[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:40246
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:If you apply this security policy to the Everyone group, no one will be able to log o ...

oval:org.secpod.oval:def:40248
The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect -fo ...

oval:org.secpod.oval:def:40251
This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such as files and folders, can be accessed by referring to a new kind of file system object called a symbolic link. A symbolic link is a pointer (much like a shortcut or .lnk fi ...

oval:org.secpod.oval:def:40256
This policy setting determines the strength of the default discretionary access control list (DACL) for objects.

oval:org.secpod.oval:def:40254
This policy setting audits Other Account Management events.

oval:org.secpod.oval:def:40258
This policy setting in the DS Access audit category enables reports to result when changes to create, modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS).

oval:org.secpod.oval:def:40263
This policy setting allows users to shut down Windows Vista -based computers from remote locations on the network. Anyone who has been assigned this user right can cause a denial of service (DoS) condition, which would make the computer unavailable to service user requests. Therefore, Microsoft reco ...

oval:org.secpod.oval:def:40264
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing.

oval:org.secpod.oval:def:40265
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption.

oval:org.secpod.oval:def:40304
Allow NTLM to fall back to NULL session when used with LocalSystem.

oval:org.secpod.oval:def:40307
The "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly.

oval:org.secpod.oval:def:40274
Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.

oval:org.secpod.oval:def:40278
This policy setting determines which users can connect to the computer from the network. This capability is required by a number of network protocols, including Server Message Block (SMB)-based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). Users, co ...

oval:org.secpod.oval:def:40317
This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a ...

oval:org.secpod.oval:def:40289
The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly.

oval:org.secpod.oval:def:40201
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.

oval:org.secpod.oval:def:40320
The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\ registry key. The entry appears as MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serv ...

oval:org.secpod.oval:def:40288
This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows.

oval:org.secpod.oval:def:40205
This policy setting determines whether the LDAP server requires a signature before it will negotiate with LDAP clients.

oval:org.secpod.oval:def:40292
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:40291
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

oval:org.secpod.oval:def:40296
This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista.

oval:org.secpod.oval:def:40331
The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE.Internet Control Mes ...

oval:org.secpod.oval:def:40216
This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:40223
This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed.

oval:org.secpod.oval:def:40221
Always install with elevated privileges

oval:org.secpod.oval:def:40229
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.

oval:org.secpod.oval:def:40234
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environments, there should be no need for remote users to access data on a computer. Instead, file sharing should be acc ...

oval:org.secpod.oval:def:40235
This policy setting controls whether application write failures are redirected to defined registry and file system locations.

oval:org.secpod.oval:def:40232
This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.

oval:org.secpod.oval:def:40236
The "Domain member: Disable machine account password changes" setting should be configured correctly.

oval:org.secpod.oval:def:40237
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.

oval:org.secpod.oval:def:40241
This policy setting determines which users or groups have the right to log on as a Terminal Services client. Remote desktop users require this user right. If your organization uses Remote Assistance as part of its help desk strategy, create a group and assign it this user right through Group Policy. ...

oval:org.secpod.oval:def:40240
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.

oval:org.secpod.oval:def:40245
The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:40244
The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40249
This policy setting controls the behavior of application installation detection for the computer.

oval:org.secpod.oval:def:40252
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.

oval:org.secpod.oval:def:40253
Specify the maximum log file size for Security (KB)

oval:org.secpod.oval:def:40250
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:40257
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password.

oval:org.secpod.oval:def:40255
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting.

oval:org.secpod.oval:def:40259
This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network.

oval:org.secpod.oval:def:40260
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:40261
This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:40300
Enable: 'Default behavior for AutoRun'

oval:org.secpod.oval:def:40266
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, lo ...

oval:org.secpod.oval:def:40269
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:40303
This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40308
This setting requires if users need to maintain certain complexity or not.

oval:org.secpod.oval:def:40271
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.

oval:org.secpod.oval:def:40275
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings.

oval:org.secpod.oval:def:40273
This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setti ...

oval:org.secpod.oval:def:40279
The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:40310
The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40281
The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself.

oval:org.secpod.oval:def:40280
This policy setting determines whether packet signing is required by the SMB client component.

oval:org.secpod.oval:def:40285
This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista.

oval:org.secpod.oval:def:40286
This policy setting audits Account Management events.

oval:org.secpod.oval:def:40284
The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials.

oval:org.secpod.oval:def:40287
This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40200
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).

oval:org.secpod.oval:def:40326
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set ...

oval:org.secpod.oval:def:40203
This policy setting audits Computer Account Management events.

oval:org.secpod.oval:def:40209
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings.

oval:org.secpod.oval:def:40329
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.

oval:org.secpod.oval:def:40208
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.

oval:org.secpod.oval:def:40330
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connecti ...

oval:org.secpod.oval:def:40294
This policy setting determines the least number of characters that make up a password for a user account.

oval:org.secpod.oval:def:40212
This policy setting determines what additional permissions are assigned for anonymous connections to the computer

oval:org.secpod.oval:def:40210
This policy setting determines if the server side SMB service is required to perform SMB packet signing.

oval:org.secpod.oval:def:40298
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation.

oval:org.secpod.oval:def:40299
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.

oval:org.secpod.oval:def:40217
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.

oval:org.secpod.oval:def:40224
This policy setting audits Security Group Management events.

oval:org.secpod.oval:def:40228
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:40226
This setting requires users to wait for a certain number of days before changing their password again.

oval:org.secpod.oval:def:40230
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

oval:org.secpod.oval:def:40195
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:40199
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

oval:org.secpod.oval:def:40233
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide.

oval:org.secpod.oval:def:40238
Specify the maximum log file size for Application (KB)

oval:org.secpod.oval:def:40242
Specify the maximum log file size for System (KB)

CPE    1
cpe:/o:microsoft:windows_server_2016
CCE    83
CCE-44499-2
CCE-46230-9
CCE-44597-3
CCE-46219-2
...
*XCCDF
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016

© 2013 SecPod Technologies