by members of the             Default owner for objects
Administrators group:         created by members of the
Object Creator                Administrators group


System objects: Require
case insensitivity for non-   3.2.1.57 System objects:
Windows subsystems:           Require case insensitivity for
Enabled                       non-Windows subsystems

Accounts: Limit local         3.2.1.3 Accounts: Limit local
account user of blank         account use of blank
passwords to console          passwords to console logon
logon only: Enabled           only


Devices: Allow undock
without having to log on:     3.2.1.9 Devices: Allow undock
Disabled                      without having to log on

Domain controller: LDAP   3.2.1.16 Domain Controller:
server signing            LDAP Server Signing
requirements: Not Defined Requirements


                            3.2.1.48 Network Security:
Network security: LDAP      LDAP client signing
client signing requirements requirements
                          3.2.1.19(note: different
Domain controller: Refuse enumeration) Domain
machine account password Controller: Refuse machine
changes: Not Defined      account password changes

Domain member:
Maximum machine               3.2.1.22 Domain Member:
account password age: 7       Maximum Machine Account
Days                          Password Age


Interactive logon: Require    3.2.1.30 Interactive Logon:
Domain Controller             Require Domain Controller
authentication to unlock      authentication to unlock
workstation: Enabled          workstation

Microsoft network server:
Disconnect clients when       3.2.1.38 Microsoft Network
logon hours expire:           Server: Disconnect clients
Enabled                       when logon hours expire
Network access: Do not         3.2.1.39 Network Access: Do
allow storage of credentials   not allow storage of credentials
or .NET Passports:             or .NET passports for network
Enabled                        authentication

Network access: Let
Everyone permissions      3.2.1.40 Network Access: Let
apply to anonymous users: Everyone permissions apply to
Disabled                  anonymous users



Network access: Named
Pipes that can be              3.2.1.41 Network Access:
accessed anonymously:          Named pipes that can be
Not Defined                    accessed anonymously




Network access: Remotely
accessible registry paths: 3.2.1.42 Network Access:
Classic - local users      Remotely accessible registry
authenticate as themselves paths


Network access: Shares   3.2.1.43 Network Access:
that can be accessed     Shares that can be accessed
anonymously: Not Defined anonymously

Network access: Sharing
and security model for
local accounts: Classic -   3.2.1.44 Network Access:
local users authenticate as Sharing and security model for
themselves                  local accounts

Network security: Do not       3.2.1.45 Network Security: Do
store LAN Manager hash         not store LAN Manager
value on next password         password hash value on next
change: Enabled                password change

Network security: Force        3.2.1.46 Network Security:
logoff when logon hours        Force logoff when logon hours
expire: Enabled                expire
Network security: Minimum
session security for NTLM
SSP based (including
secure RPC) clients:        3.2.1.49 Network Security:
Require NTLMv2 session      Minimum session security for
security, Require 128-bit   NTLM SSP based (including
encryption                  secure RPC) clients




Network security: Minimum
session security for NTLM
SSP based (including
secure RPC) servers:        3.2.1.50 Network Security:
Require NTLMv2 session      Minimum session security for
security, Require 128-bit   NTLM SSP based (including
encryption                  secure RPC) servers

Chapter 10: Modifying File
System Security Settings 4.3.1 Ensure volumes are
with Security Templates    using the NTFS file system




?


?




?




?


?


?
?




?




?




?
?




?




?


Limit users to one remote
session


Limit number of
connections




Do not allow new client
connections




Do not allow local
administrator to customize
permissions




Remote control settings



Always prompt client for
password upon connection




Set client connection
encryption level




Do not use temp folders
per session
Do not delete temp folder
upon exit




Set time limit for
disconnected sessions


Set time limit for idle
sessions




Allow reconnection from
original client only




Terminate session when
time limits are reached
?




?




?




?




Enforce user logon
restrictions (Enabled)
Maximum lifetime for
service ticket (600
minutes)

Maximum lifetime for user
ticket (10 hours)
Maximum lifetime for user
ticket renewal (7 days)
Maximum tolerance for
computer clock
synchronization (5
minutes)
5.1.1.1 RPC Endpiont
Mapper Client
Authentication (SP2
only)
5.1.1.2 Restrictions for
Unauthenticated RPC
clients (SP2 only)
5.2.1.1.1.1 Protect all
network connections
(SP2 only)
5.2.1.1.1.2 Do not allow
exceptions (SP2 only)

5.2.1.1.1.3 Allow local
program exceptions

5.2.1.1.1.4 Allow remote
administration



5.2.1.1.1.5 Allow file and
printer sharing exception
(SP2 only)
5.2.1.1.1.6 Allow ICMP
exceptions (SP2 only)

5.2.1.1.1.7 Allow Remote
Desktop exception (SP2
only)


5.2.1.1.1.8 Allow UPnP
framework exception
(SP2 only)
5.2.1.1.1.9 Prohibit
notifications



5.2.1.1.1.10 Log dropped
packets (SP2 only)
5.2.1.1.1.11 Log file path
and name (SP2 only)




5.2.1.1.1.12 Log file size
limit (SP2 only)




5.2.1.1.1.13 Log
successful connections
(SP2 only)




5.2.1.1.1.14 Prohibit
unicast response to
multicast or broadcast
(SP2 only)


5.2.1.1.1.15 Define port
exceptions (SP2 only)

5.2.1.1.16 Allow local
port exceptions (SP2
only)
5.2.1.1.2.1 Protect all
network connections
(SP2 only)
5.2.1.1.2.2 Do not allow
exceptions (SP2 only)

5.2.1.1.2.3 Allow local
program exceptions
(SP2 only)
5.2.1.1.2.4 Allow remote
administration exception
(SP2 only)
5.2.1.1.2.4 Allow file and
printer sharing exception
(SP2 only)
5.2.1.1.2.6 Allow ICMP
exceptions (SP2 only)




5.2.1.1.2.7 Allow Remote
Desktop exception (SP2
only)
5.2.1.1.2.8 Allow UPnP
framework exception
(SP2 only)
5.2.1.1.2.9 Prohibit
notifications (SP2 only)



5.2.1.1.2.10 Log
Dropped Packets (SP2
only)




5.2.1.1.2.11 Log file path
and name (SP2 only)



5.2.1.1.2.12 Log file size
limit (SP2 only)



5.2.1.1.2.13 Log
Successful Connections
(SP2 only)



5.2.1.1.2.14 Prohibit
unicast response to
multicast or broadcast
(SP2 only)
5.2.1.1.2.15 Define port
exceptions (SP2 only)

5.2.1.1.2.16 Allow local
port exceptions (SP2
only)
5.2.1.1. Windows
Firewall
  CIS WXP Pro        NIST 800-68    NIST 800-68 Windows XP
Benchmark v2.01    Windows XPPDF    XCCDF (NIST-800-68-53-
OVAL (cis-winxp-     (SP800-68-     WinXPPro_XCCDF_10102
    oval.xml)       20051102.pdf)           006.xml)
%SystemRoot%\system32\re
gedit.exe Table: 9.19 Value:
Administrators: Full System:
Full                         regedit.exePermissions




%SystemRoot%\system32\ar
p.exe Table: 9.1 Value:
Administrators: Full System:
Full                         arp.exePermissions


%SystemRoot%\system32\at.
exe Table: 9.2 Value:
Administrators: Full System:
Full                         at.exePermissions


%SystemRoot%\system32\att
rib.exe Table: 9.3 Value:
Administrators: Full System:
Full                         attrib.exePermissions


%SystemRoot%\System32\ca
cls.exe Table: 9.4 Value:
Administrators: Full System:
Full                         cacls.exePermissions
%SystemRoot%\System32\d
ebug.exe Table: 9.5 Value:
Administrators: Full System:
Full                         oval:gov.nist.1:def:132
%SystemRoot%\system32\ed
lin.exe Table: 9.6 Value:
Administrators: Full System:
Full                         edlin.exePermissions


%SystemRoot%\system32\ev
entcreate.exe Table: 9.7
Value: Administrators: Full
System: Full                eventcreate.exePermissions



%SystemRoot%\System32\ev
enttriggers.exe Table: 9.8
Value: 9.8                 eventtriggers.exePermissions




%SystemRoot%\system32\ftp
.exe Table: 9.9 Value:
Administrators: Full System:
Full                           ftp.exePermissions
%SystemRoot%\system32\nb
tstat.exe Table: 9.10 Value:
Administrators: Full System:
Full                            nbtstat.exePermissions

%SystemRoot%\system32\ne
t.exe Table: 9.11 Value:
Administrators: Full System:
Full                            net.exePermissions

%SystemRoot%\system32\ne
t1.exe Table: 9.12 Value:
Administrators: Full System:
Full                            net1.exePermissions

%SystemRoot%\system32\ne
tsh.exe Table: 9.13 Value:
Administrators: Full System:
Full                            netsh.exePermissions

%SystemRoot%\system32\ne
tstat.exe Table: 9.14 Value:
Administrators: Full System:
Full                            netstat.exePermissions

%SystemRoot%\system32\ns
lookup.exe Table: 9.15 Value:
Administrators: Full System:
Full                            nslookup.exePermissions
%SystemRoot%\system32\Nt
backup.exe Table: 9.16
Value: Administrators: Full
System: Full                   ntbackup.exePermissions




%SystemRoot%\system32\rc
p.exe Table: 9.17 Value:
Administrators: Full System:
Full                           rcp.exePermissions

