[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:8825
The 'Network access: Remotely accessible registry paths' setting should be configured correctly.

oval:org.secpod.oval:def:8916
The "Turn off Data Execution Prevention for Explorer" machine setting should be configured correctly.

oval:org.secpod.oval:def:8815
Administrators may create symbolic links

oval:org.secpod.oval:def:19439
The 'Choose drive encryption method and cipher strength' machine setting should be configured correctly.

oval:org.secpod.oval:def:19433
The 'Configure TPM platform validation profile' machine setting should be configured correctly.

oval:org.secpod.oval:def:18746
Rights to access DCOM applications should be assigned as appropriate.

oval:org.secpod.oval:def:18773
The 'Retain old events' machine setting should be configured correctly for the setup log.

oval:org.secpod.oval:def:18960
The 'Retain old events' machine setting should be configured correctly for the application log.

oval:org.secpod.oval:def:8797
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

oval:org.secpod.oval:def:8898
This definition tests the the maximum allowed size of the setup log is at least as big as the supplied value.

oval:org.secpod.oval:def:18853
The 'Retain old events' machine setting should be configured correctly for the security log.

oval:org.secpod.oval:def:19034
The 'Retain old events' machine setting should be configured correctly for the system log.

oval:org.secpod.oval:def:8844
The "Maximum Log Size (KB)" machine setting should be configured correctly for the secirity log.

oval:org.secpod.oval:def:8723
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

oval:org.secpod.oval:def:8724
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

oval:org.secpod.oval:def:8845
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.

oval:org.secpod.oval:def:8840
The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.

oval:org.secpod.oval:def:8841
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

oval:org.secpod.oval:def:8842
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

oval:org.secpod.oval:def:8848
Reset Account Lockout Counter After

oval:org.secpod.oval:def:18793
The 'Configure use of passwords for removable data drives' machine setting should be configured correctly.

oval:org.secpod.oval:def:8729
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

oval:org.secpod.oval:def:19537
The 'Choose how BitLocker-protected operating system drives can be recovered' machine setting should be configured correctly.

oval:org.secpod.oval:def:8855
The "Maximum Log Size (KB)" machine setting should be configured correctly for the application log.

oval:org.secpod.oval:def:8850
The "Set time limit for disconnected sessions" machine setting should be configured correctly.

oval:org.secpod.oval:def:8731
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

oval:org.secpod.oval:def:8853
The "Turn off Internet download for Web publishing and online ordering wizards" machine setting should be configured correctly.

oval:org.secpod.oval:def:8737
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

oval:org.secpod.oval:def:8858
The "Maximum Log Size (KB)" machine setting should be configured correctly for the system log.

oval:org.secpod.oval:def:8738
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

oval:org.secpod.oval:def:8739
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

oval:org.secpod.oval:def:19090
The 'Deny write access to removable drives not protected by BitLocker' machine setting should be configured correctly.

oval:org.secpod.oval:def:8822
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

oval:org.secpod.oval:def:8823
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:19627
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8824
The 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.

oval:org.secpod.oval:def:18895
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

oval:org.secpod.oval:def:19624
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8711
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

oval:org.secpod.oval:def:8833
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

oval:org.secpod.oval:def:8710
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

oval:org.secpod.oval:def:8715
Switch to the secure desktop when prompting for elevation

oval:org.secpod.oval:def:8836
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

oval:org.secpod.oval:def:8716
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

oval:org.secpod.oval:def:8837
The 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.

oval:org.secpod.oval:def:19198
The 'Turn off Data Execution Prevention for HTML Help Executible' machine setting should be configured correctly.

oval:org.secpod.oval:def:8839
The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly.

oval:org.secpod.oval:def:19508
The 'Do not process the run once list' machine setting should be configured correctly.

oval:org.secpod.oval:def:19441
The 'Server Authentication Certificate Template' machine setting should be configured correctly.

oval:org.secpod.oval:def:8808
The 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

oval:org.secpod.oval:def:8809
The "Turn off Search Companion content file updates" machine setting should be configured correctly.

oval:org.secpod.oval:def:19444
The 'Allow Standby States (S1-S3) When Sleeping (On Battery)' machine setting should be configured correctly.

oval:org.secpod.oval:def:8803
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

oval:org.secpod.oval:def:8925
The Accounts: Guest account status setting should be configured correctly. This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system. Note that this setting will have no impact when applied to ...

oval:org.secpod.oval:def:8926
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

oval:org.secpod.oval:def:8812
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

oval:org.secpod.oval:def:19456
The 'Allow users to connect remotely using Remote Desktop Services' machine setting should be configured correctly.

oval:org.secpod.oval:def:19210
The 'Configure minimum PIN length for startup' machine setting should be configured correctly.

oval:org.secpod.oval:def:8818
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

oval:org.secpod.oval:def:19452
The 'Allow Remote Shell Access' machine setting should be configured correctly.

oval:org.secpod.oval:def:8819
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

oval:org.secpod.oval:def:8814
The "Enable user control over installs" machine setting should be configured correctly.

oval:org.secpod.oval:def:8908
Customer Experience Improvement Program

oval:org.secpod.oval:def:8915
The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly.

oval:org.secpod.oval:def:7706
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)

oval:org.secpod.oval:def:18836
The Deny log on as a batch job user right should be assigned to the appropriate accounts. This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Sc ...

oval:org.secpod.oval:def:19366
The 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' machine setting should be configured correctly.

oval:org.secpod.oval:def:19361
The 'Deny write access to fixed drives not protected by BitLocker' machine setting should be configured correctly.

