[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-3043-7
The startup type of the Terminal Services service should be correct.

CCE-2811-8
The Telephony service should be enabled or disabled as appropriate.

CCE-5200-1
Turn off downloading of print drivers over HTTP

CCE-2713-6
The startup type of the ClipBook service should be correct.

CCE-3208-6
The "Maximum tolerance for computer clock synchronization" policy should be set correctly.

CCE-2210-3
The "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services.

CCE-3065-0
The MS Software Shadow Copy Provider service should be enabled or disabled as appropriate.

CCE-3163-3
The Windows Management Instrumentation service should be enabled or disabled as appropriate.

CCE-3030-4
The startup type of the Remote Registry service should be correct.

CCE-3087-4
Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured.

CCE-2552-8
The "Always Install with Elevated Privileges" policy should be set correctly.

CCE-4224-2
Turn off the Windows Messenger Customer Experience Improvement Program

CCE-3047-8
The Application Management service should be enabled or disabled as appropriate.

CCE-4513-8
Turn off printing over HTTP

CCE-3265-6
The WMI Performance Adapter service should be enabled or disabled as appropriate.

CCE-2321-8
The System Restore Service should be enabled or disabled as appropriate.

CCE-4997-3
The "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly.

CCE-2071-9
The startup type of the Net Logon service should be correct.

CCE-3034-6
The startup type of the Alerter service should be correct.

CCE-5022-9
The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.

CCE-3056-9
The startup type of the NTLM Security Support Provider service should be correct.

CCE-2708-6
The "Maximum Service Ticket Litfetime" policy should be set correctly.

CCE-2326-7
The startup type of the Telnet service should be correct.

CCE-18307-9
The Windows XP 'SimpleTCP Services' component should be installed or not installed as appropriate.

CCE-3016-3
The startup type of the IIS Admin service should be correct.

CCE-3038-7
The "Enable Error Reporting" policy should be set correctly.

CCE-3003-1
The Human Interface Device Access service should be enabled or disabled as appropriate.

CCE-8375-8
The "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly.

CCE-3221-9
The Uninterruptable Power Supply service should be enabled or disabled as appropriate.

CCE-3256-5
The Windows Audio service should be enabled or disabled as appropriate.

CCE-18173-5
The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly.

CCE-5194-6
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.

CCE-2779-7
The startup type of the SNMP Service service should be correct.

CCE-2940-5
The startup type of the Remote Access Auto connection Manager service should be correct.

CCE-2526-2
DEPRECATED in favor of CCE-4500-5.

CCE-2997-5
The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services.

CCE-3171-6
The Application Layer Gateway Service should be enabled or disabled as appropriate.

CCE-3073-4
The Logical Disk Manager Administrative Service should be enabled or disabled as appropriate.

CCE-4482-6
The "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.

CCE-2988-4
The Upload Manager service should be enabled or disabled as appropriate.

CCE-3203-7
The Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate.

CCE-3291-2
The WebClient service should be enabled or disabled as appropriate.

CCE-3007-2
The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2494-3
The Wireless Zero Configuration service should be enabled or disabled as appropriate.

CCE-4242-4
The "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly.

CCE-2255-8
The startup type of the Remote Desktop Help Session Manager service should be correct.

CCE-3262-3
Standard Profile: Allow file and printer sharing exception (SP2 only)

CCE-2233-5
The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct.

CCE-3031-2
Automatic Execution of the System Debugger should be properly configured.

CCE-8400-4
The "Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog box" setting should be configured correctly.

CCE-4641-7
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-5136-7
The "Display Error Notification" setting should be configured correctly.

CCE-2910-8
The startup type of the Indexing service should be correct.

CCE-2397-8
The Workstation service should be enabled or disabled as appropriate.

CCE-2705-2
DEPRECATED in favor of CCE-5407-2, CCE-5441-1.

CCE-2803-5
The "Maximum User Ticket Lifetime" policy should be set correctly.

CCE-8261-0
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services.

CCE-3035-3
The startup type of the Routing and Remote Access service should be correct.

CCE-2455-4
The "Do Not Automatically Start Windows Messenger" policy should be set correctly.

CCE-3070-0
Computer Browser ResetBrowser Frames should be properly configured.

CCE-5055-9
Turn off Search Companion content file updates

CCE-3137-7
Administrative Shares should be enabled or disabled as appropriate.

CCE-2567-6
The Removable Storage service should be enabled or disabled as appropriate.

CCE-3235-9
Standard Profile: Allow UPnP framework exception (SP2 only)

CCE-3159-1
The Windows Installer service should be enabled or disabled as appropriate.

CCE-3026-2
The startup type of the Internet Connection Sharing service should be correct.

