[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-7667-9
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-1826-7
The "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" setting should be configured correctly.

CCE-2320-0
The "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" setting should be configured correctly.

CCE-2399-4
The "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" setting should be configured correctly.

CCE-1967-9
The "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting should be configured correctly.

CCE-1800-2
The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly.

CCE-2447-1
The "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" setting should be configured correctly.

CCE-1470-4
The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly.

CCE-2424-0
The "MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.

CCE-1460-5
The "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" setting should be configured correctly.

CCE-5263-9
The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.

CCE-2404-2
The "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting should be configured correctly.

CCE-2241-8
The "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" setting should be configured correctly.

CCE-8268-5
The maximum tolerance for computer clock synchronization for Kerberos should be set appropriately.

CCE-5229-0
The "MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing)" setting should be configured correctly.

CCE-2384-6
The "MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" setting should be configured correctly.

CCE-2409-1
Auditing of "IPsec Main Mode" events on failure should be enabled or disabled as appropriate.

CCE-2507-2
The "Network access: Shares that can be accessed anonymously" setting should be configured correctly.

CCE-2111-3
The "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting should be configured correctly.

CCE-2364-8
The "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly.

CCE-2002-4
Auditing of "Process Creation" events on success should be enabled or disabled as appropriate.

CCE-2616-1
Auditing of "Logoff" events on failure should be enabled or disabled as appropriate.

CCE-1718-6
Auditing of "Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-2278-0
The "Domain member: Maximum machine account password age" setting should be configured correctly.

CCE-2485-1
Auditing of "Other Account Management Events" events on success should be enabled or disabled as appropriate.

CCE-2518-9
Auditing of "Process Termination" events on success should be enabled or disabled as appropriate.

CCE-2473-7
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.

CCE-2560-1
Auditing of "Security Group Management" events on failure should be enabled or disabled as appropriate.

CCE-2375-4
Auditing of "Process Creation" events on failure should be enabled or disabled as appropriate.

CCE-2583-3
Auditing of "Other Object Access Events" events on failure should be enabled or disabled as appropriate.

CCE-2605-4
Auditing of "Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-1553-7
The "Recovery console: Allow floppy copy and access to all drives and all folders" setting should be configured correctly.

CCE-2267-3
Auditing of "IPsec Extended Mode" events on failure should be enabled or disabled as appropriate.

CCE-2256-6
The "Domain member: Disable machine account password changes" setting should be configured correctly.

CCE-2570-0
Auditing of "Authorization Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2408-3
Auditing of "Handle Manipulation" events on success should be enabled or disabled as appropriate.

CCE-2049-5
The "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly.

CCE-2386-1
Auditing of "Other Privilege Use Events" events on success should be enabled or disabled as appropriate.

CCE-2340-8
The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.

CCE-2615-3
Auditing of "Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.

CCE-2351-5
Auditing of "IPsec Driver" events on failure should be enabled or disabled as appropriate.

CCE-2582-5
Auditing of "Audit directory service access" events on failure should be enabled or disabled as appropriate.

CCE-2037-0
The "Interactive logon: Message title for users attempting to log on" setting should be configured correctly.

CCE-2604-7
Auditing of "DPAPI Activity" events on failure should be enabled or disabled as appropriate.

CCE-2268-1
Auditing of "Audit policy change" events on sucess should be enabled or disabled as appropriate.

CCE-2509-8
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.

CCE-2464-6
Auditing of "MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2487-7
The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly.

CCE-8568-8
The "Enumerate administrator accounts on elevation" setting should be enabled or disabled as appropriate.

CCE-1837-4
Auditing of "Audit system events" events on sucess should be enabled or disabled as appropriate.

CCE-2389-5
Auditing of "Process Termination" events on failure should be enabled or disabled as appropriate.

CCE-2276-4
The "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" setting should be configured correctly.

CCE-2441-4
Auditing of "Logon" events on success should be enabled or disabled as appropriate.

