[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*


CCE-4755-5
The "Maximum User Renewal Lifetime" policy should be set correctly.

CCE-4666-4
The "Maximum Service Ticket Litfetime" policy should be set correctly.

CCE-2339-0
The behavior surrounding Anonymous SID/Name translation should be correct.

CCE-3936-2
The "Maximum User Ticket Lifetime" policy should be set correctly.

CCE-4702-7
The "Maximum tolerance for computer clock synchronization" policy should be set correctly.

CCE-2874-6
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services.

CCE-4941-1
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

CCE-2467-9
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-5028-6
Auditing of "DS Access: Directory Service Access" events on success should be enabled or disabled as appropriate.

CCE-3285-4
The "Audit the access of global system objects" policy should be set correctly.

CCE-4797-7
The "Do Not Automatically Start Windows Messenger" policy should be set correctly.

CCE-3439-7
Domain Profile - Outbound Connections

CCE-3187-2
Domain Profile: Do not allow exceptions (SP2 only)

CCE-2398-6
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

CCE-8095-2
The Autoplay policy "Don't set the always do this checkbox" should be configured correctly.

CCE-3089-0
Auditing of "account logon" events on failure should be enabled or disabled as appropriate..

CCE-4916-3
Auditing of "Account Management: Other Account Management Events" events on success should be enabled or disabled as appropriate.

CCE-4194-7
The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.

CCE-3054-4
Domain Profile: Protect all network connections (SP2 only)

CCE-4206-9
The log file path and name for the Windows Firewall should be configured correctly for the Private Profile.

CCE-3261-5
IP Source Routing should be properly configured.

CCE-4982-5
Auditing of "Object Access: SAM" events on failure should be enabled or disabled as appropriate.

CCE-2363-0
The "account lockout duration" policy should meet minimum requirements.

CCE-2922-3
The "Turn off Windows Startup Sound" setting should be configured correctly.

CCE-3417-3
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

CCE-7621-6
This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. It enables or disables certificate rules (a type of software restriction policies rule). With soft ...

CCE-2979-3
Hide mechanisms to remove zone information is set correcly.

CCE-3394-4
RPC Endpiont Mapper Client Authentication (SP2 only)

CCE-3283-9
The "Force logoff when logon hours expire" policy should be set correctly.

CCE-4294-5
The "Create Symbolic Links" user right should be assigned to the appropriate accounts.

CCE-3328-2
The "Turn on Windows Meeting Space audting" setting should be configured correctly.

CCE-3437-1
Do not preserve zone information in file attachments is set correcly.

CCE-3953-7
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

CCE-3076-7
Auditing of "logon" events on success should be enabled or disabled as appropriate..

CCE-3500-6
The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly.

CCE-3041-1
Auditing of "directory service access" events on success should be enabled or disabled as appropriate..

CCE-3272-2
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.

CCE-4829-8
Auditing of "Object Access: Application Generated" events on failure should be enabled or disabled as appropriate.

CCE-2781-3
The "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly.

CCE-4651-6
The "Increase a Process Working Set" setting should be configured correctly.

CCE-2924-9
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.

CCE-5004-7
The "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.

CCE-3415-7
Access to registry editing tools is set correctly.

CCE-3196-3
The "when maximum log size is reached" property should be set correctly for the Security log.

CCE-2519-7
The amount of idle time required before disconnecting a session should be set correctly.

CCE-2376-2
The "Number of Previous Logons to Cache" policy should be set correctly.

CCE-4991-6
The "Set Safe for Scripting" policy should be set correctly.

CCE-4673-0
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

CCE-3426-4
Public Profile - Apply Local Connection Security Rules

CCE-4938-7
Auditing of "Account Management: Application Group Management" events on success should be enabled or disabled as appropriate.

CCE-2650-0
Public Profile - Apply Local Firewall Rules

CCE-3243-3
Auditing of "object access" events on failure should be enabled or disabled as appropriate..

CCE-3387-8
Standard Profile: Allow Remote Desktop exception (SP2 only)

CCE-8501-9
The "Do Not Allow Windows Messenger to be Run" policy should be set correctly.

