Download
| Alert*
CCE-2387-9
The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. CCE-4390-1 Prompt for password on resume from hibernate/suspend should be set correctly. CCE-3176-5 Domain Profile: Allow UPnP framework exception (SP2 only) CCE-3130-2 The correct service permissions for the Terminal Services service should be assigned. CCE-2639-3 The Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate. CCE-2692-2 The "Disconnect clients when logon hours expire" policy should be set correctly. CCE-2800-1 The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned. CCE-8445-9 Access to registry editing tools should be set correctly. CCE-2726-8 The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned. CCE-3043-7 The startup type of the Terminal Services service should be correct. CCE-18870-6 The Windows XP 'Internet Information Services' component should be installed or not installed as appropriate. CCE-3274-8 The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate. CCE-2352-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned. CCE-2811-8 The Telephony service should be enabled or disabled as appropriate. CCE-3141-9 Domain Profile: Allow ICMP exceptions (SP2 only) CCE-1937-2 The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned. CCE-5200-1 Turn off downloading of print drivers over HTTP CCE-2857-1 The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned. CCE-2759-9 Auditing of "policy change" events on failure should be enabled or disabled as appropriate.. CCE-2968-6 The "Allow Server Operators to Schedule Tasks" policy should be set correctly. CCE-1815-0 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log should be assigned. CCE-2713-6 The startup type of the ClipBook service should be correct. CCE-4270-5 The "Turn off shell protocol protected mode" setting should be configured correctly. CCE-3198-9 The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile. CCE-3208-6 The "Maximum tolerance for computer clock synchronization" policy should be set correctly. CCE-1924-0 The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned. CCE-2210-3 The "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services. CCE-2824-1 ICMP Redirects should be properly configured. CCE-2702-9 The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned. CCE-2472-9 The "Message text for users attempting to log on" policy should be set correctly. CCE-18149-5 The 'Configure Windows NTP Client\NtpServer' option should be configured correctly. CCE-2933-0 Auditing of "directory service access" events on success should be enabled or disabled as appropriate.. CCE-2835-7 The System Event Notification service should be enabled or disabled as appropriate. CCE-2374-7 The "add workstations to domain" user right should be assigned to the correct accounts. CCE-3065-0 The MS Software Shadow Copy Provider service should be enabled or disabled as appropriate. CCE-3163-3 The Windows Management Instrumentation service should be enabled or disabled as appropriate. CCE-2178-2 The required permissions for the file %SystemRoot%\System32\net.exe should be assigned. CCE-3030-4 The startup type of the Remote Registry service should be correct. CCE-2343-2 Auditing of "logon" events on failure should be enabled or disabled as appropriate.. CCE-2739-1 The required permissions for the directory %SystemRoot%\security should be assigned. CCE-2802-7 The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. CCE-3174-0 The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile. CCE-2957-9 The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. CCE-2728-4 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned. CCE-2911-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned. CCE-2354-9 The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services. CCE-2859-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned. CCE-3087-4 Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured. CCE-2683-1 The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate. CCE-2813-4 The required permissions for the directory %SystemRoot%\System32\ias should be assigned. CCE-3219-3 The Server service should be enabled or disabled as appropriate. CCE-3304-3 Domain Profile: Allow Remote Desktop exception (SP2 only) CCE-2826-6 The "Disable Media Player for automatic updates" policy should be set correctly. CCE-3206-0 The QoS RSVP service should be enabled or disabled as appropriate. CCE-2935-5 The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. CCE-2704-5 The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned. CCE-3108-8 The correct service permissions for the Telnet service should be assigned. CCE-2145-1 The required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned. CCE-3294-6 The Logical Disk Manager service should be enabled or disabled as appropriate. CCE-2890-2 The "Anonymous access to the system event log" policy should be set correctly. CCE-2561-9 The required permissions for the directory %AllUsersProfile%\DRM should be assigned. CCE-3161-7 The "Password protect the screen saver" setting should be configured correctly for the default user. CCE-3063-5 The "Maximum User Renewal Lifetime" policy should be set correctly. CCE-4707-6 