CCE-5099-7
Turn off Internet download for Web publishing and online ordering wizards

CCE-5042-7
Hide mechanisms to remove zone information should be set correcly.

CCE-2985-0
The startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct.

CCE-2950-4
The startup type of the Fast User Switching service should be correct.

CCE-3146-8
The Volume Shadow Copy service should be enabled or disabled as appropriate.

CCE-4953-6
The "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.

CCE-3048-6
The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct.

CCE-3074-2
The Security Accounts Manager service should be enabled or disabled as appropriate.

CCE-2830-8
The "Set Safe for Scripting" policy should be set correctly.

CCE-2407-5
The "Do Not Allow Local Administrators to Customize Permissions" policy should be set correctly for Terminal Services.

CCE-18962-1
The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly.

CCE-2989-2
Standard Profile: Allow local port exceptions (SP2 only)

CCE-2639-3
The Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate.

CCE-18870-6
The Windows XP 'Internet Information Services' component should be installed or not installed as appropriate.

CCE-18149-5
The 'Configure Windows NTP Client\NtpServer' option should be configured correctly.

CCE-2835-7
The System Event Notification service should be enabled or disabled as appropriate.

CCE-3219-3
The Server service should be enabled or disabled as appropriate.

CCE-2826-6
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-3206-0
The QoS RSVP service should be enabled or disabled as appropriate.

CCE-3294-6
The Logical Disk Manager service should be enabled or disabled as appropriate.

CCE-3063-5
The "Maximum User Renewal Lifetime" policy should be set correctly.

CCE-4707-6
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-3289-6
The Portable Media Serial Number Service service should be enabled or disabled as appropriate.

CCE-5407-2
DEPRECATED. [Was: The POSIX subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.]

CCE-2937-1
The startup type of the Automatic Update service should be correct.

CCE-2661-7
The startup type of the SSDP Discovery service should be correct.

CCE-2892-8
The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services.

CCE-3241-7
The Smart Card service should be enabled or disabled as appropriate.

CCE-2301-0
The Help and Support service should be enabled or disabled as appropriate.

CCE-2915-7
The startup type of the Messenger service should be correct.

CCE-18959-7
The Windows XP 'Windows Media Center' component should be installed or not installed as appropriate.

CCE-3005-6
The "Strengthen Default Permissions of Global System Objects" policy should be set correctly.

CCE-3236-7
The Error Reporting Service should be enabled or disabled as appropriate.

CCE-3223-5
The Infrared Monitor service should be enabled or disabled as appropriate.

CCE-3245-8
The IPSEC Services service should be enabled or disabled as appropriate.

CCE-2840-7
The Network Connections service should be enabled or disabled as appropriate.

CCE-3267-2
The Network Location Awareness (NLA) service should be enabled or disabled as appropriate.

CCE-5054-2
The "Turn Off Automatic Root Certificates Update" setting should be configured correctly.

CCE-3195-5
The Themes service should be enabled or disabled as appropriate.

CCE-3205-2
The Protected Storage service should be enabled or disabled as appropriate.

CCE-2888-6
The startup type of the FTP Publishing service should be correct.

CCE-18099-2
DEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy ...

CCE-2154-3
Autoplay for Current User should be properly configured.

CCE-2831-6
The Smart Card Helper service should be enabled or disabled as appropriate.

CCE-2942-1
The startup type of the World Wide Web Publishing service should be correct.

CCE-4791-0
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.

CCE-18634-6
The 'Configure Windows NTP Client\Type' option should be configured correctly.

CCE-5072-4
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.

CCE-3116-1
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-4665-6
The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly.

CCE-4412-3
Do not preserve zone information in file attachments should be set correcly.

CCE-3153-4
The Distributed Link Tracking Client service should be enabled or disabled as appropriate.

CCE-2823-3
The Secondary Logon service should be enabled or disabled as appropriate.

CCE-5441-1
DEPRECATED. [Was: The OS/2 subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.]

CCE-3140-1
The Event Log service should be enabled or disabled as appropriate.

CCE-8326-1
The "Remove Security tab" setting should be configured correctly.

CCE-2934-8
The startup type of the Task Scheduler service should be correct.

CCE-3109-6
The "Enable Keep-Alive Messages" policy should be set correctly for Terminal Services.

CCE-3064-3
DEPRECATED in favor of CCE-2980-1.

CCE-2849-8
The startup type of the Fax service should be correct.

CCE-3184-9
The Distributed Transaction Coordinator service should be enabled or disabled as appropriate.

CCE-2880-3
The startup type of the Computer Browser service should be correct.

CCE-4732-4
The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly.

CCE-5121-9
The "Turn Off Internet File Association Service" setting should be configured correctly.