oval:org.secpod.oval:def:19483
The 'Require additional authentication at startup' machine setting should be configured correctly.

oval:org.secpod.oval:def:19480
The 'Prevent memory overwrite on restart' machine setting should be configured correctly.

oval:org.secpod.oval:def:19255
The 'Validate smart card certificate usage rule compliance' machine setting should be configured correctly.

oval:org.secpod.oval:def:19499
The 'Choose how BitLocker-protected removable drives can be recovered' machine setting should be configured correctly.

oval:org.secpod.oval:def:18839
The 'Allow enhanced PINs for startup' machine setting should be configured correctly.

oval:org.secpod.oval:def:8788
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

oval:org.secpod.oval:def:8789
The 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.

oval:org.secpod.oval:def:8785
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:8787
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

oval:org.secpod.oval:def:19581
The 'Configure use of passwords for fixed data drives' machine setting should be configured correctly.

oval:org.secpod.oval:def:8780
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

oval:org.secpod.oval:def:8782
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

oval:org.secpod.oval:def:18942
The Deny log on through Remote Desktop Services user right should be assigned to the appropriate accounts. This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts ...

oval:org.secpod.oval:def:7900
The Minimum password length setting should be configured correctly.

oval:org.secpod.oval:def:8795
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

oval:org.secpod.oval:def:8796
The 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.

oval:org.secpod.oval:def:19595
The 'Configure use of smart cards on removable data drives' machine setting should be configured correctly.

oval:org.secpod.oval:def:19233
The 'Control use of BitLocker on removable drives' machine setting should be configured correctly.

oval:org.secpod.oval:def:7901
The 'Password must meet complexity requirements' policy should be set correctly.

oval:org.secpod.oval:def:7902
Maximum password age is the profile defined number of days

oval:org.secpod.oval:def:8791
The 'Network access: Shares that can be accessed anonymously' setting should be configured correctly.

oval:org.secpod.oval:def:8792
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

oval:org.secpod.oval:def:8793
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

oval:org.secpod.oval:def:8766
RPC Endpoint Mapper Client Authentication

oval:org.secpod.oval:def:8767
The 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.

oval:org.secpod.oval:def:8768
The Deny access to this computer from the network user right should be assigned to the appropriate accounts. This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environmen ...

oval:org.secpod.oval:def:8769
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

oval:org.secpod.oval:def:8762
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

oval:org.secpod.oval:def:8763
The "Prevent the computer from joining a homegroup" machine setting should be configured correctly.

oval:org.secpod.oval:def:19600
The 'Always install with elevated privileges' machine setting should be configured correctly.

oval:org.secpod.oval:def:19164
The 'Provide the unique identifiers for your organization' machine setting should be configured correctly.

oval:org.secpod.oval:def:8880
This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min)

oval:org.secpod.oval:def:8777
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

oval:org.secpod.oval:def:8899
Solicited Remote Assistance

oval:org.secpod.oval:def:18886
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

oval:org.secpod.oval:def:8779
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

oval:org.secpod.oval:def:8894
Require a Password when a Computer Wakes (Plugged in)

oval:org.secpod.oval:def:8773
The 'Minimum password age' setting should be configured correctly.

oval:org.secpod.oval:def:8774
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

oval:org.secpod.oval:def:8895
Set client connection encryption level

oval:org.secpod.oval:def:8776
The 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.

oval:org.secpod.oval:def:18883
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

oval:org.secpod.oval:def:19295
The 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' machine setting should be configured correctly.

oval:org.secpod.oval:def:19172
The 'Choose how BitLocker-protected fixed drives can be recovered' machine setting should be configured correctly.

oval:org.secpod.oval:def:8772
The Deny log on locally user right should be assigned to the appropriate accounts. This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:I ...

oval:org.secpod.oval:def:18733
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

oval:org.secpod.oval:def:8744
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

oval:org.secpod.oval:def:7897
The number of passwords remembered

oval:org.secpod.oval:def:8866
Always prompt client for password upon connection

oval:org.secpod.oval:def:7898
The Account lockout duration setting should be configured correctly. This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain un ...

oval:org.secpod.oval:def:8746
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

oval:org.secpod.oval:def:7899
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:org.secpod.oval:def:8747
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

oval:org.secpod.oval:def:8861
The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly.

oval:org.secpod.oval:def:19029
The 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly.

oval:org.secpod.oval:def:8755
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

oval:org.secpod.oval:def:8876
Turn off Autoplay for non-volume devices

oval:org.secpod.oval:def:8877
Default behavior for AutoRun

oval:org.secpod.oval:def:8756
Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders

oval:org.secpod.oval:def:8757
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

oval:org.secpod.oval:def:8878
Enumerate administrator accounts on elevation

oval:org.secpod.oval:def:8751
The Network security: LDAP client signing requirements setting should be configured correctly. This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: * None. The LDAP BIND request is issued with the caller-specified ...

oval:org.secpod.oval:def:18867
The 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly.

oval:org.secpod.oval:def:8874
Prevent printing over HTTP.

oval:org.secpod.oval:def:8875
Allowing unsecure RPC communication exposes the server to man in the middle attacks and data disclosure attacks. A man in the middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will mo ...

oval:org.secpod.oval:def:8754
The 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.

oval:org.secpod.oval:def:19155
The 'Configure use of smart cards on fixed data drives' machine setting should be configured correctly.

oval:org.secpod.oval:def:19158
The 'Do not process the legacy run list' machine setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    136
CCE-10949-6
CCE-12161-6
CCE-11829-9
CCE-10139-4
...
*XCCDF
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2008_R2

© SecPod Technologies