[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111543

 
 

909

 
 

86957

 
 

136

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:22592
Enable: 'Default behavior for AutoRun'

oval:org.secpod.oval:def:22437
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

oval:org.secpod.oval:def:29311
This policy setting determines which users or groups might access DCOM application remotely or locally. This setting is used to control the attack surface of the computer for DCOM applications. You can use this policy setting to specify access permissions to all the computers to particular users for ...

oval:org.secpod.oval:def:22646
Remote Desktop Services is configured to allow an idle session limit no greater than 15 minutes

oval:org.secpod.oval:def:22494
This policy setting allows you to set the encryption types that Kerberos is allowed to use.

oval:org.secpod.oval:def:28919
This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed to access removable CD-ROM media. When this policy setting is enabled and no one is logged on interactively ...

oval:org.secpod.oval:def:22380
Enable: 'Choose how BitLocker-protected removable drives can be recovered' for RDVRecovery

oval:org.secpod.oval:def:22387
This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts to access the server from the network. Domain accounts can access the server for administration and end-use ...

oval:org.secpod.oval:def:22386
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when t ...

oval:org.secpod.oval:def:22385
Installation options for applications are typically controlled by administrators. This setting prevents users from changing installation options that may bypass security features.

oval:org.secpod.oval:def:22384
Enable: 'Allow Standby States (S1-S3) When Sleeping (On Battery)'

oval:org.secpod.oval:def:22382
Domain member: Maximum machine account password age

oval:org.secpod.oval:def:22499
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands.

oval:org.secpod.oval:def:22378
'Configure use of passwords for fixed data drives' for FDVPassphrase

oval:org.secpod.oval:def:22377
IPSec exemptions are limited

oval:org.secpod.oval:def:22498
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network.

oval:org.secpod.oval:def:22376
Terminal Services / Remote Desktop Services - Prevent users from connecting using Terminal Services or Remote Desktop

oval:org.secpod.oval:def:22375
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).

oval:org.secpod.oval:def:22496
Disable: 'Require additional authentication at startup' for UseAdvancedStartup

oval:org.secpod.oval:def:22495
This policy setting determines whether the system shuts down if it is unable to log Security events.

oval:org.secpod.oval:def:22373
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.

oval:org.secpod.oval:def:22493
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.

oval:org.secpod.oval:def:22359
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. The ...

oval:org.secpod.oval:def:22367
This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths.

oval:org.secpod.oval:def:22487
'Choose how BitLocker-protected fixed drives can be recovered' for FDVRecovery

oval:org.secpod.oval:def:22486
This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:22364
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.

oval:org.secpod.oval:def:22363
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.

oval:org.secpod.oval:def:22361
'Configure use of passwords for operating system drives' for OSPassphrase

oval:org.secpod.oval:def:22360
This policy setting determines the number of days that you must use a password before you can change it.

oval:org.secpod.oval:def:22469
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.

oval:org.secpod.oval:def:22588
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7.

oval:org.secpod.oval:def:22596
Disable: 'Enable RPC Endpoint Mapper Client Authentication'

oval:org.secpod.oval:def:22475
This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.

oval:org.secpod.oval:def:22474
This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ...

oval:org.secpod.oval:def:22472
Specifies whether or not the user is prompted for a password when the system resumes from sleep.

oval:org.secpod.oval:def:22470
Setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards.

oval:org.secpod.oval:def:22591
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:22615
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down.

oval:org.secpod.oval:def:22613
This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Scheduler to schedule jobs need this user right. The Deny log on as a batch job user right ov ...

oval:org.secpod.oval:def:22612
This policy setting determines the least number of characters that make up a password for a user account.

oval:org.secpod.oval:def:22619
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.

oval:org.secpod.oval:def:22618
Specify the 'Configure minimum PIN length for startup'

oval:org.secpod.oval:def:29932
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only ...

oval:org.secpod.oval:def:29933
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started. ...

oval:org.secpod.oval:def:22620
This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)?based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). When configuring a user right i ...

oval:org.secpod.oval:def:22600
This policy setting allows users to shut down Windows Vista based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft recom ...

oval:org.secpod.oval:def:28705
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker.When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose Allow users to apply BitLocker protection ...

oval:org.secpod.oval:def:28707
This policy setting allows you to configure how the computers Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Importa ...

oval:org.secpod.oval:def:28706
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These identifiers are stored as the identification field and allowed identification field. The identification field allows you to associate a unique organizational identifier ...

oval:org.secpod.oval:def:28709
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provided they are able to provide the existing PIN first.This policy setting is applied when you turn on BitLocker.If you enable this policy setting, standard users will not be allo ...