CCE-2839-9
The "restrict guest access to system log" policy should be set correctly.

CCE-3450-4
Audit: Force audit policy subcategory settings are set correcly.

CCE-4962-7
The "profile single process" user right should be assigned to the correct accounts.

CCE-8547-2
Administrative Shares should be enabled or disabled as appropriate.

CCE-3341-5
The "Report Logon Server Not Available During User logon" setting should be configured correctly.

CCE-3001-5
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

CCE-3232-6
The behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct.

CCE-3330-8
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

CCE-3376-1
The "Allow indexing of encrypted files" setting should be configured correctly.

CCE-4973-4
The "bypass traverse checking" user right should be assigned to the correct accounts.

CCE-3278-9
Turn off Windows Update device driver searching

CCE-3363-9
The "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" should be set correctly

CCE-4940-3
The "LDAP client signing requirements" policy should be set correctly.

CCE-5048-4
Auditing of "Account Management: Security Group Management" events on success should be enabled or disabled as appropriate.

CCE-4300-0
Auditing of "Privilege Use: Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-4213-5
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

CCE-3352-2
Standard Profile: Allow remote administration exception (SP2 only)

CCE-3398-5
The "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.

CCE-3121-1
The "restrict guest access to application log" policy should be set correctly.

CCE-5264-7
The "Screen Saver Executable Name" setting should be configured correctly for the current user.

CCE-3023-9
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

CCE-4115-2
Auditing of "Account Management: Distribution Group Management" events on success should be enabled or disabled as appropriate.

CCE-4083-2
The "log on as a batch job" user right should be assigned to the correct accounts.

CCE-3287-0
Auditing of "account management" events on failure should be enabled or disabled as appropriate..

CCE-3385-2
The "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly.

CCE-4479-2
Auditing of "Policy Change: Other Policy Change Events" events on success should be enabled or disabled as appropriate.

CCE-3178-1
The "Allow Corporate redirection of Customer Experience Improvement uploads" setting should be configured correctly.

CCE-4851-2
The "Turn off Help Ratings" setting should be configured correctly.

CCE-4907-2
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC pol ...

CCE-4335-6
Auditing of "Object Access: Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate.

CCE-3045-2
The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.

CCE-5146-6
The ISATAP tunneling protocol for IPv6 should be enabled or disabled as appropriate.

CCE-3230-0
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-2785-4
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

CCE-3143-5
The "Prevent indexing uncached Exchange folders" setting should be configured correctly.

CCE-2641-9
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.

CCE-3406-6
The "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting should be configured correctly.

CCE-5011-2
Auditing of "Logon/Logoff: IPsec Extended Mode" events on success should be enabled or disabled as appropriate.

CCE-2719-3
Autoplay on all Drive Types should be properly configured.

CCE-3263-1
Public Profile - Inbound Connections

CCE-4204-4
Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-2323-4
The "enforce password history" policy should meet minimum requirements.

CCE-2772-2
The "Interactive logon: Requre smart card" setting should be configured correctly.

CCE-3361-3
The "Disconnect clients when logon hours expire" policy should be set correctly.

CCE-4568-2
Auditing of "Object Access: Filtering Platform Connection" events on success should be enabled or disabled as appropriate.

CCE-5000-5
Auditing of "Detailed Tracking: DPAPI Activity" events on success should be enabled or disabled as appropriate.

CCE-2883-7
The "minimum password length" policy should meet minimum requirements.

CCE-3252-4
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

CCE-3165-8
The system log maximum size should be configured correctly.

CCE-4995-7
Auditing of "Policy Change: Other Policy Change Events" events on failure should be enabled or disabled as appropriate.

CCE-3067-6
System availability to Master Browser should be properly configured.

CCE-3345-6
The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" should be set correctly

CCE-3138-5
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

CCE-5043-5
The screen saver should be enabled or disabled as appropriate for the current user.

CCE-3093-2
The "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-5089-8
Auditing of "DS Access: Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-2533-8
The log file path and name for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3454-6
The "Turn Off Automatic Root Certificates Update" setting should be configured correctly.