The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly. CCE-2598-1 The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned. CCE-2794-6 The "restrict guest access to security log" policy should be set correctly. CCE-2902-5 Auditing of "account management" events on success should be enabled or disabled as appropriate.. CCE-2345-7 The "restrict guest access to system log" policy should be set correctly. CCE-2552-8 The "Always Install with Elevated Privileges" policy should be set correctly. CCE-3134-4 The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile. CCE-4224-2 Turn off the Windows Messenger Customer Experience Improvement Program CCE-3289-6 The Portable Media Serial Number Service service should be enabled or disabled as appropriate. CCE-2696-3 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned. CCE-2913-2 Auditing of "privilege use" events on success should be enabled or disabled as appropriate.. CCE-2959-5 The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services. CCE-1846-5 The required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned. CCE-5059-1 Notify antivirus programs when opening attachments should be set correcly. CCE-2815-9 The correct service permissions for the ClipBook service should be assigned. CCE-3047-8 The Application Management service should be enabled or disabled as appropriate. CCE-4513-8 Turn off printing over HTTP CCE-3265-6 The WMI Performance Adapter service should be enabled or disabled as appropriate. CCE-3012-2 The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services. CCE-2881-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned. CCE-2321-8 The System Restore Service should be enabled or disabled as appropriate. CCE-1966-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned. CCE-2619-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned. CCE-2828-2 Domain Profile: Allow local program exceptions CCE-2116-2 The "restrict guest access to application log" policy should be set correctly. CCE-5407-2 DEPRECATED. [Was: The POSIX subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] CCE-2672-4 The required permissions for the file %SystemRoot%\System32\net1.exe should be assigned. CCE-2706-0 The required permissions for the directory %ProgramFiles% should be assigned. CCE-2937-1 The startup type of the Automatic Update service should be correct. CCE-2563-5 The correct service permissions for the IIS Admin service should be assigned. CCE-2105-5 The required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned. CCE-2990-0 The correct service permissions for the Remote Desktop Help Session Manager service should be assigned. CCE-4997-3 The "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly. CCE-2071-9 The startup type of the Net Logon service should be correct. CCE-2476-0 Domain Profile: Allow remote administration CCE-2661-7 The startup type of the SSDP Discovery service should be correct. CCE-2892-8 The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services. CCE-1833-3 The required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned. CCE-2904-1 The application log maximum size should be configured correctly.. CCE-3034-6 The startup type of the Alerter service should be correct. CCE-3241-7 The Smart Card service should be enabled or disabled as appropriate. CCE-3132-8 IP Source Routing should be properly configured. CCE-2750-8 The required permissions for the file %SystemDrive%\System Volume Information should be assigned. CCE-2301-0 The Help and Support service should be enabled or disabled as appropriate. CCE-2796-1 The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. CCE-5022-9 The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly. CCE-2234-3 The required permissions for the file %SystemDrive%\NTLDR should be assigned. CCE-4500-5 The "Password protect the screen saver" setting should be configured correctly for the current user. CCE-2652-6 IRDP should be properly configured. CCE-2915-7 The startup type of the Messenger service should be correct. CCE-18959-7 The Windows XP 'Windows Media Center' component should be installed or not installed as appropriate. CCE-2312-7 The required permissions for the file %SystemRoot%\System32\attrib.exe should be assigned. CCE-3010-6 The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly. CCE-3154-2 Domain Profile: Protect all network connections (SP2 only) CCE-2674-0 The required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned. CCE-3056-9 The startup type of the NTLM Security Support Provider service should be correct. CCE-3021-3 The correct service permissions for the Remote Registry service should be assigned. CCE-2708-6 The "Maximum Service Ticket Litfetime" policy should be set correctly. CCE-2939-7 Auditing of "process tracking" events on failure should be enabled or disabled as appropriate.. CCE-2334-1 The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned. CCE-2992-6 The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly. CCE-2565-0 The required permissions for the file %SystemDrive%\Documents and Settings should be assigned. CCE-2894-4 The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned. CCE-2172-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. CCE-2982-7 