[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-11356-3
The "6to4 State" machine setting should be configured correctly.

CCE-12047-7
The "Directory pruning interval" machine setting should be configured correctly.

CCE-11005-6
The "Positive Periodic DC Cache Refresh for Non-Background Callers" machine setting should be configured correctly.

CCE-11770-5
The "Teredo Server Name" machine setting should be configured correctly.

CCE-12822-3
The "Configure Files preference logging and tracing" machine setting should be configured correctly.

CCE-10665-8
The "Prevent backing up to local disks" machine setting should be configured correctly.

CCE-11574-1
The "Turn off Windows presentation settings" machine setting should be configured correctly.

CCE-10981-9
The "Turn off heap termination on corruption" machine setting should be configured correctly.

CCE-11201-1
The "Allow local activation security check exemptions" machine setting should be configured correctly.

CCE-10469-5
The "Removable Disks: Deny write access" machine setting should be configured correctly.

CCE-10928-0
The "Timeout for fast user switching events" machine setting should be configured correctly.

CCE-10883-7
The 'Devices: Allow undock without having to log on' setting should be configured correctly.

CCE-11935-4
The "Configure Folders preference logging and tracing" machine setting should be configured correctly.

CCE-10994-2
The "Configure the refresh interval for Server Manager" machine setting should be configured correctly.

CCE-11125-2
The "Display a custom message title when device installation is prevented by a policy setting" machine setting should be configured correctly.

CCE-10532-0
The "Allow Enhanced Storage certificate provisioning" machine setting should be configured correctly.

CCE-11378-7
The "Prevent plaintext PINs from being returned by Credential Manager" machine setting should be configured correctly.

CCE-11080-9
The "Prevent Input Panel tab from appearing" machine setting should be configured correctly.

CCE-10896-9
Rights to activate or launch DCOM applications should be assigned as appropriate.

CCE-11900-8
The "List of applications to be excluded" machine setting should be configured correctly.

CCE-12376-0
The "Disable text prediction" machine setting should be configured correctly.

CCE-10589-0
Auditing of 'Object Access:��File Share' events on failure should be enabled or disabled as appropriate.

CCE-10861-3
The "Do not allow window animations" machine setting should be configured correctly.

CCE-11223-5
The "Allow Delegating Fresh Credentials" machine setting should be configured correctly.

CCE-11881-0
The "Configure Power Options preference logging and tracing" machine setting should be configured correctly.

CCE-11321-7
The "Configure Data Sources preference logging and tracing" machine setting should be configured correctly.

CCE-10808-4
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.

CCE-11410-8
The "Display information about previous logons during user logon" machine setting should be configured correctly.

CCE-11663-2
The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.

CCE-10870-4
The "Configure the list of blocked TPM commands" machine setting should be configured correctly.

CCE-11922-2
The "Disk Diagnostic: Configure execution level" machine setting should be configured correctly.

CCE-11116-1
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.

CCE-11445-4
The "Limit the size of the entire roaming user profile cache" machine setting should be configured correctly.

CCE-10197-2
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

CCE-11249-0
The "Allow only Vista or later connections" machine setting should be configured correctly.

CCE-11761-4
The "Automatic Updates detection frequency" machine setting should be configured correctly.

CCE-11708-5
The "Disable Windows Error Reporting" machine setting should be configured correctly.

CCE-11530-3
The "Turn off shell protocol protected mode" machine setting should be configured correctly.

CCE-10421-6
The "Log File Path" machine setting should be configured correctly for the security log.

CCE-11018-9
Auditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate.

CCE-11641-8
The "RPC Troubleshooting State Information" machine setting should be configured correctly.

CCE-11432-2
The "Restrict system locales" machine setting should be configured correctly.

CCE-11543-6
The "Global Configuration Settings" machine setting should be configured correctly.

CCE-10478-6
The "Prevent installation of devices using drivers that match these device setup classes" machine setting should be configured correctly.

CCE-11944-6
The "Select the Lid Switch Action (On Battery)" machine setting should be configured correctly.

CCE-11698-8
The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.

CCE-13753-9
The "Configure Scheduled Tasks preference logging and tracing" machine setting should be configured correctly.

CCE-11369-6
The "Enable Transparent Caching" machine setting should be configured correctly.

CCE-11467-8
The "Turn off Windows HotStart" machine setting should be configured correctly.

CCE-12056-8
The "Do not allow client printer redirection" machine setting should be configured correctly.

CCE-12287-9
The "ActiveX installation policy for sites in Trusted zones" machine setting should be configured correctly.

CCE-10719-3
The "Run startup scripts visible" machine setting should be configured correctly.

CCE-11191-4
The "Use forest search order" machine setting should be configured correctly for Kerberos client searches.

CCE-10669-0
The "Do not use temporary folders per session" machine setting should be configured correctly.

CCE-10416-6
The "Specify intranet Microsoft update service location" machine setting should be configured correctly.

CCE-12043-6
The "Limit outstanding packets" machine setting should be configured correctly.

CCE-10247-5
Auditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate.

CCE-11352-2
The "Do not allow desktop composition" machine setting should be configured correctly.

CCE-11156-7
The "Turn off Touch Panning" machine setting should be configured correctly.

CCE-11387-8
The "Do not allow Sound Recorder to run" machine setting should be configured correctly.

CCE-12078-2
The "Turn off access to the solutions to performance problems section" machine setting should be configured correctly.

CCE-11058-5
The "EFS recovery policy processing" machine setting should be configured correctly.

CCE-11517-0
The "Do not allow smart card device redirection" machine setting should be configured correctly.

CCE-11748-1
The "Turn off Real-Time Monitoring" machine setting should be configured correctly.

CCE-11570-9
The "Limit the maximum number of BITS jobs for each user" machine setting should be configured correctly.

CCE-10998-3
The "Turn on certificate propagation from smart card" machine setting should be configured correctly.

CCE-12274-7
The "Do not send a Windows error report when a generic driver is installed on a device" machine setting should be configured correctly.

CCE-12065-9
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Site Local.

CCE-11472-8
The "Turn off Multicast Name Resolution" machine setting should be configured correctly.

CCE-11681-4
The "Disallow run-once backups" machine setting should be configured correctly.

CCE-11824-0
The "Disable delete notifications on all volumes" machine setting should be configured correctly.

CCE-10127-9
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.

CCE-10963-7
The "Run logon scripts synchronously" machine setting should be configured correctly.

CCE-10358-0
The "Time (in seconds) to force reboot when required for policy changes to take effect" machine setting should be configured correctly.

CCE-11726-7
The "Limit the age of files in the BITS Peercache" machine setting should be configured correctly.

CCE-11178-1
The "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" machine setting should be configured correctly.

CCE-12150-9
The "Prune printers that are not automatically republished" machine setting should be configured correctly.

CCE-11147-6
The "Limit maximum number of monitors" machine setting should be configured correctly.

CCE-10972-8
The "Disable Windows Installer" machine setting should be configured correctly.

CCE-10301-0
The "Run Windows PowerShell scripts first at user logon, logoff" machine setting should be configured correctly.

CCE-11210-2
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Boot Performance Diagnostics.

CCE-10558-5
The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.

CCE-10874-6
Auditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10621-1
The "Turn On Compatibility HTTP Listener" machine setting should be configured correctly.

CCE-11561-8
The "Weight Set in the DC Locator DNS SRV Records" machine setting should be configured correctly.

CCE-10523-9
Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate.

CCE-11441-3
The "Log File Path" machine setting should be configured correctly for the system log.

CCE-10060-2
Auditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.

CCE-11704-4
The "Allow pruning of published printers" machine setting should be configured correctly.

CCE-11343-1
The "TTL Set in the A and PTR records" machine setting should be configured correctly.

CCE-11112-0
The "Turn off Registration if URL connection is referring to Microsoft.com" machine setting should be configured correctly.

CCE-10950-4
Auditing of 'Object Access:��Certification Services' events on failure should be enabled or disabled as appropriate.

CCE-12328-1
The "Verify old and new Folder Redirection targets point to the same share before redirecting" machine setting should be configured correctly.

CCE-11739-0
The "Turn off downloading of game information" machine setting should be configured correctly.

CCE-11232-6
The "Do not allow sessions without mutual CHAP" machine setting should be configured correctly.

CCE-11169-0
Auditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate.

CCE-11330-8
The "Allow logon scripts when NetBIOS or WINS is disabled" machine setting should be configured correctly.

CCE-11365-4
The "Override the More Gadgets link" machine setting should be configured correctly.

CCE-10776-3
The "Prevent Back-ESC mapping" machine setting should be configured correctly.

CCE-11463-7
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Site Local.

CCE-11498-3
The "Prohibit removal of updates" machine setting should be configured correctly.

CCE-11913-1
The "Don't set the always do this checkbox" machine setting should be configured correctly.

CCE-11596-4
The "Do Not Show First Use Dialog Boxes" machine setting should be configured correctly.

CCE-11623-6
The "Do not allow LPT port redirection" machine setting should be configured correctly.

CCE-10702-9
The "Limit the maximum number of ranges that can be added to the file in a BITS job" machine setting should be configured correctly.

CCE-11778-8
The "Hide previous versions list for local files" machine setting should be configured correctly.

CCE-11262-3
The "Only allow local user profiles" machine setting should be configured correctly.

CCE-10920-7
The "Sites Covered by the Application Directory Partition Locator DNS SRV Records" machine setting should be configured correctly.

CCE-12074-1
The "Prohibit installation and configuration of Network Bridge on your DNS domain network" machine setting should be configured correctly.

CCE-11307-6
The "Restrict potentially unsafe HTML Help functions to specified folders" machine setting should be configured correctly.

CCE-10822-5
Auditing of 'Global Object Access Auditing:��Registry' events on success should be enabled or disabled as appropriate.

CCE-11209-4
The "Dynamic Update" machine setting should be configured correctly.

CCE-10639-3
The "Log File Debug Output Level" machine setting should be configured correctly.

CCE-10724-3
The "CD and DVD: Deny write access" machine setting should be configured correctly.

CCE-11088-2
The "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" machine setting should be configured correctly.

CCE-11601-2
The "Default quota limit and warning level" machine setting should be configured correctly.

CCE-10626-0
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Shutdown Performance Diagnostics.

CCE-11186-4
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Site Local.

CCE-11908-1
The "Disallow network as backup target" machine setting should be configured correctly.

CCE-11756-4
The "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM client.

CCE-11053-6
The "Refresh Interval of the DC Locator DNS Records" machine setting should be configured correctly.

CCE-11427-2
The "Allow time zone redirection" machine setting should be configured correctly.

CCE-11658-2
The "Specify the Unattended Sleep Timeout (On Battery)" machine setting should be configured correctly.

CCE-11889-3
The "Enable/Disable PerfTrack" machine setting should be configured correctly.

CCE-11284-7
The "Do not allow encryption on all NTFS volumes" machine setting should be configured correctly.

CCE-10483-6
The "Configure Corporate Windows Error Reporting" machine setting should be configured correctly.

