[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-10303-6
The 'MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)' setting should be configured correctly.

CCE-10763-1
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-9498-7
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-9136-3
The 'Account lockout threshold' setting should be configured correctly.

CCE-14411-3
The Windows Connect Now "Windows Portable Device" setting should be configured correctly.

CCE-8806-2
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

CCE-9802-0
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.

CCE-10051-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-9704-8
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly.

CCE-9596-8
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.

CCE-10205-3
The 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate.

CCE-9463-1
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

CCE-8870-8
Windows Firewall should allow or block outbound connections by default as appropriate for the Private Profile.

CCE-9694-1
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

CCE-14653-0
The Windows Connect Now "Higher precedence medium for devices discovered by multiple media" setting should be configured appropriately.

CCE-10160-0
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-15015-1
The Windows Connect Now "Ethernet (UPnP)" setting should be configured correctly.

CCE-8817-9
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

CCE-9147-0
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for operating system drives.

CCE-9739-4
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-9321-1
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.

CCE-11027-0
The "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.

CCE-10850-6
The "Turn off game updates" setting should be configured correctly.

CCE-9114-0
The 'BitLocker identification field' setting should be configured correctly.

CCE-8937-5
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

CCE-10543-7
The startup type of the Homegroup Listener service should be correct.

CCE-9670-1
The 'Require a Password When a Computer Wakes (Plugged In)' setting should be configured correctly.

CCE-10271-5
The startup type of the SSDP Discovery service should be correct.

CCE-9258-5
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

CCE-9628-9
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-8301-4
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 14) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9036-5
The 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly.

CCE-8654-6
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-9661-0
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-8804-7
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.

CCE-14718-1
The "Prohibit operation while in private network" setting on the LLTDIO Driver should be configured correctly.

CCE-9387-2
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

CCE-10295-4
The "Turn off Help Ratings" setting should be configured correctly.

CCE-9924-2
The 'Scheduled install time' option for automatic updates should be set correctly.

CCE-15059-9
The "Allow operation while in domain" setting on the RSPNDR Driver should be configured correctly.

CCE-9465-6
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-9330-2
The 'Minimum password age' setting should be configured correctly.

CCE-9145-4
The 'Allowed BitLocker identification field' setting should be configured correctly.

CCE-8787-4
Validation of the 'Options ROM Code'' Platform Configuration Register (aka PCR 2) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-10828-2
The "Turn Off Downloading of Game Information" setting should be configured correctly.

CCE-9376-5
Auditing of 'Object Access:��File Share' events on success should be enabled or disabled as appropriate.

CCE-10064-4
The 'Retain old events' setting should be configured correctly for the system log.

CCE-10077-6
The 'Allow Remote Shell Access' setting should be configured correctly.

CCE-9221-3
Use of the combination of both a Trusted Platform Module (TPM) startup key and PIN for operating system drives encrypted with BitLocker should be configured correctly.

CCE-9112-4
The 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting should be configured correctly.

CCE-9728-7
Auditing of 'Object Access:��Filtering Platform Connection' events on success should be enabled or disabled as appropriate.

CCE-9365-8
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.

CCE-9487-0
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-10443-0
The startup type of the SPP Notification Service service should be correct.

CCE-9256-9
The 'Save BitLocker recovery information to AD DS for removable data drives' setting should be configured correctly.

CCE-9672-7
The 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be configured correctly.

CCE-8837-7
The 'Devices: Allow undock without having to log on' setting should be configured correctly.

CCE-10140-2
The 'Turn off Search Companion content file updates' setting should be configured correctly.

CCE-8303-0
The BitLocker 'Require additional authentication at startup' setting should be enabled or disabled as appropriate..

CCE-18249-3
The 'Internet Information Services' features should be configured correctly.

CCE-9770-9
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

CCE-9123-1
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-9902-8
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9410-2
The 'Interactive logon: Require smart card' setting should be configured correctly.

CCE-9249-4
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

CCE-9456-5
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-9663-6
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-9347-6
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.

CCE-10093-3
The 'Turn off Windows Update device driver searching' setting should be configured correctly.

