Download
| Alert*
|
CCE-9999-4
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly. CCE-11431-4 The "Default behavior for AutoRun" machine setting should be configured correctly. CCE-10684-9 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ... CCE-11375-3 The "Turn off Autoplay for non-volume devices" machine setting should be configured correctly. CCE-10794-6 This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ... CCE-10733-4 The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts. CCE-10981-9 The "Turn off heap termination on corruption" machine setting should be configured correctly. CCE-10901-7 The 'Password must meet complexity requirements' policy should be set correctly. CCE-11992-5 The "Do not process the run once list" machine setting should be configured correctly. CCE-11035-3 The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly. CCE-10372-1 The 'Minimum password length' setting should be configured correctly. CCE-11046-0 The 'Account lockout threshold' setting should be configured correctly. CCE-11662-4 The "Prevent installation of removable devices" machine setting should be configured correctly. CCE-10789-6 The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly. CCE-10570-0 The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly. CCE-11299-5 The "Always prompt for password upon connection" machine setting should be configured correctly. CCE-11317-5 The "Turn off Data Execution Prevention for HTML Help Executible" machine setting should be configured correctly. CCE-12088-1 The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly. CCE-11714-3 The "Allow Standby States (S1-S3) When Sleeping (Plugged In)" machine setting should be configured correctly. CCE-11677-2 The "Set client connection encryption level" machine setting should be configured correctly. CCE-10732-6 The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly. CCE-10562-7 The 'Maximum password age' setting should be configured correctly. CCE-10940-5 The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly. CCE-10888-6 The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly. CCE-10596-5 The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts. CCE-12161-6 The "Turn off Data Execution Prevention for Explorer" machine setting should be configured correctly. CCE-11867-9 The "Allow users to connect remotely using Remote Desktop Services" machine setting should be configured correctly. CCE-10881-1 The "Restrictions for Unauthenticated RPC clients" machine setting should be configured correctly. CCE-11651-7 The "Require a Password When a Computer Wakes (Plugged In)" machine setting should be configured correctly. CCE-11245-8 The "Do not process the legacy run list" machine setting should be configured correctly. CCE-10922-3 The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly. CCE-9989-5 The 'Accounts: Guest account status' setting should be configured correctly. CCE-12282-0 The "Turn Off the Display (Plugged In)" machine setting should be configured correctly. CCE-10760-7 The 'Minimum password age' setting should be configured correctly. CCE-10809-2 The "Enforce password history" setting should be configured correctly. CCE-10992-6 The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly. CCE-11837-2 The "Allow Standby States (S1-S3) When Sleeping (On Battery)" machine setting should be configured correctly. CCE-10647-6 The "Turn Off the Display (On Battery)" machine setting should be configured correctly. CCE-10984-3 LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ... CCE-10715-1 The "RPC Endpoint Mapper Client Authentication" machine setting should be configured correctly. CCE-11248-2 The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly. CCE-10019-8 The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly. CCE-10830-8 The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly. CCE-10807-6 The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly. CCE-10970-2 The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly. CCE-10297-0 The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly. CCE-11368-8 The "Require secure RPC communication" machine setting should be configured correctly. CCE-10399-4 The 'Account lockout duration' setting should be configured correctly. CCE-10009-9 The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly. CCE-11295-3 The "Require use of specific security layer for remote (RDP) connections" machine setting should be configured correctly. CCE-10557-7 The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly. CCE-10871-2 The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly. CCE-18808-6 The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate. CCE-10027-1 The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly. CCE-11059-3 The 'Reset account lockout counter after' setting should be configured correctly. CCE-10338-2 The "Require user authentication for remote connections by using Network Level Authentication" machine setting should be configured correctly. CCE-10930-6 The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly. CCE-10903-3 The 'Domain member: Maximum machine account password age' setting should be configured correctly. |