CCE-11832-3
The "Select the Sleep Button Action (On Battery)" machine setting should be configured correctly.

CCE-10999-1
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.

CCE-11418-1
The "Configure list of Enhanced Storage devices usable on your computer" machine setting should be configured correctly.

CCE-11275-5
The "Configure BranchCache for network files" machine setting should be configured correctly.

CCE-11983-4
The "Prevent press and hold" machine setting should be configured correctly.

CCE-12083-2
The "Reduce Display Brightness (On Battery)" machine setting should be configured correctly.

CCE-10648-4
The "Allow Delegating Default Credentials with NTLM-only Server Authentication" machine setting should be configured correctly.

CCE-11591-5
The "Prevent installation of devices not described by other policy settings" machine setting should be configured correctly.

CCE-12248-1
The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.

CCE-10964-5
The "Specify maximum number of remote shells per user" machine setting should be configured correctly.

CCE-10866-2
The "Enable user to browse for source while elevated" machine setting should be configured correctly.

CCE-11769-7
The "Limit maximum display resolution" machine setting should be configured correctly.

CCE-11177-3
The "Computer location" machine setting should be configured correctly.

CCE-10977-7
The "Redirect only the default client printer" machine setting should be configured correctly.

CCE-11297-9
The "Force the reading of all certificates from the smart card" machine setting should be configured correctly.

CCE-11712-7
The "Log Access" machine setting should be configured correctlyfor the system log.

CCE-11614-5
The "Specify maximum number of processes per Shell" machine setting should be configured correctly.

CCE-12226-7
The "Configure Start Menu preference logging and tracing" machine setting should be configured correctly.

CCE-11199-7
The "Reduce Display Brightness (Plugged In)" machine setting should be configured correctly.

CCE-10613-8
The "Delete data from devices running Microsoft firmware when a user logs off from the computer." machine setting should be configured correctly.

CCE-10942-1
The "Tape Drives: Deny read access" machine setting should be configured correctly.

CCE-11917-2
The "Enable client-side targeting" machine setting should be configured correctly.

CCE-11872-9
The "Do not display Manage Your Server page at logon" machine setting should be configured correctly.

CCE-11458-7
The "Turn off legacy remote shutdown interface" machine setting should be configured correctly.

CCE-10959-5
Auditing of 'Object Access:��Handle Manipulation' events on failure should be enabled or disabled as appropriate.

CCE-11009-8
The "MaxConcurrentUsers" machine setting should be configured correctly.

CCE-12137-6
The "Define host name-to-Kerberos realm mappings" machine setting should be configured correctly.

CCE-10563-5
The "Configure RD Connection Broker farm name" machine setting should be configured correctly.

CCE-11401-7
The "Hide notifications about RD Licensing problems that affect the RD Session Host server" machine setting should be configured correctly.

CCE-11205-2
The "Turn on Remote Desktop IP Virtualization" machine setting should be configured correctly.

CCE-12070-9
The "Require trusted path for credential entry." machine setting should be configured correctly.

CCE-11303-5
The "Do not allow clipboard redirection" machine setting should be configured correctly.

CCE-12200-2
The "Remove 'Make Available Offline'" machine setting should be configured correctly.

CCE-11578-2
The "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" machine setting should be configured correctly.

CCE-10826-6
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate.

CCE-11129-4
The "Directory pruning priority" machine setting should be configured correctly.

CCE-11689-7
The "Set roaming profile path for all users logging onto this computer" machine setting should be configured correctly.

CCE-10683-1
The "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly.

CCE-12004-8
The "Allow non-administrators to install drivers for these device setup classes" machine setting should be configured correctly.

CCE-10728-4
Auditing of 'Object Access:��SAM' events on failure should be enabled or disabled as appropriate.

CCE-12115-2
The "Folder Redirection policy processing" machine setting should be configured correctly.

CCE-10892-8
Auditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.

CCE-11752-3
The "Limit the maximum network bandwidth used for Peercaching" machine setting should be configured correctly.

CCE-10781-3
The 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly.

CCE-11182-3
The "Remove Program Compatibility Property Page" machine setting should be configured correctly.

CCE-11885-1
The "Detect applications unable to launch installers under UAC" machine setting should be configured correctly.

CCE-11423-1
The "Choose default folder for recovery password" machine setting should be configured correctly.

CCE-10585-8
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Link Local.

CCE-11787-9
The "Specify search order for device driver source locations" machine setting should be configured correctly.

CCE-11930-5
The "Low Battery Notification Level" machine setting should be configured correctly.

CCE-11556-8
The "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" machine setting should be configured correctly.

CCE-11325-8
The "Add Printer wizard - Network scan page (Unmanaged network)" machine setting should be configured correctly.

CCE-12092-3
The "CD and DVD: Deny execute access" machine setting should be configured correctly.

CCE-11271-4
The "Specify the Display Dim Brightness (Plugged In)" machine setting should be configured correctly.

CCE-10132-9
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10385-3
Auditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.

CCE-11316-7
The "Do not allow non-Enhanced Storage removable devices" machine setting should be configured correctly.

CCE-10189-9
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10813-4
The "Turn off restore functionality" machine setting should be configured correctly.

CCE-11987-5
The "Turn off Windows Installer RDS Compatibility" machine setting should be configured correctly.

CCE-10968-6
The "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" machine setting should be configured correctly.

CCE-11863-8
The "Package Point and print - Approved servers" machine setting should be configured correctly.

CCE-11075-9
The "Filter duplicate logon certificates" machine setting should be configured correctly.

CCE-11534-5
The "Delay Restart for scheduled installations" machine setting should be configured correctly.

CCE-11765-5
The "Prevent Video Smoothing" machine setting should be configured correctly.

CCE-10617-9
The 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly.

CCE-11436-3
The "Set BranchCache Hosted Cache mode" machine setting should be configured correctly.

CCE-10572-6
The "Do not set default client printer to be default printer in a session" machine setting should be configured correctly.

CCE-11293-8
The "Turn on economical application of administratively assigned Offline Files" machine setting should be configured correctly.

CCE-11898-4
The "Do not detect slow network connections" machine setting should be configured correctly.

CCE-11040-3
The "Turn off location scripting" machine setting should be configured correctly.

CCE-11547-7
The "Disable password strength validation for Peer Grouping" machine setting should be configured correctly.

CCE-10474-5
The "Negative DC Discovery Cache Setting" machine setting should be configured correctly.

CCE-11338-1
The "Propagation of extended error information" machine setting should be configured correctly.

CCE-11610-3
The "Require domain users to elevate when setting a network's location" machine setting should be configured correctly.

CCE-11974-3
The "WPD Devices: Deny read access" machine setting should be configured correctly.

CCE-10670-8
The "Prohibit rollback" machine setting should be configured correctly.

CCE-10946-2
The "Allow only system backup" machine setting should be configured correctly.

CCE-10848-0
Auditing of 'Audit object access' events on success should be enabled or disabled as appropriate.

CCE-10579-1
The "Register DNS records with connection-specific DNS suffix" machine setting should be configured correctly.

CCE-11488-4
The "Prevent Flicks Learning Mode" machine setting should be configured correctly.

CCE-10895-1
The "Turn off creation of System Restore Checkpoints" machine setting should be configured correctly.

CCE-11092-4
The "Cache transforms in secure location on workstation" machine setting should be configured correctly.

CCE-10544-5
The "Prevent Windows Anytime Upgrade from running." machine setting should be configured correctly.

CCE-11947-9
The "Network control service type" link layer (Layer-2) priority value should be configured correctly.

CCE-11137-7
The "Exclude files from being cached" machine setting should be configured correctly.

CCE-13295-1
The "User Group Policy loopback processing mode" machine setting should be configured correctly.

CCE-11039-5
The "Automatic reconnection" machine setting should be configured correctly.

CCE-11880-2
The "Turn on definition updates through both WSUS and Windows Update" machine setting should be configured correctly.

CCE-11912-3
The "Allow Print Spooler to accept client connections" machine setting should be configured correctly.

CCE-10446-3
The "Allow administrators to override Device Installation Restriction policies" machine setting should be configured correctly.

CCE-11190-6
The "Specify Windows installation file location" machine setting should be configured correctly.

CCE-11707-7
The "Limit the maximum number of files allowed in a BITS job" machine setting should be configured correctly.

CCE-11609-5
The "Turn off Active Help" machine setting should be configured correctly.

CCE-11662-4
The "Prevent installation of removable devices" machine setting should be configured correctly.

CCE-10873-8
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.

CCE-11564-2
The "Provide information about previous logons to client computers" machine setting should be configured correctly.

CCE-10971-0
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate.

CCE-11159-1
The "Terminate session when time limits are reached" machine setting should be configured correctly.

CCE-12168-1
The "Disallow Interactive Users from generating Resultant Set of Policy data" machine setting should be configured correctly.

CCE-12399-2
The "Deny Delegating Default Credentials" machine setting should be configured correctly.

CCE-10797-9
The "Configure list of IEEE 1667 silos usable on your computer" machine setting should be configured correctly.

CCE-11200-3
The "Turn On Desktop Background Slideshow (On Battery)" machine setting should be configured correctly.

CCE-10468-7
The "Timeout for hung logon sessions during shutdown" machine setting should be configured correctly.

CCE-10784-7
The "Detect application install failures" machine setting should be configured correctly.

CCE-11479-3
The "Qualitative service type" link layer (Layer-2) priority value should be configured correctly.

CCE-11128-6
The "Do not allow supported Plug and Play device redirection" machine setting should be configured correctly.

CCE-11083-3
The "DC Locator DNS records not registered by the DCs" machine setting should be configured correctly.

CCE-10686-4
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.

CCE-11795-2
The "Turn off access to the performance center core section" machine setting should be configured correctly.

CCE-11542-8
The "Try Next Closest Site" machine setting should be configured correctly.

CCE-11181-5
The "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly.

CCE-12142-6
The "Floppy Drives: Deny write access" machine setting should be configured correctly.

CCE-12057-6
The "Configure device installation time-out" machine setting should be configured correctly.

CCE-11697-0
The "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM client.

CCE-11599-8
The "Prohibit Flyweight Patching" machine setting should be configured correctly.

CCE-11324-1
The "Specify a default color" machine setting should be configured correctly.

CCE-12044-4
The "Specify the Display Dim Brightness (On Battery)" machine setting should be configured correctly.

CCE-11921-4
The "Turn Off the Hard Disk (Plugged In)" machine setting should be configured correctly.

CCE-11213-6
The "Allow time invalid certificates" machine setting should be configured correctly.

CCE-11520-4
The "Group Policy refresh interval for domain controllers" machine setting should be configured correctly.

CCE-10455-4
The "Allow users to log on using biometrics" machine setting should be configured correctly.

CCE-11773-9
The "Removable Disks: Deny execute access" machine setting should be configured correctly.

CCE-11115-3
The "Maximum Log File Size" machine setting should be configured correctly.

CCE-11070-0
The "WPD Devices: Deny write access" machine setting should be configured correctly.