%SystemRoot%\system32\re
g.exe Table: 9.18 Value:
Administrators: Full System:
Full                           reg.exePermissions


%SystemRoot%\system32\R
egedt32.exe Table: 9.20
Value: Administrators: Full
System: Full                regedt32.exePermissions


%SystemRoot%\system32\re
gini.exe Table: 9.21 Value:
Administrators: Full System:
Full                         regini.exePermissions


%SystemRoot%\system32\re
gsvr32.exe Table: 9.22 Value:
Administrators: Full System:
Full                          regsvr32.exePermissions
%SystemRoot%\system32\re
xec.exe Table: 9.23 Value:
Administrators: Full System:
Full                         rexec.exePermissions


%SystemRoot%\system32\ro
ute.exe Table: 9.24 Value:
Administrators: Full System:
Full                         route.exePermissions


%SystemRoot%\system32\rs
h.exe Table: 9.25 Value:
Administrators: Full System:
Full                         rsh.exePermissions




%SystemRoot%\system32\sc
.exe Table: 9.26 Value:
Administrators: Full System:
Full                         sc.exePermissions


%SystemRoot%\system32\se
cedit.exe Table: 9.27 Value:
Administrators: Full System:
Full                         secedit.exePermissions
%SystemRoot%\system32\su
bst.exe Table: 9.28 Value:
Administrators: Full System:
Full                         subst.exePermissions


%SystemRoot%\system32\sy
steminfo.exe Table: 9.29
Value: Administrators: Full
System: Full                systeminfo.exePermissions


%SystemRoot%\system32\tel
net.exe Table: 9.30 Value:
Administrators: Full System:
Full                         telnet.exePermissions


%SystemRoot%\system32\tft
p.exe Table: 9.31 Value:
Administrators: Full System:
Full                         tftp.exePermissions


%SystemRoot%\system32\tln
tsvr.exe Table: 9.32 Value:
Administrators: Full System:
Full                         tlntsvr.exePermissions
Deny access to this computer
from the network Table: 4.15
Value: Guests, SUPPORT       DenyAccessFromNetwork



Access this computer from
the network Table: 4.1 Value: AccessComputerFromNetwork,
Administrators, not defined   AccessComputerFromNetworkUsers


 Act as part of the operating
  system Table: 4.2 Value:
            none                ActAsPartOfOperatingSystem


Back up files and directories   BackUpFilesAndDirectories,
Table: 4.7 Value:               BackUpFilesAndDirectoriesOperator
Administrators, not defined     s
Bypass traverse checking
Table: 4.8 Value:
Administrators, Users, not
defined                         BypassTraverseChecking


Change the system time
Table: 4.9 Value:
Administrators                  ChangeSystemTime



Create pagefile Table: 4.10
Value: Administrators           CreatePagefile



Create a token object Table:
4.11 Value: None, not defined CreateTokenObject


Create permanent share
objects Table: 4.13 Value:
None, not defined               CreatePermanentSharedObjects



Debug programs Table: 4.14
value: None, Administrators DebugPrograms


Force shutdown from a
remote system Table: 4.21
Value: Administrators           ShutdownFromRemoteSystem
Generate security audits
Table: 4.22 Value: LOCAL
SERVICE, NETWORK
SERVICE                         GenerateSecurityAudits
Adjust memory quotas for a
process Table: 4.4 Value:
Administrators, LOCAL
SERVICE, NETWORK
SERVICE                         AdjustMemoryQuotas


Increase scheduling priority
Table: 4.24 Value:
Administrators                  IncreaseSchedulingPriority


Load and unload device
drivers Table: 4.25 Value:
Administrators                  LoadAndUnloadDeviceDrivers



Lock pages in memory Table:
4.26 Value: none            LockPagesInMemory



Log on as a batch job Table:
4.27 Value: none, not defined LogOnAsBatchJob
Log on as a service Table:
4.28 Value: LOCAL
SERVICE, NETWORK
SERVICE                         LogOnAsService
                                AllowLogOnLocally,
Allow log on locally Table: 4.5 AllowLogOnLocallyAuthenticatedUs
Value: Users, Administrators ers


Manage auditing and security ManageAuditingAndSecurityLog,
log Table: 4.29 Value:       ManageAuditingAndSecurityLogNon
Administrators               e


Modify firmware environment
values Table: 4.30 Value:
Administrators              ModifyFirmwareEnvironmentValues



Profile single process Table:
4.32 Value: Administrators      ProfileSingleProcess


Profile system performance
Table: 4.33 Value:
Administrators                  ProfileSystemPerformance


                                RemoveComputerFromDockingStati
Remove computer from            on,
docking station Table: 4.34     RemoveComputerFromDockingStati
Value: Users, Administrators    onNone
Replace a process-level
token Table: 4.35 Value:
LOCAL SERVICE,
NETWORK SERVICE                 ReplaceProcessLevelToken


Restore files and directories
Table: 4.36 Value:
Administrators                  RestoreFilesAndDirectories


Shut down the system Table:
4.37 Value: Users,
Administrators              ShutDownSystem



Take ownership of files and
other objects Table: 4.39
Value: Administrators           TakeOwnershipOfFiles



Syncronize directory service
data Table: 4.38 Value: not
defined                         SynchronizeDirectoryServiceData
Deny logon locally Table:
4.18 Value: Guests,
SUPPORT_388945a0, any
service accounts                DenyLogonLocally



Enable computer and user
accounts to be trusted for
delegation Table: 4.20 Value:
none, not defined             AccountsTrustedForDelegation


Add workstations to domain
Table: 4.3 Value:               AddWorkstationsToDomain,
Administrators                  AddWorkstationsToDomainNone


Allow logon through Terminal
Services Table: 4.6 Value:   AllowLogOnThroughTerminalService
none, not defined            s


Deny logon as a batch job
Table: 4.16 Value: Guests,
SUPPORT_388945a0                DenyLogonAsBatchJob


Deny logon as a service
Table: 4.17 Value: not
defined                         ***
Deny logon through Terminal
Services Table: 4.19 Value: DenyLogonThroughTerminalService
Everyone, not defined       s


Profile volume maintenance
tasks Table: 4.31 Value:
Administrators                PerformVolumeMaintenanceTasks


Reset account lockout
counter after Table: 2.3 value:
15                              AccountLockoutReset



Account lockout duration
Table: 2.1 Value: 15          AccountLockoutDuration



Account lockout threshold
Table: 2.2 Value: 10, 50      AccountLockoutThreshold


Audit account logon events
Table: 3.1 Value: success,
success and failure           AuditAccountLogin


Audit account logon events
Table: 3.1 Value: success,
success and failure           AuditAccountLogin



Audit account management
Table: 3.2 Value success,
failure                       AuditAccountManagement



Audit account management
Table: 3.2 Value success,
failure                       AuditAccountManagement




Audit directory service acces
Table: 3.3 Value: not defined Not applicable




Audit directory service acces
Table: 3.3 Value: not defined Not applicable


Audit logon events Table: 3.4
Value: success, success and
failure                       AuditLogonEvents
Audit logon events Table: 3.4
Value: success, success and
failure                       AuditLogonEvents




Audit object access Table:
3.5 Value: failure, no auditing AuditObjectAccess



Audit object access Table:
3.5 Value: failure, no auditing AuditObjectAccess




Audit policy change Table:
3.6 Value: success            AuditPolicyChangesSuccessOnly



Audit policy change Table:
3.6 Value: success            AuditPolicyChangesSuccessOnly



Audit privilege use Table: 3.7
Value: failure, no auditing    AuditPrivilegeUse



Audit privilege use Table: 3.7
Value: failure, no auditing    AuditPrivilegeUse




Audit process tracking Table:
3.8 Value: no auditing        AuditProcessTracking



Audit process tracking Table:
3.8 Value: no auditing        AuditProcessTracking



Audit system events Table:
3.9 Value: success            AuditSystemEventsSuccessOnly



Audit system events Table:
3.9 Value: success            AuditSystemEventsSuccessOnly



Prevent local guestsgroup
from accessingapplication log
Table: 6.4 Value: enabled     PreventGuestApplicationLogAccess
Maximum Application log size
Table: 6.1 Value: 16384
kilobytes                    MaximumApplicationLogSize


Retain application log
Table: 6.7 Value: not
defined




Retention method for
application log Table: 6.10
Value: as needed              ApplicationLogRetentionMethod



Prevent local guestsgroup
from accessingsecurity log
Table: 6.5 Value: enabled     PreventGuestSecurityLogAccess


Maxium security log size
Table: 6.2 Value: 81920
kilobytes                     MaximumSecurityLogSize




Retain security log Table:
6.8 Value: not defined




Retention method forsystem
log Table: 6.11 Value: as
needed                        SecurityLogRetentionMethod



Prevent local guestsgroup
from accessingsystem log
Table: 6.6 Value: enabled     PreventGuestSystemLogAccess


Maximum system log size
Table: 6.3 Value: 16384
kilobytes                     MaximumSystemLogSize




Retain system log Table:
6.9 Value: not defined
Retention method for
system log Table: 6.12
Value: not defined             SystemLogRetentionMethod

Maximum password age
Table: 1.2 Value: 90           MaximumPasswordAge

Minimum password age
Table: 1.3 Value: 1            MinimumPasswordAge



Minimum password length
Table: 1.4 Value: 12, 8        MinimumPasswordLength


Password must meet
complexity requirements
Table: 1.5 Value: enabled      PasswordComplexity