CCE-3122-9
The Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate.

CCE-4887-6
The "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.

CCE-2684-9
The "Do Not Allow Windows Messenger to be Run" policy should be set correctly.

CCE-3144-3
The Performance Logs and Alerts service should be enabled or disabled as appropriate.

CCE-5014-6
Turn off Windows Update device driver searching

CCE-2520-5
The startup type of the SNMP Trap Service service should be correct.

CCE-3068-4
The "Cache Transforms in Secure Location" policy should be set correctly.

CCE-8406-1
The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate.

CCE-2795-3
Local volumes should be formatted correctly.

CCE-2599-9
The Windows Time service should be enabled or disabled as appropriate.

CCE-3131-0
The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate.

CCE-2818-3
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

CCE-18782-3
The 'Allow users to connect remotely using Terminal Services' setting should be configured correctly.

CCE-3126-0
The Remote Procedure Call (RPC) service should be enabled or disabled as appropriate.

CCE-3028-8
The "Do Not Allow New Client Connections" policy should be set correctly for Terminal Services.

CCE-3081-7
Standard Profile: Allow ICMP exceptions (SP2 only)

CCE-2173-3
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

CCE-2423-2
Autoplay for Default User should be properly configured.

CCE-4581-5
The "Turn off downloading of enclosures" setting should be configured correctly.

CCE-2774-8
Show Shared Internet Connection Access UI should be properly configured.

CCE-3148-4
The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate.

CCE-3113-8
The Cryptographic Services service should be enabled or disabled as appropriate.

CCE-2449-7
The startup type of the Simple TCP/IP service should be correct.

CCE-18167-7
The Windows XP 'Games' component should be installed or not installed as appropriate.

CCE-2280-6
The startup type of the Print Services for Unix service should be correct.

CCE-5053-4
Group Policy - Registry policy processing

CCE-18692-4
The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly.

CCE-3037-9
The startup type of the Internet Connection Firewall service should be correct.

CCE-3100-5
Use Classic Logon should be properly configured.

CCE-2756-5
The DHCP Client service should be enabled or disabled as appropriate.

CCE-3183-1
Standard Profile: Allow local program exceptions (SP2 only)

CCE-2427-3
The startup type of the Remote Shell service should be correct.

CCE-8574-6
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" setting should be configured correctly.

CCE-18306-1
The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly.

CCE-2053-7
The startup type of the .NET Framework service should be correct.

CCE-18559-5
The 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly.

CCE-3104-7
The Remote Access Connection Manager service should be enabled or disabled as appropriate.

CCE-5160-7
The "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly.

CCE-2944-7
The "increase scheduling priority" user right should be assigned to the correct accounts.

CCE-2387-9
The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned.

CCE-2726-8
The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned.

CCE-2352-3
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned.

CCE-1937-2
The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned.

CCE-1924-0
The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned.

CCE-2824-1
ICMP Redirects should be properly configured.

CCE-2374-7
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-2147-7
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-2178-2
The required permissions for the file %SystemRoot%\System32\net.exe should be assigned.

CCE-2739-1
The required permissions for the directory %SystemRoot%\security should be assigned.

CCE-2802-7
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-2792-0
The "deny logon as a service" user right should be assigned to the correct accounts.

CCE-2957-9
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-2859-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned.

CCE-3150-0
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-2935-5
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-2704-5
The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned.

CCE-2561-9
The required permissions for the directory %AllUsersProfile%\DRM should be assigned.

CCE-2948-8
The "log on as a service" user right should be assigned to the correct accounts.

CCE-2815-9
The correct service permissions for the ClipBook service should be assigned.

CCE-2926-4
The "LAN Manager Authentication Level" policy should be set correctly.

CCE-2881-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned.

CCE-2619-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned.

CCE-3110-4
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-2672-4
The required permissions for the file %SystemRoot%\System32\net1.exe should be assigned.

CCE-3132-8
IP Source Routing should be properly configured.

CCE-2806-8
The "bypass traverse checking" user right should be assigned to the correct accounts.

CCE-2312-7
The required permissions for the file %SystemRoot%\System32\attrib.exe should be assigned.

CCE-3021-3
The correct service permissions for the Remote Registry service should be assigned.

CCE-2334-1
The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned.

CCE-2565-0
The required permissions for the file %SystemDrive%\Documents and Settings should be assigned.

CCE-2894-4
The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned.

CCE-2775-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned.

CCE-2206-1
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate..

CCE-2993-4
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-2620-3
The required permissions for the directory %AllUsersProfile%\Application Data should be assigned.

CCE-2446-3
The "load and unload device drivers" user right should be assigned to the correct accounts.