CCE-11444-7
The "Display Shutdown Event Tracker" machine setting should be configured correctly.

CCE-12120-2
The "Ignore custom consent settings" machine setting should be configured correctly.

CCE-11017-1
The "Disable remote Desktop Sharing" machine setting should be configured correctly.

CCE-11168-2
The "Turn off Configuration" machine setting should be configured correctly.

CCE-11627-7
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Global.

CCE-12066-7
The "Allow remote start of unlisted programs" machine setting should be configured correctly.

CCE-11484-3
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Memory Leak Diagnosis.

CCE-11231-8
The "Deny Delegating Saved Credentials" machine setting should be configured correctly.

CCE-10899-3
The "Disallow changing of geographic location" machine setting should be configured correctly.

CCE-11529-5
The "Select an Active Power Plan" machine setting should be configured correctly.

CCE-11133-6
The "Assign a default domain for logon" machine setting should be configured correctly.

CCE-11823-2
The "Turn Off Non Volatile Cache Feature" machine setting should be configured correctly.

CCE-11409-0
The "Turn off sensors" machine setting should be configured correctly.

CCE-12974-2
The "Configure Folder Options preference logging and tracing" machine setting should be configured correctly.

CCE-10962-9
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Link Local.

CCE-11266-4
The "Limit disk space used by offline files" machine setting should be configured correctly.

CCE-11725-9
The "Turn off System Restore" machine setting should be configured correctly.

CCE-10864-7
The "Execute print drivers in isolated processes" machine setting should be configured correctly.

CCE-11605-3
The "Specify the System Sleep Timeout (On Battery)" machine setting should be configured correctly.

CCE-10766-4
The "Set a support web page link" machine setting should be configured correctly.

CCE-10975-1
The "Best effort service type" link layer (Layer-2) priority value should be configured correctly.

CCE-11560-0
The "Set the Seed Server" machine setting should be configured correctly for IPv6 Site Local.

CCE-10139-4
Rights to access DCOM applications should be assigned as appropriate.

CCE-11253-2
The "Troubleshooting: Allow users to access and run Troubleshooting Wizards" machine setting should be configured correctly.

CCE-11000-7
The "Network Projector Port Setting" machine setting should be configured correctly.

CCE-12164-0
The "Always wait for the network at computer startup and logon" machine setting should be configured correctly.

CCE-11155-9
The "Prohibit Access of the Windows Connect Now wizards" machine setting should be configured correctly.

CCE-10335-8
The "Turn on Smart Card Plug and Play service" machine setting should be configured correctly.

CCE-11057-7
The "Enable Windows NTP Client" machine setting should be configured correctly.

CCE-10842-3
The "Domain Location Determination URL" machine setting should be configured correctly.

CCE-10237-6
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

CCE-11991-7
The "Do not allow the BITS client to use Windows Branch Cache" machine setting should be configured correctly.

CCE-11703-6
The "Customize consent settings" machine setting should be configured correctly.

CCE-11938-8
The "Turn Off Solid State Mode" machine setting should be configured correctly.

CCE-11475-1
The "Primary DNS Suffix" machine setting should be configured correctly.

CCE-11026-2
The "Prevent restoring local previous versions" machine setting should be configured correctly.

CCE-11279-7
The "Critical Battery Notification Action" machine setting should be configured correctly.

CCE-10851-4
Auditing of 'Object Access:��Kernel Object' events on failure should be enabled or disabled as appropriate.

CCE-11693-9
The "Set rules for remote control of Remote Desktop Services user sessions" machine setting should be configured correctly.

CCE-11497-5
The "Disallow locally attached storage as backup target" machine setting should be configured correctly.

CCE-11222-7
The "Turn on BranchCache" machine setting should be configured correctly.

CCE-11399-3
The "Corporate DNS Probe Host Address" machine setting should be configured correctly.

CCE-12040-2
The "Do not allow password authentication of Enhanced Storage devices" machine setting should be configured correctly.

CCE-11716-8
The "Set the number of synchronization retries for servers running Password Synchronization" machine setting should be configured correctly.

CCE-11925-5
The "Point and Print Restrictions" machine setting should be configured correctly.

CCE-11573-3
The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.

CCE-11849-7
The "Domain Controller Address Type Returned" machine setting should be configured correctly.

CCE-11013-0
The "Trusted Hosts" machine setting should be configured correctly.

CCE-11244-1
The "Update Top Level Domain Zones" machine setting should be configured correctly.

CCE-11440-5
The "Hash Publication for BranchCache" machine setting should be configured correctly.

CCE-11342-3
The "Do not allow Windows Journal to be run" machine setting should be configured correctly.

CCE-11439-7
The "Restrict Internet communication" machine setting should be configured correctly.

CCE-11141-9
The "ISATAP State" machine setting should be configured correctly.

CCE-12009-7
The "6to4 Relay Name Resolution Interval" machine setting should be configured correctly.

CCE-11600-4
The "Corporate Site Prefix List" machine setting should be configured correctly.

CCE-11296-1
The "Set path for Remote Desktop Services Roaming User Profile" machine setting should be configured correctly.

CCE-11043-7
The "Turn off Program Inventory" machine setting should be configured correctly.

CCE-11394-4
The "Log event when quota warning level exceeded" machine setting should be configured correctly.

CCE-11198-9
The "Enable disk quotas" machine setting should be configured correctly.

CCE-10353-1
The "Do not allow Flip3D invocation" machine setting should be configured correctly.

CCE-10616-1
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Resource Exhaustion Detection and Resolution.

CCE-11065-0
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.

CCE-10910-8
The "Only use Package Point and print" machine setting should be configured correctly.

CCE-12806-6
The "Configure Printers preference logging and tracing" machine setting should be configured correctly.

CCE-11163-3
The "Administratively assigned offline files" machine setting should be configured correctly.

CCE-11404-1
The "Turn off Windows SideShow" machine setting should be configured correctly.

CCE-10505-6
The "Specify a Custom Active Power Plan" machine setting should be configured correctly.

CCE-11030-4
The "Turn off handwriting recognition error reporting" machine setting should be configured correctly.

CCE-10967-8
Auditing of 'Object Access:��File System' events on failure should be enabled or disabled as appropriate.

CCE-11261-5
The "Enable Persistent Time Stamp" machine setting should be configured correctly.

CCE-11306-8
The "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM service.

CCE-11768-9
The "Windows Scaling Heuristics State" machine setting should be configured correctly.

CCE-11537-8
The "Allow Automatic Updates immediate installation" machine setting should be configured correctly.

CCE-11208-6
The "Sites Covered by the GC Locator DNS SRV Records" machine setting should be configured correctly.

CCE-11995-8
The "Group Policy refresh interval for computers" machine setting should be configured correctly.

CCE-10233-5
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

CCE-12885-0
The "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" machine setting should be configured correctly.

CCE-11648-3
The "Turn on recommended updates via Automatic Updates" machine setting should be configured correctly.

CCE-10366-3
The "Turn off the communities features" machine setting should be configured correctly.

CCE-12116-0
The "Configure Services preference logging and tracing" machine setting should be configured correctly.

CCE-11907-3
The "Turn on root certificate propagation from smart card" machine setting should be configured correctly.

CCE-11711-9
The "Prompt for credentials on the client computer" machine setting should be configured correctly.

CCE-11350-6
The "Allow .rdp files from valid publishers and user's default .rdp settings" machine setting should be configured correctly.

CCE-11844-8
The "Enable user to use media source while elevated" machine setting should be configured correctly.

CCE-11287-0
The "Configure Applications preference logging and tracing" machine setting should be configured correctly.

CCE-12312-5
The "Short name creation options" machine setting should be configured correctly.

CCE-11746-5
The "Events.asp program" machine setting should be configured correctly.

CCE-11385-2
The "Verbose vs normal status messages" machine setting should be configured correctly.

CCE-11581-6
The "Log event when quota limit exceeded" machine setting should be configured correctly.

CCE-11417-3
The "Set percentage of disk space used for client computer cache" machine setting should be configured correctly.

CCE-11274-8
The "Prevent access to 16-bit applications" machine setting should be configured correctly.

CCE-11470-2
The "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers" machine setting should be configured correctly.

CCE-11372-0
The "Turn off Connect to a Network Projector" machine setting should be configured correctly.

CCE-11319-1
The "Turn off Windows Update device driver search prompt" machine setting should be configured correctly.

CCE-12018-8
The "Logging" machine setting should be configured correctly.

CCE-11822-4
The "Allow installation of devices using drivers that match these device setup classes" machine setting should be configured correctly.

CCE-11176-5
The "Turn on Accounting for WSRM" machine setting should be configured correctly.

CCE-11078-3
Auditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.

CCE-11724-2
The "Set the Email IDs to which notifications are to be sent" machine setting should be configured correctly.

CCE-10575-9
Auditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.

CCE-11292-0
The "Turn off Federation Service" machine setting should be configured correctly.

CCE-11688-9
The "Detect application failures caused by deprecated Windows DLLs" machine setting should be configured correctly.

CCE-12005-5
The "Corporate Website Probe URL" machine setting should be configured correctly.

CCE-10891-0
The "Corporate DNS Probe Host Name" machine setting should be configured correctly.

CCE-10477-8
The "Directory pruning retry" machine setting should be configured correctly.

CCE-11390-2
The "Do not allow Snipping Tool to run" machine setting should be configured correctly.

CCE-11337-3
The "Turn off Application Compatibility Engine" machine setting should be configured correctly.

CCE-10771-4
The "Check for New Signatures Before Scheduled Scans" machine setting should be configured correctly.

CCE-10718-5
The "Custom Classes: Deny write access" machine setting should be configured correctly.

CCE-10442-2
The "Turn on extensive logging for Password Synchronization" machine setting should be configured correctly.

CCE-11194-8
The "Configure keep-alive connection interval" machine setting should be configured correctly.

CCE-11977-6
The "Set BranchCache Distributed Cache mode" machine setting should be configured correctly.

CCE-10803-5
Auditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.

CCE-11106-2
The "Configure Security Policy for Scripted Diagnostics" machine setting should be configured correctly.

CCE-11359-7
The "Allow audio and video playback redirection" machine setting should be configured correctly.

CCE-11061-9
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

CCE-10384-6
The "Prevent Roaming Profile changes from propagating to the server" machine setting should be configured correctly.

CCE-10660-9
The "Ignore Delegation Failure" machine setting should be configured correctly.

CCE-14026-9
The "Configure Devices preference logging and tracing" machine setting should be configured correctly.

CCE-10914-0
The "Sysvol share compatibility" machine setting should be configured correctly.

CCE-11942-0
The "Slow network connection timeout for user profiles" machine setting should be configured correctly.

CCE-11008-0
The "Include rarely used Chinese, Kanji, or Hanja characters" machine setting should be configured correctly.

CCE-11809-1
The "Configure TPM platform validation profile" machine setting should be configured correctly.

CCE-13691-1
The "Configure Registry preference logging and tracing" machine setting should be configured correctly.