CCE-7643-0
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2498-4
Auditing of "RPC Events" events on failure should be enabled or disabled as appropriate.

CCE-2265-7
Auditing of "Audit privilege use" events on failure should be enabled or disabled as appropriate.

CCE-1802-8
The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly.

CCE-2288-9
Auditing of "Computer Account Management" events on success should be enabled or disabled as appropriate.

CCE-2331-7
The "Interactive logon: Do not require CTRL+ALT+DEL" setting should be configured correctly.

CCE-2242-6
Auditing of "Audit logon events" events on sucess should be enabled or disabled as appropriate.

CCE-2607-0
The "Retention method for system log" setting should be configured correctly.

CCE-2463-8
Auditing of "����Credential Validation" events on success should be enabled or disabled as appropriate.

CCE-2110-5
Auditing of "Account Lockout" events on success should be enabled or disabled as appropriate.

CCE-1836-6
The "Retention method for security log" setting should be configured correctly.

CCE-1642-8
Auditing of "Distribution Group Management" events on success should be enabled or disabled as appropriate.

CCE-1521-4
The "Network access: Remotely accessible registry paths" setting should be configured correctly.

CCE-1390-4
The "Devices: Restrict CD-ROM access to locally logged-on user only" setting should be configured correctly.

CCE-1968-7
Auditing of "Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate.

CCE-2156-8
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-2440-6
Auditing of "System Integrity" events on failure should be enabled or disabled as appropriate.

CCE-1824-2
The "Network access: Let Everyone permissions apply to anonymous users" setting should be configured correctly.

CCE-2266-5
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.

CCE-2289-7
The "Store passwords using reversible encryption" setting should be configured correctly.

CCE-2353-1
Auditing of "MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2474-5
The "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly.

CCE-1934-9
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly.

CCE-2451-3
The "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" setting should be configured correctly.

CCE-2236-8
The "Microsoft network server: Amount of idle time required before suspending session" setting should be configured correctly.

CCE-2489-3
Auditing of "Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-2029-7
The "Microsoft network server: Disconnect clients when logon hours expire" setting should be configured correctly.

CCE-2368-9
Auditing of "Application Generated" events on success should be enabled or disabled as appropriate.

CCE-2575-9
Auditing of "Network Policy Server" events on failure should be enabled or disabled as appropriate.

CCE-2443-0
Auditing of "Security Group Management" events on success should be enabled or disabled as appropriate.

CCE-2454-7
The "Network security: LAN Manager authentication level" setting should be configured correctly.

CCE-1678-2
Auditing of "Other Account Logon Events" events on success should be enabled or disabled as appropriate.

CCE-2564-3
Auditing of "Other Account Logon Events" events on failure should be enabled or disabled as appropriate.

CCE-2104-8
Auditing of "Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-2356-4
The "Microsoft network client: Digitally sign communications (always)" setting should be configured correctly.

CCE-2225-1
The "Interactive logon: Message text for users attempting to log on" setting should be configured correctly.

CCE-2237-6
The "Enforce password history" setting should be configured correctly.

CCE-2488-5
Auditing of "File System" events on failure should be enabled or disabled as appropriate.

CCE-2367-1
Auditing of "Directory Service Access" events on success should be enabled or disabled as appropriate.

CCE-2465-3
Auditing of "SAM" events on success should be enabled or disabled as appropriate.

CCE-1759-0
Auditing of "Other Policy Change Events" events on failure should be enabled or disabled as appropriate.

CCE-2442-2
The "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" setting should be configured correctly.

CCE-2203-8
The "Domain member: Digitally encrypt or sign secure channel data (always)" setting should be configured correctly.

CCE-1868-9
The "Domain member: Digitally encrypt secure channel data (when possible)" setting should be configured correctly.

CCE-1448-0
The "Interactive logon: Smart card removal behavior" setting should be configured correctly.

