[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CCE-2944-7
The "increase scheduling priority" user right should be assigned to the correct accounts.

CCE-2737-5
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

CCE-2387-9
The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned.

CCE-3130-2
The correct service permissions for the Terminal Services service should be assigned.

CCE-2692-2
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-2800-1
The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned.

CCE-8445-9
Access to registry editing tools should be set correctly.

CCE-2726-8
The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned.

CCE-2352-3
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned.

CCE-2955-3
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-1937-2
The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned.

CCE-2857-1
The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned.

CCE-2968-6
The "Allow Server Operators to Schedule Tasks" policy should be set correctly.

CCE-2759-9
Auditing of "policy change" events on failure should be enabled or disabled as appropriate..

CCE-1815-0
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log should be assigned.

CCE-4270-5
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-1924-0
The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned.

CCE-2824-1
ICMP Redirects should be properly configured.

CCE-2702-9
The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned.

CCE-2374-7
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-2147-7
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-2178-2
The required permissions for the file %SystemRoot%\System32\net.exe should be assigned.

CCE-2739-1
The required permissions for the directory %SystemRoot%\security should be assigned.

CCE-2802-7
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-2792-0
The "deny logon as a service" user right should be assigned to the correct accounts.

CCE-2957-9
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-2728-4
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned.

CCE-2911-6
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned.

CCE-2859-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned.

CCE-2167-5
The "act as part of the operating system" user right should be assigned to the correct accounts.

CCE-2683-1
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-2813-4
The required permissions for the directory %SystemRoot%\System32\ias should be assigned.

CCE-3150-0
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-2935-5
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-2704-5
The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned.

CCE-3108-8
The correct service permissions for the Telnet service should be assigned.

CCE-2145-1
The required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned.

CCE-2561-9
The required permissions for the directory %AllUsersProfile%\DRM should be assigned.

CCE-3161-7
The "Password protect the screen saver" setting should be configured correctly for the default user.

CCE-3036-1
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-2948-8
The "log on as a service" user right should be assigned to the correct accounts.

CCE-2598-1
The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned.

CCE-2902-5
Auditing of "account management" events on success should be enabled or disabled as appropriate..

CCE-2804-3
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-2696-3
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned.

CCE-1846-5
The required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned.

CCE-5059-1
Notify antivirus programs when opening attachments should be set correcly.

CCE-2815-9
The correct service permissions for the ClipBook service should be assigned.

CCE-2926-4
The "LAN Manager Authentication Level" policy should be set correctly.

CCE-2881-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned.

CCE-3156-7
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-1966-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned.

CCE-2619-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned.

CCE-3110-4
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-2672-4
The required permissions for the file %SystemRoot%\System32\net1.exe should be assigned.

CCE-3058-5
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-2706-0
The required permissions for the directory %ProgramFiles% should be assigned.

CCE-2563-5
The correct service permissions for the IIS Admin service should be assigned.

CCE-2105-5
The required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned.

CCE-2990-0
The correct service permissions for the Remote Desktop Help Session Manager service should be assigned.

CCE-1833-3
The required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned.

CCE-3132-8
IP Source Routing should be properly configured.

CCE-2750-8
The required permissions for the file %SystemDrive%\System Volume Information should be assigned.

CCE-2806-8
The "bypass traverse checking" user right should be assigned to the correct accounts.

CCE-2234-3
The required permissions for the file %SystemDrive%\NTLDR should be assigned.

CCE-2652-6
IRDP should be properly configured.

CCE-2312-7
The required permissions for the file %SystemRoot%\System32\attrib.exe should be assigned.

CCE-3010-6
The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.

CCE-2674-0
The required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned.

CCE-3021-3
The correct service permissions for the Remote Registry service should be assigned.

CCE-2247-5
The "manage auditing and security log" user right should be assigned to the correct accounts.

CCE-2334-1
The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned.

CCE-2565-0
The required permissions for the file %SystemDrive%\Documents and Settings should be assigned.