CCE-12103-8
The "Turn off the ability to create a system image" machine setting should be configured correctly.

CCE-11764-8
The "Prevent installation of devices that match any of these device IDs" machine setting should be configured correctly.

CCE-11204-5
The "Turn Off Hybrid Sleep (On Battery)" machine setting should be configured correctly.

CCE-10682-3
The "Selectively allow the evaluation of a symbolic link" machine setting should be configured correctly.

CCE-12049-3
The "Turn off Windows Network Connectivity Status Indicator active tests" machine setting should be configured correctly.

CCE-11087-4
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-11964-4
The "Events.asp URL" machine setting should be configured correctly.

CCE-11185-6
The "Check published state" machine setting should be configured correctly.

CCE-11799-4
The "Positive Periodic DC Cache Refresh for Background Callers" machine setting should be configured correctly.

CCE-11840-6
The "Maximum wait time for Group Policy scripts" machine setting should be configured correctly.

CCE-10397-8
The "Allow Delegating Default Credentials" machine setting should be configured correctly.

CCE-10945-4
The "Permitted Managers" machine setting should be configured correctly.

CCE-11052-8
The "Prevent Windows Media DRM Internet Access" machine setting should be configured correctly.

CCE-10584-1
The "Allow Automatic Sleep with Open Network Files (On Battery)" machine setting should be configured correctly.

CCE-11511-3
The "Automated Site Coverage by the DC Locator DNS SRV Records" machine setting should be configured correctly.

CCE-11381-1
The "Allow automatic configuration of listeners" machine setting should be configured correctly.

CCE-11328-2
The "Contact PDC on logon failure" machine setting should be configured correctly.

CCE-13580-6
The "Software Installation policy processing" machine setting should be configured correctly.

CCE-11742-4
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Global.

CCE-13723-2
The "Allow Cross-Forest User Policy and Roaming User Profiles" machine setting should be configured correctly.

CCE-12948-6
The "Configure Ini Files preference logging and tracing" machine setting should be configured correctly.

CCE-11875-2
The "Specify channel binding token hardening level" machine setting should be configured correctly.

CCE-10749-0
The "Configure Automatic Updates" machine setting should be configured correctly.

CCE-10958-7
The "Turn on logging" machine setting should be configured correctly.

CCE-11413-2
The "Netlogon share compatibility" machine setting should be configured correctly.

CCE-11270-6
The "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Global.

CCE-11524-6
The "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Link Local.

CCE-11217-7
The "Download missing COM components" machine setting should be configured correctly.

CCE-11448-8
The "Do not allow color changes" machine setting should be configured correctly.

CCE-11074-2
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

CCE-10923-1
Auditing of 'Audit system events' events on success should be enabled or disabled as appropriate.

CCE-12147-5
The "Configure Regional Options preference logging and tracing" machine setting should be configured correctly.

CCE-11172-4
The "Do not check for user ownership of Roaming Profile Folders" machine setting should be configured correctly.

CCE-11149-2
The "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM service.

CCE-11310-0
The "Turn off access to all Windows Update features" machine setting should be configured correctly.

CCE-10872-0
The "Do not allow Windows Messenger to be run" machine setting should be configured correctly.

CCE-10917-3
Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.

CCE-12001-4
The "Reverse the subject name stored in a certificate when displaying" machine setting should be configured correctly.

CCE-10819-1
The "Do not display Initial Configuration Tasks window automatically at logon" machine setting should be configured correctly.

CCE-10752-4
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.

CCE-11345-6
The "Baseline file cache maximum size" machine setting should be configured correctly.

CCE-11114-6
The "Run these programs at user logon" machine setting should be configured correctly.

CCE-14699-3
The "Configure Shortcuts preference logging and tracing" machine setting should be configured correctly.

CCE-12121-0
The "Group Policy slow link detection" machine setting should be configured correctly.

CCE-11804-2
The "Use mandatory profiles on the RD Session Host server" machine setting should be configured correctly.

CCE-12036-0
The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.

CCE-11608-7
The "Specify the System Sleep Timeout (Plugged In)" machine setting should be configured correctly.

CCE-10423-2
The "Domain Controller: LDAP server signing requirements" setting should be configured correctly.

CCE-12232-5
The "Select the Lid Switch Action (Plugged In)" machine setting should be configured correctly.

CCE-11234-2
The "Detect application failures caused by deprecated COM objects" machine setting should be configured correctly.

CCE-11794-5
The "Do not automatically encrypt files moved to encrypted folders" machine setting should be configured correctly.

CCE-11598-0
The "Prevent Desktop Shortcut Creation" machine setting should be configured correctly.

CCE-12058-4
The "Enforce Removal of Remote Desktop Wallpaper" machine setting should be configured correctly.

CCE-11911-5
The "Remove browse dialog box for new source" machine setting should be configured correctly.

CCE-11269-8
The "Guaranteed service type" link layer (Layer-2) priority value should be configured correctly.

CCE-10053-7
The 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' setting should be configured correctly.

CCE-11060-1
Auditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.

CCE-11105-4
The "Maximum DC Discovery Retry Interval Setting for Background Callers" machine setting should be configured correctly.

CCE-11358-9
The "Turn off Windows Mobility Center" machine setting should be configured correctly.

CCE-11456-1
The "Add the Administrators security group to roaming user profiles" machine setting should be configured correctly.

CCE-12045-1
The "Do not allow manual configuration of target portals" machine setting should be configured correctly.

CCE-11870-3
The "Do not allow the computer to act as a BITS Peercaching server" machine setting should be configured correctly.

CCE-10565-0
The "Turn off "Found New Hardware" balloons during device installation" machine setting should be configured correctly.

CCE-11674-9
The "Allow Applications to Prevent Automatic Sleep (On Battery)" machine setting should be configured correctly.

CCE-11301-9
The "Run shutdown scripts visible" machine setting should be configured correctly.

CCE-11203-7
The "Turn off Fair Share CPU Scheduling" machine setting should be configured correctly.

CCE-10698-9
The "Turn on Script Execution" machine setting should be configured correctly.

CCE-14437-8
The "Turn off background refresh of Group Policy" machine setting should be configured correctly.

CCE-11478-5
The "Always render print jobs on the server" machine setting should be configured correctly.

CCE-11127-8
The "Do not allow changes to initiator CHAP secret" machine setting should be configured correctly.

CCE-12067-5
The "Hide previous versions of files on backup location" machine setting should be configured correctly.

CCE-11082-5
The "Turn off Windows Startup Sound" machine setting should be configured correctly.

CCE-10894-4
The "Encrypt the Offline Files cache" machine setting should be configured correctly.

CCE-11589-9
The "Prevent device metadata retrieval from the Internet" machine setting should be configured correctly.

CCE-11750-7
The "Turn off Windows Error Reporting" machine setting should be configured correctly.

CCE-11180-7
The "Force selected system UI language to overwrite the user UI language" machine setting should be configured correctly.

CCE-11883-6
The "Log File Path" machine setting should be configured correctly for the application log.

CCE-10587-4
The "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" machine setting should be configured correctly.

CCE-11421-5
The "Remove Windows Security item from Start menu" machine setting should be configured correctly.

CCE-11955-2
The "Delete cached copies of roaming profiles" machine setting should be configured correctly.

CCE-12010-5
The "Floppy Drives: Deny execute access" machine setting should be configured correctly.

CCE-11785-3
The "Do not allow adding new targets via manual configuration" machine setting should be configured correctly.

CCE-10806-8
The "Do not turn off system power after a Windows system shutdown has occurred." machine setting should be configured correctly.

CCE-11323-3
The "Prevent restoring previous versions from backups" machine setting should be configured correctly.

CCE-11554-3
The "Customize Warning Messages" machine setting should be configured correctly.

CCE-11398-5
The "Allow signature keys valid for Logon" machine setting should be configured correctly.

CCE-11857-0
The "Non-conforming packets" machine setting should be configured correctly.

CCE-11604-6
The "Turn off Microsoft Peer-to-Peer Networking Services" machine setting should be configured correctly.

CCE-11047-8
The "Limit number of connections" machine setting should be configured correctly.

CCE-11759-8
The "Teredo Refresh Rate" machine setting should be configured correctly.

CCE-10876-1
The "Set the Time interval in minutes for logging accounting data" machine setting should be configured correctly.

CCE-11145-0
The "Turn Off Adaptive Display Timeout (Plugged In)" machine setting should be configured correctly.

CCE-11800-0
The "Minimum Idle Connection Timeout for RPC/HTTP connections" machine setting should be configured correctly.

CCE-12032-9
The "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM client.

CCE-11012-2
The "Set timer resolution" machine setting should be configured correctly.

CCE-11243-3
The "Turn off the "Order Prints" picture task" machine setting should be configured correctly.

CCE-11110-4
The "IP Security policy processing" machine setting should be configured correctly.

CCE-11167-4
The "Microsoft Support Diagnostic Tool: Restrict tool download" machine setting should be configured correctly.

CCE-10743-3
Auditing of 'Object Access:��Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.

CCE-11230-0
The "Use Remote Desktop Easy Print printer driver first" machine setting should be configured correctly.

CCE-11835-6
The "Allow Applications to Prevent Automatic Sleep (Plugged In)" machine setting should be configured correctly.

CCE-11737-4
The "Teredo Default Qualified" machine setting should be configured correctly.

CCE-11069-2
Auditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate.

CCE-10854-8
The "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" machine setting should be configured correctly.

CCE-11639-2
The "Turn off access to the OEM and Microsoft branding section" machine setting should be configured correctly.

CCE-11132-8
The "Configure RD Connection Broker server name" machine setting should be configured correctly.

CCE-11408-2
The "Notify user of successful smart card driver installation" machine setting should be configured correctly.

CCE-11594-9
The "Apply the default user logon picture to all users" machine setting should be configured correctly.

CCE-10214-5
Auditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.

CCE-11354-8
The "Turn off Windows Customer Experience Improvement Program" machine setting should be configured correctly.

CCE-11256-5
The "Always use classic logon" machine setting should be configured correctly.

CCE-11848-9
The "Hide entry points for Fast User Switching" machine setting should be configured correctly.

CCE-11389-4
The "Scavenge Interval" machine setting should be configured correctly.

CCE-12161-6
The "Turn off Data Execution Prevention for Explorer" machine setting should be configured correctly.

CCE-11158-3
The "Turn Off Low Battery User Notification" machine setting should be configured correctly.

CCE-14285-1
The "Turn off Resultant Set of Policy logging" machine setting should be configured correctly.

CCE-10569-2
The "Detect application installers that need to be run as administrator" machine setting should be configured correctly.

CCE-10885-2
The "Turn On Desktop Background Slideshow (Plugged In)" machine setting should be configured correctly.

CCE-10610-4
The "Restrict unpacking and installation of gadgets that are not digitally signed." machine setting should be configured correctly.

CCE-11990-9
The "Turn Off Cache Power Mode" machine setting should be configured correctly.

CCE-12108-7
The "Prevent Quick Launch Toolbar Shortcut Creation" machine setting should be configured correctly.