CCE-2699-7
The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned.

CCE-2797-9
The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned.

CCE-2740-9
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned.

CCE-2918-1
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..

CCE-2313-5
The "Prevent System Maintenance of Computer Account Password" policy should be set correctly.

CCE-2873-8
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-2886-0
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

CCE-2731-8
The required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned.

CCE-2392-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned.

CCE-2766-4
Auditing of "object access" events on failure should be enabled or disabled as appropriate..

CCE-1973-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned.

CCE-2753-2
The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned.

CCE-2085-9
The required permissions for the directory %SystemDrive% should be assigned.

CCE-1960-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned.

CCE-2864-7
The "debug programs" user right should be assigned to the correct accounts.

CCE-3025-4
The built-in Guest account should be correctly named.

CCE-2788-8
The required permissions for the file %SystemRoot%\System32\subst.exe should be assigned.

CCE-3123-7
The "Refuse machine account password change" policy should be set correctly.

CCE-2050-3
If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2428-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned.

CCE-3051-0
The correct service permissions for the WWW Publishing service should be assigned.

CCE-2842-3
The "Default owner for objects created by members of the Administrators group" policy should be set correctly.

CCE-2899-3
The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned.

CCE-3118-7
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-2076-8
The correct service permissions for the Alerter service should be assigned.

CCE-2396-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned.

CCE-1916-6
The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned.

CCE-2855-5
The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned.

CCE-2757-3
The required permissions for the file %SystemRoot%\Offline Web Pages should be assigned.

CCE-2966-0
If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2250-9
The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned.

CCE-2700-3
The "deny logon locally" user right should be assigned to the correct accounts.

CCE-2833-2
The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned.

CCE-3029-6
The correct service permissions for the Universal Plug and Play service should be assigned.

CCE-1925-7
The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned.

CCE-2749-0
The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned.

CCE-2834-0
The "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.

CCE-2736-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned.

CCE-2945-4
The correct service permissions for the SNMP Trap service should be assigned.

CCE-2638-5
The required permissions for the directory %SystemRoot%\Temp should be assigned.

CCE-2691-4
The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned.

CCE-2847-2
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-3186-4
The "Interactive logon: Requre smart card" setting should be configured correctly.

CCE-3088-2
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-3053-6
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-2299-6
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-2366-3
The "shut down the system" user right should be assigned to the correct accounts.

CCE-1849-9
The required permissions for the directory %AllUsersProfile% should be assigned.

CCE-1969-5
The "create permanent shared objects" user right should be assigned to the correct accounts.

CCE-2660-9
The required permissions for the directory %SystemRoot%\System32 should be assigned.

CCE-2901-7
The screen saver should be enabled or disabled as appropriate for the default user.

CCE-2727-6
The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned.

CCE-2780-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned.

CCE-2220-2
The required permissions for the file %SystemRoot%\System32\reg.exe should be assigned.

CCE-2718-5
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3013-0
The "Delete Cached Copies of Roaming Profiles" policy should be set correctly.

CCE-2771-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned.

CCE-3111-2
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

CCE-2673-2
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned.

CCE-2891-0
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CCE-2379-6
The "access this computer from the network" user right should be assigned to the correct accounts.

CCE-2202-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned.

CCE-2344-0
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-2597-3
The required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned.

CCE-2793-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned.

CCE-3133-6
The "Smart Card Removal Behavior" policy should be set correctly.

CCE-1943-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned.

CCE-2139-4
The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned.

CCE-1978-6
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

CCE-3155-9
The "Remotely accessible registry paths" policy should be set correctly.

CCE-2829-0
The "log on locally" user right should be assigned to the correct accounts.

CCE-2882-9
The "log on as a batch job" user right should be assigned to the correct accounts.

CCE-3057-7
The correct service permissions for the FTP Publishing service should be assigned.

CCE-3022-1
The correct service permissions for the Background Intelligent Transfer service should be assigned.

CCE-2335-8
The "remove computer from docking station" user right should be assigned to the correct accounts.

CCE-2762-3
The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned.

CCE-2300-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned.

CCE-2807-6
The "profile single process" user right should be assigned to the correct accounts.

CCE-2860-5
The "replace a process-level token" user right should be assigned to the correct accounts.

CCE-3044-5
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-2784-7
The required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned.

CCE-3017-1
TCP/IP PMTU Discovery should be properly configured.

CCE-2798-7
The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned.

CCE-2229-3
The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned.

CCE-2741-7
The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned.

CCE-2184-0
The required permissions for the file %SystemRoot%\System32\at.exe should be assigned.

CCE-2630-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned.

CCE-2207-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned.