The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. CCE-2775-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned. CCE-2326-7 The startup type of the Telnet service should be correct. CCE-3247-4 Domain Profile: Allow file and printer sharing exception (SP2 only) CCE-2119-6 The correct service permissions for the NetMeeting service should be assigned. CCE-1842-4 The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned. CCE-2206-1 Auditing of "directory service access" events on failure should be enabled or disabled as appropriate.. CCE-2764-9 The "Screen Saver Timeout" setting should be configured correctly for the default user. CCE-2993-4 The "Do not store LAN Manager hash value on next password change" policy should be set correctly. CCE-3103-9 Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile. CCE-2568-4 The correct service permissions for the Computer Browser service should be assigned. CCE-2620-3 The required permissions for the directory %AllUsersProfile%\Application Data should be assigned. CCE-3005-6 The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. CCE-3236-7 The Error Reporting Service should be enabled or disabled as appropriate. CCE-2862-1 Membership in the Power Users group should be assigned to the appropriate accounts. CCE-2699-7 The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned. CCE-2797-9 The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned. CCE-3114-6 The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . CCE-2907-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned. CCE-2555-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned. CCE-2809-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. CCE-18307-9 The Windows XP 'SimpleTCP Services' component should be installed or not installed as appropriate. CCE-3223-5 The Infrared Monitor service should be enabled or disabled as appropriate. CCE-3016-3 The startup type of the IIS Admin service should be correct. CCE-1909-1 The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned. CCE-2185-7 The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned. CCE-3258-1 Domain Profile: Allow local port exceptions (SP2 only) CCE-2740-9 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. CCE-2918-1 Auditing of "privilege use" events on failure should be enabled or disabled as appropriate.. CCE-2313-5 The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. CCE-2052-9 The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned. CCE-2971-0 Auditing of "policy change" events on success should be enabled or disabled as appropriate.. CCE-2873-8 The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. CCE-2688-0 The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. CCE-2524-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned. CCE-3136-9 Membership in the Remote Desktop Users group should be assigned to the appropriate accounts. CCE-2731-8 The required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned. CCE-2777-1 The "when maximum log size is reached" property should be set correctly for the System log. CCE-3245-8 The IPSEC Services service should be enabled or disabled as appropriate. CCE-3038-7 The "Enable Error Reporting" policy should be set correctly. CCE-2840-7 The Network Connections service should be enabled or disabled as appropriate. CCE-1840-8 The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. CCE-3003-1 The Human Interface Device Access service should be enabled or disabled as appropriate. CCE-2392-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned. CCE-2766-4 Auditing of "object access" events on failure should be enabled or disabled as appropriate.. CCE-8375-8 The "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly. CCE-1973-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned. CCE-4952-8 The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned. CCE-2851-4 The "Shut Down system immediately if unable to log security audits" policy should be set correctly. CCE-3267-2 The Network Location Awareness (NLA) service should be enabled or disabled as appropriate. CCE-2753-2 The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned. CCE-2085-9 The required permissions for the directory %SystemDrive% should be assigned. CCE-1960-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned. CCE-3221-9 The Uninterruptable Power Supply service should be enabled or disabled as appropriate. CCE-3014-8 The "when maximum log size is reached" property should be set correctly for the Application log. CCE-2788-8 The required permissions for the file %SystemRoot%\System32\subst.exe should be assigned. CCE-3123-7 The "Refuse machine account password change" policy should be set correctly. CCE-2973-6 The behavior surrounding Anonymous SID/Name translation should be correct. CCE-2546-0 The required permissions for the file %SystemRoot%\System32\route.exe should be assigned. CCE-3256-5 The Windows Audio service should be enabled or disabled as appropriate. CCE-2050-3 If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-5054-2 The "Turn Off Automatic Root Certificates Update" setting should be configured correctly. CCE-18173-5 The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly. CCE-5194-6 