CCE-2586-6
Auditing of "Kerberos Authentication Service" events on success should be enabled or disabled as appropriate.

CCE-2608-8
Auditing of "IPsec Driver" events on success should be enabled or disabled as appropriate.

CCE-2378-8
The "Microsoft network client: Digitally sign communications (if server agrees)" setting should be configured correctly.

CCE-2355-6
The "User Account Control: Behavior of the elevation prompt for standard users" setting should be configured correctly.

CCE-2445-5
Auditing of "Directory Service Changes" events on failure should be enabled or disabled as appropriate.

CCE-2468-7
Auditing of "Application Group Management" events on success should be enabled or disabled as appropriate.

CCE-2136-0
Auditing of "Audit object access" events on sucess should be enabled or disabled as appropriate.

CCE-2531-2
Auditing of "File System" events on success should be enabled or disabled as appropriate.

CCE-2324-2
The "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly.

CCE-2269-9
Auditing of "Audit Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2410-9
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" setting should be configured correctly.

CCE-2358-0
Auditing of "Certification Services" events on failure should be enabled or disabled as appropriate.

CCE-2566-8
Auditing of "Authentication Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2433-1
Auditing of "Audit Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2421-6
The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured correctly.

CCE-7893-1
Disable saving of dial-up passwords should be properly configured.

CCE-2553-6
Auditing of "Registry" events on success should be enabled or disabled as appropriate.

CCE-2346-5
The "Interactive logon: Require Domain Controller authentication to unlock workstation" setting should be configured correctly.

CCE-2478-6
The "User Account Control: Run all administrators in Admin Approval Mode" setting should be configured correctly.

CCE-1889-5
Auditing of "Account Lockout" events on failure should be enabled or disabled as appropriate.

CCE-2126-1
The "Password must meet complexity requirements" setting should be configured correctly.

CCE-2357-2
The "Network access: Remotely accessible registry paths and sub paths" setting should be configured correctly.

CCE-2542-9
Auditing of "Application Group Management" events on failure should be enabled or disabled as appropriate.

CCE-2432-3
The "Network security: Force logoff when logon hours expire" setting should be configured correctly.

CCE-2195-6
Auditing of "Kernel Object" events on failure should be enabled or disabled as appropriate.

CCE-8178-6
The "Disable remote Desktop Sharing" setting should be enabled or disabled as appropriate.

CCE-2522-1
Auditing of "DPAPI Activity" events on success should be enabled or disabled as appropriate.

CCE-2556-9
Auditing of "Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-2349-9
Auditing of "Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-2545-2
Auditing of "Security System Extension" events on failure should be enabled or disabled as appropriate.

CCE-1767-3
The "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" setting should be configured correctly.

CCE-1962-0
The "Network access: Do not allow anonymous enumeration of SAM accounts" setting should be configured correctly.

CCE-2064-4
Auditing of "IPsec Quick Mode" events on success should be enabled or disabled as appropriate.

CCE-2302-8
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.

CCE-2348-1
Auditing of "System Integrity" events on success should be enabled or disabled as appropriate.

CCE-1841-6
Auditing of "Security System Extension" events on success should be enabled or disabled as appropriate.

CCE-2434-9
The "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" setting should be configured correctly.

CCE-2411-7
Auditing of "User Account Management" events on failure should be enabled or disabled as appropriate.

CCE-2544-5
Auditing of "RPC Events" events on success should be enabled or disabled as appropriate.

CCE-2260-8
Auditing of "IPsec Main Mode" events on success should be enabled or disabled as appropriate.

CCE-2381-2
The "Microsoft network server: Digitally sign communications (always)" setting should be configured correctly.

CCE-2403-4
The "Shutdown: Allow system to be shut down without having to log on" setting should be configured correctly.

CCE-8594-4
The "Enforce user logon restrictions" policy should be set correctly.

CCE-2193-1
Auditing of "Other System Events" events on failure should be enabled or disabled as appropriate.