CCE-11123-7
The "Turn off Windows Mail application" machine setting should be configured correctly.

CCE-10996-7
The "Do not allow additional session logins" machine setting should be configured correctly.

CCE-11487-6
The "Pre-populate printer search location text" machine setting should be configured correctly.

CCE-11585-7
The "All Removable Storage: Allow direct access in remote sessions" machine setting should be configured correctly.

CCE-10689-8
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.

CCE-10908-2
The "Prevent restoring remote previous versions" machine setting should be configured correctly.

CCE-10863-9
The "Guaranteed service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.

CCE-11416-5
The "Turn Off Boot and Resume Optimizations" machine setting should be configured correctly.

CCE-11669-9
The "Tag Windows Customer Experience Improvement data with Study Identifier" machine setting should be configured correctly.

CCE-11732-5
The "Time (in seconds) to force reboot" machine setting should be configured correctly.

CCE-12085-7
The "Internet Explorer Maintenance policy processing" machine setting should be configured correctly.

CCE-11318-3
The "Dynamic Registration of the DC Locator DNS Records" machine setting should be configured correctly.

CCE-11371-2
The "Site Name" machine setting should be configured correctly.

CCE-11985-9
The "Reserve Battery Notification Level" machine setting should be configured correctly.

CCE-11865-3
The "Teredo State" machine setting should be configured correctly.

CCE-11175-7
The "Turn off Problem Steps Recorder" machine setting should be configured correctly.

CCE-11634-3
The "Guaranteed service type" Layer-3 Differentiated Services Code Point should be configured correctly for packets that do not conform to the flow specification.

CCE-11491-8
The "Ignore the local list of blocked TPM commands" machine setting should be configured correctly.

CCE-11077-5
The "Prohibit Use of Restart Manager" machine setting should be configured correctly.

CCE-11950-3
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Global.

CCE-10868-8
The "Define interoperable Kerberos V5 realm settings" machine setting should be configured correctly.

CCE-11438-9
The "Critical Battery Notification Level" machine setting should be configured correctly.

CCE-10979-3
Auditing of 'Object Access:��Other Object Access Events' events on failure should be enabled or disabled as appropriate.

CCE-10517-1
The "Turn off Windows Defender" machine setting should be configured correctly.

CCE-11710-1
The "Limit the BITS Peercache size" machine setting should be configured correctly.

CCE-11042-9
Auditing of 'Global Object Access Auditing:��Registry' events on failure should be enabled or disabled as appropriate.

CCE-11393-6
The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) should be configured correctly for packets that do not conform to the flow specification.

CCE-11612-9
The "Run Windows PowerShell scripts first at computer startup, shutdown" machine setting should be configured correctly.

CCE-10713-6
The "Allow user name hint" machine setting should be configured correctly.

CCE-11514-7
The "Allow Automatic Sleep with Open Network Files (Plugged In)" machine setting should be configured correctly.

CCE-11972-7
The "Allow cryptography algorithms compatible with Windows NT 4.0" machine setting should be configured correctly.

CCE-10846-4
The "Hide previous versions list for remote files" machine setting should be configured correctly.

CCE-11099-9
The "Use IP Address Redirection" machine setting should be configured correctly.

CCE-11197-1
Auditing of 'Object Access:��Application Generated' events on failure should be enabled or disabled as appropriate.

CCE-11166-6
The "Apply policy to removable media" machine setting should be configured correctly.

CCE-11919-8
The "Require strict KDC validation" machine setting should be configured correctly.

CCE-10343-2
The "Disable IE security prompt for Windows Installer scripts" machine setting should be configured correctly.

CCE-12192-1
The "Do not allow Windows Media Center to run" machine setting should be configured correctly.

CCE-11527-9
The "Configure Drive Maps preference logging and tracing" machine setting should be configured correctly.

CCE-11068-4
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.

CCE-12139-2
The "Turn Off the Hard Disk (On Battery)" machine setting should be configured correctly.

CCE-10855-5
The "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" machine setting should be configured correctly.

CCE-11407-4
The "Limit the maximum number of BITS jobs for this computer" machine setting should be configured correctly.

CCE-11821-6
The "Force Rediscovery Interval" machine setting should be configured correctly.

CCE-12104-6
The "Limit the maximum BITS job download time" machine setting should be configured correctly.

CCE-11460-3
The "Exclude credential providers" machine setting should be configured correctly.

CCE-11264-9
The "Turn off Automatic Root Certificates Update" machine setting should be configured correctly.

CCE-11362-1
The "Display string when smart card is blocked" machine setting should be configured correctly.

CCE-12170-7
The "Do not allow manual configuration of discovered targets" machine setting should be configured correctly.

CCE-11603-8
The "Do not forcefully unload the users registry at user logoff" machine setting should be configured correctly.

CCE-12215-0
The "Join RD Connection Broker" machine setting should be configured correctly.

CCE-10722-7
The "Use forest search order" machine setting should be configured correctly for Key Distribution Center (KDC) searches.

CCE-11251-6
The "Select the Power Button Action (On Battery)" machine setting should be configured correctly.

CCE-10931-4
The "Primary DNS Suffix Devolution" machine setting should be configured correctly.

CCE-11188-0
The "Allow domain users to log on using biometrics" machine setting should be configured correctly.

CCE-11906-5
The "Allow certificates with no extended key usage certificate attribute" machine setting should be configured correctly.

CCE-11758-0
The "Override print driver execution compatibility setting reported by print driver" machine setting should be configured correctly.

CCE-10624-5
The "Expected dial-up delay on logon" machine setting should be configured correctly.

CCE-10988-4
Auditing of 'Object Access:��Registry' events on failure should be enabled or disabled as appropriate.

CCE-10757-3
The "Specify the Unattended Sleep Timeout (Plugged In)" machine setting should be configured correctly.

CCE-11286-2
The "Prevent launch an application" machine setting should be configured correctly.

CCE-12094-9
The "Allow Delegating Saved Credentials with NTLM-only Server Authentication" machine setting should be configured correctly.

CCE-11153-4
Auditing of 'Global Object Access Auditing:��File System' events on success should be enabled or disabled as appropriate.

CCE-11384-5
The "Set the interval between synchronization retries for Password Synchronization" machine setting should be configured correctly.

CCE-11412-4
The "Prevent backing up to optical media (CD/DVD)" machine setting should be configured correctly.

CCE-11665-7
The "Prevent flicks" machine setting should be configured correctly.

CCE-10383-8
The "Allow non-administrators to receive update notifications" machine setting should be configured correctly.

CCE-11567-5
The "Turn on TPM backup to Active Directory Domain Services" machine setting should be configured correctly.

CCE-11216-9
The "Allow BITS Peercaching" machine setting should be configured correctly.

CCE-11314-2
The "Lock Enhanced Storage when the computer is locked" machine setting should be configured correctly.

CCE-10815-9
The "Set compression algorithm for RDP data" machine setting should be configured correctly.

CCE-12246-5
The "Log directory pruning retry events" machine setting should be configured correctly.

CCE-11763-0
The "Turn off tracking of last play time of games in the Games folder" machine setting should be configured correctly.

CCE-11861-2
The "Configure Report Queue" machine setting should be configured correctly.

CCE-11118-7
The "Prohibit patching" machine setting should be configured correctly.

CCE-11349-8
The "Delete user profiles older than a specified number of days on system restart" machine setting should be configured correctly.

CCE-11434-8
The "Enforce upgrade component rules" machine setting should be configured correctly.

CCE-11643-4
The "For tablet pen input, don���t show the Input Panel icon" machine setting should be configured correctly.

CCE-10717-7
The "Tape Drives: Deny write access" machine setting should be configured correctly.

CCE-11336-5
The "Prevent Windows from sending an error report when a device driver requests additional software during installation" machine setting should be configured correctly.

CCE-11798-6
The "Specify the System Hibernate Timeout (On Battery)" machine setting should be configured correctly.

CCE-10010-7
The 'Interactive logon: Message title for users attempting to log on' setting should be configured correctly.

CCE-11545-1
The "Allow the use of biometrics" machine setting should be configured correctly.

CCE-11469-4
The "Low Battery Notification Action" machine setting should be configured correctly.

CCE-11193-0
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.

CCE-11976-8
The "Extend Point and Print connection to search Windows Update" machine setting should be configured correctly.

CCE-10802-7
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly.

CCE-11621-0
The "Disable Logging" machine setting should be configured correctly.

CCE-11064-3
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.

CCE-10704-5
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.

CCE-11941-2
The "Prevent display of the user interface for critical errors" machine setting should be configured correctly.

CCE-11403-3
The "Use the specified Remote Desktop license servers" machine setting should be configured correctly.

CCE-10508-0
The "Prevent backing up to network location" machine setting should be configured correctly.

CCE-11260-7
The "Set the SMTP Server used to send notifications" machine setting should be configured correctly.

CCE-10374-7
The "Specify maximum amount of memory in MB per Shell" machine setting should be configured correctly.

CCE-11998-2
The "Ignore the default list of blocked TPM commands" machine setting should be configured correctly.

CCE-11305-0
The "Configure MSI Corrupted File Recovery Behavior" machine setting should be configured correctly.

CCE-11184-9
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.

CCE-11852-1
The "Do not allow manual configuration of iSNS servers" machine setting should be configured correctly.

CCE-11086-6
The "Registration Refresh Interval" machine setting should be configured correctly.

CCE-12002-2
The "Configure slow-link mode" machine setting should be configured correctly.

CCE-10837-3
The "Do not log users on with temporary profiles" machine setting should be configured correctly.

CCE-11051-0
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.

CCE-11656-6
The "License server security group" machine setting should be configured correctly.

CCE-11425-6
The "Do not allow compression on all NTFS volumes" machine setting should be configured correctly.

CCE-10485-1
The "Configure Corrupted File Recovery Behavior" machine setting should be configured correctly.

CCE-11282-1
The "Do not display Server Manager automatically at logon" machine setting should be configured correctly.

CCE-10900-9
The 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting should be configured correctly.

CCE-12090-7
The "Restrict these programs from being launched from Help" machine setting should be configured correctly.

CCE-13394-2
The "Wired policy processing" machine setting should be configured correctly.

CCE-10583-3
The "Communities" machine setting should be configured correctly.

CCE-11380-3
The "Restrict user locales" machine setting should be configured correctly.

CCE-11327-4
The "Disallow selection of Custom Locales" machine setting should be configured correctly.

CCE-11558-4
The "Use RD Connection Broker load balancing" machine setting should be configured correctly.

CCE-11540-2
The "Restricts the UI language Windows uses for all logged users" machine setting should be configured correctly.

CCE-11379-5
The "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" machine setting should be configured correctly.

CCE-10119-6
Auditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-10929-8
The "Turn off Tablet PC touch input" machine setting should be configured correctly.

CCE-11081-7
The "Allow only USB root hub connected Enhanced Storage devices" machine setting should be configured correctly.

CCE-11420-7
The "Disallow user override of locale settings" machine setting should be configured correctly.