CCE-9301-3
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

CCE-10623-7
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-9007-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

CCE-15019-3
The Windows Connect "In-band 802.11 Wi-Fi" setting should be configured correctly.

CCE-8743-7
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for fixed data drives.

CCE-10103-0
The 'Always prompt for password upon connection' setting should be configured correctly.

CCE-8789-0
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.

CCE-8813-8
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-8284-2
The BitLocker 'Configure TPM platform validation profile' setting should be enabled or disabled as appropriate.

CCE-9926-7
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Public Profile.

CCE-10658-3
The "Turn off handwriting personalization data sharing" setting should be configured correctly.

CCE-18739-3
The 'Telnet Server' features should be configured correctly.

CCE-9227-0
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-9432-6
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

CCE-8525-8
Rights to activate or launch DCOM applications should be assigned as appropriate.

CCE-9783-2
The "Turn on Mapper I/O (LLTDIO) Driver" setting should be configured correctly.

CCE-10645-0
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.

CCE-10438-0
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.

CCE-9817-8
The 'Windows Firewall: Public: Apply local connection security rules' setting should be configured correctly.

CCE-10778-9
The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.

CCE-9674-3
The 'Turn off Internet download for Web publishing and online ordering wizards' setting should be configured correctly.

CCE-15050-8
The "Allow operation while in domain" setting on the LLTDIO Driver should be configured correctly.

CCE-8721-3
The BitLocker 'Configure use of smart cards on fixed data drives' setting should be configured correctly.

CCE-9182-7
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 23) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9808-7
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.

CCE-8405-3
The BitLocker 'Do not allow write access to devices configured in another organization' setting should be configured correctly.

CCE-9247-8
Rights to access DCOM applications should be assigned as appropriate.

CCE-9138-9
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 19) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8503-5
The 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly.

CCE-9458-1
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

CCE-9556-2
The 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly.

CCE-9191-8
The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly.

CCE-8811-2
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-9236-1
The 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' setting should be configured correctly.

CCE-9103-3
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 18) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8745-2
The 'Choose how BitLocker-protected fixed drives can be recovered' setting should be enabled or disabled as appropriate.

CCE-10007-3
The "Turn on Basic feed authentication over HTTP" setting should be configured correctly.

CCE-9521-6
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.

CCE-8591-0
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-9180-1
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.

CCE-14834-6
The "Prohibit operation while in private network" setting on the RSPNDR Driver should be configured correctly.

CCE-8868-2
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

CCE-10787-0
The "Turn off Program Inventory" setting should be configured correctly.

CCE-8822-9
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.

CCE-9532-3
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

CCE-10730-0
The "Turn off downloading of enclosures" setting should be configured correctly.

CCE-10129-5
The Windows Explorer 'Remove Security tab' setting should be configured correctly.

CCE-9082-9
Validation of the 'Option ROM Configuration and Data' Platform Configuration Register (aka PCR 3) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9819-4
The "Turn Off Event Views "Events.asp" Links" setting should be configured correctly.

CCE-8538-1
The BitLocker 'Require use of smart cards on removable data drives' setting should be configured correctly.

CCE-9774-1
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.

CCE-8493-9
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 12) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9358-3
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-9742-8
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.

CCE-8844-3
The 'Allow Standby States (S1-S3) When Sleeping (On Battery)' setting should be configured correctly.

CCE-9644-6
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.

CCE-9076-1
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.

CCE-8299-0
Validation of the 'Boot Manager' Platform Configuration Register (aka PCR 10) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-11066-8
The startup type of the FTP Publishing service should be correct.

CCE-8407-9
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate.

CCE-9381-5
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.

CCE-10811-8
The "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.

CCE-10496-8
The "Allow indexing of encrypted files" setting should be configured correctly.

CCE-9960-6
Unsolicited offers of remote assistance (aka the 'Offer Remote Assistance' setting) should be automatically rejected or passed to the logged-on user for confirmation as appropriate.

CCE-9317-9
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-9087-8
The BitLocker 'Minimum password length for fixed data drive' setting should be configured correctly.