CCE-2763-1
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned.

CCE-3004-9
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-2109-7
The required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned.

CCE-2238-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned.

CCE-2789-6
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-1863-0
The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned.

CCE-2425-7
The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned.

CCE-2621-1
The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned.

CCE-2710-2
Autoplay on all Drive Types should be properly configured.

CCE-3172-4
The "Require Domain Controller authentication to unlock workstation" policy should be set correctly.

CCE-2612-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned.

CCE-2745-8
The required permissions for the file %SystemDrive%\IO.SYS should be assigned.

CCE-2514-8
The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned.

CCE-2647-6
The required permissions for the directory %SystemRoot%\CSC should be assigned.

CCE-2732-6
The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned.

CCE-2941-3
The correct service permissions for the SNMP service should be assigned.

CCE-2634-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned.

CCE-2843-1
Auditing of "system" events on failure should be enabled or disabled as appropriate..

CCE-3106-2
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-3061-9
Security Audit log warning level should be properly configured.

CCE-3008-0
Auditing of "account logon" events on failure should be enabled or disabled as appropriate..

CCE-2264-0
The required permissions for the file %SystemRoot%\Prefetch should be assigned.

CCE-2758-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned.

CCE-2976-9
The correct service permissions for the Printer service should be assigned.

CCE-3128-6
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-2603-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned.

CCE-2175-8
The required permissions for the file %SystemRoot%\regedit.exe should be assigned.

CCE-2625-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned.

CCE-2856-3
Restricted Groups have been set on the system

CCE-2737-5
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

CCE-3130-2
The correct service permissions for the Terminal Services service should be assigned.

CCE-2692-2
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-2800-1
The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned.

CCE-8445-9
Access to registry editing tools should be set correctly.

CCE-2955-3
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-2857-1
The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned.

CCE-2759-9
Auditing of "policy change" events on failure should be enabled or disabled as appropriate..

CCE-2968-6
The "Allow Server Operators to Schedule Tasks" policy should be set correctly.

CCE-1815-0
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log should be assigned.

CCE-4270-5
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-2702-9
The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned.

CCE-2728-4
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned.

CCE-2911-6
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned.

CCE-2167-5
The "act as part of the operating system" user right should be assigned to the correct accounts.

CCE-2683-1
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-2813-4
The required permissions for the directory %SystemRoot%\System32\ias should be assigned.

CCE-3108-8
The correct service permissions for the Telnet service should be assigned.

CCE-2145-1
The required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned.

CCE-3161-7
The "Password protect the screen saver" setting should be configured correctly for the default user.

CCE-3036-1
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-2598-1
The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned.

CCE-2902-5
Auditing of "account management" events on success should be enabled or disabled as appropriate..

CCE-2804-3
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-2696-3
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned.

CCE-1846-5
The required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned.

CCE-5059-1
Notify antivirus programs when opening attachments should be set correcly.

CCE-3156-7
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-1966-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned.

CCE-3058-5
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-2706-0
The required permissions for the directory %ProgramFiles% should be assigned.

CCE-2563-5
The correct service permissions for the IIS Admin service should be assigned.

CCE-2105-5
The required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned.

CCE-2990-0
The correct service permissions for the Remote Desktop Help Session Manager service should be assigned.

CCE-1833-3
The required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned.

CCE-2750-8
The required permissions for the file %SystemDrive%\System Volume Information should be assigned.

CCE-2234-3
The required permissions for the file %SystemDrive%\NTLDR should be assigned.

CCE-2652-6
IRDP should be properly configured.

CCE-3010-6
The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.

CCE-2674-0
The required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned.

CCE-2247-5
The "manage auditing and security log" user right should be assigned to the correct accounts.

CCE-2172-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned.

CCE-2982-7
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts.

CCE-2119-6
The correct service permissions for the NetMeeting service should be assigned.

CCE-1842-4
The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned.

CCE-2568-4
The correct service permissions for the Computer Browser service should be assigned.

CCE-2907-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned.

CCE-2555-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned.

CCE-2809-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned.

CCE-2960-3
The "perform volume maintenance tasks" user right should be assigned to the correct accounts.

CCE-1909-1
The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned.

CCE-3027-0
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-2185-7
The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned.

CCE-2786-2
The "create a pagefile" user right should be assigned to the correct accounts.

CCE-2052-9
The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned.

CCE-2688-0
The "Digitally Sign Server Communication (When Possible)" policy should be set correctly.

CCE-2524-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned.

CCE-4952-8
The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned.

CCE-3049-4
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-2239-2
MSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted

CCE-2799-5
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-2973-6
The behavior surrounding Anonymous SID/Name translation should be correct.