CCE-10315-0
The "Controlled load service type" link layer (Layer-2) priority value should be configured correctly.

CCE-11499-1
The "Always use custom logon background" machine setting should be configured correctly.

CCE-11224-3
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.

CCE-10400-0
Auditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-11322-5
The "For touch input, don���t show the Input Panel icon" machine setting should be configured correctly.

CCE-12255-6
The "Turn off pen feedback" machine setting should be configured correctly.

CCE-10555-1
The "Select the Sleep Button Action (Plugged In)" machine setting should be configured correctly.

CCE-11211-0
The "Turn on Security Center (Domain PCs only)" machine setting should be configured correctly.

CCE-10907-4
The "Sets how often a DFS Client discovers DC's" machine setting should be configured correctly.

CCE-12046-9
The "Do not delete temp folder upon exit" machine setting should be configured correctly.

CCE-12157-4
The "Turn On Compatibility HTTPS Listener" machine setting should be configured correctly.

CCE-11718-4
The "Define Activation Security Check exemptions" machine setting should be configured correctly.

CCE-10520-5
The "Allow admin to install from Remote Desktop Services session" machine setting should be configured correctly.

CCE-11113-8
Auditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate.

CCE-11344-9
The "Leave Windows Installer and Group Policy Software Installation Data" machine setting should be configured correctly.

CCE-10982-7
The "Allow .rdp files from unknown publishers" machine setting should be configured correctly.

CCE-11015-5
The "Always show desktop on connection" machine setting should be configured correctly.

CCE-11673-1
The "Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager" machine setting should be configured correctly.

CCE-10884-5
Auditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.

CCE-11575-8
The "Configure Default consent" machine setting should be configured correctly.

CCE-10991-8
The "Turn on Software Notifications" machine setting should be configured correctly.

CCE-11433-0
The "Approved Installation Sites for ActiveX Controls" machine setting should be configured correctly.

CCE-11829-9
The "Choose drive encryption method and cipher strength" machine setting should be configured correctly.

CCE-10893-6
The "Set the Remote Desktop licensing mode" machine setting should be configured correctly.

CCE-11237-5
The "Background upload of a roaming user profile's registry file while user is logged on" machine setting should be configured correctly.

CCE-12131-9
The "Require strict target SPN match on remote procedure calls" machine setting should be configured correctly.

CCE-11945-3
The "Specify idle Timeout" machine setting should be configured correctly.

CCE-11588-1
The "Turn off numerical sorting in Windows Explorer" machine setting should be configured correctly.

CCE-11468-6
The "Prohibit non-administrators from applying vendor signed updates" machine setting should be configured correctly.

CCE-11094-0
The "Disable logging via package settings" machine setting should be configured correctly.

CCE-11192-2
The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.

CCE-10675-7
The "Allow installation of devices that match any of these device IDs" machine setting should be configured correctly.

CCE-12011-3
The "Prohibit installing or uninstalling color profiles" machine setting should be configured correctly.

CCE-10773-0
The "Do not automatically start Windows Messenger initially" machine setting should be configured correctly.

CCE-11784-6
The "Allow restore of system to default state" machine setting should be configured correctly.

CCE-11104-7
The "Allow printers to be published" machine setting should be configured correctly.

CCE-11455-3
The "Allow ECC certificates to be used for logon and authentication" machine setting should be configured correctly.

CCE-11006-4
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.

CCE-11664-0
The "Do not allow font smoothing" machine setting should be configured correctly.

CCE-10662-5
The "Select the Power Button Action (Plugged In)" machine setting should be configured correctly.

CCE-10818-3
Auditing of 'Global Object Access Auditing:��File System' events on failure should be enabled or disabled as appropriate.

CCE-12910-6
The "Configure Environment preference logging and tracing" machine setting should be configured correctly.

CCE-11300-1
The "Route all traffic through the internal network" machine setting should be configured correctly.

CCE-11531-1
The "Do not allow printing to Journal Note Writer" machine setting should be configured correctly.

CCE-11807-5
The "Turn off game updates" machine setting should be configured correctly.

CCE-11932-1
The "Specify the System Hibernate Timeout (Plugged In)" machine setting should be configured correctly.

CCE-10697-1
The "Turn off Internet File Association service" machine setting should be configured correctly.

CCE-12166-5
The "Disk Diagnostic: Configure custom alert text" machine setting should be configured correctly.

CCE-11762-2
The "All Removable Storage classes: Deny all access" machine setting should be configured correctly.

CCE-10951-2
The "Prioritize all digitally signed drivers equally during the driver ranking and selection process" machine setting should be configured correctly.

CCE-11122-9
The "Prompt user when a slow network connection is detected" machine setting should be configured correctly.

CCE-12273-9
The "Set the map update interval for NIS subordinate servers" machine setting should be configured correctly.

CCE-11834-9
The "DNS Suffix Search List" machine setting should be configured correctly.

CCE-11277-1
The "Do not allow connections without IPSec" machine setting should be configured correctly.

CCE-11473-6
The "Limit audio playback quality" machine setting should be configured correctly.

CCE-10600-5
The "Do not allow COM port redirection" machine setting should be configured correctly.

CCE-12020-4
The "Display a custom message when installation is prevented by a policy setting" machine setting should be configured correctly.

CCE-11179-9
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

CCE-11638-4
The "Configure Microsoft SpyNet Reporting" machine setting should be configured correctly.

CCE-11593-1
The "Enforce disk quota limit" machine setting should be configured correctly.

CCE-10213-7
Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.

CCE-11397-7
The "Turn Off Hybrid Sleep (Plugged In)" machine setting should be configured correctly.

CCE-12754-8
The "Registry policy processing" machine setting should be configured correctly.

CCE-12042-8
The "Allow desktop composition for remote desktop sessions" machine setting should be configured correctly.

CCE-11812-5
The "Turn off Help and Support Center "Did you know?" content" machine setting should be configured correctly.

CCE-10831-6
The "Traps for public community" machine setting should be configured correctly.

CCE-12251-5
The "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" machine setting should be configured correctly.

CCE-11144-3
The "Configure Network Options preference logging and tracing" machine setting should be configured correctly.

CCE-11847-1
The "CD and DVD: Deny read access" machine setting should be configured correctly.

CCE-10755-7
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

CCE-11616-0
The "Turn off password security in Input Panel" machine setting should be configured correctly.

CCE-11242-5
The "Configuration of wireless settings using Windows Connect Now" machine setting should be configured correctly.

CCE-11518-8
The "Notify blocked drivers" machine setting should be configured correctly.

CCE-11584-0
The "Do not send additional data" machine setting should be configured correctly.

CCE-10995-9
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

CCE-12064-2
The "Turn off hardware buttons" machine setting should be configured correctly.

CCE-11486-8
The "Do not allow sessions without one way CHAP" machine setting should be configured correctly.

CCE-11331-6
The "Use localized subfolder names when redirecting Start Menu and My Documents" machine setting should be configured correctly.

CCE-11366-2
The "Set Remote Desktop Services User Home Directory" machine setting should be configured correctly.

CCE-11090-8
The "Prevent Media Sharing" machine setting should be configured correctly.

CCE-13026-0
The "Configure Network Shares preference logging and tracing" machine setting should be configured correctly.

CCE-10546-0
The "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" machine setting should be configured correctly.

CCE-11464-5
The "Limit maximum color depth" machine setting should be configured correctly.

CCE-12099-8
The "Teredo Client Port" machine setting should be configured correctly.

CCE-10679-9
The "Log Access" machine setting should be configured correctly for the setup log.

CCE-11727-5
The "Turn Off user-installed desktop gadgets" machine setting should be configured correctly.

CCE-11037-9
The "Update Security Level" machine setting should be configured correctly.

CCE-10511-4
The "Configure Background Sync" machine setting should be configured correctly.

CCE-10973-6
The "Final DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly.

CCE-12086-5
The "Sites Covered by the DC Locator DNS SRV Records" machine setting should be configured correctly.

CCE-11451-2
The "Turn Off Adaptive Display Timeout (On Battery)" machine setting should be configured correctly.

CCE-11002-3
The "Turn off Application Telemetry" machine setting should be configured correctly.

CCE-12295-2
The "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM service.

CCE-11255-7
The "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" machine setting should be configured correctly.

CCE-11353-0
The "Do not allow the computer to act as a BITS Peercaching client" machine setting should be configured correctly.

CCE-11157-5
The "Primary DNS Suffix Devolution Level" machine setting should be configured correctly.

CCE-10568-4
The "Enable NTFS pagefile encryption" machine setting should be configured correctly.

CCE-14153-1
The "Security policy processing" machine setting should be configured correctly.

CCE-12260-6
The "Report when logon server was not available during user logon" machine setting should be configured correctly.

CCE-11705-1
The "Disable binding directly to IPropertySetStorage without intermediate layers." machine setting should be configured correctly.

CCE-11646-7
The "Configure root certificate clean up" machine setting should be configured correctly.

CCE-11250-8
The "Allow Integrated Unblock screen to be displayed at the time of logon" machine setting should be configured correctly.

CCE-11187-2
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

CCE-10627-8
The "Turn off AutoComplete integration with Input Panel" machine setting should be configured correctly.

CCE-11962-8
The "Configure Report Archive" machine setting should be configured correctly.

CCE-11383-7
The "Printer browsing" machine setting should be configured correctly.

CCE-11054-4
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Standby/Resume Performance Diagnostics.

CCE-10529-6
The 'Windows Firewall: Public: Apply local connection security rules' setting should be configured correctly.

CCE-11428-0
The "Allow signed updates from an intranet Microsoft update service location" machine setting should be configured correctly.

CCE-11611-1
The "Diagnostics: Configure scenario retention" machine setting should be configured correctly.

CCE-11285-4
The "Do not allow changes to initiator iqn name" machine setting should be configured correctly.

CCE-12051-9
The "Configure Local Users and Groups preference logging and tracing" machine setting should be configured correctly.

CCE-11152-6
The "Events.asp program command line parameters" machine setting should be configured correctly.

CCE-10484-4
The "Turn on Mapper I/O (LLTDIO) driver" machine setting should be configured correctly.

CCE-11415-7
The "Specify Windows Service Pack installation file location" machine setting should be configured correctly.

CCE-11219-3
The "Log Access" machine setting should be configured correctly for the application log.

CCE-11370-4
The "Custom Classes: Deny read access" machine setting should be configured correctly.

CCE-14616-7
The "Wireless policy processing" machine setting should be configured correctly.

CCE-12073-3
The "Disk Quota policy processing" machine setting should be configured correctly.

CCE-11076-7
The "SSL Cipher Suite Order" machine setting should be configured correctly.

CCE-10823-3
The "Turn off automatic termination of applications that block or cancel shutdown" machine setting should be configured correctly.

CCE-12007-1
The "6to4 Relay Name" machine setting should be configured correctly.

CCE-10832-4
The "IP-HTTPS State" machine setting should be configured correctly.

CCE-10320-0
The "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" machine setting should be configured correctly.