CCE-8701-5
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for removable data drives.

CCE-10692-2
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.

CCE-9875-6
The "Set Safe for Scripting" policy should be set correctly.

CCE-9907-7
The "Report Logon Server Not Available During User logon" setting should be configured correctly.

CCE-8242-0
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for fixed data drives.

CCE-9370-8
The 'Password must meet complexity requirements' policy should be set correctly.

CCE-9633-9
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9500-0
The 'Retain old events' setting should be configured correctly for the security log.

CCE-10408-3
The "Configure Windows NTP Client\EventLogFlags" setting should be configured correctly.

CCE-8855-9
Validation of the 'BitLocker Access Control' Platform Configuration Register (aka PCR 11) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-10759-9
The "Do not allow Digital Locker to run" setting should be configured correctly.

CCE-10014-9
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10267-3
The Remote Access Connection Manager service should be enabled or disabled as appropriate.

CCE-9753-5
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-11151-8
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

CCE-8309-7
Use of a Trusted Platform Module (TPM) startup key for operating system drives encrypted with BitLocker should be configured correctly.

CCE-9620-6
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

CCE-9522-4
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.

CCE-14854-4
The 'Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In)' Windows Firewall rule should be configured correctly.

CCE-10700-3
The 'Scheduled install day' option for automatic updates should be set correctly.

CCE-9439-1
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

CCE-9888-9
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-10136-0
The 'Retain old events' setting should be configured correctly for the application log.

CCE-9842-6
The "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider" setting should be configured correctly.

CCE-10602-1
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-10091-7
The startup type of the Windows Biometric service should be correct.

CCE-8560-5
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-9172-8
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-8853-4
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.

CCE-10690-6
The 'Permit remote control of this computer' option for the 'Offer Remote Assistance' setting should be configured correctly.

CCE-9217-1
Auditing of 'Object Access:��File System' events on success should be enabled or disabled as appropriate.

CCE-9831-9
The "Turn off Windows Customer Experience Improvement Program" setting should be configured correctly.

CCE-8703-1
Validation of the 'State Transition and Wake Events' Platform Configuration Register (aka PCR 6) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-8899-7
The BitLocker 'Prevent memory overwrite on restart' setting should be configured correctly.

CCE-9733-7
The 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' setting should be configured correctly.

CCE-9304-7
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

CCE-9161-1
Validation of the 'NTFS Boot Block' Platform Configuration Register (aka PCR 9) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-14830-4
The "Allow operation while in public network" setting on the RSPNDR Driver should be configured correctly.

CCE-8595-1
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for removable data drives.

CCE-9720-4
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.

CCE-10417-4
The 'Process even if the Group Policy objects have not changed' option for registry policy processing should be enabled or disabled as appropriate.

CCE-8791-6
The default folder for BitLocker recovery passwords should be set correctly.

CCE-9864-0
The "Do not use temporary folders per session" setting should be configured correctly.

CCE-9150-4
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-9196-7
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

CCE-9426-8
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.

CCE-9657-8
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.

CCE-9622-2
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.

CCE-9339-3
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate.

CCE-10844-9
The startup type of the WWAN AutoConfig service should be correct.

CCE-8973-0
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.

CCE-9953-1
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

CCE-9494-6
The 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly.

CCE-10078-4
Auditing of 'Object Access:��Registry' events on failure should be enabled or disabled as appropriate.

CCE-9241-1
The 'Allow BitLocker without a compatible TPM' setting should be configured correctly.

CCE-10661-7
The startup type of the Bluetooth service should be correct.

CCE-10130-3
The "ISATAP State" setting for IPv6 should be configured correctly.

CCE-8562-1
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-9735-2
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-9879-8
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).

CCE-9637-0
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-9406-0
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-8995-3
The 'Control use of Bitlocker on removable drives' setting should be configured correctly.

CCE-9189-2
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

CCE-9768-3
The 'Network security: LDAP client signing requirements' setting should be configured correctly.