CCE-2546-0
The required permissions for the file %SystemRoot%\System32\route.exe should be assigned.

CCE-2176-6
The required permissions for the file %SystemRoot%\System32\sc.exe should be assigned.

CCE-2590-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned.

CCE-2021-4
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

CCE-2537-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned.

CCE-2951-2
The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned.

CCE-3107-0
The "Create global objects" user right should be assigned to the correct accounts.

CCE-2768-0
The required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned.

CCE-3009-8
The "Allow undock without having to logon" policy should be set correctly.

CCE-2502-3
The correct service permissions for the Net Logon service should be assigned.

CCE-2657-5
The "modify firmware environment values" user right should be assigned to the correct accounts.

CCE-2287-1
The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned.

CCE-2844-9
The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned.

CCE-2483-6
The required permissions for the directory %ALL% should be assigned.

CCE-2626-0
The correct service permissions for the Automatic Updates service should be assigned.

CCE-2198-0
The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned.

CCE-2711-0
The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.

CCE-2613-8
The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned.

CCE-3071-8
The correct service permissions for the Fax service should be assigned.

CCE-2141-0
The correct service permissions for the Routing and Remote Access service should be assigned.

CCE-2921-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned.

CCE-3020-5
The "Allow Administrator to Install from Terminal Services Session" policy should be set correctly.

CCE-2484-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned.

CCE-3077-5
The correct service permissions for the Task Scheduler service should be assigned.

CCE-3099-9
The "Screen Saver Executable Name" setting should be configured correctly for the default user.

CCE-2969-4
The correct service permissions for the File Shares service should be assigned.

CCE-2716-9
The IMAPI CD-Burning COM Service should be enabled or disabled as appropriate.

CCE-2057-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned.

CCE-2836-5
The correct service permissions for the Indexing service should be assigned.

CCE-3162-5
The "Audit the access of global system objects" policy should be set correctly.

CCE-2475-2
The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned.

CCE-2738-3
The required permissions for the directory %SystemRoot%\Tasks should be assigned.

CCE-2595-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned.

CCE-2791-2
The "Create a token object" user right should be assigned to the correct accounts.

CCE-2912-4
The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned.

CCE-2814-2
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-2213-7
MSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged

CCE-2115-4
The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned.

CCE-2760-7
The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned.

CCE-2609-6
The "lock pages in memory" user right should be assigned to the correct accounts.

CCE-2070-1
The required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned.

CCE-2662-5
The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly.

CCE-2551-0
The "LDAP server signing requirements" policy should be set correctly.

CCE-2903-3
The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned.

CCE-2938-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned.

CCE-2805-0
The required permissions for the directory %SystemRoot%\repair should be assigned.

CCE-2782-1
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned.

CCE-2675-7
The "profile system performance" user right should be assigned to the correct accounts.

CCE-2773-0
The correct service permissions for the SMTP service should be assigned.

CCE-2991-8
The "LDAP client signing requirements" policy should be set correctly.

CCE-2893-6
Background Refresh of Group Policy should be properly configured.

CCE-2871-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned.

CCE-2916-5
TCP/IP SYN Flood Attack Protection should be properly configured.

CCE-3188-0
The "Enforce user logon restrictions" policy should be set correctly.

CCE-2401-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned.

CCE-2752-4
The required permissions for the file %SystemRoot%\Installer should be assigned.

CCE-2872-0
The required permissions for the directory %SystemRoot%\System32\Setup should be assigned.

CCE-2458-8
The required permissions for the file %SystemRoot%\System32\services.msc should be assigned.

CCE-2917-3
The "Display user information when the session is locked" setting should be configured correctly.

CCE-2787-0
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned.

CCE-2676-5
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned.

CCE-2983-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-2578-3
The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned.

CCE-2325-9
The required permissions for the directory %SystemRoot%\Registration should be assigned.

CCE-2885-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned.

CCE-2850-6
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned.

CCE-2547-8
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

CCE-3135-1
The built-in Administrator account should be correctly named.

CCE-2841-5
Safe DLL Search Mode should be properly configured.

CCE-2436-4
The required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned.

CCE-2160-0
The required permissions for the directory %SystemRoot% should be assigned.

CCE-2898-5
The "deny logon as a batch job" user right should be assigned to the correct accounts.

CCE-2974-4
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-2876-1
The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned.

CCE-2987-6
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-2480-2
The correct service permissions for the Messenger service should be assigned.

CCE-2329-1
The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned.

CCE-2952-0
System availability to Master Browser should be properly configured.

CCE-2623-7
The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned.