CCE-7716-4
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

CCE-5163-1
Auditing of "Logon/Logoff: Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.

CCE-4869-4
Auditing of "Detailed Tracking: Process Termination" events on success should be enabled or disabled as appropriate.

CCE-8516-7
The Windows Firewall inbound program exceptions list should be set appropriately for the Domain Profile.

CCE-3334-0
Standard Profile: Allow local program exceptions (SP2 only)

CCE-4691-2
Auditing of "Object Access: Other Object Access Events" events on failure should be enabled or disabled as appropriate.

CCE-3432-2
The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.

CCE-7629-9
The Windows Firewall "Define inbound program exceptions" policy should be enabled or disabled as appropriate for the Domain Profile.

CCE-5067-4
Auditing of "DS Access: Directory Service Changes" events on success should be enabled or disabled as appropriate.

CCE-4921-3
Auditing of "Object Access: File System" events on success should be enabled or disabled as appropriate.

CCE-4048-5
The "modify firmware environment values" user right should be assigned to the correct accounts.

CCE-3367-0
The "Sharing and security model for local accounts" policy should be set correctly.

CCE-4505-4
Auditing of "Logon/Logoff: IPsec Extended Mode" events on failure should be enabled or disabled as appropriate.

CCE-2653-4
Auditing of "policy change" events on failure should be enabled or disabled as appropriate..

CCE-4342-2
Auditing of "Logon/Logoff: Account Lockout" events on success should be enabled or disabled as appropriate.

CCE-3310-0
Require trusted path for credential entry

CCE-3125-2
The "Turn off shell protocol protected mode" setting should be configured correctly.

CCE-3356-3
Standard Profile: Allow local port exceptions (SP2 only)

CCE-3212-8
The "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

CCE-2457-0
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

CCE-2359-8
The built-in Guest account should be correctly named.

CCE-2679-9
TCP/IP SYN Flood Attack Protection should be properly configured.

CCE-3452-0
Group Policy - Registry policy processing

CCE-3234-2
Auditing of "account management" events on success should be enabled or disabled as appropriate..

CCE-4867-8
The "deny logon as a service" user right should be assigned to the correct accounts.

CCE-4998-1
Auditing of "System: Other System Events" events on success should be enabled or disabled as appropriate.

CCE-4854-6
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

CCE-4965-0
Auditing of "Object Access: Handle Manipulation" events on failure should be enabled or disabled as appropriate.

CCE-8342-8
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. If you enable this policy setting, the domain member will request encryption of all secure channel traffic. If you disable this policy setting, the domain m ...

CCE-2962-9
The "Turn off Heap termination on corruption" setting should be configured correctly.

CCE-3158-3
Domain Profile: Allow remote administration

CCE-3365-4
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile.

CCE-4200-2
Auditing of "Object Access: File Share" events on success should be enabled or disabled as appropriate.

CCE-2557-7
The "Turn off Windows Meeting Space" setting should be configured correctly.

CCE-4612-8
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name ...

CCE-4889-2
The "deny logon locally" user right should be assigned to the correct accounts.

CCE-4658-1
Auditing of "DS Access: Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-2742-5
The "Allow only Vista or later connections" setting should be configured correctly.

CCE-4488-3
The "generate security audits" user right should be assigned to the correct accounts.

CCE-3169-0
Prompt for password on resume from hibernate/suspend is set correctly.

CCE-3349-8
The "Shares that can be accessed anonymously" policy should be set correctly.

CCE-5239-9
The "Turn off Help Experience Improvement Program" setting should be configured correctly.

CCE-3303-5
The "Audit the use of backup and restore privilege" policy should be set correctly.

CCE-4020-4
The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.

CCE-4891-8
Auditing of "Detailed Tracking: RPC Events" events on success should be enabled or disabled as appropriate.

CCE-4947-8
Auditing of "Object Access: Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.

CCE-3458-7
Domain Profile: Allow Remote Desktop exception (SP2 only)

CCE-4597-1
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-4405-7
The "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.