The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly. CCE-2428-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned. CCE-2176-6 The required permissions for the file %SystemRoot%\System32\sc.exe should be assigned. CCE-2779-7 The startup type of the SNMP Service service should be correct. CCE-4838-9 The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. CCE-2940-5 The startup type of the Remote Access Auto connection Manager service should be correct. CCE-2526-2 DEPRECATED in favor of CCE-4500-5. CCE-3051-0 The correct service permissions for the WWW Publishing service should be assigned. CCE-2590-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. CCE-3195-5 The Themes service should be enabled or disabled as appropriate. CCE-3097-3 The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. CCE-3205-2 The Protected Storage service should be enabled or disabled as appropriate. CCE-2842-3 The "Default owner for objects created by members of the Administrators group" policy should be set correctly. CCE-2537-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned. CCE-2888-6 The startup type of the FTP Publishing service should be correct. CCE-4262-2 The "Prevent IIS Installation" setting should be configured correctly. CCE-2951-2 The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned. CCE-2997-5 The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services. CCE-2768-0 The required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned. CCE-2899-3 The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned. CCE-18099-2 DEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy ... CCE-2154-3 Autoplay for Current User should be properly configured. CCE-3280-5 The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Standard Profile. CCE-3118-7 TCP/IP NetBIOS Name Release on Request Prevented should be properly configured. CCE-2502-3 The correct service permissions for the Net Logon service should be assigned. CCE-2559-3 The TCP/IP KeepAlive Time should be set correctly . CCE-3171-6 The Application Layer Gateway Service should be enabled or disabled as appropriate. CCE-2866-2 Domain Profile: Define port exceptions (SP2 only) CCE-3073-4 The Logical Disk Manager Administrative Service should be enabled or disabled as appropriate. CCE-3129-4 The "Limit Number of Connections" policy should be set correctly for Terminal Services. CCE-4849-6 The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services. CCE-2287-1 The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned. CCE-3084-1 The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly. CCE-4482-6 The "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly. CCE-2831-6 The Smart Card Helper service should be enabled or disabled as appropriate. CCE-2174-1 The screen saver should be enabled or disabled as appropriate for the current user. CCE-2942-1 The startup type of the World Wide Web Publishing service should be correct. CCE-2988-4 The Upload Manager service should be enabled or disabled as appropriate. CCE-4791-0 The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly. CCE-2844-9 The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned. CCE-18634-6 The 'Configure Windows NTP Client\Type' option should be configured correctly. CCE-2483-6 The required permissions for the directory %ALL% should be assigned. CCE-2690-6 Membership in the Backup Operators group should be assigned to the appropriate accounts. CCE-3203-7 The Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate. CCE-3291-2 The WebClient service should be enabled or disabled as appropriate. CCE-2076-8 The correct service permissions for the Alerter service should be assigned. CCE-2396-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. CCE-1916-6 The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned. CCE-3007-2 The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services. CCE-2855-5 The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned. CCE-2626-0 The correct service permissions for the Automatic Updates service should be assigned. CCE-2494-3 The Wireless Zero Configuration service should be enabled or disabled as appropriate. CCE-5072-4 The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly. CCE-2198-0 The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned. CCE-2757-3 The required permissions for the file %SystemRoot%\Offline Web Pages should be assigned. CCE-2966-0 If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-2711-0 The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler. CCE-2613-8 The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned. CCE-3116-1 The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services. CCE-3018-9 The "Maximum machine account password age" policy should be set correctly. CCE-2250-9 The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned. CCE-3071-8 The correct service permissions for the Fax service should be assigned. CCE-4242-4 The "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly. CCE-2141-0 The correct service permissions for the Routing and Remote Access service should be assigned. CCE-2833-2 The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned. CCE-3029-6 