Enforce password history
Table: 1.1 Value: 24           PasswordHistoryEnforcement


Store passwrd using
reversible encryptin for all
users in the domain Table:     PasswordStorageReversibleEncrypti
1.6 Value: disabled            on



Alerter Service Table: 8.1
Value: disabled                AlerterService




Automatic update service
Table: 8.4 Value: not defined ***


Background Intelligent
Transfer Service Table: 8.5
Value: not defined             ***




ClipBook service Table: 8.6
Value: disabled                ClipBookService
Computer Browswer Service
Table: 8.9 Value: disabled      BrowserService




Fast User
SwitchingCompatibility Table:
8.17 Value: not defined




Fax Servce Table: 8.18
Value: disabled                 FaxService




FTP Publishing Service
Table: 8.19 Value: disabled     FTPPublishingService




IIS Admin service Table: 8.22
Value: disabled               IISAdminService




Indexing Service Table: 8.24
Value: disabled                 IndexingService




Messenger service Table:
8.30 Value: disabled            MessengerService




Net Logon service Table:
8.32 Value: not defined


Net meeting Remote Desktop
Sharing Table: 8.33 Value: NetMeetingRemoteDesktopSharing
disabled                   Service
Remote Access Auto
Connection Manager Table:
8.45 Value: not defined


Remote Desktop Help
Session Manager Table: 8.47 RemoteDesktopHelpSessionManag
Value: disabled             erService

Internet ConnectionFirewall
(ICF)/InternetConnection
Sharing(ICS) Table: 8.26
Value: not defined


Remote Registery service
Table: 8.50 Value: not
defined


Routing and Remote Access
service Table: 8.52 Value:
disabled                      RoutingAndRemoteAccessService




Simple Mail
TransferProtocol (SMTP)
Table: 8.59 Value:
disabled                      SMTPService



Simple NetworkManagement
Protocol(SNMP) Service
Table: 8.60 Value: disabled SNMPService



Simple NetworkManagement
Protocol(SNMP) Trap Table:
8.61 Value: disabled       SNMPTrap
Simple ServiceDiscovery
Protocol(SSDP)
DiscoveryService Table: 8.62
Value: disabled              SSDPService
Task Scheduler service
Table: 8.65 Value: disabled   TaskSchedulerService




Telnet service Table: 8.68
Value: disabled               TelnetService




Terminal Services service
Table: 8.69 Value: disabled   TerminalServicesService


Universal Plug and Play
Device Host Disabled Table:   UniversalPlugAndPlayDeviceHostSe
8.73 Value: Not defined       rvice




World Wide Web Publishing
Services Table: 8.85 Value:
Disabled                    WWWPublishingServicesService
Print Spooler service Table:
8.42 Value: not defined
Plug and Play service Table:
8.40 Value: not defined
Network access: Do notallow
anonymousenumeration of
SAMaccounts and shares      AnonymousEnumerationOfAccounts
Table: 5.45 Value: enabled  AndShares


Network access: Do notallow
anonymousenumeration of
SAMaccounts Table: 5.44
Value: enabled              AnonymousEnumerationOfAccounts

Network access:
Allowanonymous
SID/Nametranslation Table:
5.43 Value: disabled




Accounts: Guestaccount
status Table: 5.2 Value:
disabled                      GuestAccountStatus


Accounts:
Administratoraccount status
Table: 5.1 Value: enabled     AdministratorAccountStatus
Interactive logon:
Messagetitle for users
attempting tolog on Table:
5.30 Value: <DoJ
Approved>                  LogonMessageTitle

Interactive logon:
Messagetext for users
attempting tolog on Table:
5.29 Value: <DoJ approved> LogonMessageText



MSS: (AutoShareWks)Enable
AdministrativeShares Table:
5.72 Value: not defined
MSS:
(AutoAdminLogon)Enable
Automatic Logon Table: 5.70
Value: disabled             AutomaticLogonDisabled
MSS: (AutoReboot)
AllowWindows to
automaticallyrestart after a
system crash Table: 5.71
Value: not defined

MSS:(NoDriveTypeAutoRun)
Disable Autorun for alldrives
Table: 5.80 Value: 255        DisableAutorunForAllDrives




MSS:(EnableICMPRedirect)Al
low ICMP redirects tooverride
OSPF generatedroutes
Table: 5.76 Value: disabled   AllowICMPRedirectsDisabled
MSS:(DisableIPSourceRoutin
g)IP source routing
protectionlevel Table: 5.73
Value:
Highestprotection,source
routingis completelydisabled IPSourceRoutingProtectionLevel
MSS:(PerformRouterDiscover
y)Allow IRDP to detect
andconfigure
DefaultGatewayaddresses
Table: 5.83 Value: enabled RouterDiscovery
MSS:
(NoDefaultExempt)Enable
NoDefaultExemptfor IPSec
Filtering Table: 5.79 Value:
Multicast, broadcast, and
ISAKMP are exempt              NoDefaultExemptForIPSecFiltering




Interactive logon: Do
notdisplay last user name      LastUserNameNotDisplayedForLogo
Table: 5.27 Value: enabled     n




MSS: (Hidden) HideComputer
From the BrowseList Table:
5.77 Value: enabled        HideFromBrowseList



MSS:(EnableDeadGWDetect)
Allow automatic detectionof
dead network gateways
Table: 5.75 Value: disabled AutomaticDetectionOfDeadGWs


MSS: (KeepAliveTime)How
often keep-alivepackets are
sent inmilliseconds Table:
5.78 Value: 300,000ms (5
minutes)                       KeepAliveTime
MSS:(NoNameReleaseOnDe
mand) Allow the computer
toignore NetBIOS
namerelease requests
exceptfrom WINS servers
Table: 5.81 Value: enabled NameReleaseRequests




MSS: (SynAttackProtect) Syn
attact protection level Table:
5.86 Value: Connections time
out sooner if attack is
detected (1)                   SynAttackProtectionLevel

MSS: (WarningLevel)
Percentage threshold for the
security event log at which
the system will generate a
warning Table: 5.89 Value: 90 EventLogThresholdWarning

MSS:(DisableSavePassword)
Prevent the dial-uppassword
from being saved Table: 5.74
Value: not defined



MSS:
(SafeDllSearchMode)Enable
Safe DLL searchmode Table:
5.84 value: enabled        SafeDLLSearchMode
Domain controller: Allow
server operators to schedule
tasks Table: 5.17 Value: not
defined


Accounts: Rename
administrator account Table:
5.4 Value: not defined
Accounts: Rename guest
account Table: 5.5 Value: not
defined

Microsoft network
server:Amount of idle
timerequired before
suspendingsession Table:
5.39 Value: 15 minutes          SessionTimeout


Audit: Audit the access of
global system objects Table:
5.6 Value: disabled             AuditAccessToGlobalObjects
Audit: Audit the use of backup
and restore privilege Table:   AuditBackupAndRestorePrivilegeDis
5.7 Value: disabled            abled



Interactive logon: Do
notrequire CTRL+ALT+DEL
Table: 5.28 Value: diabled     RequireCTRL_ALT_DEL


Network security:
LANManager
authenticationlevel Table:
5.55 Value: Send               LANManagerAuthenticationRefuseL
NTLMv2responseonly\refuse      M,
LM& NTLM or Send NTLMv2        LANManagerAuthenticationRefuseL
response only\refuse LM        M_NTLM



Devices: Prevent users from
installing priter drivers Table:
5.13 Value: enabled or           PreventUsersFromInstallingPrinterDr
disabled                         ivers


Recovery console:
Allowautomatic
administrativelogon Table:
5.59 Value: disabled           RecoveryConsoleAutoLogon


Recovery console:
Allowfloppy copy and access
toall drives and all folders
Table: 5.60 Value: disabled  RecoveryConsoleFullSystemAccess


Devices: Restrict CD-ROM
access to locally logged-on
user only Table: 5.14 Value:
disabled                       RecoveryConsoleFullSystemAccess


Devices: Restrict floppy
access to locally logged-on
user only Table: 5.15 Value:
disabled                       RestrictFloppyAccessDisabled

System objects:
Strengthendefault
permissions ofinternal system
objects(e.g. Symbolic Links)
Table: 5.67 Value: enabled    InternalSystemObjectsPermissions
Domain member:
Requirestrong (Windows
2000 orlater) session key
Table: 5.25 Value: enabled     RequireStrongSessionKey



Microsoft network client:Send
unencryptedpassword to third-
partySMB servers Table: 5.38
Value: disabled               UnencryptedSMBPasswords

Devices: Unsigned driver
installation behavior Table:
5.16 Value: warn but allow
isntallation                   UnsignedDriverInstallationWarning

Interactive logon: Promptuser
to change passwordbefore
expiration Table: 5.32 Value:
14 days                       PasswordExpirationPrompt

Audit: Shut down system
immediately if unable to log
security audits Table: 5.8
Value: not defined

Shutdown: Allow system tobe
shut down withouthaving to
log on Table: 5.61 Value:
disabled                    ShutdownWithoutLogon




Shutdown: Clear
virtualmemory pagefile Table:
5.62 Value: enabled           ClearPagefileOnShutdown