CCE-4077-4
The "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile.

CCE-3160-9
Restrictions for Unauthenticated RPC clients (SP2 only)

CCE-3469-4
The "Require a Password when a Computer Wakes (Plugged)" setting should be configured correctly.

CCE-2755-7
The "Turn Off Downloading of Game Information" setting should be configured correctly.

CCE-3325-8
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

CCE-2964-5
Domain Profile: Allow UPnP framework exception (SP2 only)

CCE-2820-9
Auditing of "account logon" events on success should be enabled or disabled as appropriate..

CCE-3436-3
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.

CCE-4925-4
The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.

CCE-4493-3
Auditing of "Detailed Tracking: DPAPI Activity" events on failure should be enabled or disabled as appropriate.

CCE-3314-2
The "Message title for users attempting to log on" policy should be set correctly.

CCE-2975-1
The "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.

CCE-5181-3
Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.

CCE-4618-5
The "profile system performance" user right should be assigned to the correct accounts.

CCE-5052-6
The "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.

CCE-2877-9
The "Turn Off Help and Support Center "Did You Know?" Content" setting should be configured correctly.

CCE-5128-4
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-4629-2
The "Enable User Control Over Installs" policy should be set correctly.

CCE-3456-1
The "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.

CCE-3347-2
Standard Profile: Do not allow exceptions (SP2 only)

CCE-4166-5
Auditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate.

CCE-2953-8
Auditing of "system" events on success should be enabled or disabled as appropriate..

CCE-2999-1
Domain Profile - Inbound Connections

CCE-2724-3
Auditing of "object access" events on success should be enabled or disabled as appropriate..

CCE-3336-5
The "Message text for users attempting to log on" policy should be set correctly.

CCE-4264-8
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-7952-5
The "Remove Security tab" setting should be configured correctly.

CCE-3421-5
Turn off printing over HTTP

CCE-4956-9
Auditing of "Logon/Logoff: Special Logon" events on success should be enabled or disabled as appropriate.

CCE-5008-8
The "Change the time zone" user right should be assigned to the appropriate accounts.

CCE-3225-0
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

CCE-5172-2
Auditing of "Policy Change: Authorization Policy Change" events on success should be enabled or disabled as appropriate.

CCE-3369-6
Standard Profile: Allow file and printer sharing exception (SP2 only)

CCE-5061-7
The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).

CCE-3434-8
The "Turn off Active Help" setting should be configured correctly.

CCE-4046-9
The "manage auditing and security log" user right should be assigned to the correct accounts.

CCE-4714-2
Auditing of "Object Access: Certification Services" events on success should be enabled or disabled as appropriate.

CCE-2868-8
The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.

CCE-3323-3
Configure Solicited Remote Assistance This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messag ...

CCE-4507-0
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile.

CCE-2659-1
The "restrict guest access to security log" policy should be set correctly.

CCE-2977-7
Domain Profile - Apply Local Connection Security Rules

CCE-2746-6
Auditing of "policy change" events on success should be enabled or disabled as appropriate..

CCE-4011-3
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

CCE-2931-4
The "when maximum log size is reached" property should be set correctly for the System log.

CCE-4616-9
Auditing of "Object Access: SAM" events on success should be enabled or disabled as appropriate.

CCE-3358-9
The "Configure Automatic Updates" should be set correctly

CCE-4703-5
Auditing of "Logon/Logoff: Logoff" events on success should be enabled or disabled as appropriate.

CCE-3180-7
Domain Profile: Allow local port exceptions (SP2 only)

CCE-3082-5
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

CCE-3214-4
The "Override the More Gadgets Link" setting should be configured correctly.

CCE-2967-8
The "maximum password age" policy should meet minimum requirements.

CCE-4872-8
The "log on locally" user right should be assigned to the correct accounts.

CCE-4107-9
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

CCE-5114-4
Auditing of "Privilege Use: Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.

CCE-2714-4
The built-in Administrator account should be correctly named.

CCE-3199-7
Safe DLL Search Mode should be properly configured.