The correct service permissions for the Universal Plug and Play service should be assigned. CCE-2255-8 The startup type of the Remote Desktop Help Session Manager service should be correct. CCE-3262-3 Standard Profile: Allow file and printer sharing exception (SP2 only) CCE-3055-1 The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile. CCE-4665-6 The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly. CCE-2921-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned. CCE-4412-3 Do not preserve zone information in file attachments should be set correcly. CCE-3153-4 The Distributed Link Tracking Client service should be enabled or disabled as appropriate. CCE-1925-7 The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned. CCE-2823-3 The Secondary Logon service should be enabled or disabled as appropriate. CCE-3066-8 Dr. Watson Crash Dumps should be properly configured. CCE-3020-5 The "Allow Administrator to Install from Terminal Services Session" policy should be set correctly. CCE-2749-0 The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned. CCE-2100-6 Auditing of "logon" events on success should be enabled or disabled as appropriate.. CCE-3284-7 Standard Profile: Protect all network connections (SP2 only) CCE-2233-5 The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct. CCE-2736-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. CCE-3031-2 Automatic Execution of the System Debugger should be properly configured. CCE-8400-4 The "Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog box" setting should be configured correctly. CCE-4641-7 The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly. CCE-2945-4 The correct service permissions for the SNMP Trap service should be assigned. CCE-2638-5 The required permissions for the directory %SystemRoot%\Temp should be assigned. CCE-5136-7 The "Display Error Notification" setting should be configured correctly. CCE-2484-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. CCE-5441-1 DEPRECATED. [Was: The OS/2 subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] CCE-2691-4 The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. CCE-3077-5 The correct service permissions for the Task Scheduler service should be assigned. CCE-2956-1 RPC Endpiont Mapper Client Authentication (SP2 only) CCE-2910-8 The startup type of the Indexing service should be correct. CCE-2397-8 The Workstation service should be enabled or disabled as appropriate. CCE-3088-2 The "Do not allow storage of credentials or .NET Passports" policy should be set correctly. CCE-3140-1 The Event Log service should be enabled or disabled as appropriate. CCE-3099-9 The "Screen Saver Executable Name" setting should be configured correctly for the default user. CCE-2969-4 The correct service permissions for the File Shares service should be assigned. CCE-2716-9 The IMAPI CD-Burning COM Service should be enabled or disabled as appropriate. CCE-8326-1 The "Remove Security tab" setting should be configured correctly. CCE-2573-4 The "Message title for users attempting to log on" policy should be set correctly. CCE-3151-8 The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. CCE-1849-9 The required permissions for the directory %AllUsersProfile% should be assigned. CCE-2934-8 The startup type of the Task Scheduler service should be correct. CCE-3109-6 The "Enable Keep-Alive Messages" policy should be set correctly for Terminal Services. CCE-2057-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned. CCE-2705-2 DEPRECATED in favor of CCE-5407-2, CCE-5441-1. CCE-2836-5 The correct service permissions for the Indexing service should be assigned. CCE-3162-5 The "Audit the access of global system objects" policy should be set correctly. CCE-2475-2 The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned. CCE-3064-3 DEPRECATED in favor of CCE-2980-1. CCE-2660-9 The required permissions for the directory %SystemRoot%\System32 should be assigned. CCE-2738-3 The required permissions for the directory %SystemRoot%\Tasks should be assigned. CCE-2901-7 The screen saver should be enabled or disabled as appropriate for the default user. CCE-2803-5 The "Maximum User Ticket Lifetime" policy should be set correctly. CCE-2595-7 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned. CCE-2849-8 The startup type of the Fax service should be correct. CCE-2693-0 The security log maximum size should be configured correctly.. CCE-2912-4 The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned. CCE-2727-6 The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned. CCE-3184-9 The Distributed Transaction Coordinator service should be enabled or disabled as appropriate. CCE-2780-5 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned. CCE-2682-3 The required auditing for %SystemDrive% directory should be enabled. CCE-2220-2 The required permissions for the file %SystemRoot%\System32\reg.exe should be assigned. CCE-2880-3 The startup type of the Computer Browser service should be correct. CCE-2925-6 CD-ROM Autorun should be properly configured. CCE-2718-5 TCP/IP Dead Gateway Detection should be properly configured. CCE-3013-0 The "Delete Cached Copies of Roaming Profiles" policy should be