Microsoft network
client:Digitally
signcommunications (always)
Table: 5.36 Value: enabled  ClientAlwaysSignCommunications
Microsoft network
client:Digitally
signcommunications (if
serveragrees) Table: 5.37
Value: enabled                 SignCommunicationsIfServerAgrees

Microsoft network
server:Digitally
signcommunications (always)
Table: 5.40 Value: enabled  ServerAlwaysSignCommunications
Microsoft network
server:Digitally
signcommunications (if
clientagrees) Table: 5.41
Value: enabled                   SignCommunicationsIfClientAgrees

Interactive logon: Numberof
previous logons to cache(in
case domain controlleris not
available) Table: 5.31 Value:
0 logons or 2 logons             PreviousLogonsCached
Devices: Allowed to format
and eject removeable media
Table: 5.12 Value:               RestrictAccessToFormatAndEjectRe
Administrators or                movableMediaAdministrators,
Administrators and interactive   RestrictAccessToFormatAndEjectRe
users                            movableMedia


Domain member:
Digitallyencrypt or sign
securechannel data (always) AlwaysDigitallyEncryptSecureChann
Table: 5.20 Value: enabled  elData


Domain member:
Digitallyencrypt secure
channeldata (when possible) WhenPossibleDigitallyEncryptSecur
Table: 5.21 Value: enabled  eChannelData


Domain member: Digitallysign
secure channel data(when
possible) Table: 5.22 Value: WhenPossibleDigitallySignSecureC
enabled                      hannelData


Interactive logon: Smart card
removal behavior Table: 5.35
Value: lock workstation       SmartCardRemoval


Domain member:
Disablemachine account
passwordchanges Table:
5.23 Value: disabled             MachineAccountPasswordChanges


System cryptography:
UseFIPS compliant
algorithmsfor encryption,
hashing,and signing Table:
5.64 Value enabled               FIPSCompliantEncryption
System objects: Defaultowner
for objects createdby
members of
theAdministrators group
Table: 5.65 Value: Object    AdministratorsGroupObjectCreatorO
creator                      wner



System objects: Requirecase
insensitivity for non-Windows
subsystems Table: 5.66
Value: enabled                RequireCaseInsensitivity


Accounts: Limit local account
use of blank passwords to
console logon only Table: 5.3
Value: enabled                LimitBlankPasswordUse


Devices: Allow undock
without having to logon Table:
5.11 Value: disabled           AllowUndockWithoutLoginDisabled

Domain controller: LDAP
server signin requirements
Table: 5.18 Value: not
defined


Network security: LDAPclient
signing requirements Table:
5.56 Value: Negotiate signing LDAPClientSigningRequirements

Domain controller: Refuse
machine account password
changes Table: 5.19 Value:
not defined

Domain member:
Maximummachine account
passwordage Table: 5.24      MaximumMachineAccountPassword
Value:30 days                Age

Interactive logon:
RequireDomain
Controllerauthentication to
unlockworkstation Table: 5.33 DomainControllerAuthenticationReq
Value: enabled or disabled    uired


Microsoft network
server:Disconnect clients
whenlogon hours expire
Table: 5.42 Value: enabled   LogonTimeExpiration
Network access: Do notallow
storage of credentialsor .NET
Passports fornetwork
authentication Table: 5.46
Value: enabled                CredentialsStorage


Network access: LetEveryone
permissionsapply to
anonymous users Table: 5.47
Value: disabled             AnonymousUsersPermissions
Network access:
NamedPipes that can be
accessedanonymously Table:
5.48 Value:
COMNAPCOMNODESQL\QU
ERYSPOOLSSLLSRPCbrows
er                             AnonymouslyAccessedNamedPipes
Network access:
Remotelyaccessible registry
paths Table: 5.49 Value:
System\CurrentControlSet\Co
ntrol\ProductOptions,
System\CurrentControlSet\Co
ntrol\Print\Printers,System\Cu
rrentControlSet\Control\Serve
r Applications,                RemotelyAccessibleRegistryPaths

Network access: Sharesthat
can be
accessedanonymously Table:
5.51 Value: COMCFGDFS$ AnonymouslyAccessedShares

Network access: Sharingand
security model for
localaccounts Table: 5.52
Value: Classic - local users
authenticate as themselves   LocalAccountsSecurityModel


Network security: Do notstore
LAN Manager hashvalue on
next passwordchange Table:
5.53 Value: enabled`          LANManagerHashStorage


Network security: Forcelogoff
when logon hoursexpire
Table: 5.54 Value: enabled    ForceLogoff
Network security:
Minimumsession security for
NTLMSSP based
(includingsecure RPC) clients
Table: 5.57 Value: Require
message integrityRequire
message
confidentialityRequire
NTLMv2 session
securityRequire 128-bit       NTLM_SSP_BasedClientsSessionS
encryption                    ecurity
Network security:
Minimumsession security for
NTLMSSP based
(includingsecure RPC)
servers Table: 5.58 Value:
Require message
integrityRequire message
confidentialityRequire
NTLMv2 session
securityRequire 128-bit       NTLM_SSP_BasedServersSessionS
encryption                    ecurity




MSS:(ScreenSaverGraceP
eriod)The time in seconds
beforethe screen saver
graceperiod expires Table:
5.85 Value: 0              ScreenSaverGracePeriod
Create global objects
Table: 4.12 Value: not
defined

Impersonate a client after
authentication Table: 4.23
Value: not defined




DCOM: Machine access of
the global system objects
Table: 5.9 Value: disabled

DCOM: Machine Launch
Restrictions in the Security
Descriptor Definition
Language (SDDL) syntax
Table: 5.10 Value: not
defined

Interactive logon: Display
user information when the
session is locked Table:
5.26 Value: not defined

Interactive logon: Requre
smart card Table: 5.34
Value: not defined

Network access: Restrict
anonymous access to
named pipes and shares
Table: 5.50 Value: not
defined
System cryptography:
Force strong key
protection for user keys
stored on the computer
Table: 5.63 Value: not
defined
System settings: optional
subsystems Table: 5.68
Value: not defined
System settings: Use
Certificate Rules on
Windows Executables for
Software Restriction
Polices Table: 5.69 Value:
not defined

MSS:(TCPMaxConnectRe
sponseRetransmission)
SYN-ACK retansmissions
when a connection request
is not acknowledged
Table: 5.87 Value: 3 and 6
sec, half open connections
dropped after 21 sec       TCPConnectionResponses
MSS:(TCPMaxDataRetran
smissions) How many
times unacknowledged
data is retransmitted
Table: 5.88 Value: 3       TCPMaxDataRetransmissions


Backup Operators Table:
7.1 Value: none              BackupOperators


Power Users Table: 7.2
Value: none                  PowerUsers



Remote Desktop Users
Table: 7.3 Value: none       RemoteDesktopUsers

Application Layer Gateway
Service Table: 8.2 Value:
not defined

Application Management
Table: 8.3 Value: not
defined

Cryptographic Services
Table: 8.10 Value: not
defined

DHCP Client Table: 8.11
Value: not defined
Distributed Link Tracking
Client Table: 8.12 Value:
not defined


Distributed Transaction
Coordinator Table: 8.13
Value: not defined

DNS Client Table: 8.14
Value: not defined

Error Reporting Service
Table: 8.15 Value: not
defined

Event Log Table: 8.16
Value: not defined


Help and Support Table:
8.20 Value: not defined

Human Interface Device
Access Table: 8.21 Value:
not defined

IMAPI CD-Burning COM
Service Table: 8.23 Value:
not defined


Infrared Monitor Table:
8.25 Value: not defined


IPSEC Services Table:
8.27 Value: not defined

Logical Disk Manager
Table: 8.28 Value: not
defined

Logical Disk Manager
Administrative Service
Table: 8.29 Value: not
defined

MS Software Shadow
Copy Provider Table: 8.31
Value: not defined
Network Connections
Table: 8.34 Value: not
defined


Network Dynamic Data
Exchange (DDE) Table:
8.35 Value: not defined     DDEService

Network DDE DDE Share
Database Manager
(DSDM) Table: 8.36 Value:
not defined               DDEdsdmService

Network Location
Awareness (NLA) Table:
8.37 Value: not defined

NT LM Security Support
Provider Table: 8.38
Value: not defined

Performance Logs and
Alerts Table: 8.39 Value:
not defined

Portable Media Serial
Number Service Table:
8.41 Value: not defined


Protected Storage Table:
8.43 Value: not defined

QoS RSVP Table: 8.44
Value: not defined

Remote Access
Connection Manager
Table: 8.46 Value: not
defined                     RasManService

Remote Procedure Call
(RPC) Table: 8.48 Value:
not defined


Remote Procedure Call
(RPC) Locator Table: 8.49
Value: not defined
Removable Storage Table:
8.51 Value: not defined


Secondary Logon Table:
8.53 Value: not defined

Security Accounts
Manager Table: 8.54
Value: not defined

Server Table: 8.55 Value:
not defined

Smart Card Table: 8.57
Value: not defined


Smart Card Helper Table:
8.58 Value: not defined

System Event Notification
Table: 8.63 Value: not
defined

System Restore Service
Table: 8.64 Value: not
defined

TCP/IP NetBIOS Helper
Table: 8.66 Value: not
defined

Telephony Table: 8.67
Value: not defined

Themes Table: 8.70 Value:
not defined

Uninterruptable Power
Supply Table: 8.71 Value:
not defined


Upload Manager Table:
8.72 Value: not defined

Volume Shadow Copy
Table: 8.74 Value: not
defined
Webclient Table: 8.75
Value: not defined