CCE-2894-4
The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned.

CCE-2172-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned.

CCE-2982-7
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts.

CCE-2775-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned.

CCE-2119-6
The correct service permissions for the NetMeeting service should be assigned.

CCE-1842-4
The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned.

CCE-2206-1
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate..

CCE-2993-4
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-2568-4
The correct service permissions for the Computer Browser service should be assigned.

CCE-2620-3
The required permissions for the directory %AllUsersProfile%\Application Data should be assigned.

CCE-2446-3
The "load and unload device drivers" user right should be assigned to the correct accounts.

CCE-2699-7
The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned.

CCE-2797-9
The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned.

CCE-2907-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned.

CCE-2555-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned.

CCE-2809-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned.

CCE-2960-3
The "perform volume maintenance tasks" user right should be assigned to the correct accounts.

CCE-1909-1
The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned.

CCE-3027-0
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-2185-7
The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned.

CCE-2740-9
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned.

CCE-2918-1
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..

CCE-2786-2
The "create a pagefile" user right should be assigned to the correct accounts.

CCE-2313-5
The "Prevent System Maintenance of Computer Account Password" policy should be set correctly.

CCE-2052-9
The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned.

CCE-2873-8
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-2688-0
The "Digitally Sign Server Communication (When Possible)" policy should be set correctly.

CCE-2886-0
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

CCE-2524-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned.

CCE-2731-8
The required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned.

CCE-2392-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned.

CCE-2766-4
Auditing of "object access" events on failure should be enabled or disabled as appropriate..

CCE-1973-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned.

CCE-4952-8
The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned.

CCE-3049-4
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-2239-2
MSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted

CCE-2799-5
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-2753-2
The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned.

CCE-2085-9
The required permissions for the directory %SystemDrive% should be assigned.

CCE-1960-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned.

CCE-2864-7
The "debug programs" user right should be assigned to the correct accounts.

CCE-3025-4
The built-in Guest account should be correctly named.

CCE-2788-8
The required permissions for the file %SystemRoot%\System32\subst.exe should be assigned.

CCE-3123-7
The "Refuse machine account password change" policy should be set correctly.

CCE-2973-6
The behavior surrounding Anonymous SID/Name translation should be correct.

CCE-2546-0
The required permissions for the file %SystemRoot%\System32\route.exe should be assigned.

CCE-2050-3
If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2428-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned.

CCE-2176-6
The required permissions for the file %SystemRoot%\System32\sc.exe should be assigned.

CCE-3051-0
The correct service permissions for the WWW Publishing service should be assigned.

CCE-2590-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned.

CCE-2021-4
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

CCE-2842-3
The "Default owner for objects created by members of the Administrators group" policy should be set correctly.

CCE-2537-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned.

CCE-2951-2
The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned.

CCE-3107-0
The "Create global objects" user right should be assigned to the correct accounts.

CCE-2768-0
The required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned.

CCE-3009-8
The "Allow undock without having to logon" policy should be set correctly.

CCE-2899-3
The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned.

CCE-3118-7
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-2502-3
The correct service permissions for the Net Logon service should be assigned.

CCE-2657-5
The "modify firmware environment values" user right should be assigned to the correct accounts.

CCE-2287-1
The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned.

CCE-2844-9
The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned.

CCE-2483-6
The required permissions for the directory %ALL% should be assigned.

CCE-2076-8
The correct service permissions for the Alerter service should be assigned.

CCE-2396-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned.

CCE-1916-6
The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned.

CCE-2855-5
The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned.

CCE-2626-0
The correct service permissions for the Automatic Updates service should be assigned.

CCE-2198-0
The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned.

CCE-2757-3
The required permissions for the file %SystemRoot%\Offline Web Pages should be assigned.

CCE-2966-0
If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2711-0
The "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.

CCE-2613-8
The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned.