CCE-9265-0
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

CCE-10154-3
The 'Do not process the run once list' setting should be configured correctly.

CCE-9866-5
The "Prevent indexing uncached Exchange folders" setting should be configured correctly.

CCE-8540-7
The BitLocker 'Configure password complexity for fixed data drives' setting should be configured correctly.

CCE-9156-1
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

CCE-10608-8
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-9069-6
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.

CCE-10165-9
The "Prevent device metadata retrieval from internet" setting should be configured correctly.

CCE-10441-4
The "Enable Error Reporting" policy should be set correctly.

CCE-9492-0
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.

CCE-9988-7
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.

CCE-9121-5
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

CCE-10021-4
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-9496-1
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-8673-6
The BitLocker 'Require password for fixed data drive' setting should be configured correctly.

CCE-9176-9
The 'Allow users to suspend and decrypt BitLocker protection on removable data drives' setting should be configured correctly.

CCE-8884-9
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.

CCE-10606-2
The "Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS)" setting should be configured correctly.

CCE-9506-7
User-intiated solicitations for remote assistance (aka the 'Solicited Remote Assistance' setting) should be enabled or disabled as appropriate.

CCE-9319-5
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.

CCE-9089-4
The BitLocker 'Allow enhanced PINs for startup' setting should be configured correctly.

CCE-10694-8
The "Turn off Windows Update device driver search prompt" setting should be configured correctly.

CCE-9604-0
The 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' setting should be configured correctly.

CCE-8993-8
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for operating system drives.

CCE-10824-1
The Windows Error Reporting "Do not send additional data" setting should be configured correctly.

CCE-9141-3
The BitLocker 'Configure use of passwords for removable data drives' setting should be configured correctly.

CCE-11207-8
The WebClient service should be enabled or disabled as appropriate.

CCE-8905-2
The 'Save BitLocker recovery information to AD DS for operating system drives' setting should be configured correctly.

CCE-10156-8
The 'Maximum Log Size (KB)' setting should be configured correctly for the system log.

CCE-9056-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.

CCE-8651-2
Validation of the 'Platform and Motherboard Configuration and Data' Platform Configuration Register (aka PCR 1) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9868-1
The "Configure Microsoft SpyNet Reporting" setting should be configured correctly.

CCE-8588-6
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for operating system drives.

CCE-8807-0
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-10681-5
The "Turn Off Automatic Root Certificates Update" setting should be configured correctly.

CCE-8235-4
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for fixed data drives.

CCE-10254-1
The startup type of the Computer Browser service should be correct.

CCE-9021-7
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-9857-4
The "Override the More Gadgets Link" setting should be configured correctly.

CCE-9067-0
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-10519-7
The 'Permit remote control of this computer' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-8553-0
The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for fixed data drives.

CCE-8784-1
The 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly.

CCE-9396-3
The 'Restrictions for Unauthenticated RPC clients' setting should be configured correctly.

CCE-9528-1
The 'Turn off Autoplay' setting should be configured correctly.

CCE-8818-7
The 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly.

CCE-9222-1
The 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly.

CCE-10183-2
The 'Prevent the computer from joining a homegroup' setting should be configured correctly.

CCE-18300-4
The 'Windows Media Center' features should be configured correctly.

CCE-9026-6
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

CCE-9440-9
The 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly.

CCE-9211-4
The 'Deny write access to removable data drives not protected by BitLocker' setting should be configured correctly.

CCE-8653-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 22) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9958-0
The 'Force specific screen saver' setting should be configured correctly.

CCE-9200-7
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for operating system drives.

CCE-10150-1
The startup type of the Fax service should be correct.

CCE-9801-2
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

CCE-8751-0
Validation of the 'NTFS Boot Sector' Platform Configuration Register (aka PCR 8) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9344-3
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

CCE-9749-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-8688-4
The minimum number of characters required for the BitLocker startup PIN used with the Trusted Platform Module (TPM) should be set correctly.

CCE-8740-3
The 'Interactive logon: Message title for users attempting to log on' setting should be configured correctly.

CCE-9148-8
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.