CCE-11298-7
The "Prevent Automatic Updates" machine setting should be configured correctly.

CCE-10222-8
Auditing of 'Audit account management' events on success should be enabled or disabled as appropriate.

CCE-11757-2
The "Turn off Program Compatibility Assistant" machine setting should be configured correctly.

CCE-12180-6
The "Log File Path" machine setting should be configured correctly for the setup log.

CCE-10987-6
The "Select the network adapter to be used for Remote Desktop IP Virtualization" machine setting should be configured correctly.

CCE-10712-8
The "ISATAP Router Name" machine setting should be configured correctly.

CCE-10355-6
The "Do not show the "local access only" network icon" machine setting should be configured correctly.

CCE-12127-7
The "Microsoft Support Diagnostic Tool: Configure execution level" machine setting should be configured correctly.

CCE-11241-7
The "Diagnostics: Configure scenario execution level" machine setting should be configured correctly.

CCE-11971-9
The "Configure Reliability WMI Providers" machine setting should be configured correctly.

CCE-11419-9
The "Turn off automatic wake" machine setting should be configured correctly.

CCE-12029-5
The "Removable Disks: Deny read access" machine setting should be configured correctly.

CCE-12082-4
The "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" machine setting should be configured correctly.

CCE-10601-3
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.

CCE-10965-2
The "Enable user to patch elevated products" machine setting should be configured correctly.

CCE-10333-3
The "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Link Local.

CCE-11263-1
The "Turn on session logging" machine setting should be configured correctly.

CCE-11494-2
The Remote Desktop Connection Client "Configure server authentication for client" machine setting should be configured correctly.

CCE-11032-0
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.

CCE-11690-5
The "Log Access" machine setting should be configured correctly for the security log.

CCE-11539-4
The "Allow Corporate redirection of Customer Experience Improvement uploads" machine setting should be configured correctly.

CCE-11308-4
The "Re-prompt for restart with scheduled installations" machine setting should be configured correctly.

CCE-12994-0
The "Startup policy processing wait time" machine setting should be configured correctly.

CCE-12105-3
The "TTL Set in the DC Locator DNS Records" machine setting should be configured correctly.

CCE-11797-8
The "Disallow optical media as backup target" machine setting should be configured correctly.

CCE-11544-4
The "Turn off Help and Support Center Microsoft Knowledge Base search" machine setting should be configured correctly.

CCE-11966-9
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows System Responsiveness Diagnostics.

CCE-11183-1
The "Turn on bandwidth optimization" machine setting should be configured correctly.

CCE-12269-7
The "Switch to the Simplified Chinese (PRC) gestures" machine setting should be configured correctly.

CCE-11424-9
The "Turn off SwitchBack Compatibility Engine" machine setting should be configured correctly.

CCE-11281-3
The "Deny Delegating Fresh Credentials" machine setting should be configured correctly.

CCE-11699-6
The "Add Printer wizard - Network scan page (Managed network)" machine setting should be configured correctly.

CCE-12585-6
The "Remove users ability to invoke machine policy refresh" machine setting should be configured correctly.

CCE-10707-8
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.

CCE-11228-4
The "Allow audio recording redirection" machine setting should be configured correctly.

CCE-10947-0
The "Allow or Disallow use of the Offline Files feature" machine setting should be configured correctly.

CCE-11873-7
The "Enable Windows NTP Server" machine setting should be configured correctly.

CCE-10240-0
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.

CCE-11620-2
The "Make Parental Controls control panel visible on a Domain" machine setting should be configured correctly.

CCE-11411-6
The "Floppy Drives: Deny read access" machine setting should be configured correctly.

CCE-11988-3
The "Location of the DCs hosting a domain with single label DNS name" machine setting should be configured correctly.

CCE-12345-5
The "Tape Drives: Deny execute access" machine setting should be configured correctly.

CCE-11313-4
The "Optimize visual experience for Remote Desktop Services sessions" machine setting should be configured correctly.

CCE-11522-0
The "Configure Internet Settings preference logging and tracing" machine setting should be configured correctly.

CCE-12016-2
The "Restrict Remote Desktop Services users to a single Remote Desktop Services session" machine setting should be configured correctly.

CCE-11072-6
The "Priority Set in the DC Locator DNS SRV Records" machine setting should be configured correctly.

CCE-13373-6
The "Turn off Local Group Policy objects processing" machine setting should be configured correctly.

CCE-10827-4
The "Start a program on connection" machine setting should be configured correctly.

CCE-9932-5
Auditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.

CCE-10057-8
The 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' setting should be configured correctly.

CCE-11437-1
The "Run startup scripts asynchronously" machine setting should be configured correctly.

CCE-11041-1
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.

CCE-10934-8
The "Wait for remote user profile" machine setting should be configured correctly.

CCE-11339-9
The "Specify Shell Timeout" machine setting should be configured correctly.

CCE-10716-9
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.

CCE-12003-0
The "Set time limit for logoff of RemoteApp sessions" machine setting should be configured correctly.

CCE-11500-6
The "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly.

CCE-11392-8
The "Prevent license upgrade" machine setting should be configured correctly.

CCE-10836-5
The "Turn off Routinely Taking Action" machine setting should be configured correctly.

CCE-11098-1
The "Do not allow Digital Locker to run" machine setting should be configured correctly.

CCE-12038-6
The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Fault Tolerant Heap .

CCE-12123-6
The "Turn off automatic learning" machine setting should be configured correctly.

CCE-12354-7
The "Turn off the ability to back up data files" machine setting should be configured correctly.

CCE-10440-6
The "Allow Delegating Saved Credentials" machine setting should be configured correctly.

CCE-10801-9
The "Turn off desktop gadgets" machine setting should be configured correctly.

CCE-11063-5
The "Register PTR Records" machine setting should be configured correctly.

CCE-10703-7
The "Initial DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly.

CCE-11731-7
The "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" machine setting should be configured correctly.

CCE-10912-4
The 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly.

CCE-11161-7
The "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" machine setting should be configured correctly.

CCE-12661-5
The "Scripts policy processing" machine setting should be configured correctly.

CCE-11864-6
The "Limit reservable bandwidth" machine setting should be configured correctly.

CCE-10738-3
Auditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.

CCE-11402-5
The "ForwarderResourceUsage" machine setting should be configured correctly.

CCE-10693-0
The "Turn off Event Viewer "Events.asp" links" machine setting should be configured correctly.

CCE-12332-3
The "Disable or enable software Secure Attention Sequence" machine setting should be configured correctly.

CCE-11997-4
The "Remove "Disconnect" option from Shut Down dialog" machine setting should be configured correctly.

CCE-10791-2
The "Require a PIN to access data on devices running Microsoft firmware" machine setting should be configured correctly.

CCE-11304-3
The "Turn on Responder (RSPNDR) driver" machine setting should be configured correctly.

CCE-10906-6
The "Enable user control over installs" machine setting should be configured correctly.

CCE-11258-1
The "Provide the unique identifiers for your organization" machine setting should be configured correctly.

CCE-10772-2
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.

CCE-11138-5
The "Backup log automatically when full" machine setting should be configured correctly for the setup log.

CCE-11615-2
The "Deny write access to fixed drives not protected by BitLocker" machine setting should be configured correctly.

CCE-10612-0
The "Allow enhanced PINs for startup" machine setting should be configured correctly.

CCE-10732-6
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-11049-4
The 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly.

CCE-11245-8
The "Do not process the legacy run list" machine setting should be configured correctly.

CCE-11837-2
The "Allow Standby States (S1-S3) When Sleeping (On Battery)" machine setting should be configured correctly.

CCE-11890-1
The "Backup log automatically when full" machine setting should be configured correctly for the application log.

CCE-18889-6
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-11405-8
The "Validate smart card certificate usage rule compliance" machine setting should be configured correctly.

CCE-12204-4
The "Backup log automatically when full" machine setting should be configured correctly for the system log.

CCE-11360-5
The "Turn off printing over HTTP" machine setting should be configured correctly.

CCE-10123-8
Windows Firewall should allow or block outbound connections by default as appropriate for the Private Profile.

CCE-11636-8
The "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" machine setting should be configured correctly.

CCE-11142-7
The "Deny write access to removable drives not protected by BitLocker" machine setting should be configured correctly.

CCE-18983-7
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-10839-9
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

CCE-18949-8
The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-18927-4
The 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-18664-3
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-10357-2
The "Turn off Windows Update device driver searching" machine setting should be configured correctly.

CCE-11035-3
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.

CCE-11377-9
The "Control use of BitLocker on removable drives" machine setting should be configured correctly.

CCE-11973-5
The "Choose how BitLocker-protected removable drives can be recovered" machine setting should be configured correctly.

CCE-10812-6
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.

CCE-10113-9
Windows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile.

CCE-10647-6
The "Turn Off the Display (On Battery)" machine setting should be configured correctly.

CCE-10821-7
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

CCE-11239-1
The "Configure use of smart cards on fixed data drives" machine setting should be configured correctly.

CCE-10705-2
The 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly.

CCE-11400-9
The "Backup log automatically when full" machine setting should be configured correctly for the security log.

CCE-11563-4
The "Turn off downloading of print drivers over HTTP" machine setting should be configured correctly.

CCE-11136-9
The "Turn off Internet download for Web publishing and online ordering wizards" machine setting should be configured correctly.

CCE-11367-0
The "Turn off location" machine setting should be configured correctly.

CCE-11933-9
The "Require additional authentication at startup" machine setting should be configured correctly.

CCE-11928-9
The "Prevent memory overwrite on restart" machine setting should be configured correctly.

CCE-11273-0
The "Choose how BitLocker-protected fixed drives can be recovered" machine setting should be configured correctly.

CCE-10944-7
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

CCE-12237-4
The "Configure use of passwords for fixed data drives" machine setting should be configured correctly.

CCE-10481-0
Windows Firewall should allow or block outbound connections by default as appropriate for the Public Profile.

CCE-10619-5
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.

CCE-11148-4
Auditing of 'Object Access:��Filtering Platform Packet Drop' events on failure should be enabled or disabled as appropriate.

CCE-10422-4
The "Configure use of passwords for removable data drives" machine setting should be configured correctly.

CCE-10381-2
The 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.

CCE-11375-3
The "Turn off Autoplay for non-volume devices" machine setting should be configured correctly.

CCE-11714-3
The "Allow Standby States (S1-S3) When Sleeping (Plugged In)" machine setting should be configured correctly.

CCE-10986-8
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.

CCE-11011-4
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

CCE-10888-6
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

CCE-12282-0
The "Turn Off the Display (Plugged In)" machine setting should be configured correctly.

CCE-11100-5
Auditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate.

CCE-9972-1
The 'Access Credential Manager as a trusted caller' user right should be assigned to the appropriate accounts.

CCE-11317-5
The "Turn off Data Execution Prevention for HTML Help Executible" machine setting should be configured correctly.

CCE-12060-0
The "Choose how BitLocker-protected operating system drives can be recovered" machine setting should be configured correctly.