CCE-1961-2
Auditing of "SAM" events on failure should be enabled or disabled as appropriate.

CCE-2558-5
Auditing of "Special Logon" events on failure should be enabled or disabled as appropriate.

CCE-2610-4
Auditing of "Special Logon" events on success should be enabled or disabled as appropriate.

CCE-2414-1
Auditing of "Security State Change" events on success should be enabled or disabled as appropriate.

CCE-2437-2
Auditing of "Filtering Platform Connection" events on failure should be enabled or disabled as appropriate.

CCE-2095-8
Auditing of "Certification Services" events on success should be enabled or disabled as appropriate.

CCE-2490-1
Auditing of "Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2622-9
Auditing of "Application Generated" events on failure should be enabled or disabled as appropriate.

CCE-2402-6
Auditing of "File Share" events on failure should be enabled or disabled as appropriate.

CCE-2448-9
Auditing of "Security State Change" events on failure should be enabled or disabled as appropriate.

CCE-2500-7
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.

CCE-2327-5
The "Network security: LDAP client signing requirements" setting should be configured correctly.

CCE-2534-6
Auditing of "Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-2304-4
The "Network security: Do not store LAN Manager hash value on next password change" setting should be configured correctly.

CCE-2062-8
Auditing of "Other Account Management Events" events on failure should be enabled or disabled as appropriate.

CCE-2292-1
Auditing of "Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate.

CCE-2459-6
Auditing of "Authorization Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2205-3
Auditing of "Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-2183-2
The "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" setting should be configured correctly.

CCE-2511-4
Auditing of "Kerberos Authentication Service" events on failure should be enabled or disabled as appropriate.

CCE-7639-8
The default behavior for AutoRun should be properly configured.

CCE-2569-2
Auditing of "Logoff" events on success should be enabled or disabled as appropriate.

CCE-2315-0
The "Audit: Shut down system immediately if unable to log security audits" setting should be configured correctly.

CCE-8572-0
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate.

CCE-2383-8
The "Devices: Restrict floppy access to locally logged-on user only" setting should be configured correctly.

CCE-2503-1
Auditing of "Handle Manipulation" events on failure should be enabled or disabled as appropriate.

CCE-2297-0
The "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" setting should be configured correctly.

CCE-2199-8
The "Interactive logon: Do not display last user name" setting should be configured correctly.

CCE-2307-7
The "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" setting should be configured correctly.

CCE-2251-7
Auditing of "Audit account logon events" events on sucess should be enabled or disabled as appropriate.

CCE-2635-1
Auditing of "Directory Service Changes" events on success should be enabled or disabled as appropriate.

CCE-1861-4
The "Minimum password age" setting should be configured correctly.

CCE-2416-6
The "Shutdown: Clear virtual memory pagefile" setting should be configured correctly.

CCE-8125-7
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-2394-5
Auditing of "User Account Management" events on success should be enabled or disabled as appropriate.

CCE-2371-3
Auditing of "Other Privilege Use Events" events on failure should be enabled or disabled as appropriate.

CCE-2240-0
The "Minimum password length" setting should be configured correctly.

CCE-2318-4
The "Network access: Allow anonymous SID/Name translation" setting should be configured correctly.

CCE-2263-2
The "Microsoft network server: Digitally sign communications (if client agrees)" setting should be configured correctly.

CCE-2601-3
Auditing of "File Share" events on success should be enabled or disabled as appropriate.

CCE-1819-2
The "Retention method for application log" setting should be configured correctly.

CCE-2298-8
The "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting should be configured correctly.

CCE-2022-2
Auditing of "Other System Events" events on success should be enabled or disabled as appropriate.

CCE-2536-1
Auditing of "IPsec Quick Mode" events on failure should be enabled or disabled as appropriate.

CCE-1872-1
The "Account lockout threshold" setting should be configured correctly.

CCE-1751-7
The "Audit: Audit the access of global system objects" setting should be configured correctly.