CCE-3019-7
If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2418-2
The required permissions for the directory %SystemRoot%\Debug should be assigned.

CCE-2747-4
The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned.

CCE-2930-6
Display Last User Name in Logon Screen should be properly configured.

CCE-2284-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned.

CCE-2943-9
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-3139-3
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-2845-6
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned.

CCE-2810-0
The "synchronize directory service data" user right should be assigned to the correct accounts.

CCE-3176-5
Domain Profile: Allow UPnP framework exception (SP2 only)

CCE-2846-4
The "change the system time" user right should be assigned to the correct accounts.

CCE-3274-8
The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.

CCE-3141-9
Domain Profile: Allow ICMP exceptions (SP2 only)

CCE-3198-9
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile.

CCE-2419-0
Automatic Reboot After System Crash should be properly configured.

CCE-2472-9
The "Message text for users attempting to log on" policy should be set correctly.

CCE-2343-2
Auditing of "logon" events on failure should be enabled or disabled as appropriate..

CCE-2890-2
The "Anonymous access to the system event log" policy should be set correctly.

CCE-2913-2
Auditing of "privilege use" events on success should be enabled or disabled as appropriate..

CCE-3012-2
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2828-2
Domain Profile: Allow local program exceptions

CCE-2116-2
The "restrict guest access to application log" policy should be set correctly.

CCE-2476-0
Domain Profile: Allow remote administration

CCE-2904-1
The application log maximum size should be configured correctly..

CCE-2796-1
The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled.

CCE-4500-5
The "Password protect the screen saver" setting should be configured correctly for the current user.

CCE-3154-2
Domain Profile: Protect all network connections (SP2 only)

CCE-2939-7
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..

CCE-2992-6
The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.

CCE-3247-4
Domain Profile: Allow file and printer sharing exception (SP2 only)

CCE-3114-6
The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly .

CCE-2971-0
Auditing of "policy change" events on success should be enabled or disabled as appropriate..

CCE-3136-9
Membership in the Remote Desktop Users group should be assigned to the appropriate accounts.

CCE-1840-8
The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled.

CCE-2851-4
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-4838-9
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-2174-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-2735-9
The "password must meet complexity requirments" policy should be set correctly.

CCE-2690-6
Membership in the Backup Operators group should be assigned to the appropriate accounts.

CCE-3066-8
Dr. Watson Crash Dumps should be properly configured.

CCE-2100-6
Auditing of "logon" events on success should be enabled or disabled as appropriate..

CCE-3284-7
Standard Profile: Protect all network connections (SP2 only)

CCE-2923-1
The log file path and name for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3151-8
The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

CCE-2958-7
The log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3040-3
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-2682-3
The required auditing for %SystemDrive% directory should be enabled.

CCE-2259-0
Auditing of "object access" events on success should be enabled or disabled as appropriate..

CCE-2949-6
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-5025-2
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-3000-7
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-2816-7
Auditing of "process tracking" events on success should be enabled or disabled as appropriate..

CCE-3231-8
Standard Profile: Define port exceptions (SP2 only)

CCE-2980-1
The "Screen Saver Timeout" setting should be configured correctly for the current user.

CCE-8515-9
The "Windows Firewall: Define program exceptions" policy should be configured correctly for the Domain Profile.

CCE-2906-6
Auditing of "account management" events on failure should be enabled or disabled as appropriate..

CCE-2808-4
The "Remote Control Settings" policy should be set correctly for Terminal Services.

CCE-3213-6
Standard Profile: Allow Remote Desktop exception (SP2 only)

CCE-2643-5
The "Anonymous access to the security event log" policy should be set correctly.

CCE-3092-4
Always Wait for the Network at Computer Startup and Logon should be properly configured.

CCE-2336-6
The "when maximum log size is reached" property should be set correctly for the Security log.

CCE-2994-2
The "enforce password history" policy should meet minimum requirements.

CCE-2896-9
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-7583-8
The "Windows Firewall: Outbound connections" policy should be configured correctly for the Domain profile.

CCE-3124-5
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-2972-8
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.

CCE-2776-3
Automatic Logon should be properly configured.

CCE-3119-5
The "Anonymous access to the application event log" policy should be set correctly.

CCE-3194-8
Domain Profile: Do not allow exceptions (SP2 only)

CCE-2767-2
The "generate security audits" user right should be assigned to the correct accounts.

CCE-2701-1
The "Users Prompted to Change Password Before Expiration" policy should be set correctly.

CCE-2878-7
Auditing of "system" events on success should be enabled or disabled as appropriate..

CCE-2723-5
the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices" setting should be configured correctly.

CCE-2954-6
Standard Profile: Allow remote administration exception (SP2 only)

CCE-4390-1
Prompt for password on resume from hibernate/suspend should be set correctly.