CCE-2250-9
The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned.

CCE-3071-8
The correct service permissions for the Fax service should be assigned.

CCE-2700-3
The "deny logon locally" user right should be assigned to the correct accounts.

CCE-2141-0
The correct service permissions for the Routing and Remote Access service should be assigned.

CCE-2833-2
The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned.

CCE-3029-6
The correct service permissions for the Universal Plug and Play service should be assigned.

CCE-2921-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned.

CCE-1925-7
The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned.

CCE-3020-5
The "Allow Administrator to Install from Terminal Services Session" policy should be set correctly.

CCE-2749-0
The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned.

CCE-2834-0
The "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.

CCE-2736-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned.

CCE-2945-4
The correct service permissions for the SNMP Trap service should be assigned.

CCE-2638-5
The required permissions for the directory %SystemRoot%\Temp should be assigned.

CCE-2484-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned.

CCE-2691-4
The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned.

CCE-2847-2
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-3077-5
The correct service permissions for the Task Scheduler service should be assigned.

CCE-3186-4
The "Interactive logon: Requre smart card" setting should be configured correctly.

CCE-3088-2
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-3099-9
The "Screen Saver Executable Name" setting should be configured correctly for the default user.

CCE-2969-4
The correct service permissions for the File Shares service should be assigned.

CCE-3053-6
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-2716-9
The IMAPI CD-Burning COM Service should be enabled or disabled as appropriate.

CCE-2299-6
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-2366-3
The "shut down the system" user right should be assigned to the correct accounts.

CCE-1849-9
The required permissions for the directory %AllUsersProfile% should be assigned.

CCE-1969-5
The "create permanent shared objects" user right should be assigned to the correct accounts.

CCE-2057-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned.

CCE-2836-5
The correct service permissions for the Indexing service should be assigned.

CCE-3162-5
The "Audit the access of global system objects" policy should be set correctly.

CCE-2475-2
The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned.

CCE-2660-9
The required permissions for the directory %SystemRoot%\System32 should be assigned.

CCE-2738-3
The required permissions for the directory %SystemRoot%\Tasks should be assigned.

CCE-2901-7
The screen saver should be enabled or disabled as appropriate for the default user.

CCE-2595-7
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned.

CCE-2791-2
The "Create a token object" user right should be assigned to the correct accounts.

CCE-2912-4
The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned.

CCE-2727-6
The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned.

CCE-2780-5
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned.

CCE-2220-2
The required permissions for the file %SystemRoot%\System32\reg.exe should be assigned.

CCE-2814-2
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-2213-7
MSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged

CCE-2718-5
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3013-0
The "Delete Cached Copies of Roaming Profiles" policy should be set correctly.

CCE-2771-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned.

CCE-3111-2
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

CCE-2115-4
The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned.

CCE-2673-2
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned.

CCE-2891-0
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CCE-2760-7
The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned.

CCE-2379-6
The "access this computer from the network" user right should be assigned to the correct accounts.

CCE-2609-6
The "lock pages in memory" user right should be assigned to the correct accounts.

CCE-2070-1
The required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned.

CCE-2202-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned.

CCE-2662-5
The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly.

CCE-2344-0
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-2551-0
The "LDAP server signing requirements" policy should be set correctly.

CCE-2597-3
The required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned.

CCE-2793-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned.

CCE-2903-3
The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned.

CCE-3133-6
The "Smart Card Removal Behavior" policy should be set correctly.

CCE-1943-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned.

CCE-2938-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned.

CCE-2139-4
The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned.

CCE-2805-0
The required permissions for the directory %SystemRoot%\repair should be assigned.

CCE-2782-1
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned.

CCE-1978-6
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

CCE-2675-7
The "profile system performance" user right should be assigned to the correct accounts.

CCE-3155-9
The "Remotely accessible registry paths" policy should be set correctly.

CCE-2773-0
The correct service permissions for the SMTP service should be assigned.