Windows Audio Table:
8.76 Value: not defined

Windows Image
Acquisition (WIA) Table:
8.77 Value: not defined


Windows Installer Table:
8.78 Value: not defined


Windows Management
Instrumentation Table:
8.79 Value: not defined


Windows Management
Instrumentation Driver
Extensions Table: 8.80
Value: not defined


Windows Time Table: 8.81
Value: not defined

Wireless Zero
Configuration Table: 8.82
Value: not defined

WMI Performance Adapter
Table: 8.83 Value: not
defined

Workstation Table: 8.84
Value: not defined
MSS:
(NtfsDisable8dot3NameCr
eation) Enable the
computer to stop
generating 8.3 style
filenames. Table: 5.82
Value: enabled          Disable8Dot3NameCreation
5.2.1.1.2.4 Allow remote
administration exception
(SP2 only)
5.2.1.1.2.7 Allow Remote
Desktop exception (SP2
only)
OVAL10088



OVAL10219
NIST 800-68 Windows
                      FDCC Windows XP        FDCC Windows XP
 XP OVAL (NIST-800-
                    XCCDF (fdcc-accepted- OVAL (fdcc-accepted-
       68-53-
                    content-20080110\fdcc- content-20080110\fdcc-
WinXPPro_OVAL_101
                       winxp-xccdf.xml)       winxp-oval.xml)
     02006.xml)
oval:gov.nist.1:def:146   regedit.exePermissions   oval:gov.nist.fdcc.xp:def:146




oval:gov.nist.1:def:128   arp.exePermissions       oval:gov.nist.fdcc.xp:def:128




oval:gov.nist.1:def:129   at.exePermissions        oval:gov.nist.fdcc.xp:def:129




oval:gov.nist.1:def:130   attrib.exePermissions    oval:gov.nist.fdcc.xp:def:130




oval:gov.nist.1:def:131   cacls.exePermissions     oval:gov.nist.fdcc.xp:def:131
debug.exePermissions   debug.exePermissions   oval:gov.nist.fdcc.xp:def:132
oval:gov.nist.1:def:133   edlin.exePermissions           oval:gov.nist.fdcc.xp:def:133




oval:gov.nist.1:def:134   eventcreate.exePermissions     oval:gov.nist.fdcc.xp:def:134




oval:gov.nist.1:def:135   eventtriggers.exePermissions   oval:gov.nist.fdcc.xp:def:135




oval:gov.nist.1:def:136
oval:gov.nist.1:def:137




oval:gov.nist.1:def:138   net.exePermissions     oval:gov.nist.fdcc.xp:def:138




oval:gov.nist.1:def:139   net1.exePermissions    oval:gov.nist.fdcc.xp:def:139




oval:gov.nist.1:def:140   netsh.exePermissions   oval:gov.nist.fdcc.xp:def:140




oval:gov.nist.1:def:141




oval:gov.nist.1:def:142
oval:gov.nist.1:def:143




oval:gov.nist.1:def:144   rcp.exePermissions        oval:gov.nist.fdcc.xp:def:144




oval:gov.nist.1:def:145   reg.exePermissions        oval:gov.nist.fdcc.xp:def:145




oval:gov.nist.1:def:147   regedt32.exePermissions   oval:gov.nist.fdcc.xp:def:147




oval:gov.nist.1:def:148   regini.exePermissions     oval:gov.nist.fdcc.xp:def:148




oval:gov.nist.1:def:149   regsvr32.exePermissions   oval:gov.nist.fdcc.xp:def:149
oval:gov.nist.1:def:150   rexec.exePermissions     oval:gov.nist.fdcc.xp:def:150




oval:gov.nist.1:def:151   route.exePermissions     oval:gov.nist.fdcc.xp:def:151




oval:gov.nist.1:def:152   rsh.exePermissions       oval:gov.nist.fdcc.xp:def:152




oval:gov.nist.1:def:153   sc.exePermissions        oval:gov.nist.fdcc.xp:def:153




oval:gov.nist.1:def:154   secedit.exePermissions   oval:gov.nist.fdcc.xp:def:154
oval:gov.nist.1:def:155   subst.exePermissions        oval:gov.nist.fdcc.xp:def:155




oval:gov.nist.1:def:156   systeminfo.exePermissions   oval:gov.nist.fdcc.xp:def:156




oval:gov.nist.1:def:157




oval:gov.nist.1:def:158   tftp.exePermissions         oval:gov.nist.fdcc.xp:def:158




oval:gov.nist.1:def:159   tlntsvr.exePermissions      oval:gov.nist.fdcc.xp:def:159
                           DenyAccessFromNetwork-
oval:gov.nist.1:def:175    Guests-SUPPORT_388945a0 oval:gov.nist.fdcc.xp:def:175




oval:gov.nist.1:def:161,   AccessComputerFromNetwork
oval:gov.nist.1:def:231    _Administrators           oval:gov.nist.fdcc.xp:def:161


                           ActAsPartOfOperatingSystem_
oval:gov.nist.1:def:162    None                        oval:gov.nist.fdcc.xp:def:162


oval:gov.nist.1:def:167,   BackUpFilesAndDirectories_A
oval:gov.nist.1:def:234    dministrators               oval:gov.nist.fdcc.xp:def:167


                           BypassTraverseChecking_Ad
oval:gov.nist.1:def:168    ministrators_Users             oval:gov.nist.fdcc.xp:def:168


                           ChangeSystemTime_Administr
oval:gov.nist.1:def:169    ators                      oval:gov.nist.fdcc.xp:def:169




oval:gov.nist.1:def:170    CreatePagefile_Administrators oval:gov.nist.fdcc.xp:def:170




oval:gov.nist.1:def:171    CreateTokenObject_None         oval:gov.nist.fdcc.xp:def:171


                           CreatePermanentSharedObjec
oval:gov.nist.1:def:172    ts_None                    oval:gov.nist.fdcc.xp:def:172


                           DebugPrograms_Administrator
oval:gov.nist.1:def:173    s                           oval:gov.nist.fdcc.xp:def:174


                           ShutdownFromRemoteSystem
oval:gov.nist.1:def:180    _Administrators          oval:gov.nist.fdcc.xp:def:180

                           GenerateSecurityAudits-
                           LOCAL_SERVICE-
oval:gov.nist.1:def:181    NETWORK_SERVICE                oval:gov.nist.fdcc.xp:def:181
                           AdjustMemoryQuotas_Adminis
                           trators-LOCAL_SERVICE-
oval:gov.nist.1:def:164    NETWORK_SERVICE            oval:gov.nist.fdcc.xp:def:164


                           IncreaseSchedulingPriority_Ad
oval:gov.nist.1:def:182    ministrators                  oval:gov.nist.fdcc.xp:def:182


                           LoadAndUnloadDeviceDrivers
oval:gov.nist.1:def:183    _Administrators            oval:gov.nist.fdcc.xp:def:183




oval:gov.nist.1:def:184    LockPagesInMemory_None         oval:gov.nist.fdcc.xp:def:184




oval:gov.nist.1:def:185    LogOnAsBatchJob_None           oval:gov.nist.fdcc.xp:def:185

                           LogOnAsService-
                           LOGON_SERVICE-
oval:gov.nist.1:def:186    NETWORK_SERVICE                oval:gov.nist.fdcc.xp:def:186

oval:gov.nist.1:def:165,   LogOnLocally_Administrators_
oval:gov.nist.1:def:233    Users                        oval:gov.nist.fdcc.xp:def:165


oval:gov.nist.1:def:187,   ManageAuditingAndSecurityLo
oval:gov.nist.1:def:235    g_Administrators            oval:gov.nist.fdcc.xp:def:187


                           ModifyFirmwareEnvironmentV
oval:gov.nist.1:def:188    alues_Administrators       oval:gov.nist.fdcc.xp:def:188


                           ProfileSingleProcess_Administ
oval:gov.nist.1:def:190    rators                        oval:gov.nist.fdcc.xp:def:190


                           ProfileSystemPerformance_Ad
oval:gov.nist.1:def:191    ministrators                oval:gov.nist.fdcc.xp:def:191




oval:gov.nist.1:def:192,   RemoveComputerFromDockin
oval:gov.nist.1:def:236    gStation_Administrators_Users oval:gov.nist.fdcc.xp:def:192
                           ReplaceProcessLevelToken-
                           LOGON_SERVICE-
oval:gov.nist.1:def:193    NETWORK_SERVICE               oval:gov.nist.fdcc.xp:def:193


                           RestoreFilesAndDirectories_A
oval:gov.nist.1:def:194    dministrators                oval:gov.nist.fdcc.xp:def:194


                           ShutDownSystem_Administrat
oval:gov.nist.1:def:195    ors_Users                  oval:gov.nist.fdcc.xp:def:195




                           TakeOwnershipOfFiles_Admini
oval:gov.nist.1:def:196    strators                    oval:gov.nist.fdcc.xp:def:196




                           SynchronizeDirectoryServiceD
oval:gov.nist.1:def:238    ata_None                     oval:gov.nist.fdcc.xp:def:238