CCE-11246-6
The startup type of the Routing and Remote Access service should be correct.

CCE-10699-7
The startup type of the Media Center Extenders service should be correct.

CCE-9220-5
The 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows ' setting should be configured correctly.

CCE-10076-8
The 'Notify antivirus programs when opening attachments' setting should be configured correctly.

CCE-9684-2
The 'Hide mechanisms to remove zone information' setting should be configured correctly.

CCE-9266-8
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

CCE-10272-3
The startup type of the Task Scheduler service should be correct.

CCE-8936-7
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-9901-0
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.

CCE-10219-4
The "Enable/Disable PerfTrack" setting should be configured correctly.

CCE-10709-4
The Windows Error Reporting "Display Error Notification" setting should be configured correctly.

CCE-9816-0
Auditing of 'Object Access:��Application Generated' events on success should be enabled or disabled as appropriate.

CCE-9718-8
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.

CCE-9586-9
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.

CCE-9540-6
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

CCE-8655-3
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-10553-6
The "Do not create system restore point when new device driver installed" setting should be configured correctly.

CCE-8947-4
The BitLocker 'Configure password complexity for removable data drives' setting should be configured correctly.

CCE-9803-8
Auditing of 'Object Access:��Kernel Object' events on success should be enabled or disabled as appropriate.

CCE-8546-4
Use of a Trusted Platform Moduel (TPM) startup PIN for operating system drives encrypted with BitLocker should be configured correctly.

CCE-9914-3
The "Disable Windows Error Reporting" setting should be configured correctly.

CCE-9342-7
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

CCE-9509-1
Windows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile.

CCE-8912-8
The "enforce password history" policy should meet minimum requirements.

CCE-8958-1
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

CCE-10795-3
The "Turn Off Internet File Association Service" setting should be configured correctly.

CCE-9464-9
The 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' setting should be configured correctly.

CCE-9279-1
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 20) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9562-0
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-10882-9
The "Turn off Windows Mail application" setting should be configured correctly.

CCE-9146-2
The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for removable data drives.

CCE-10250-9
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Private Profile.

CCE-9829-3
The 'Require a Password When a Computer Wakes (On Battery)' setting should be configured correctly.

CCE-9686-7
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-8825-2
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

CCE-14900-5
The Windows Connect Now "Maximum number of WCN devices" setting should be configured correctly.

CCE-9938-2
The 'Enumerate administrator accounts on elevation' setting should be configured correctly.

CCE-10311-9
The startup type of the Parantal Controls service should be correct.

CCE-10502-3
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-10779-7
The 'Encryption Level' option for the Remote Desktop Services 'Set client connection encryption level' setting should be configured correctly.

CCE-8535-7
Validation of the 'Master Boot Record (MBR) Code' Platform Configuration Register (aka PCR 4) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-11220-1
The startup type of the World Wide Web Publishing service should be correct.

CCE-9542-2
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-9588-5
Windows Firewall should allow or block outbound connections by default as appropriate for the Public Profile.

CCE-9773-3
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.

CCE-8945-8
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-14109-3
The "Allow operation while in public network" setting on the LLTDIO Driver should be configured correctly.

CCE-9096-9
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

CCE-9455-7
Auditing of 'Object Access:��Other Object Access Events' events on success should be enabled or disabled as appropriate.

CCE-9050-6
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 16) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9348-4
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.

CCE-9707-1
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

CCE-9194-2
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-8415-2
The 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for removable data drives.

CCE-8956-5
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-8370-9
The BitLocker 'Select the encryption method' setting should be enabled or disabled as appropriate.

CCE-10611-2
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-8513-4
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

CCE-9106-6
The 'Do not install BitLocker To Go Reader on FAT formatted fixed drives' setting should be configured correctly.

CCE-18629-6
The 'SimpleTCP Services' features should be configured correctly.

CCE-10490-1
The 'Remove CD Burning features' setting should be configured correctly.

CCE-9224-7
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.

CCE-10181-6
The 'RPC Endpoint Mapper Client Authentication' setting should be configured correctly.