CCE-2415-8
Auditing of "Computer Account Management" events on failure should be enabled or disabled as appropriate.

CCE-2033-9
Auditing of "Other Object Access Events" events on success should be enabled or disabled as appropriate.

CCE-1939-8
Auditing of "Audit system events" events on failure should be enabled or disabled as appropriate.

CCE-1773-1
The "Audit: Audit the use of Backup and Restore privilege" setting should be configured correctly.

CCE-2151-9
Auditing of "Authentication Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2505-6
Auditing of "Registry" events on failure should be enabled or disabled as appropriate.

CCE-2385-3
Auditing of "Other Policy Change Events" events on success should be enabled or disabled as appropriate.

CCE-8598-5
The "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly.

CCE-2362-2
The "Domain member: Digitally sign secure channel data (when possible)" setting should be configured correctly.

CCE-2614-6
Auditing of "Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate.

CCE-2539-5
The application log maximum size should be configured correctly.

CCE-2309-3
The "Recovery console: Allow automatic administrative logon" setting should be configured correctly.

CCE-2272-3
The "Microsoft network client: Send unencrypted password to third-party SMB servers" setting should be configured correctly.

CCE-7636-4
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-2516-3
Auditing of "����Credential Validation" events on failure should be enabled or disabled as appropriate.

CCE-2350-7
Auditing of "IPsec Extended Mode" events on success should be enabled or disabled as appropriate.

CCE-2373-9
Auditing of "Network Policy Server" events on success should be enabled or disabled as appropriate.

CCE-2261-6
The "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting should be configured correctly.

CCE-2504-9
Auditing of "Filtering Platform Connection" events on success should be enabled or disabled as appropriate.

CCE-2152-7
The "Devices: Prevent users from installing printer drivers" setting should be configured correctly.

CCE-2406-7
The "Network access: Sharing and security model for local accounts" setting should be configured correctly.

CCE-2429-9
The "System objects: Require case insensitivity for non-Windows subsystems" setting should be configured correctly.

CCE-2361-4
The "Network access: Restrict anonymous access to Named Pipes and Shares" setting should be configured correctly.

CCE-2089-1
The "Network access: Named Pipes that can be accessed anonymously" setting should be configured correctly.

CCE-7646-3
The "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate.

CCE-2538-7
Auditing of "Audit account management" events on failure should be enabled or disabled as appropriate.

CCE-2482-8
Auditing of "Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.

CCE-1926-5
Auditing of "Directory Service Access" events on failure should be enabled or disabled as appropriate.

CCE-2273-1
Auditing of "Distribution Group Management" events on failure should be enabled or disabled as appropriate.

CCE-7658-8
Authentication requirements for RPC clients should be configured appropriately.

CCE-2417-4
Auditing of "Kernel Object" events on success should be enabled or disabled as appropriate.

CCE-2319-2
The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.

CCE-8478-0
The "Configure Automatic Updates" setting should be enabled or disabled as appropriate.

CCE-2470-3
Auditing of "Logon" events on failure should be enabled or disabled as appropriate.

CCE-2262-4
The system log maximum size should be configured correctly.

CCE-2372-1
The "Accounts: Rename guest account" setting should be configured correctly.

CCE-2342-4
The "Accounts: Guest account status" setting should be configured correctly.

CCE-2337-4
The "Accounts: Administrator account status" setting should be configured correctly.

CCE-2227-7
The "Accounts: Rename administrator account" setting should be configured correctly.

CCE-1834-1
The "Deny log on as a batch job (SeDenyBatchLogonRight)" setting should be configured correctly.

CCE-2314-3
The "Deny access to this computer from the network (SeDenyNetworkLogonRight)" setting should be configured correctly.

CCE-1481-1
The "Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege)" setting should be configured correctly.

CCE-2078-4
The "Shut down the system (SeShutdownPrivilege)" setting should be configured correctly.