CCE-3360-5
Private Profile - Apply Local Firewall Rules

CCE-4205-1
Auditing of "Privilege Use: Privilege Use: Other Privilege Use Events" events on failure should be enabled or disabled as appropriate.

CCE-4774-6
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

CCE-2462-0
The "No auto-restart for scheduled Automatic Updates installations

CCE-3209-4
The "Turn off Windows Defender" setting should be configured correctly.

CCE-4928-8
Auditing of "Logon/Logoff: IPsec Quick Mode" events on failure should be enabled or disabled as appropriate.

CCE-3251-6
The "Smart Card Removal Behavior" policy should be set correctly.

CCE-4992-4
Turn on Mapper I/O (LLTDIO) driver This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth e ...

CCE-4808-2
Auditing of "DS Access: Directory Service Changes" events on failure should be enabled or disabled as appropriate.

CCE-3395-1
Private Profile - Inbound Connections

CCE-4939-5
Auditing of "Policy Change: Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-3297-9
The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly.

CCE-4861-1
The "remove computer from docking station" user right should be assigned to the correct accounts.

CCE-3329-0
Standard Profile: Protect all network connections (SP2 only)

CCE-4086-5
The setup log maximum size should be configured correctly.

CCE-4687-0
The "debug programs" user right should be assigned to the correct accounts.

CCE-4796-9
The "increase scheduling priority" user right should be assigned to the correct accounts.

CCE-5018-7
Auditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate.

CCE-5101-1
IP Source Routing should be properly configured for IPv6.

CCE-4970-0
The "synchronize directory service data" user right should be assigned to the correct accounts.

CCE-2858-9
The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly.

CCE-4883-5
Auditing of "System: Other System Events" events on failure should be enabled or disabled as appropriate.

CCE-3405-8
Domain Profile: Allow local program exceptions

CCE-3371-2
The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.

CCE-3260-7
The "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3305-0
Outlook Express attachment blocking is set correctly.

CCE-4271-3
The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.

CCE-3414-0
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-4207-7
The log file size limit for the Windows Firewall should be configured correctly for the Private Profile.

CCE-2825-8
The "Remotely accessible registry paths" policy should be set correctly.

CCE-5038-5
Auditing of "Logon/Logoff: IPsec Quick Mode" events on success should be enabled or disabled as appropriate.

CCE-4990-8
Auditing of "Privilege Use: Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.

CCE-4761-3
Computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender should be enabled or disabled as appropriate.

CCE-3327-4
Deny all add-ons unless specifically allowed in the Add-on List

CCE-4088-1
The "act as part of the operating system" user right should be assigned to the correct accounts.

CCE-4140-0
Auditing of "Account Management: Distribution Group Management" events on failure should be enabled or disabled as appropriate.

CCE-3173-2
Display Last User Name in Logon Screen should be properly configured.

CCE-4904-9
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

CCE-3380-3
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

CCE-3075-9
The "Maximum machine account password age" policy should be set correctly.

CCE-3271-4
The "Turn on session logging" setting should be configured correctly.

CCE-4828-0
Auditing of "Object Access: Handle Manipulation" events on success should be enabled or disabled as appropriate.

CCE-4650-8
Auditing of "Logon/Logoff: IPsec Main Mode" events on failure should be enabled or disabled as appropriate.

CCE-3316-7
The startup type of the Messenger service should be correct.

CCE-3403-3
The "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly.

CCE-4915-5
The "Disable Logging" setting should be configured correctly.

CCE-5016-1
Auditing of "Logon/Logoff: IPsec Main Mode" events on success should be enabled or disabled as appropriate.

CCE-4382-8
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

CCE-3086-6
Logon - Do not process the run once list

CCE-3266-4
This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this Group Policy setting to grant access to all the computers to particular ...

CCE-3220-1
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

CCE-3364-7
Turn off Internet download for Web publishing and online ordering wizards

CCE-2322-6
Auditing of "privilege use" events on success should be enabled or disabled as appropriate..

CCE-4201-0
Auditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate.