CCE-18190-9
The 'TFTP Client' features should be configured correctly.

CCE-11233-4
The WMI Performance Adapter service should be enabled or disabled as appropriate.

CCE-9579-4
The 'System settings: Optional subsystems' setting should be configured correctly.

CCE-9786-5
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-10359-8
The "Require domain users to elevate when setting a network's location" setting should be configured correctly.

CCE-9213-0
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.

CCE-9259-3
Use of the Trusted Platform Module (TPM) on startup for operating system drives encyrpted with BitLocker should be configured correctly.

CCE-9190-0
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-9677-6
The 'Prevent access to registry editing tools' setting should be configured correctly.

CCE-9126-4
The 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' setting should be configured correctly.

CCE-9357-5
The 'Minimum password length' setting should be configured correctly.

CCE-10215-2
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-18880-5
The 'Games' features should be configured correctly.

CCE-9248-6
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for operating system drives.

CCE-8613-2
The 'Choose how BitLocker-protected removable drives can be recovered' setting should be enabled or disabled as appropriate.

CCE-10764-9
The "IP HTTPS" state setting should be configured correctly.

CCE-9918-4
The 'Turn off Data Execution Prevention for Explorer' setting should be configured correctly.

CCE-10753-2
The 'Maximum ticket time (value)' option for the 'Solicited Remote Assistance' setting should be configured correctly.

CCE-10061-0
The 'Turn off printing over HTTP' setting should be configured correctly.

CCE-9797-2
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

CCE-8856-7
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.

CCE-8417-8
The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for fixed data drives.

CCE-10655-9
The "Turn off Autoplay for non-volume devices" setting should be configured correctly.

CCE-8648-8
The BitLocker 'Configure use of smart cards on removable data drives' setting should be enabled or disabled as appropriate.

CCE-10059-4
The "Turn on Responder (RSPNDR) Driver" setting should be configured correctly.

CCE-8965-6
The 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for removable data drives.

CCE-10157-6
The Windows Error Reporting "Disable Logging" setting should be configured correctly.

CCE-9053-0
The 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows ' setting should be configured correctly.

CCE-8483-0
Validation of the 'Computer Manufacturer-Specific' Platform Configuration Register (aka PCR 7) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9863-2
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-9197-5
The 'Save BitLocker recovery information to AD DS for fixed data drives' setting should be configured correctly.

CCE-9919-2
The "Specify Search Order for device driver source locations" setting should be configured correctly.

CCE-18659-3
The 'Telnet Client' features should be configured correctly.

CCE-10266-5
The "6to4 State" setting should be configured correctly.

CCE-8581-1
The BitLocker 'Provide the unique identifiers for your organization' setting should be enabled or disabled as appropriate.

CCE-9765-9
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-9983-8
The 'Do not process the legacy run list' setting should be configured correctly.

CCE-10714-4
The setup log maximum size should be configured correctly.

CCE-9295-7
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

CCE-9162-9
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate.

CCE-9260-1
The 'Store passwords using reversible encryption' setting should be configured correctly.

CCE-9534-9
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-9329-4
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

CCE-8759-3
The 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' setting should be configured correctly.

CCE-9643-8
The 'Turn off the "Publish to Web" task for files and folders' setting should be configured correctly.

CCE-10649-2
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-10090-9
The 'Do not allow passwords to be saved' setting should be configured correctly.

CCE-9088-6
The 'Do not install BitLocker To Go Reader on FAT formatted removable drives' setting should be configured correctly.

CCE-9730-3
The 'Password protect the screen saver' setting should be configured correctly.

CCE-9632-1
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-9874-9
The "Turn off Heap termination on corruption" setting should be configured correctly.

CCE-8517-5
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 21) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9908-5
The "Prevent Windows Media DRM Internet Access" setting should be configured correctly.

CCE-10769-8
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-11252-4
The "Turn off the communitication features" setting should be configured correctly. (sic)

CCE-9062-1
The BitLocker 'Object identifier' setting should be configured correctly.

CCE-9195-9
The 'Turn off downloading of print drivers over HTTP' setting should be configured correctly.