set correctly. CCE-3157-5 The amount of idle time required before disconnecting a session should be set correctly. CCE-2771-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. CCE-3111-2 The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. CCE-2115-4 The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned. CCE-4732-4 The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly. CCE-2259-0 Auditing of "object access" events on success should be enabled or disabled as appropriate.. CCE-2673-2 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned. CCE-2707-8 The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Standard Profile. CCE-2891-0 The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. CCE-5121-9 The "Turn Off Internet File Association Service" setting should be configured correctly. CCE-2760-7 The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned. CCE-3122-9 The Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate. CCE-8261-0 The "Do not allow drive redirection" setting should be configured correctly for Terminal Services. CCE-2070-1 The required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned. CCE-2202-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned. CCE-2662-5 The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly. CCE-3035-3 The startup type of the Routing and Remote Access service should be correct. CCE-3179-9 Standard Profile: Do not allow exceptions (SP2 only) CCE-2551-0 The "LDAP server signing requirements" policy should be set correctly. CCE-2597-3 The required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned. CCE-2793-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned. CCE-2903-3 The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned. CCE-3133-6 The "Smart Card Removal Behavior" policy should be set correctly. CCE-1943-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned. CCE-2938-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned. CCE-2139-4 The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned. CCE-5025-2 The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly. CCE-2805-0 The required permissions for the directory %SystemRoot%\repair should be assigned. CCE-3000-7 The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. CCE-4887-6 The "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly. CCE-2684-9 The "Do Not Allow Windows Messenger to be Run" policy should be set correctly. CCE-2453-9 The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . CCE-3144-3 The Performance Logs and Alerts service should be enabled or disabled as appropriate. CCE-2816-7 Auditing of "process tracking" events on success should be enabled or disabled as appropriate.. CCE-2782-1 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned. CCE-3231-8 Standard Profile: Define port exceptions (SP2 only) CCE-3011-4 The "Enable User to Use Media Source While Elevated" policy should be set correctly. CCE-2520-5 The startup type of the SNMP Trap Service service should be correct. CCE-2980-1 The "Screen Saver Timeout" setting should be configured correctly for the current user. CCE-2773-0 The correct service permissions for the SMTP service should be assigned. CCE-3057-7 The correct service permissions for the FTP Publishing service should be assigned. CCE-3022-1 The correct service permissions for the Background Intelligent Transfer service should be assigned. CCE-2991-8 The "LDAP client signing requirements" policy should be set correctly. CCE-2762-3 The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned. CCE-2893-6 Background Refresh of Group Policy should be properly configured. CCE-3068-4 The "Cache Transforms in Secure Location" policy should be set correctly. CCE-8406-1 The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate. CCE-2300-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned. CCE-2795-3 Local volumes should be formatted correctly. CCE-2599-9 The Windows Time service should be enabled or disabled as appropriate. CCE-3131-0 The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate. CCE-2871-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned. CCE-2455-4 The "Do Not Automatically Start Windows Messenger" policy should be set correctly. CCE-3044-5 Kerberos and RSVP Traffic Protected by IPSec should be properly configured. CCE-8515-9 The "Windows Firewall: Define program exceptions" policy should be configured correctly for the Domain Profile. CCE-2784-7 The required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned. CCE-2818-3 The startup type of the Background Intelligent Transfer Service (BITS) service should be correct. CCE-18782-3 The 'Allow users to connect remotely using Terminal Services' setting should be configured correctly. CCE-3188-0 The "Enforce user logon restrictions" policy should be set correctly. CCE-3017-1 TCP/IP PMTU Discovery should be properly configured. CCE-2401-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned. CCE-2798-7 The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned. CCE-2906-6 Auditing of "account management" events on failure should be enabled or disabled as appropriate.. CCE-2752-4 The required permissions for the file %SystemRoot%\Installer should be