CCE-2829-0
The "log on locally" user right should be assigned to the correct accounts.

CCE-2882-9
The "log on as a batch job" user right should be assigned to the correct accounts.

CCE-3057-7
The correct service permissions for the FTP Publishing service should be assigned.

CCE-3022-1
The correct service permissions for the Background Intelligent Transfer service should be assigned.

CCE-2991-8
The "LDAP client signing requirements" policy should be set correctly.

CCE-2335-8
The "remove computer from docking station" user right should be assigned to the correct accounts.

CCE-2762-3
The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned.

CCE-2893-6
Background Refresh of Group Policy should be properly configured.

CCE-2300-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned.

CCE-2807-6
The "profile single process" user right should be assigned to the correct accounts.

CCE-2860-5
The "replace a process-level token" user right should be assigned to the correct accounts.

CCE-2871-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned.

CCE-3044-5
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-2916-5
TCP/IP SYN Flood Attack Protection should be properly configured.

CCE-2784-7
The required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned.

CCE-3188-0
The "Enforce user logon restrictions" policy should be set correctly.

CCE-3017-1
TCP/IP PMTU Discovery should be properly configured.

CCE-2401-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned.

CCE-2798-7
The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned.

CCE-2752-4
The required permissions for the file %SystemRoot%\Installer should be assigned.

CCE-2229-3
The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned.

CCE-2872-0
The required permissions for the directory %SystemRoot%\System32\Setup should be assigned.

CCE-2741-7
The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned.

CCE-2458-8
The required permissions for the file %SystemRoot%\System32\services.msc should be assigned.

CCE-2184-0
The required permissions for the file %SystemRoot%\System32\at.exe should be assigned.

CCE-2917-3
The "Display user information when the session is locked" setting should be configured correctly.

CCE-2787-0
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned.

CCE-2630-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned.

CCE-2676-5
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned.

CCE-2983-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-2578-3
The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned.

CCE-2325-9
The required permissions for the directory %SystemRoot%\Registration should be assigned.

CCE-2885-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned.

CCE-2207-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned.

CCE-2763-1
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned.

CCE-3004-9
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-2850-6
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned.

CCE-2109-7
The required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned.

CCE-2238-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned.

CCE-2789-6
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-1863-0
The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned.

CCE-2547-8
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

CCE-2425-7
The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned.

CCE-3135-1
The built-in Administrator account should be correctly named.

CCE-2841-5
Safe DLL Search Mode should be properly configured.

CCE-2621-1
The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned.

CCE-2436-4
The required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned.

CCE-2160-0
The required permissions for the directory %SystemRoot% should be assigned.

CCE-2898-5
The "deny logon as a batch job" user right should be assigned to the correct accounts.

CCE-2710-2
Autoplay on all Drive Types should be properly configured.

CCE-3172-4
The "Require Domain Controller authentication to unlock workstation" policy should be set correctly.

CCE-2612-0
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned.

CCE-2745-8
The required permissions for the file %SystemDrive%\IO.SYS should be assigned.

CCE-2514-8
The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned.

CCE-2974-4
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-2647-6
The required permissions for the directory %SystemRoot%\CSC should be assigned.

CCE-2876-1
The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned.

CCE-2732-6
The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned.

CCE-2941-3
The correct service permissions for the SNMP service should be assigned.

CCE-2987-6
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-2480-2
The correct service permissions for the Messenger service should be assigned.

CCE-2329-1
The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned.

CCE-2634-4
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned.

CCE-2843-1
Auditing of "system" events on failure should be enabled or disabled as appropriate..

CCE-3106-2
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-2952-0
System availability to Master Browser should be properly configured.

CCE-2623-7
The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned.

CCE-3061-9
Security Audit log warning level should be properly configured.

CCE-3008-0
Auditing of "account logon" events on failure should be enabled or disabled as appropriate..

CCE-2264-0
The required permissions for the file %SystemRoot%\Prefetch should be assigned.