CCE-14986-4
The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly.

CCE-8278-4
The 'Choose how BitLocker-protected operating system drives can be recovered' setting should be enabled or disabled as appropriate.

CCE-10268-1
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9525-7
The 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly.

CCE-10527-0
The default behavior for AutoRun should be properly configured.

CCE-8974-8
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

CCE-8496-2
Validation of the 'Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions' Platform Configuration Register (aka PCR 0) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9789-9
Auditing of 'Object Access:��Handle Manipulation' events on success should be enabled or disabled as appropriate.

CCE-9327-8
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-10137-8
The "Prevent Windows Anytime Upgrade from running" setting should be configured correctly.

CCE-9282-5
The 'Allow users to apply BitLocker protection on removable data drives' setting should be configured correctly.

CCE-15041-7
The Windows Connect Now "USB Flash Drive" setting should be configured correctly.

CCE-10344-0
The "Turn on session logging" setting should be configured correctly.

CCE-10591-6
Use Classic Logon should be properly configured.

CCE-10092-5
The 'Require trusted path for credential entry' setting should be enabled or disabled as appropriate.

CCE-10856-3
The "Do not delete temp folder upon exit" setting should be configured correctly.

CCE-9173-6
The BitLocker 'Require use of smart cards on fixed data drives' setting should be configured correctly.

CCE-9501-8
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

CCE-9040-7
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-10148-5
The 'Screen Saver timeout' setting should be configured correctly.

CCE-9449-0
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

CCE-9403-7
Automatic Updates should be enabled or disabled as appropriate.

CCE-9876-4
The "Enable User Control Over Installs" policy should be set correctly.

CCE-9218-9
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

CCE-9418-5
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-8487-1
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-10782-1
The "Extend Point and Print connection to search Windows Update and use alternate connection if needed" setting should be configured correctly.

CCE-8683-5
The BitLocker 'Require password for removable data drive' setting should be configured correctly.

CCE-9712-1
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-10586-6
The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly.

CCE-9856-6
Auditing of 'Object Access:��SAM' events on success should be enabled or disabled as appropriate.

CCE-8983-9
The BitLocker 'Minimum password length for removable data drive' setting should be configured correctly.

CCE-9179-3
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.

CCE-9340-1
The 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' setting should be configured correctly.

CCE-9133-0
Auditing of 'Object Access:��Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate.

CCE-9386-4
The 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.

CCE-9734-5
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-9046-4
Validation of the 'Master Boot Record (MBR) Partition Table' Platform Configuration Register (aka PCR 5) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-10373-9
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Public Profile.

CCE-9000-1
The 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' setting should be configured correctly.

CCE-9144-7
The BitLocker 'Configure use of passwords for fixed data drives' setting should be configured correctly.

CCE-9375-7
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

CCE-9503-4
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-9518-2
The 'Do not allow drive redirection' setting should be configured correctly.

CCE-9823-6
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.

CCE-9616-4
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

CCE-8587-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 17) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9153-8
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10166-7
The 'Do not preserve zone information in file attachments' setting should be configured correctly.

CCE-8541-5
The 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly.

CCE-10509-8
The "Route all traffic through the internal network" setting should be configured correctly.

CCE-9307-0
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly.

CCE-10011-5
The "Teredo State" setting should be configured correctly.

CCE-9251-0
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.

CCE-9066-2
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.

CCE-8917-7
The 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly.

CCE-9858-2
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-10022-2
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9395-5
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-8719-7
The 'Deny write access to fixed drives not protected by BitLocker' setting should be configured correctly.

CCE-9910-1
The startup type of the Homegroup Provider service should be correct.

CCE-9079-5
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 13) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9593-5
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile.

CCE-10386-1
The "Log File Path and Name" for the Windows Firewall should be configured correctly for the Private Profile.

CCE-10814-2
The 'MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)' setting should be configured correctly.

CCE-9747-7
The "Log File Size Limit" for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-9967-1
This definition tests the the maximum allowed size of the security log is at least as big as the supplied value.