assigned. CCE-3070-0 Computer Browser ResetBrowser Frames should be properly configured. CCE-2808-4 The "Remote Control Settings" policy should be set correctly for Terminal Services. CCE-2293-9 The "Enable User to Patch Elevated Products" policy should be set correctly. CCE-2229-3 The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. CCE-2872-0 The required permissions for the directory %SystemRoot%\System32\Setup should be assigned. CCE-2741-7 The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned. CCE-2458-8 The required permissions for the file %SystemRoot%\System32\services.msc should be assigned. CCE-2184-0 The required permissions for the file %SystemRoot%\System32\at.exe should be assigned. CCE-2917-3 The "Display user information when the session is locked" setting should be configured correctly. CCE-2787-0 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned. CCE-3126-0 The Remote Procedure Call (RPC) service should be enabled or disabled as appropriate. CCE-5055-9 Turn off Search Companion content file updates CCE-3028-8 The "Do Not Allow New Client Connections" policy should be set correctly for Terminal Services. CCE-3081-7 Standard Profile: Allow ICMP exceptions (SP2 only) CCE-3213-6 Standard Profile: Allow Remote Desktop exception (SP2 only) CCE-2643-5 The "Anonymous access to the security event log" policy should be set correctly. CCE-2173-3 Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured. CCE-2630-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned. CCE-2423-2 Autoplay for Default User should be properly configured. CCE-2676-5 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned. CCE-4581-5 The "Turn off downloading of enclosures" setting should be configured correctly. CCE-2983-5 The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. CCE-3137-7 Administrative Shares should be enabled or disabled as appropriate. CCE-2774-8 Show Shared Internet Connection Access UI should be properly configured. CCE-2578-3 The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned. CCE-3092-4 Always Wait for the Network at Computer Startup and Logon should be properly configured. CCE-2325-9 The required permissions for the directory %SystemRoot%\Registration should be assigned. CCE-2885-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. CCE-8374-1 CD Burning features in Windows Explorer should be enabled or disabled as appropriate. CCE-3148-4 The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate. CCE-2207-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned. CCE-2336-6 The "when maximum log size is reached" property should be set correctly for the Security log. CCE-2763-1 The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned. CCE-2567-6 The Removable Storage service should be enabled or disabled as appropriate. CCE-2850-6 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned. CCE-2896-9 The startup type of the NetMeeting Remote Desktop Sharing service should be correct. CCE-2109-7 The required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned. CCE-3235-9 Standard Profile: Allow UPnP framework exception (SP2 only) CCE-2238-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned. CCE-3113-8 The Cryptographic Services service should be enabled or disabled as appropriate. CCE-2449-7 The startup type of the Simple TCP/IP service should be correct. CCE-3159-1 The Windows Installer service should be enabled or disabled as appropriate. CCE-2961-1 The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services. CCE-3026-2 The startup type of the Internet Connection Sharing service should be correct. CCE-2789-6 The "Prevent Users from Installing Printer Drivers" policy should be set correctly. CCE-18167-7 The Windows XP 'Games' component should be installed or not installed as appropriate. CCE-3124-5 The "Set time limit for idle sessions" policy should be set correctly for Terminal Services. CCE-2280-6 The startup type of the Print Services for Unix service should be correct. CCE-5053-4 Group Policy - Registry policy processing CCE-5099-7 Turn off Internet download for Web publishing and online ordering wizards CCE-1863-0 The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned. CCE-2425-7 The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned. CCE-18692-4 The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly. CCE-2776-3 Automatic Logon should be properly configured. CCE-3135-1 The built-in Administrator account should be correctly named. CCE-5042-7 Hide mechanisms to remove zone information should be set correcly. CCE-2985-0 The startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct. CCE-2841-5 Safe DLL Search Mode should be properly configured. CCE-3037-9 The startup type of the Internet Connection Firewall service should be correct. CCE-2621-1 The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned. CCE-2436-4 The required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned. CCE-2950-4 The startup type of the Fast User Switching service should be correct. CCE-2160-0 The required permissions for the directory %SystemRoot% should be assigned. CCE-2996-7 The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. CCE-3146-8 The Volume Shadow