CCE-2933-0
Auditing of "directory service access" events on success should be enabled or disabled as appropriate..

CCE-3174-0
The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2354-9
The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services.

CCE-3304-3
Domain Profile: Allow Remote Desktop exception (SP2 only)

CCE-2794-6
The "restrict guest access to security log" policy should be set correctly.

CCE-2345-7
The "restrict guest access to system log" policy should be set correctly.

CCE-3134-4
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.

CCE-2959-5
The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.

CCE-2928-0
The "account lockout duration" policy should meet minimum requirements.

CCE-2981-9
The "minimum password length" policy should meet minimum requirements.

CCE-7598-6
The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly.

CCE-2764-9
The "Screen Saver Timeout" setting should be configured correctly for the default user.

CCE-3103-9
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile.

CCE-5032-8
Logon - Do not process the run once list

CCE-2862-1
Membership in the Power Users group should be assigned to the appropriate accounts.

CCE-3258-1
Domain Profile: Allow local port exceptions (SP2 only)

CCE-8364-2
Processing of the legacy run list on logon should be enabled or disabled as appropriate.

CCE-2777-1
The "when maximum log size is reached" property should be set correctly for the System log.

CCE-8440-0
The "Windows Firewall: Apply local firewall rules" policy should be configured correctly for the Domain profile.

CCE-3014-8
The "when maximum log size is reached" property should be set correctly for the Application log.

CCE-2986-8
The "account lockout threshold" policy should meet minimum requirements.

CCE-3097-3
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

CCE-4262-2
The "Prevent IIS Installation" setting should be configured correctly.

CCE-2439-8
The "minimum password age" policy should meet minimum requirements.

CCE-3280-5
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2559-3
The TCP/IP KeepAlive Time should be set correctly .

CCE-2866-2
Domain Profile: Define port exceptions (SP2 only)

CCE-3129-4
The "Limit Number of Connections" policy should be set correctly for Terminal Services.

CCE-4849-6
The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.

CCE-3084-1
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-2920-7
The "maximum password age" policy should meet minimum requirements.

CCE-3018-9
The "Maximum machine account password age" policy should be set correctly.

CCE-3055-1
The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-3273-0
Restrictions for Unauthenticated RPC clients (SP2 only)

CCE-2956-1
RPC Endpiont Mapper Client Authentication (SP2 only)

CCE-2573-4
The "Message title for users attempting to log on" policy should be set correctly.

CCE-2693-0
The security log maximum size should be configured correctly..

CCE-2925-6
CD-ROM Autorun should be properly configured.

CCE-3157-5
The amount of idle time required before disconnecting a session should be set correctly.

CCE-2466-1
The "reset account lockout counter after" policy should meet minimum requirements.

CCE-2707-8
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-3179-9
Standard Profile: Do not allow exceptions (SP2 only)

CCE-2453-9
The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly .

CCE-3011-4
The "Enable User to Use Media Source While Elevated" policy should be set correctly.

CCE-2444-8
Disable saving of dial-up passwords should be properly configured.

CCE-2293-9
The "Enable User to Patch Elevated Products" policy should be set correctly.

CCE-8374-1
CD Burning features in Windows Explorer should be enabled or disabled as appropriate.

CCE-2961-1
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-3090-8
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-2996-7
The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly.

CCE-7528-3
The "Configure Automatic Updates" setting should be configured correctly.

CCE-3085-8
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-2889-4
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-8147-1
The "Windows Firewall: Inbound connections" policy should be configured correctly for the Domain Profile.

CCE-3117-9
The "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer.

CCE-2965-2
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3170-8
The "Screen Saver Executable Name" setting should be configured correctly for the current user.

CCE-2867-0
Auditing of "account logon" events on success should be enabled or disabled as appropriate..

CCE-3094-0
The "Enable User Control Over Installs" policy should be set correctly.

CCE-3006-4
The system log maximum size should be configured correctly..

CVE    21
CVE-2002-2324
CVE-2007-1531
CVE-2006-6601
CVE-2007-6753
...
*CPE
cpe:/o:microsoft:windows_xp
OVAL    980
oval:org.mitre.oval:def:1
oval:org.mitre.oval:def:480
oval:org.secpod.oval:def:15087
oval:org.secpod.oval:def:15090
...
XCCDF    7
xccdf_gov.nist_benchmark_USGCB-Windows-XP-firewall
xccdf_org.secpod_benchmark_nerc_cip_Windows_XP
xccdf_gov.nist_benchmark_USGCB-Windows-XP
xccdf_org.secpod_benchmark_nist_windows_xp
...

© 2013 SecPod Technologies