CCE-9736-0
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-9460-7
Auditing of 'Object Access:��Certification Services' events on success should be enabled or disabled as appropriate.

CCE-8530-8
Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 15) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate.

CCE-9603-2
The 'Maximum Log Size (KB)' setting should be configured correctly for the application log.

CCE-8484-8
The built-in Administrator account should be correctly named.

CCE-8714-8
The 'Accounts: Guest account status' setting should be configured correctly.

CCE-9199-1
The 'Accounts: Administrator account status' setting should be configured correctly.

CCE-9229-6
The built-in Guest account should be correctly named.

CCE-9345-0
The 'Allow log on locally' user right should be assigned to the appropriate accounts.

CCE-9149-6
The 'Modify an object label' user right should be assigned to the appropriate accounts.

CCE-9185-0
The 'Create a pagefile' user right should be assigned to the appropriate accounts.

CCE-8475-6
The 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.

CCE-9461-5
The 'Log on as a service' user right should be assigned to the appropriate accounts.

CCE-9309-6
The 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.

CCE-9407-8
The 'Act as part of the operating system' user right should be assigned to the appropriate accounts.

CCE-8423-6
The 'Change the time zone' user right should be assigned to the appropriate accounts.

CCE-9223-9
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-9212-2
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-9289-0
The 'Lock pages in memory' user right should be assigned to the appropriate accounts.

CCE-9014-2
The 'Shut down the system' user right should be assigned to the appropriate accounts.

CCE-8732-0
The 'Replace a process level token' user right should be assigned to the appropriate accounts.

CCE-8612-4
The 'Change the system time' user right should be assigned to the appropriate accounts.

CCE-8460-8
The 'Create symbolic links' user right should be assigned to the appropriate accounts.

CCE-8999-5
The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.

CCE-9326-0
The 'Remove computer from docking station' user right should be assigned to the appropriate accounts.

CCE-9098-5
The 'Deny log on as a service' user right should be assigned to the appropriate accounts.

CCE-8431-9
The 'Create global objects' user right should be assigned to the appropriate accounts.

CCE-9274-2
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9320-3
The 'Log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-9244-5
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-9388-0
The 'Profile single process' user right should be assigned to the appropriate accounts.

CCE-9226-2
The 'Generate security audits' user right should be assigned to the appropriate accounts.

CCE-9215-5
The 'Create a token object' user right should be assigned to the appropriate accounts.

CCE-9239-5
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-8930-0
The 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.

CCE-8583-7
The 'Debug programs' user right should be assigned to the appropriate accounts.

CCE-9107-4
The 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-9380-7
The 'Access Credential Manager as a trusted caller' user right should be assigned to the appropriate accounts.

CCE-10636-9
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-9253-6
The 'Access this computer from the network' user right should be assigned to the appropriate accounts.

CCE-8467-3
The 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.

CCE-9389-8
The 'Back up files and directories' user right should be assigned to the appropriate accounts.

CCE-8414-5
The 'Bypass traverse checking' user right should be assigned to the appropriate accounts.

CCE-9336-9
The 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.

CCE-9417-7
The 'Modify firmware environment values' user right should be assigned to the appropriate accounts.

CCE-9254-4
The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.

CCE-9419-3
The 'Profile system performance' user right should be assigned to the appropriate accounts.

CCE-9124-9
The 'Restore files and directories' user right should be assigned to the appropriate accounts.

CCE-9135-5
The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.

CCE-9048-0
The 'Increase a process working set' user right should be assigned to the appropriate accounts.

CCE-9068-8
The 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.

CCE-9308-8
The 'Account lockout duration' setting should be configured correctly.

CCE-9400-3
The 'Reset account lockout counter after' setting should be configured correctly.

CCE-9193-4
The 'Maximum password age' setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_7
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_7
OVAL    504
oval:gov.nist.usgcb.windowsseven:def:200
oval:gov.nist.usgcb.windowsseven:def:202
oval:gov.nist.usgcb.windowsseven:def:225
oval:org.secpod.oval:def:7711
...

© 2013 SecPod Technologies