CCE-2758-1
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned.

CCE-3019-7
If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

CCE-2976-9
The correct service permissions for the Printer service should be assigned.

CCE-2418-2
The required permissions for the directory %SystemRoot%\Debug should be assigned.

CCE-3128-6
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-2747-4
The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned.

CCE-2930-6
Display Last User Name in Logon Screen should be properly configured.

CCE-2603-9
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned.

CCE-2284-8
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned.

CCE-2943-9
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-3139-3
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-2845-6
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned.

CCE-2175-8
The required permissions for the file %SystemRoot%\regedit.exe should be assigned.

CCE-2625-2
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned.

CCE-2810-0
The "synchronize directory service data" user right should be assigned to the correct accounts.

CCE-2856-3
Restricted Groups have been set on the system

CCE-4390-1
Prompt for password on resume from hibernate/suspend should be set correctly.

CCE-3274-8
The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.

CCE-3198-9
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile.

CCE-2933-0
Auditing of "directory service access" events on success should be enabled or disabled as appropriate..

CCE-2343-2
Auditing of "logon" events on failure should be enabled or disabled as appropriate..

CCE-3174-0
The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2354-9
The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services.

CCE-3304-3
Domain Profile: Allow Remote Desktop exception (SP2 only)

CCE-2890-2
The "Anonymous access to the system event log" policy should be set correctly.

CCE-2794-6
The "restrict guest access to security log" policy should be set correctly.

CCE-2345-7
The "restrict guest access to system log" policy should be set correctly.

CCE-3134-4
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.

CCE-2913-2
Auditing of "privilege use" events on success should be enabled or disabled as appropriate..

CCE-2959-5
The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.

CCE-3012-2
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

CCE-2116-2
The "restrict guest access to application log" policy should be set correctly.

CCE-2476-0
Domain Profile: Allow remote administration

CCE-2904-1
The application log maximum size should be configured correctly..

CCE-2796-1
The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled.

CCE-4500-5
The "Password protect the screen saver" setting should be configured correctly for the current user.

CCE-2981-9
The "minimum password length" policy should meet minimum requirements.

CCE-3154-2
Domain Profile: Protect all network connections (SP2 only)

CCE-2939-7
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..

CCE-2992-6
The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.

CCE-2764-9
The "Screen Saver Timeout" setting should be configured correctly for the default user.

CCE-5032-8
Logon - Do not process the run once list

CCE-2862-1
Membership in the Power Users group should be assigned to the appropriate accounts.

CCE-3114-6
The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly .

CCE-2971-0
Auditing of "policy change" events on success should be enabled or disabled as appropriate..

CCE-3136-9
Membership in the Remote Desktop Users group should be assigned to the appropriate accounts.

CCE-2777-1
The "when maximum log size is reached" property should be set correctly for the System log.

CCE-1840-8
The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled.

CCE-2851-4
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-8440-0
The "Windows Firewall: Apply local firewall rules" policy should be configured correctly for the Domain profile.

CCE-3014-8
The "when maximum log size is reached" property should be set correctly for the Application log.

CCE-4838-9
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-4262-2
The "Prevent IIS Installation" setting should be configured correctly.

CCE-2439-8
The "minimum password age" policy should meet minimum requirements.

CCE-3280-5
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2559-3
The TCP/IP KeepAlive Time should be set correctly .

CCE-3129-4
The "Limit Number of Connections" policy should be set correctly for Terminal Services.

CCE-4849-6
The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.

CCE-3084-1
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-2174-1
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-2735-9
The "password must meet complexity requirments" policy should be set correctly.

CCE-2690-6
Membership in the Backup Operators group should be assigned to the appropriate accounts.

CCE-2920-7
The "maximum password age" policy should meet minimum requirements.

CCE-3018-9
The "Maximum machine account password age" policy should be set correctly.

CCE-3055-1
The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2100-6
Auditing of "logon" events on success should be enabled or disabled as appropriate..