CCE-5047-6
Auditing of "System: System Integrity" events on success should be enabled or disabled as appropriate.

CCE-2477-8
The "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.

CCE-3168-2
The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly.

CCE-4996-5
Auditing of "Object Access: Kernel Object" events on success should be enabled or disabled as appropriate.

CCE-3255-7
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

CCE-2838-1
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

CCE-3024-7
Auditing of "process tracking" events on success should be enabled or disabled as appropriate..

CCE-4898-3
The "Disable Media Player for automatic updates" policy should be set correctly.

CCE-5132-6
Auditing of "Object Access: Other Object Access Events" events on success should be enabled or disabled as appropriate.

CCE-4963-5
The "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.

CCE-4501-3
The "Do not allow drive redirection" setting should be configured correctly for Terminal Services.

CCE-4334-9
The "access this computer from the network" user right should be assigned to the correct accounts.

CCE-3954-5
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

CCE-8404-6
The default behavior for AutoRun should be properly configured.

CCE-3288-8
The "Prevent IIS Installation" setting should be configured correctly.

CCE-2914-0
The "Turn off Windows Calendar" setting should be configured correctly.

CCE-4093-1
Auditing of "Account Management: Computer Account Management" events on success should be enabled or disabled as appropriate.

CCE-3046-0
The "Turn off Untrusted Content" setting should be configured correctly.

CCE-4656-5
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

CCE-4467-7
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

CCE-3409-0
The "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.

CCE-3462-9
Standard Profile: Define port exceptions (SP2 only)

CCE-4841-3
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

CCE-2927-2
Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..

CCE-3309-2
Auditing of "directory service access" events on failure should be enabled or disabled as appropriate..

CCE-4569-0
The "shut down the system" user right should be assigned to the correct accounts.

CCE-3362-1
The "Turn Off Access to All Windows Update Feature" setting should be configured correctly.

CCE-3299-5
The log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.

CCE-3482-7
The "Do not allow Digital Locker to run" setting should be configured correctly.

CCE-4863-7
The "change the system time" user right should be assigned to the correct accounts.

CCE-3166-6
Private Profile - Outbound Connections

CCE-3351-4
Public Profile - Outbound Connections

CCE-5034-4
The "Disable Windows Error Reporting" setting should be configured correctly.

CCE-3120-3
TCP/IP Dead Gateway Detection should be properly configured.

CCE-3429-8
The "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.

CCE-3240-9
The "minimum password age" policy should meet minimum requirements.

CCE-2905-8
The "when maximum log size is reached" property should be set correctly for the Application log.

CCE-8250-3
Automatic Reboot After System Crash should be enabled or disabled as appropriate.

CCE-3177-3
The "account lockout threshold" policy should meet minimum requirements.

CCE-5023-7
Auditing of "DS Access: Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.

CCE-3033-8
The "password must meet complexity requirments" policy should be set correctly.

CCE-2697-1
The "Turn Off Internet File Association Service" setting should be configured correctly.

CCE-3460-3
MSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted

CCE-3407-4
The "Turn on bandwidth optimization" setting should be configured correctly.

CCE-3142-7
The TCP/IP KeepAlive Time should be set correctly .

CCE-3373-8
Private Profile- Firewall State

CCE-5058-3
Auditing of "Policy Change: Authorization Policy Change" events on failure should be enabled or disabled as appropriate.

CCE-5145-8
Auditing of "Object Access: File Share" events on failure should be enabled or disabled as appropriate.

CCE-4885-0
Auditing of "Object Access: Kernel Object" events on failure should be enabled or disabled as appropriate.

CCE-4919-7
The "Display Error Notification" setting should be configured correctly.

CCE-3431-4
Domain Profile: Allow file and printer sharing exception (SP2 only)

CCE-3115-3
The "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.

CCE-4857-9
Auditing of "Logon/Logoff: Account Lockout" events on failure should be enabled or disabled as appropriate.

CCE-5020-3
The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.

CCE-5066-6
Auditing of "Logon/Logoff: Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate.