oval:org.secpod.oval:def:28708
This policy setting allows you to configure how the computers Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.Importa ...

oval:org.secpod.oval:def:22608
This policy setting determines whether a computer can be shut down when a user is not logged on.

oval:org.secpod.oval:def:22607
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password.

oval:org.secpod.oval:def:28710
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started following BitLocker recovery.If you enable this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery.If you disable this p ...

oval:org.secpod.oval:def:28713
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.If you enable this policy setting, you will be able to add additional settings, remove the default settings, or both.If you disable this policy setting, the computer will rev ...

oval:org.secpod.oval:def:28703
This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit event will be generated for every file that is backed up or restored.If the Audit: Audit the use of B ...

oval:org.secpod.oval:def:22392
Specify the 'Account Lockout Threshold'

oval:org.secpod.oval:def:22390
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS)

oval:org.secpod.oval:def:22398
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:29585
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. If you di ...

oval:org.secpod.oval:def:22393
By default, all administrator accounts are displayed when you attempt to elevate a running application.

oval:org.secpod.oval:def:22539
Specify the maximum log file size (KB) (System)

oval:org.secpod.oval:def:22538
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:22416
'Deny write access to removable drives not protected by BitLocker' for RDVDenyWriteAccess

oval:org.secpod.oval:def:22415
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop.

oval:org.secpod.oval:def:22543
This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setti ...

oval:org.secpod.oval:def:22542
This policy setting allows you to disable the client computers ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet.

oval:org.secpod.oval:def:22541
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.

oval:org.secpod.oval:def:22662
Specify the 'Network access: Shares that can be accessed anonymously'

oval:org.secpod.oval:def:29850
This policy setting causes the run list, which is a list of programs that Windows runs automatically when it starts, to be ignored. The customized run lists for Windows Vista are stored in the registry at the following locations:- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run- HKE ...

oval:org.secpod.oval:def:22404
This policy setting determines how network logons that use local accounts are authenticated.

oval:org.secpod.oval:def:22403
Disable: 'Control Event Log behavior when the log file reaches its maximum size' for Application

oval:org.secpod.oval:def:22523
This policy setting determines what additional permissions are assigned for anonymous connections to the computer

oval:org.secpod.oval:def:22644
This policy setting makes the Recovery Console SET command available.

oval:org.secpod.oval:def:22643
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection.

oval:org.secpod.oval:def:22522
'Configure use of hardware-based encryption for fixed data drives' for FDVHardwareEncryption

oval:org.secpod.oval:def:22409
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.

oval:org.secpod.oval:def:29963
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced DEP. DEP is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows. If you enable this policy setting, DEP for HTML Help Executable will be t ...

oval:org.secpod.oval:def:22653
This policy setting determines who is allowed to format and eject removable media.

oval:org.secpod.oval:def:22530
This policy setting controls the behavior of application installation detection for the computer.

oval:org.secpod.oval:def:22639
The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:22518
This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid.

oval:org.secpod.oval:def:22638
The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE.

oval:org.secpod.oval:def:22516
Choose drive encryption method and cipher strength

oval:org.secpod.oval:def:22513
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption.

oval:org.secpod.oval:def:22512
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, lo ...

oval:org.secpod.oval:def:22632
When this policy setting is enabled, a domain controller must authenticate the domain account used to unlock the computer.

oval:org.secpod.oval:def:22642
Disable: 'Turn off Data Execution Prevention for Explorer'

oval:org.secpod.oval:def:22506
This policy setting determines whether a domain member can periodically change its computer account password.

oval:org.secpod.oval:def:22624
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key.

oval:org.secpod.oval:def:22503
The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key

oval:org.secpod.oval:def:22622
'Configure use of smart cards on removable data drives' for RDVAllowUserCert

oval:org.secpod.oval:def:22621
This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions.

oval:org.secpod.oval:def:22509
This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup.

oval:org.secpod.oval:def:28736
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you en ...

oval:org.secpod.oval:def:22510
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.

oval:org.secpod.oval:def:22631
This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used.

oval:org.secpod.oval:def:22630
Enable: 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes'

oval:org.secpod.oval:def:22579
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes.

oval:org.secpod.oval:def:22457
The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE.

oval:org.secpod.oval:def:29656
This policy setting determines whether users private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password?distinct from their domain password?every time that they use a key, then it will be more difficult for an at ...