Copy service should be enabled or disabled as appropriate. CCE-3100-5 Use Classic Logon should be properly configured. CCE-4953-6 The "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly. CCE-3048-6 The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct. CCE-2756-5 The DHCP Client service should be enabled or disabled as appropriate. CCE-3119-5 The "Anonymous access to the application event log" policy should be set correctly. CCE-3172-4 The "Require Domain Controller authentication to unlock workstation" policy should be set correctly. CCE-3074-2 The Security Accounts Manager service should be enabled or disabled as appropriate. CCE-7528-3 The "Configure Automatic Updates" setting should be configured correctly. CCE-2612-0 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned. CCE-2745-8 The required permissions for the file %SystemDrive%\IO.SYS should be assigned. CCE-2514-8 The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned. CCE-2974-4 The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. CCE-2647-6 The required permissions for the directory %SystemRoot%\CSC should be assigned. CCE-3183-1 Standard Profile: Allow local program exceptions (SP2 only) CCE-2830-8 The "Set Safe for Scripting" policy should be set correctly. CCE-2876-1 The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned. CCE-3085-8 The "Unsigned Driver Installation Behavior" policy should be set correctly. CCE-2427-3 The startup type of the Remote Shell service should be correct. CCE-2732-6 The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. CCE-2941-3 The correct service permissions for the SNMP service should be assigned. CCE-2987-6 The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly. CCE-2480-2 The correct service permissions for the Messenger service should be assigned. CCE-3194-8 Domain Profile: Do not allow exceptions (SP2 only) CCE-2329-1 The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned. CCE-2634-4 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned. CCE-2843-1 Auditing of "system" events on failure should be enabled or disabled as appropriate.. CCE-2889-4 The "store password using reversible encryption for all users in the domain" policy should be set correctly. CCE-3106-2 The "Number of Previous Logons to Cache" policy should be set correctly. CCE-8574-6 The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" setting should be configured correctly. CCE-2623-7 The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned. CCE-3061-9 Security Audit log warning level should be properly configured. CCE-3008-0 Auditing of "account logon" events on failure should be enabled or disabled as appropriate.. CCE-2264-0 The required permissions for the file %SystemRoot%\Prefetch should be assigned. CCE-3117-9 The "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer. CCE-2758-1 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned. CCE-18306-1 The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly. CCE-3170-8 The "Screen Saver Executable Name" setting should be configured correctly for the current user. CCE-2867-0 Auditing of "account logon" events on success should be enabled or disabled as appropriate.. CCE-3019-7 If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep. CCE-18962-1 The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly. CCE-2976-9 The correct service permissions for the Printer service should be assigned. CCE-2418-2 The required permissions for the directory %SystemRoot%\Debug should be assigned. CCE-3128-6 The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. CCE-2747-4 The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned. CCE-2930-6 Display Last User Name in Logon Screen should be properly configured. CCE-2053-7 The startup type of the .NET Framework service should be correct. CCE-2878-7 Auditing of "system" events on success should be enabled or disabled as appropriate.. CCE-2603-9 The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned. CCE-2284-8 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned. CCE-2943-9 Use of the built-in Administrator account should be enabled or disabled as appropriate. CCE-2989-2 Standard Profile: Allow local port exceptions (SP2 only) CCE-3094-0 The "Enable User Control Over Installs" policy should be set correctly. CCE-2845-6 The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned. CCE-2175-8 The required permissions for the file %SystemRoot%\regedit.exe should be assigned. CCE-2723-5 the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices" setting should be configured correctly. CCE-18559-5 The 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly. CCE-2954-6 Standard Profile: Allow remote administration exception (SP2 only) CCE-3104-7 The Remote Access Connection Manager service should be enabled or disabled as appropriate. CCE-5160-7 The "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly. CCE-2625-2 The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned. CCE-2810-0 The "synchronize directory service data" user right should be assigned to the correct accounts. CCE-2856-3 Restricted Groups have been set on the system CCE-3006-4 The system log maximum size should be configured correctly.. |