CCE-3477-7
The "Turn off downloading of enclosures" setting should be configured correctly.

CCE-4759-7
Auditing of "Detailed Tracking: RPC Events" events on failure should be enabled or disabled as appropriate.

CCE-3311-8
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

CCE-4931-2
Auditing of "DS Access: Directory Service Access" events on failure should be enabled or disabled as appropriate.

CCE-2970-2
Auditing of "logon" events on failure should be enabled or disabled as appropriate..

CCE-3259-9
Turn off the Windows Messenger Customer Experience Improvement Program

CCE-2521-3
The "Turn off the communitication features" setting should be configured correctly.

CCE-4278-8
The log file size limit for the Windows Firewall should be configured correctly for the Public Profile.

CCE-3246-6
Public Profile- Firewall State

CCE-4833-0
Auditing of "Account Management: User Account Management" events on success should be enabled or disabled as appropriate.

CCE-4868-6
Auditing of "Object Access: Certification Services" events on failure should be enabled or disabled as appropriate.

CCE-3379-5
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

CCE-4267-1
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

CCE-5079-9
Auditing of "Object Access: Filtering Platform Connection" events on failure should be enabled or disabled as appropriate.

CCE-4955-1
The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.

CCE-3102-1
The "Log Access For Setup Log" setting should be configured correctly.

CCE-3969-3
The "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly.

CCE-3268-0
Standard Profile: Allow UPnP framework exception (SP2 only)

CCE-5177-1
Auditing of "Policy Change: Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate.

CCE-3320-9
Logon - Do not process the legacy run list

CCE-8387-3
The "Unsigned Driver Installation Behavior" policy should be set correctly.

CCE-5131-8
Auditing of "Privilege Use: Other Privilege Use Events" events on success should be enabled or disabled as appropriate.

CCE-2754-0
Turn off downloading of print drivers over HTTP

CCE-4757-1
The "create a pagefile" user right should be assigned to the correct accounts.

CCE-3222-7
Auditing of "system" events on failure should be enabled or disabled as appropriate..

CCE-3015-5
The application log maximum size should be configured correctly..

CCE-3257-3
Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..

CCE-3440-5
Unicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile.

CCE-4700-1
Auditing of "Account Management: Application Group Management" events on failure should be enabled or disabled as appropriate.

CCE-3949-5
TCP/IP PMTU Discovery should be properly configured.

CCE-3486-8
The "Prevent Windows Media DRM Internet Access" setting should be configured correctly.

CCE-3244-1
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

CCE-4877-7
Auditing of "Policy Change: Authentication Policy Change" events on success should be enabled or disabled as appropriate.

CCE-3388-6
The startup type of the Windows Search service should be configured correctly.

CCE-2380-4
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

CCE-2887-8
The "Customization Warning Messages" setting should be configured correctly.

CCE-4988-2
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

CCE-3464-5
The "Do not create system restore point when new device driver installed" setting should be configured correctly.

CCE-4038-6
The "log on as a service" user right should be assigned to the correct accounts.

CCE-4722-5
The "deny logon as a batch job" user right should be assigned to the correct accounts.

CCE-3331-6
The "Allow remote access to the PnP interface" setting should be configured correctly.

CCE-4866-0
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

CCE-2852-2
The "Reschedule Automatic Updates scheduled installations" should be set correctly

CCE-3279-7
IRDP should be properly configured.

CCE-3326-6
The "Allow undock without having to logon" policy should be set correctly.

CCE-8389-9
Disable saving of dial-up passwords should be properly configured.

CCE-4089-9
The "Do not send additional data" setting should be configured correctly.

CCE-7615-8
The "add workstations to domain" user right should be assigned to the correct accounts.

CCE-3270-6
The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.

CCE-4285-3
The "Modify an object label" user right should be assigned to the appropriate accounts.

CCE-4152-5
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

CCE-3217-7
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy ...

CCE-4372-9
The "replace a process-level token" user right should be assigned to the correct accounts.

CCE-3302-7
The security log maximum size should be configured correctly..