                           DenyLogonLocally-Guests-
oval:gov.nist.1:def:177    SUPPORT_388945a0              oval:gov.nist.fdcc.xp:def:177




oval:gov.nist.1:def:179



oval:gov.nist.1:def:163,
oval:gov.nist.1:def:232

                           AllowLogOnThroughTerminalS
                           ervices_Administrators-
oval:gov.nist.1:def:166    RemoteDesktopUsers         oval:gov.nist.fdcc.xp:def:1662


                           DenyLogonAsBatchJob-
oval:gov.nist.1:def:176    Guests-SUPPORT_388945a0 oval:gov.nist.fdcc.xp:def:176




***                        deny_logon_as_service_none    oval:gov.nist.fdcc.xp:def:677
                          DenyLogonThroughTerminalS
oval:gov.nist.1:def:178   ervices-Guests            oval:gov.nist.fdcc.xp:def:1781


                          PerformVolumeMaintenanceTa
oval:gov.nist.1:def:189   sks_Administrators         oval:gov.nist.fdcc.xp:def:189




oval:gov.nist.1:def:26    account_lockout_reset         oval:gov.nist.fdcc.xp:def:26



oval:gov.nist.1:def:23    account_lockout_duration      oval:gov.nist.fdcc.xp:def:23



oval:gov.nist.1:def:24    account_lockout_threshold     oval:gov.nist.fdcc.xp:def:24



oval:gov.nist.1:def:27    AuditAccountLogonEvents       oval:gov.nist.fdcc.xp:def:27



oval:gov.nist.1:def:27    AuditAccountLogonEvents       oval:gov.nist.fdcc.xp:def:27




oval:gov.nist.1:def:29    AuditAccountManagement        oval:gov.nist.fdcc.xp:def:29




oval:gov.nist.1:def:29    AuditAccountManagement        oval:gov.nist.fdcc.xp:def:29




Not applicable            AuditDirectoryServiceAccess   oval:gov.nist.fdcc.xp:def:30




Not applicable            AuditDirectoryServiceAccess   oval:gov.nist.fdcc.xp:def:30



oval:gov.nist.1:def:32    AuditLogonEvents              oval:gov.nist.fdcc.xp:def:32
oval:gov.nist.1:def:32    AuditLogonEvents               oval:gov.nist.fdcc.xp:def:32




oval:gov.nist.1:def:34    AuditObjectAccess              oval:gov.nist.fdcc.xp:def:34



oval:gov.nist.1:def:34    AuditObjectAccess              oval:gov.nist.fdcc.xp:def:34




oval:gov.nist.1:def:35    AuditPolicyChange              oval:gov.nist.fdcc.xp:def:35



oval:gov.nist.1:def:35    AuditPolicyChange              oval:gov.nist.fdcc.xp:def:35



oval:gov.nist.1:def:36    AuditPrivilegeUse              oval:gov.nist.fdcc.xp:def:36



oval:gov.nist.1:def:36    AuditPrivilegeUse              oval:gov.nist.fdcc.xp:def:36




oval:gov.nist.1:def:40    AuditProcessTracking           oval:gov.nist.fdcc.xp:def:40



oval:gov.nist.1:def:40    AuditProcessTracking           oval:gov.nist.fdcc.xp:def:40



oval:gov.nist.1:def:37    AuditSystemEvents              oval:gov.nist.fdcc.xp:def:37



oval:gov.nist.1:def:37    AuditSystemEvents              oval:gov.nist.fdcc.xp:def:37



                          prevent_guest_application_log
oval:gov.nist.1:def:200   _access                       oval:gov.nist.fdcc.xp:def:200
                          maximum_application_log_siz
oval:gov.nist.1:def:197   e                           oval:gov.nist.fdcc.xp:def:197




                          retention_application_log      oval:gov.nist.fdcc.xp:def:203




oval:gov.nist.1:def:203




                          prevent_guest_security_log_ac
oval:gov.nist.1:def:201   cess                          oval:gov.nist.fdcc.xp:def:201




oval:gov.nist.1:def:198   maximum_security_log_size      oval:gov.nist.fdcc.xp:def:198




                          retention_security_log         oval:gov.nist.fdcc.xp:def:204




oval:gov.nist.1:def:204




                          prevent_guest_system_log_ac
oval:gov.nist.1:def:202   cess                        oval:gov.nist.fdcc.xp:def:202




oval:gov.nist.1:def:199   maximum_system_log_size        oval:gov.nist.fdcc.xp:def:199




                          retention_system_log           oval:gov.nist.fdcc.xp:def:205
oval:gov.nist.1:def:205


oval:gov.nist.1:def:17    maximum_password_age          oval:gov.nist.fdcc.xp:def:17


oval:gov.nist.1:def:18    minimum_password_age          oval:gov.nist.fdcc.xp:def:18



oval:gov.nist.1:def:19    minimum_password_length       oval:gov.nist.fdcc.xp:def:19



oval:gov.nist.1:def:21    password_complexity           oval:gov.nist.fdcc.xp:def:21



oval:gov.nist.1:def:16    password_history_enforcement oval:gov.nist.fdcc.xp:def:16



                          PasswordStorageReversibleEn
oval:gov.nist.1:def:22    cryption                    oval:gov.nist.fdcc.xp:def:22




oval:gov.nist.1:def:209   AlerterService                oval:gov.nist.fdcc.xp:def:209




***




***                       BITSService                   oval:gov.nist.fdcc.xp:def:6132




oval:gov.nist.1:def:210   ClipBookService               oval:gov.nist.fdcc.xp:def:210
oval:gov.nist.1:def:211   ComputerBrowserService         oval:gov.nist.fdcc.xp:def:211




                          FastUserSwitchingCompatibilit
                          yService                      oval:gov.nist.fdcc.xp:def:2121




oval:gov.nist.1:def:212   FaxService                     oval:gov.nist.fdcc.xp:def:212




oval:gov.nist.1:def:213   FTPPublishingService           oval:gov.nist.fdcc.xp:def:213




oval:gov.nist.1:def:214




oval:gov.nist.1:def:215   IndexingService                oval:gov.nist.fdcc.xp:def:215



                          Do-not-allow-Windows-
oval:gov.nist.1:def:216   Messenger-to-be-run            oval:gov.nist.fdcc.xp:def:6601




                          disable_remote_desktop_shari
oval:gov.nist.1:def:217   ng                           oval:gov.nist.fdcc.xp:def:6595
oval:gov.nist.1:def:218




                          prohibit_internet_connection_s oval:gov.nist.fdcc.xp:def:33669
                          haring                         93




                          RoutingAndRemoteAccessSer
oval:gov.nist.1:def:219   vice                      oval:gov.nist.fdcc.xp:def:219




oval:gov.nist.1:def:220




oval:gov.nist.1:def:221




oval:gov.nist.1:def:222




oval:gov.nist.1:def:223   SSDPService                    oval:gov.nist.fdcc.xp:def:223
oval:gov.nist.1:def:224   TaskSchedulerService          oval:gov.nist.fdcc.xp:def:224




oval:gov.nist.1:def:225   TelnetService                 oval:gov.nist.fdcc.xp:def:225




oval:gov.nist.1:def:226   TerminalServicesService       oval:gov.nist.fdcc.xp:def:226



                          UniversalPlugAndPlayDeviceH
oval:gov.nist.1:def:227   ostService                  oval:gov.nist.fdcc.xp:def:227




                          WWWPublishingServicesServi
oval:gov.nist.1:def:228   ce                         oval:gov.nist.fdcc.xp:def:228
                          AnonymousEnumerationOfAcc
oval:gov.nist.1:def:88    ountsAndShares            oval:gov.nist.fdcc.xp:def:88




                          AnonymousEnumerationOfAcc
oval:gov.nist.1:def:87    ounts                     oval:gov.nist.fdcc.xp:def:87



                          anonymous_sid_name_translat
                          ion                         oval:gov.nist.fdcc.xp:def:77




oval:gov.nist.1:def:243   GuestAccountStatus            oval:gov.nist.fdcc.xp:def:243



oval:gov.nist.1:def:242




oval:gov.nist.1:def:71    LogonMessageTitle             oval:gov.nist.fdcc.xp:def:71




oval:gov.nist.1:def:70    LogonMessageText              oval:gov.nist.fdcc.xp:def:70
oval:gov.nist.1:def:110   AutomaticLogonDisabled       oval:gov.nist.fdcc.xp:def:110




                          DisableAutorunForAllDrives   oval:gov.nist.fdcc.xp:def:117




oval:gov.nist.1:def:113   AllowICMPRedirectsDisabled   oval:gov.nist.fdcc.xp:def:113
                          IPSourceRoutingProtectionLev
oval:gov.nist.1:def:111   el                           oval:gov.nist.fdcc.xp:def:111




oval:gov.nist.1:def:121   RouterDiscovery               oval:gov.nist.fdcc.xp:def:121




                          NoDefaultExemptForIPSecFilt
oval:gov.nist.1:def:116   ering                       oval:gov.nist.fdcc.xp:def:116




oval:gov.nist.1:def:117


                          LastUserNameNotDisplayedFo
oval:gov.nist.1:def:68    rLogon                     oval:gov.nist.fdcc.xp:def:68




oval:gov.nist.1:def:114   HideFromBrowseList            oval:gov.nist.fdcc.xp:def:114




                          AutomaticDetectionOfDeadG
oval:gov.nist.1:def:112   Ws                            oval:gov.nist.fdcc.xp:def:112




oval:gov.nist.1:def:115   KeepAliveTime                 oval:gov.nist.fdcc.xp:def:115
oval:gov.nist.1:def:118   NameReleaseRequests        oval:gov.nist.fdcc.xp:def:118