CCE-11010-6
The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly.

CCE-12336-4
The "Configure use of smart cards on removable data drives" machine setting should be configured correctly.

CCE-18973-8
The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-11103-9
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-11717-6
The "Maximum Log Size (KB)" machine setting should be configured correctly for the setup log.

CCE-10798-7
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

CCE-10229-3
The 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly.

CCE-11587-3
The "Turn off the "Publish to Web" task for files and folders" machine setting should be configured correctly.

CCE-10817-5
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

CCE-10109-7
The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.

CCE-10750-8
The 'Deny log on locally' user right should be assigned to the appropriate accounts.

CCE-10541-1
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

CCE-10514-8
Auditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.

CCE-11450-4
The "Enumerate administrator accounts on elevation" machine setting should be configured correctly.

CCE-11001-5
Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.

CCE-10830-8
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

CCE-11992-5
The "Do not process the run once list" machine setting should be configured correctly.

CCE-9992-9
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

CCE-10789-6
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

CCE-11023-9
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

CCE-10491-9
Auditing of 'Object Access:��SAM' events on success should be enabled or disabled as appropriate.

CCE-10865-4
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

CCE-10203-8
Auditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.

CCE-10741-7
Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.

CCE-10643-5
The 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.

CCE-11036-1
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

CCE-10171-7
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

CCE-10216-0
Auditing of 'Object Access:��Certification Services' events on success should be enabled or disabled as appropriate.

CCE-10800-1
Auditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.

CCE-10857-1
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

CCE-10737-5
Auditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.

CCE-10790-4
Auditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10158-4
The 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly.

CCE-10746-6
Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.

CCE-11120-3
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.

CCE-11079-1
Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.

CCE-11867-9
The "Allow users to connect remotely using Remote Desktop Services" machine setting should be configured correctly.

CCE-10768-0
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

CCE-10879-5
Auditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.

CCE-11107-0
Auditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate.

CCE-10804-3
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-10706-0
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.

CCE-11160-9
Auditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10794-6
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

CCE-10372-1
The 'Minimum password length' setting should be configured correctly.

CCE-10902-5
Auditing of 'Object Access:��Handle Manipulation' events on success should be enabled or disabled as appropriate.

CCE-10487-7
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

CCE-11173-2
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-12159-0
The "Do not allow local administrators to customize permissions" machine setting should be configured correctly.

CCE-10715-1
The "RPC Endpoint Mapper Client Authentication" machine setting should be configured correctly.

CCE-11431-4
The "Default behavior for AutoRun" machine setting should be configured correctly.

CCE-10775-5
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

CCE-11368-8
The "Require secure RPC communication" machine setting should be configured correctly.

CCE-10860-5
Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.

CCE-10677-3
Auditing of 'Object Access:��Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate.

CCE-11453-8
The "No auto-restart with logged on users for scheduled automatic updates installations" machine setting should be configured correctly.

CCE-10918-1
The "Retain old events" machine setting should be configured correctly for the application log.

CCE-11102-1
Auditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.

CCE-10206-1
Auditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-10196-4
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.

CCE-12266-3
The "Disallow Digest authentication" machine setting should be configured correctly.

CCE-10588-2
The 'Network security: Force logoff when logon hours expire' setting should be configured correctly.

CCE-10370-5
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

CCE-10807-6
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

CCE-10905-8
The 'Store passwords using reversible encryption' setting should be configured correctly.

CCE-11248-2
The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly.

CCE-10997-5
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

CCE-10224-4
Auditing of 'Object Access:��Registry' events on success should be enabled or disabled as appropriate.

CCE-10668-2
Auditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.

CCE-12088-1
The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly.

CCE-10192-3
Auditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate.

CCE-10940-5
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

CCE-10788-8
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

CCE-10019-8
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-10557-7
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

CCE-10984-3
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

CCE-11111-2
Auditing of 'Object Access:��Application Generated' events on success should be enabled or disabled as appropriate.

CCE-10220-2
Auditing of 'Object Access:��Kernel Object' events on success should be enabled or disabled as appropriate.

CCE-10834-0
Auditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.

CCE-10518-9
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

CCE-12401-6
The "Always install with elevated privileges" machine setting should be configured correctly.

CCE-10593-2
Auditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.

CCE-10691-4
The "Prevent the computer from joining a homegroup" machine setting should be configured correctly.

CCE-10869-6
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.

CCE-10976-9
The built-in Administrator account should be correctly named.

CCE-10878-7
The 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.

CCE-11056-9
Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.

CCE-10843-1
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

CCE-10482-8
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-10941-3
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

CCE-18944-9
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

CCE-11021-3
Auditing of 'Object Access:��File Share' events on success should be enabled or disabled as appropriate.

CCE-10745-8
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

CCE-10838-1
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

CCE-10901-7
The 'Password must meet complexity requirements' policy should be set correctly.

CCE-10673-2
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.

CCE-10188-1
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

CCE-10131-1
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

CCE-10562-7
The 'Maximum password age' setting should be configured correctly.

CCE-10309-3
The "Retain old events" machine setting should be configured correctly for the setup log.

CCE-10780-5
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

CCE-10362-2
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

CCE-10847-2
Auditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.

CCE-10299-6
The "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" machine setting should be configured correctly.

CCE-10825-8
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

CCE-10970-2
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

CCE-10338-2
The "Require user authentication for remote connections by using Network Level Authentication" machine setting should be configured correctly.

CCE-10009-9
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

CCE-10391-1
Auditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.

CCE-11332-4
The "Configure minimum PIN length for startup" machine setting should be configured correctly.

CCE-11465-2
The "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" machine setting should be configured correctly.

CCE-11038-7
Auditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.

CCE-10445-5
Auditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.

CCE-10761-5
Auditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.

CCE-11007-2
Auditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate.

CCE-10663-3
The "Retain old events" machine setting should be configured correctly for the security log.

CCE-10881-1
The "Restrictions for Unauthenticated RPC clients" machine setting should be configured correctly.

CCE-10926-4
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

CCE-10530-4
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10992-6
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

CCE-18808-6
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

CCE-11029-6
Auditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.

CCE-10974-4
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

CCE-11506-3
The "Set time limit for active but idle Remote Desktop Services sessions" machine setting should be configured correctly.

CCE-10201-2
Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.

CCE-11341-5
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" machine setting should be configured correctly.

CCE-10018-0
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

CCE-11034-6
Auditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate.

CCE-11003-1
Auditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.

CCE-10983-5
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

CCE-10534-6
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

CCE-11025-4
Auditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.

CCE-10961-1
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.

CCE-11295-3
The "Require use of specific security layer for remote (RDP) connections" machine setting should be configured correctly.

CCE-10419-0
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

CCE-10570-0
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

CCE-10112-1
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

CCE-11625-1
The "Offer Remote Assistance" machine setting should be configured correctly.

CCE-11723-4
The "Solicited Remote Assistance" machine setting should be configured correctly.

CCE-11033-8
The "Maximum Log Size (KB)" machine setting should be configured correctly for the secirity log.

CCE-10637-7
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

CCE-11131-0
The "Allow Basic authentication" machine setting should be configured correctly for the WinRM service.

CCE-10526-2
Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.

CCE-10027-1
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

CCE-11055-1
The "Retain old events" machine setting should be configured correctly for the system log.

CCE-9999-4
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

CCE-10948-8
Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.

CCE-10285-5
Auditing of 'Object Access:��Filtering Platform Connection' events on success should be enabled or disabled as appropriate.

CCE-10454-7
The "Allow Basic authentication" machine setting should be configured correctly for the WinRM client.

CCE-11954-5
The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM client.

CCE-10263-2
Auditing of 'Object Access:��File System' events on success should be enabled or disabled as appropriate.

CCE-10596-5
The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.

CCE-10859-7
The 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly.

CCE-10045-3
The 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly.

CCE-10922-3
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

CCE-10726-8
The 'Manage auditing and security log' user right should be assigned to the appropriate accounts.

CCE-11028-8
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

CCE-10631-0
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.

CCE-11958-6
The "Turn off the Windows Messenger Customer Experience Improvement Program" machine setting should be configured correctly.

CCE-11923-0
The "Reschedule Automatic Updates scheduled installations" machine setting should be configured correctly.

CCE-10751-6
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

CCE-10653-4
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

CCE-10640-1
The 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly.

CCE-11290-4
The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM service.

CCE-10087-5
The 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly.

CCE-11651-7
The "Require a Password When a Computer Wakes (Plugged In)" machine setting should be configured correctly.

CCE-10903-3
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

CCE-10760-7
The 'Minimum password age' setting should be configured correctly.

CCE-10871-2
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

CCE-11860-4
The "Allow Remote Shell Access" machine setting should be configured correctly.

CCE-11709-3
The "Do not allow drive redirection" machine setting should be configured correctly.

CCE-11905-7
The "Do not allow passwords to be saved" machine setting should be configured correctly.

CCE-10733-4
The 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.

CCE-11046-0
The 'Account lockout threshold' setting should be configured correctly.

CCE-11299-5
The "Always prompt for password upon connection" machine setting should be configured correctly.

CCE-10742-5
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

CCE-10809-2
The "Enforce password history" setting should be configured correctly.

CCE-10875-3
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.

CCE-10292-1
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

CCE-11059-3
The 'Reset account lockout counter after' setting should be configured correctly.

CCE-10390-3
Auditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.

CCE-10978-5
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

CCE-10680-7
Auditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.

CCE-10399-4
The 'Account lockout duration' setting should be configured correctly.

CCE-10921-5
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

CCE-11174-0
The "Maximum Log Size (KB)" machine setting should be configured correctly for the system log.

CCE-11143-5
The "Maximum Log Size (KB)" machine setting should be configured correctly for the application log.

CCE-10930-6
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly.

CCE-10889-4
The "Turn off Search Companion content file updates" machine setting should be configured correctly.

CCE-10614-6
The 'Network security: LDAP client signing requirements' setting should be configured correctly.

CCE-11833-1
The "Server Authentication Certificate Template" machine setting should be configured correctly.

CCE-10810-0
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

CCE-10684-9
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

CCE-10209-5
Auditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.

CCE-10297-0
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

CCE-11050-2
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile.

CCE-11326-6
The "Set time limit for active Remote Desktop Services sessions" machine setting should be configured correctly.

CCE-11677-2
The "Set client connection encryption level" machine setting should be configured correctly.

CCE-11117-9
The "Set time limit for disconnected sessions" machine setting should be configured correctly.

CCE-11170-8
Auditing of 'Object Access:��Other Object Access Events' events on success should be enabled or disabled as appropriate.

CCE-11019-7
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.

CCE-10573-4
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

CCE-9989-5
The 'Accounts: Guest account status' setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_server_2008:r2
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2
OVAL    1079
oval:org.secpod.oval:def:8843
oval:org.secpod.oval:def:19405
oval:org.secpod.oval:def:19406
oval:org.secpod.oval:def:19407
...

© 2013 SecPod Technologies