oval:org.secpod.oval:def:29896
This policy setting allows users to enable authentication options that require user input from the pre-boot environment even if the platform indicates lack of pre-boot input capability.The Windows on-screen touch keyboard (such as used by slates) is not available in the pre-boot environment where Bi ...

oval:org.secpod.oval:def:22587
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ...

oval:org.secpod.oval:def:22465
This policy setting controls whether application write failures are redirected to defined registry and file system locations.

oval:org.secpod.oval:def:22584
Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.

oval:org.secpod.oval:def:22463
Disable: 'Configure use of hardware-based encryption for operating system drives' for OSHardwareEncryption

oval:org.secpod.oval:def:22462
Always install with elevated privileges

oval:org.secpod.oval:def:22583
This policy setting determines the strength of the default discretionary access control list (DACL) for objects.

oval:org.secpod.oval:def:22461
This policy setting determines whether a user can log on to a Windows domain using cached account information.

oval:org.secpod.oval:def:22582
Enable: 'Allow Secure Boot for integrity validation'

oval:org.secpod.oval:def:22581
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:22569
Disable: 'do not process the run once list'

oval:org.secpod.oval:def:22568
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.

oval:org.secpod.oval:def:22567
'Configure use of smart cards on fixed data drives' for FDVAllowUserCert

oval:org.secpod.oval:def:22566
This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network.

oval:org.secpod.oval:def:22455
Disable: 'Allow enhanced PINs for startup'

oval:org.secpod.oval:def:22696
'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' for RDVDiscoveryVolumeType

oval:org.secpod.oval:def:22575
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed on computers running Windows Server 2008, Windows Vista, Windows XP with Service Pack 3 (SP3), or Windows XP with Service Pack 2 (SP2) operating systems.

oval:org.secpod.oval:def:22694
Specify the 'Network access: Named Pipes that can be accessed anonymously'

oval:org.secpod.oval:def:22693
Enable: 'Choose how BitLocker-protected operating system drives can be recovered' for OSRecovery

oval:org.secpod.oval:def:22571
Allowing unsecure RPC communication exposes the system to man in the middle attacks and data disclosure attacks. A man in the middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will mo ...

oval:org.secpod.oval:def:22439
This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. ...

oval:org.secpod.oval:def:22438
Enable: 'Network access: Do not allow storage of credentials or .NET Passports for network authentication'

oval:org.secpod.oval:def:22558
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:org.secpod.oval:def:22678
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

oval:org.secpod.oval:def:22677
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:22556
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares.

oval:org.secpod.oval:def:22555
Specify the maximum log file size (KB) (Security)

oval:org.secpod.oval:def:22686
'Configure use of passwords for removable data drives' for RDVPassphrase

oval:org.secpod.oval:def:22564
Specify the maximum log file size (KB) (Application)

oval:org.secpod.oval:def:22685
When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network.

oval:org.secpod.oval:def:22561
The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) in the SCE.

oval:org.secpod.oval:def:22440
The system is configured to prevent name-release attacks

oval:org.secpod.oval:def:22560
This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen.

oval:org.secpod.oval:def:22428
Enable: 'Prevent the computer from joining a HomeGroup'

oval:org.secpod.oval:def:22546
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.

oval:org.secpod.oval:def:22666
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console

oval:org.secpod.oval:def:22545
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

oval:org.secpod.oval:def:22424
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ...

oval:org.secpod.oval:def:22544
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:org.secpod.oval:def:22665
Allow NTLM to fall back to NULL session when used with LocalSystem.

oval:org.secpod.oval:def:29986
Enables or disables the Store offer to update to the latest version of Windows.If you enable this setting, the Store application will not offer updates to the latest version of Windows.If you disable or do not configure this setting the Store application will offer updates to the latest version of W ...

oval:org.secpod.oval:def:29984
Enables or disables the automatic download and installation of app updates.If you enable this setting, the automatic download and installation of app updates is turned off.If you disable this setting, the automatic download and installation of app updates is turned on.If you dont configure this sett ...

oval:org.secpod.oval:def:22554
'Configure use of hardware-based encryption for removable data drives' for RDVHardwareEncryption

oval:org.secpod.oval:def:22553
The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:22672
MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)

oval:org.secpod.oval:def:22430
The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect for ...

oval:org.secpod.oval:def:22550
Password must meet complexity requirements.

oval:org.secpod.oval:def:22670
Enable: 'Configure Solicited Remote Assistance'

CPE    1
cpe:/o:microsoft:windows_8.1
CCE    150
CCE-34900-1
CCE-34771-6
CCE-35595-8
CCE-34226-1
...
*XCCDF
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_8_1

© SecPod Technologies