                          EnablePMTUDiscovery        oval:gov.nist.fdcc.xp:def:407




oval:gov.nist.1:def:124   SynAttackProtectionLevel   oval:gov.nist.fdcc.xp:def:124




oval:gov.nist.1:def:127   EventLogThresholdWarning   oval:gov.nist.fdcc.xp:def:127




oval:gov.nist.1:def:122   SafeDLLSearchMode          oval:gov.nist.fdcc.xp:def:122
                         Always-Use-Classic-Logon        oval:gov.nist.fdcc.xp:def:6686




                         prohibit_installation_network_b oval:gov.nist.fdcc.xp:def:33669
                         ridge                           91




                         AllowServerOperatorsToSched oval:gov.nist.fdcc.xp:def:60824
                         uleTasks                    0



                         RenameAdministrator             oval:gov.nist.fdcc.xp:def:6022


                         RenameGuest                     oval:gov.nist.fdcc.xp:def:6023




oval:gov.nist.1:def:83   session_timeout                 oval:gov.nist.fdcc.xp:def:83




oval:gov.nist.1:def:45   AuditAccessToGlobalObjects      oval:gov.nist.fdcc.xp:def:45
                          AuditBackupAndRestorePrivile
oval:gov.nist.1:def:52    ge                           oval:gov.nist.fdcc.xp:def:52




oval:gov.nist.1:def:69    RequireCTRL_ALT_DEL            oval:gov.nist.fdcc.xp:def:69




oval:gov.nist.1:def:97,   LANManagerAuthenticationLev
oval:gov.nist.1:def:96    el-RefuseLM_NTLM            oval:gov.nist.fdcc.xp:def:96




                          PreventUsersFromInstallingPri
oval:gov.nist.1:def:56    nterDrivers                   oval:gov.nist.fdcc.xp:def:56




oval:gov.nist.1:def:101   RecoveryConsoleAutoLogon       oval:gov.nist.fdcc.xp:def:101




                          RecoveryConsoleFullSystemA
oval:gov.nist.1:def:102   ccess                      oval:gov.nist.fdcc.xp:def:102




oval:gov.nist.1:def:102   RestrictCDROMAccess            oval:gov.nist.fdcc.xp:def:58




oval:gov.nist.1:def:59    RestrictFloppyAccess           oval:gov.nist.fdcc.xp:def:59




                          InternalSystemObjectsPermiss
oval:gov.nist.1:def:109   ions                         oval:gov.nist.fdcc.xp:def:109
oval:gov.nist.1:def:66    require_strong_session_key     oval:gov.nist.fdcc.xp:def:66




oval:gov.nist.1:def:82    unencrypted_smb_passwords oval:gov.nist.fdcc.xp:def:82



                          UnsignedDriverInstallationBeh
oval:gov.nist.1:def:60    avior                         oval:gov.nist.fdcc.xp:def:60




oval:gov.nist.1:def:74    password_expiration_prompt     oval:gov.nist.fdcc.xp:def:74



                          ShutDownIfUnableToLogSecur
                          ityAudits                  oval:gov.nist.fdcc.xp:def:6027




oval:gov.nist.1:def:103   shutdown_without_logon         oval:gov.nist.fdcc.xp:def:103




oval:gov.nist.1:def:104   ClearPagefileOnShutdown        oval:gov.nist.fdcc.xp:def:104



                          client_always_sign_communic
oval:gov.nist.1:def:79    ations                      oval:gov.nist.fdcc.xp:def:79



                          SignCommunicationsIfServerA
oval:gov.nist.1:def:81    grees                       oval:gov.nist.fdcc.xp:def:81



                          server_always_sign_communic
oval:gov.nist.1:def:84    ations                      oval:gov.nist.fdcc.xp:def:84
                          SignCommunicationsIfClientAg
oval:gov.nist.1:def:85    rees                         oval:gov.nist.fdcc.xp:def:85




oval:gov.nist.1:def:72    previous_logons_cached         oval:gov.nist.fdcc.xp:def:72




oval:gov.nist.1:def:43,
oval:gov.nist.1:def:44




                          always_digitally_encrypt_secur
oval:gov.nist.1:def:61    e_channel_data                 oval:gov.nist.fdcc.xp:def:61




                          WhenPossibleDigitallyEncrypt
oval:gov.nist.1:def:62    SecureChannelData              oval:gov.nist.fdcc.xp:def:62




                          WhenPossibleDigitallySignSec
oval:gov.nist.1:def:63    ureChannelData               oval:gov.nist.fdcc.xp:def:63




oval:gov.nist.1:def:78    smart_card_removal             oval:gov.nist.fdcc.xp:def:78




                          MachineAccountPasswordCha
oval:gov.nist.1:def:64    nges                      oval:gov.nist.fdcc.xp:def:64




oval:gov.nist.1:def:105   FIPSCompliantEncryption        oval:gov.nist.fdcc.xp:def:105
                          AdministratorsGroupObjectCre
oval:gov.nist.1:def:106   atorOwner                    oval:gov.nist.fdcc.xp:def:106




oval:gov.nist.1:def:107   RequireCaseInsensitivity       oval:gov.nist.fdcc.xp:def:107




oval:gov.nist.1:def:42    LimitBlankPassword             oval:gov.nist.fdcc.xp:def:42




oval:gov.nist.1:def:53    AllowUndockWithoutLogin        oval:gov.nist.fdcc.xp:def:53



                          LDAPServerSigningRequireme oval:gov.nist.fdcc.xp:def:60824
                          nts                        1



                          LDAPClientSigningRequireme
oval:gov.nist.1:def:98    nts                        oval:gov.nist.fdcc.xp:def:98



                          RefuseMachineAccountPassw oval:gov.nist.fdcc.xp:def:60824
                          ordChanges                2



                          maximum_machine_account_
oval:gov.nist.1:def:65    password_age             oval:gov.nist.fdcc.xp:def:65




                          domain_controller_authenticati
oval:gov.nist.1:def:75    on_required                    oval:gov.nist.fdcc.xp:def:75




oval:gov.nist.1:def:86    LogonTimeExpiration            oval:gov.nist.fdcc.xp:def:86
oval:gov.nist.1:def:89    CredentialsStorage            oval:gov.nist.fdcc.xp:def:89




oval:gov.nist.1:def:90    AnonymousUsersPermissions oval:gov.nist.fdcc.xp:def:90




                          AnonymouslyAccessedNamed
oval:gov.nist.1:def:91    Pipes                    oval:gov.nist.fdcc.xp:def:91




                          RemotelyAccessibleRegistryPa
oval:gov.nist.1:def:92    ths                          oval:gov.nist.fdcc.xp:def:92




oval:gov.nist.1:def:93    AnonymouslyAccessedShares oval:gov.nist.fdcc.xp:def:93




oval:gov.nist.1:def:94    LocalAccountsSecurityModel    oval:gov.nist.fdcc.xp:def:94




oval:gov.nist.1:def:95    LANManagerHashStorage         oval:gov.nist.fdcc.xp:def:95



oval:gov.nist.1:def:244   ForceLogoff                   oval:gov.nist.fdcc.xp:def:244
                          ntlm_ssp_based_client_sessio
oval:gov.nist.1:def:99    n_security                   oval:gov.nist.fdcc.xp:def:99




                          ntlm_ssp_based_servers_sess
oval:gov.nist.1:def:100   ion_security                oval:gov.nist.fdcc.xp:def:100




oval:gov.nist.1:def:123   Screen-Saver-timeout          oval:gov.nist.fdcc.xp:def:6708
Disable-IE-security-prompt-
Windows-Installer-scripts     oval:gov.nist.fdcc.xp:def:6120


Enable-User-Control-over-
installs                      oval:gov.nist.fdcc.xp:def:6121




                              oval:gov.nist.fdcc.xp:def:61226
prevent_automatic_updates     1222
do_not_automatically_start_wi oval:gov.nist.fdcc.xp:def:61226
ndows_messenger_initially     1224




set-client-connection-
encryption-level               oval:gov.nist.fdcc.xp:def:6600
set-timelimit-for-disconnected-
sessions                        oval:gov.nist.fdcc.xp:def:6726


set-timelimit-for-active-but-idle-
TerminalServices-sessions          oval:gov.nist.fdcc.xp:def:6725




solicited_remote_assistance      oval:gov.nist.fdcc.xp:def:6564




offer_remote_assistance          oval:gov.nist.fdcc.xp:def:6563


turn_off_windows_error_reporti
ng                             oval:gov.nist.fdcc.xp:def:6683

kerberos_enforce_user_logon_ oval:gov.nist.fdcc.xp:def:98765
restrictions                 1

kerberos_maximum_lifetime_s oval:gov.nist.fdcc.xp:def:98765
ervice_ticket               2

kerberos_maximum_lifetime_u oval:gov.nist.fdcc.xp:def:98765
ser_ticket                  3
kerberos_maximum_lifetime_u oval:gov.nist.fdcc.xp:def:98765
ser_ticket_renewal          4

kerberos_maximum_tolerance
_computer_clock_synchronizat oval:gov.nist.fdcc.xp:def:98765
ion                          5
Create-Global-
Objects_Administrators-
SERVICE-LocalService-
NetworkService               oval:gov.nist.fdcc.xp:def:6626