CCE-3284-7
Standard Profile: Protect all network connections (SP2 only)

CCE-3273-0
Restrictions for Unauthenticated RPC clients (SP2 only)

CCE-2956-1
RPC Endpiont Mapper Client Authentication (SP2 only)

CCE-2923-1
The log file path and name for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-2693-0
The security log maximum size should be configured correctly..

CCE-2958-7
The log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3040-3
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-2682-3
The required auditing for %SystemDrive% directory should be enabled.

CCE-2925-6
CD-ROM Autorun should be properly configured.

CCE-3157-5
The amount of idle time required before disconnecting a session should be set correctly.

CCE-2259-0
Auditing of "object access" events on success should be enabled or disabled as appropriate..

CCE-2707-8
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Standard Profile.

CCE-2949-6
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-3179-9
Standard Profile: Do not allow exceptions (SP2 only)

CCE-5025-2
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-2453-9
The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly .

CCE-2816-7
Auditing of "process tracking" events on success should be enabled or disabled as appropriate..

CCE-3231-8
Standard Profile: Define port exceptions (SP2 only)

CCE-3011-4
The "Enable User to Use Media Source While Elevated" policy should be set correctly.

CCE-2980-1
The "Screen Saver Timeout" setting should be configured correctly for the current user.

CCE-2444-8
Disable saving of dial-up passwords should be properly configured.

CCE-8515-9
The "Windows Firewall: Define program exceptions" policy should be configured correctly for the Domain Profile.

CCE-2906-6
Auditing of "account management" events on failure should be enabled or disabled as appropriate..

CCE-2808-4
The "Remote Control Settings" policy should be set correctly for Terminal Services.

CCE-2293-9
The "Enable User to Patch Elevated Products" policy should be set correctly.

CCE-3213-6
Standard Profile: Allow Remote Desktop exception (SP2 only)

CCE-2643-5
The "Anonymous access to the security event log" policy should be set correctly.

CCE-3092-4
Always Wait for the Network at Computer Startup and Logon should be properly configured.

CCE-8374-1
CD Burning features in Windows Explorer should be enabled or disabled as appropriate.

CCE-2336-6
The "when maximum log size is reached" property should be set correctly for the Security log.

CCE-2994-2
The "enforce password history" policy should meet minimum requirements.

CCE-2896-9
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-7583-8
The "Windows Firewall: Outbound connections" policy should be configured correctly for the Domain profile.

CCE-2961-1
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-3124-5
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-2776-3
Automatic Logon should be properly configured.

CCE-3090-8
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3119-5
The "Anonymous access to the application event log" policy should be set correctly.

CCE-3085-8
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-2889-4
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-8147-1
The "Windows Firewall: Inbound connections" policy should be configured correctly for the Domain Profile.

CCE-2767-2
The "generate security audits" user right should be assigned to the correct accounts.

CCE-3117-9
The "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer.

CCE-2965-2
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3170-8
The "Screen Saver Executable Name" setting should be configured correctly for the current user.

CCE-2867-0
Auditing of "account logon" events on success should be enabled or disabled as appropriate..

CCE-2701-1
The "Users Prompted to Change Password Before Expiration" policy should be set correctly.

CCE-2878-7
Auditing of "system" events on success should be enabled or disabled as appropriate..

CCE-3094-0
The "Enable User Control Over Installs" policy should be set correctly.

CCE-2723-5
the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices" setting should be configured correctly.

CCE-2954-6
Standard Profile: Allow remote administration exception (SP2 only)

CCE-3006-4
The system log maximum size should be configured correctly..

CPE    1
cpe:/o:microsoft:windows_xp
*XCCDF
xccdf_org.secpod_benchmark_hipaa_windows_xp
OVAL    392
oval:org.secpod.oval:def:15289
oval:org.secpod.oval:def:15288
oval:org.secpod.oval:def:15281
oval:org.secpod.oval:def:15280
...

© 2013 SecPod Technologies