CCE-2778-9
Turn off Search Companion content file updates

CCE-4792-8
The "Create global objects" user right should be assigned to the correct accounts.

CCE-2525-4
The "Turn off Windows Mail application" setting should be configured correctly.

CCE-4902-3
The "Create a token object" user right should be assigned to the correct accounts.

CCE-3348-0
The "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.

CCE-3459-5
MSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged

CCE-3292-0
The "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.

CCE-4078-2
The startup type of the Internet Connection Sharing service should be correct.

CCE-2998-3
User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Public Profile.

CCE-2854-8
Private Profile - Apply Local Connection Security Rules

CCE-4694-6
The "Enable Error Reporting" policy should be set correctly.

CCE-4176-4
Auditing of "DS Access: Directory Service Replication" events on failure should be enabled or disabled as appropriate.

CCE-8608-2
CD Burning features in Windows Explorer should be enabled or disabled as appropriate.

CCE-3239-1
ICMP Redirects should be properly configured.

CCE-4813-2
Use Classic Logon should be properly configured.

CCE-4922-1
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

CCE-3072-6
Automatic Logon should be properly configured.

CCE-5007-0
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

CCE-7624-0
The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate.

CCE-2821-7
The "Require a Password when a Computer Wakes (On Battery)" setting should be configured correctly.

CCE-4704-3
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

CCE-3181-5
Security Audit log warning level should be properly configured.

CCE-2471-1
Enumerate administrator accounts on elevation

CCE-4583-1
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

CCE-5084-9
Auditing of "Object Access: Application Generated" events on success should be enabled or disabled as appropriate.

CCE-3411-6
The "Display user information when the session is locked" setting should be configured correctly.

CCE-3248-2
Use of the built-in Guest account should be enabled or disabled as appropriate.

CCE-3300-1
Notify antivirus programs when opening attachments is set correcly.

CCE-3202-9
Domain Profile: Define port exceptions (SP2 only)

CCE-3457-9
Domain Profile - Apply Local Firewall Rules

CCE-4363-8
Auditing of "Detailed Tracking: Process Termination" events on failure should be enabled or disabled as appropriate.

CCE-4594-8
Auditing of "Object Access: Registry" events on success should be enabled or disabled as appropriate.

CCE-4639-1
The log file path and name for the Windows Firewall should be configured correctly for the Public Profile.

CCE-3468-6
The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.

CCE-5070-8
The "Prevent users from sharing files within their profile" setting should be configured correctly.

CCE-4969-2
The "Behavior of the elevation prompt for standard users" setting should be configured correctly.

CCE-4016-2
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most co ...

CCE-4317-4
The "lock pages in memory" user right should be assigned to the correct accounts.

CCE-4827-2
The "back up files and directories" user right should be assigned to the correct accounts.

CCE-4184-8
The "create permanent shared objects" user right should be assigned to the correct accounts.

CCE-4071-7
The "perform volume maintenance tasks" user right should be assigned to the correct accounts.

CCE-8034-1
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts.

CCE-4948-6
The "restore files and directories" user right should be assigned to the correct accounts.

CCE-4034-5
The "load and unload device drivers" user right should be assigned to the correct accounts.

CCE-3307-6
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

CCE-3164-1
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

CCE-3233-4
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

CCE-3032-0
Use of the built-in Administrator account should be enabled or disabled as appropriate.

CCE-2715-1
The "reset account lockout counter after" policy should meet minimum requirements.

CCE-4290-3
The "Password protect the screen saver" setting should be configured correctly for the current user.

CCE-3050-2
The "Screen Saver Timeout" setting should be configured correctly for the current user.

CCE-4781-1
The "Remotely accessible registry paths and subpaths" policy should be set correctly.

CPE    1
cpe:/o:microsoft:windows_vista
*XCCDF
xccdf_pci_benchmark_Windows_vista
OVAL    433
oval:gov.nist.usgcb.vista:def:8034
oval:gov.nist.usgcb.vista:def:8020
oval:gov.nist.usgcb.vista:def:8008
oval:org.secpod.oval:def:14390
...

© SecPod Technologies