ImpersonateClientAfterAuthenti
cation-
SERVICE_Administrators         oval:gov.nist.fdcc.xp:def:6640




                               oval:gov.nist.fdcc.xp:def:60824
MachineAccessRestrictions      3




                               oval:gov.nist.fdcc.xp:def:60824
MachineLaunchRestrictions      4




RequireSmartCard               oval:gov.nist.fdcc.xp:def:6082
oval:gov.nist.1:def:125   TCPConnectionResponses       oval:gov.nist.fdcc.xp:def:125




oval:gov.nist.1:def:126   TCPMaxDataRetransmissions oval:gov.nist.fdcc.xp:def:126



oval:gov.nist.1:def:206



oval:gov.nist.1:def:207




oval:gov.nist.1:def:208
ErrorReportingService   oval:gov.nist.fdcc.xp:def:2111
oval:gov.nist.1:def:245   NetworkDDEService       oval:gov.nist.fdcc.xp:def:245




oval:gov.nist.1:def:246   NetworkDDEdsdmService   oval:gov.nist.fdcc.xp:def:246




oval:gov.nist.1:def:247   RasManService           oval:gov.nist.fdcc.xp:def:247
                          WebClientService              oval:gov.nist.fdcc.xp:def:2271




                          Wireless-Zero-Configuration   oval:gov.nist.fdcc.xp:def:2881



                          WMIPerformanceAdapter         oval:gov.nist.fdcc.xp:def:6719




oval:gov.nist.1:def:119   Disable8Dot3NameCreation      oval:gov.nist.fdcc.xp:def:119


                          rpc_endpoint_mapper_client_a
                          uthentication                oval:gov.nist.fdcc.xp:def:6566
Restrictions-for-
Unauthenticated-RPC-clients   oval:gov.nist.fdcc.xp:def:6565
mshta.exe-permissions           oval:gov.nist.fdcc.xp:def:1351



turn_off_microsoft_peer_to_pe
er_networking_services        oval:gov.nist.fdcc.xp:def:6662




prohibit_internet_connection_fi oval:gov.nist.fdcc.xp:def:33669
rewall                          92



                                oval:gov.nist.fdcc.xp:def:33669
display_error_notification      94




internet_explorer_maintenance
_policy_processing_enabled    oval:gov.nist.fdcc.xp:def:6671




registry_policy_processing      oval:gov.nist.fdcc.xp:def:6672


Turn-Off-Automatic-Root-
Certificates-Update             oval:gov.nist.fdcc.xp:def:6674
Turn-off-downloading-of-print-
drivers-over-HTTP                oval:gov.nist.fdcc.xp:def:6572


Turn-Off-Event-Views-
Events.asp-Links                 oval:gov.nist.fdcc.xp:def:6675



Turn-Off-Internet-Connection-
Wizard-if-URL-Connection-is-
Referring-to-Microsoft.com       oval:gov.nist.fdcc.xp:def:6679

Turn-off-Internet-download-for-
Web-publishing-and-online-
ordering-wizards                oval:gov.nist.fdcc.xp:def:6568


Turn-Off-Internet-File-
Association-Service              oval:gov.nist.fdcc.xp:def:6680



Turn-off-printing-over-HTTP      oval:gov.nist.fdcc.xp:def:6571



Turn-Off-Registration-if-URL-
Connection-is-Referring-to-
Microsoft.com                    oval:gov.nist.fdcc.xp:def:6681


Turn-off-Search-Companion-
content-file-updates             oval:gov.nist.fdcc.xp:def:6570


Turn-Off-the-Order-Prints-
Picture-Task                     oval:gov.nist.fdcc.xp:def:6682


Turn-off-the-Publish-to-Web-
task-for-files-and-folders       oval:gov.nist.fdcc.xp:def:6567
Turn-off-the-Windows-
Messenger-Customer-
Experience-Improvement-
Program                          oval:gov.nist.fdcc.xp:def:6569
Turn-Off-Windows-Movies-
Maker-Automatic-Codec-
Downloads                       oval:gov.nist.fdcc.xp:def:6696


Turn-Off-Windows-Movie-
Maker-Online-Web-Links          oval:gov.nist.fdcc.xp:def:6684


turn_off_windows_movie_mak
er_saving_to_online_video_ho
sting_provider               oval:gov.nist.fdcc.xp:def:6697


Turn-off-Windows-Update-
device-driver-searching         oval:gov.nist.fdcc.xp:def:6573



Do-Not-Process-Run-Once-
List                            oval:gov.nist.fdcc.xp:def:6561


Do-Not-Display-the-Getting-
Started-Welcome-Screen-at-
Logon                           oval:gov.nist.fdcc.xp:def:6687



Prevent-IIS-Installation        oval:gov.nist.fdcc.xp:def:6107


Turn-off-downloading-
enclosures                      oval:gov.nist.fdcc.xp:def:6110



do_not_allow_passwords_to_b
e_saved                     oval:gov.nist.fdcc.xp:def:6596


turn_off_shell_protocol_protect
ed_mode                         oval:gov.nist.fdcc.xp:def:6119



prohibit_non_administrators_in
stall_signed_updates           oval:gov.nist.fdcc.xp:def:6122
do_not_show_first_use_dialog oval:gov.nist.fdcc.xp:def:61226
_boxes                       1221



prevent_desktop_shortcut_cre oval:gov.nist.fdcc.xp:def:61226
ation                        1223


password_protect_the_screen
_saver                      oval:gov.nist.fdcc.xp:def:6707



prompt_for_password_on_resu
me_from_hibernate_suspend oval:gov.nist.fdcc.xp:def:6714


do_not_preserve_zone_inform
ation_in_file_attachments   oval:gov.nist.fdcc.xp:def:6502



hide_mechanisms_to_remove
_zone_information         oval:gov.nist.fdcc.xp:def:6503


notify_antivirus_programs_whe
n_opening_attachments         oval:gov.nist.fdcc.xp:def:6504
 FDCC Windows XP         FDCC Windows XP
Firewall XCCDF (fdcc-   Firewall OVAL (fdcc-
  accepted-content-      accepted-content-
    20080110\fdcc-         20080110\fdcc-
xpfirewall-xccdf.xml)   xpfirewall-oval.xml)
protect_all_network_connectio oval:gov.nist.fdcc.xpfirewall:def
ns_domain_profile             :5000




allow_local_program_exceptio oval:gov.nist.fdcc.xpfirewall:def
ns_domain_profile            :5003



allow_remote_administration_e oval:gov.nist.fdcc.xpfirewall:def
xceptions_domain_profile      :5004

allow_file_print_sharing_excep oval:gov.nist.fdcc.xpfirewall:def
tions_domain_profile           :5005

allow_icm_exceptions_domain oval:gov.nist.fdcc.xpfirewall:def
_profile                    :5006



allow_remote_desktop_excepti oval:gov.nist.fdcc.xpfirewall:def
ons_domain_profile           :5007

allow_upnp_framework_except oval:gov.nist.fdcc.xpfirewall:def
ions_domain_profile         :5008



prohibit_notifications_domain_ oval:gov.nist.fdcc.xpfirewall:def
profile                        :5009




allow_logging_log_dropped_pa oval:gov.nist.fdcc.xpfirewall:def
ckets_domain_profile         :5014
allow_logging_log_path_domai oval:gov.nist.fdcc.xpfirewall:def
n_profile                    :5017




allow_logging_log_size_domai oval:gov.nist.fdcc.xpfirewall:def
n_profile                    :5016




allow_logging_log_successful_ oval:gov.nist.fdcc.xpfirewall:def
connections_domain_profile    :5015



prohibit_unicast_response_to_
multicast_or_broadcast_reque oval:gov.nist.fdcc.xpfirewall:def
sts_domain_profile            :5011

define_port_exceptions_domai oval:gov.nist.fdcc.xpfirewall:def
n_profile                    :6008

allow_local_port_exceptions_d oval:gov.nist.fdcc.xpfirewall:def
omain_profile                 :5013

ProtectAllNetworkConnections oval:gov.nist.fdcc.xpfirewall:def
StandardProfile              :5100

DoNotAllowExceptionsStandar oval:gov.nist.fdcc.xpfirewall:def
dProfile                    :5101

AllowLocalProgramExceptions oval:gov.nist.fdcc.xpfirewall:def
StandardProfile             :5103

AllowRemoteAdministrationExc oval:gov.nist.fdcc.xpfirewall:def
eptionsStandardProfile       :51041
AllowFilePrintSharingException oval:gov.nist.fdcc.xpfirewall:def
sStandardProfile               :5105




AllowICMPExceptionsStandard oval:gov.nist.fdcc.xpfirewall:def
Profile                     :5106

AllowRemoteDesktopExceptio oval:gov.nist.fdcc.xpfirewall:def
nsStandardProfile          :5107

AllowUPnPframeworkExceptio oval:gov.nist.fdcc.xpfirewall:def
nsStandardProfile          :5108



ProhibitNotificationsStandardPr oval:gov.nist.fdcc.xpfirewall:def
ofile                           :5109




                                 mm



ProhibitUnicastResponseToMu
lticastOrBroadcastRequestsSt oval:gov.nist.fdcc.xpfirewall:def
andardProfile                :5111
AllowLocalPortExceptionsStan oval:gov.nist.fdcc.xpfirewall:def
dardProfile                  :5113

								
To top