CCE-2079-2
The "Act as part of the operating system (SeTcbPrivilege)" setting should be configured correctly.

CCE-1346-6
The "Impersonate a client after authentication" setting should be configured correctly.

CCE-1944-8
The "Deny log on as a service (SeDenyServiceLogonRight)" setting should be configured correctly.

CCE-2290-5
The "Change the system time (SeSystemTimePrivilege)" setting should be configured correctly.

CCE-2257-4
The "Modify firmware environment values (SeSystemEnvironmentPrivilege)" setting should be configured correctly.

CCE-2004-0
The "Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)" setting should be configured correctly.

CCE-2246-7
The "Add workstations to domain" setting should be configured correctly.

CCE-1491-0
The "Create a token object (SeCreateTokenPrivilege)" setting should be configured correctly.

CCE-2102-2
The "Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight)" setting should be configured correctly.

CCE-1328-4
The "Create a pagefile (SeCreatePagefilePrivilege)" setting should be configured correctly.

CCE-2294-7
The "Restore files and directories (SeRestorePrivilege)" setting should be configured correctly.

CCE-2075-0
The "Access this computer from the network (SeNetworkLogonRight)" setting should be configured correctly.

CCE-2328-3
The "Increase scheduling priority (SeIncreaseBasePriorityPrivilege)" setting should be configured correctly.

CCE-2129-5
The "Generate security audits (SeAuditPrivilege)" setting should be configured correctly.

CCE-2360-6
The "Profile single process (SeProfileSingleProcessPrivilege)" setting should be configured correctly.

CCE-2286-3
The "Allow log on locally" setting should be configured correctly.

CCE-1341-7
The "Create permanent shared objects" setting should be configured correctly.

CCE-2382-0
The "Remove computer from docking station (SeUndockPrivilege)" setting should be configured correctly.

CCE-2306-9
The "Increase a process working set" setting should be configured correctly.

CCE-2296-2
The "Deny log on locally (SeDenyInteractiveLogonRight)" setting should be configured correctly.

CCE-2308-5
The "Allow log on through Terminal Services (SeRemoteInteractiveLogonRight)" setting should be configured correctly.

CCE-1455-5
The "Load and unload device drivers (SeLoadDriverPrivilege)" setting should be configured correctly.

CCE-2226-9
The "Create global objects (SeCreateGlobalPrivilege)" setting should be configured correctly.

CCE-2113-9
The "Profile system performance (SeSystemProfilePrivilege)" setting should be configured correctly.

CCE-1843-2
The "Manage auditing and security log (SeSecurityPrivilege)" setting should be configured correctly.

CCE-2270-7
The "Log on as a service (SeServiceLogonRight)" setting should be configured correctly.

CCE-1975-2
The "Log on as a batch job (SeBatchLogonRight)" setting should be configured correctly.

CCE-2171-7
The "Change the time zone" setting should be configured correctly.

CCE-2142-8
The "Modify an object label" setting should be configured correctly.

CCE-1750-9
The "Force shutdown from a remote system (SeRemoteShutdownPrivilege)" setting should be configured correctly.

CCE-2285-5
The "Bypass traverse checking (SeChangeNotifyPrivilege)" setting should be configured correctly.

CCE-2311-9
The "Reset account lockout counter after" setting should be configured correctly.

CCE-2291-3
Auditing of "Kerberos Service Ticket Operations" events on failure should be enabled or disabled as appropriate.

CCE-2405-9
Auditing of "Kerberos Service Ticket Operations" events on success should be enabled or disabled as appropriate.

CCE-1317-7
The "Account lockout duration" setting should be configured correctly.

CCE-2200-4
The "Maximum password age" setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_server_2008:-
*XCCDF
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_2008_server
OVAL    267
oval:org.secpod.oval:def:8612
oval:org.secpod.oval:def:8610
oval:org.secpod.oval:def:8569
oval:org.secpod.oval:def:8501
...

© 2013 SecPod Technologies