[Forgot Password]
Login  Register Subscribe

24003

 
 

131517

 
 

106904

 
 

909

 
 

84902

 
 

134

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:8723
The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.

oval:org.secpod.oval:def:18798
The 'Allow Basic authentication' machine setting should be configured correctly for the WinRM client.

oval:org.secpod.oval:def:8844
The "Maximum Log Size (KB)" machine setting should be configured correctly for the secirity log.

oval:org.secpod.oval:def:8724
The 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly.

oval:org.secpod.oval:def:8841
The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.

oval:org.secpod.oval:def:8842
The 'User Account Control: Admin Approval Mode for the Built-in Administrator account' setting should be configured correctly.

oval:org.secpod.oval:def:19085
The 'Allow Basic authentication' machine setting should be configured correctly for the WinRM service.

oval:org.secpod.oval:def:8848
Reset Account Lockout Counter After

oval:org.secpod.oval:def:8727
The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly.

oval:org.secpod.oval:def:8729
The 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.

oval:org.secpod.oval:def:8855
The "Maximum Log Size (KB)" machine setting should be configured correctly for the application log.

oval:org.secpod.oval:def:8736
The 'Audit: Audit the access of global system objects' setting should be configured correctly.

oval:org.secpod.oval:def:8850
The "Set time limit for disconnected sessions" machine setting should be configured correctly.

oval:org.secpod.oval:def:8731
The 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.

oval:org.secpod.oval:def:8858
The "Maximum Log Size (KB)" machine setting should be configured correctly for the system log.

oval:org.secpod.oval:def:8737
The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.

oval:org.secpod.oval:def:8738
The 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.

oval:org.secpod.oval:def:8739
The 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.

oval:org.secpod.oval:def:8822
The 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.

oval:org.secpod.oval:def:19627
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8823
The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:18895
The 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly.

oval:org.secpod.oval:def:19624
The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:18778
The 'Require user authentication for remote connections by using Network Level Authentication' machine setting should be configured correctly.

oval:org.secpod.oval:def:8820
The 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly.

oval:org.secpod.oval:def:19067
The Windows Firewall should be enabled or disabled as appropriate for the Private Profile.

oval:org.secpod.oval:def:8829
The 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.

oval:org.secpod.oval:def:18773
The 'Retain old events' machine setting should be configured correctly for the setup log.

oval:org.secpod.oval:def:19186
The 'Require use of specific security layer for remote (RDP) connections' machine setting should be configured correctly.

oval:org.secpod.oval:def:18771
The 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' machine setting should be configured correctly.

oval:org.secpod.oval:def:19183
The 'Allow unencrypted traffic' machine setting should be configured correctly for the WinRM service.

oval:org.secpod.oval:def:8711
The 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.

oval:org.secpod.oval:def:8833
The 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.

oval:org.secpod.oval:def:8835
The 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.

oval:org.secpod.oval:def:8830
The 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.

oval:org.secpod.oval:def:8710
The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.

oval:org.secpod.oval:def:19079
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.

oval:org.secpod.oval:def:8836
The 'Network security: LAN Manager authentication level' setting should be configured correctly.

oval:org.secpod.oval:def:8715
Switch to the secure desktop when prompting for elevation

oval:org.secpod.oval:def:8716
The 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.

oval:org.secpod.oval:def:8838
The 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.

oval:org.secpod.oval:def:19508
The 'Do not process the run once list' machine setting should be configured correctly.

oval:org.secpod.oval:def:19205
The 'Set time limit for active Remote Desktop Services sessions' machine setting should be configured correctly.

oval:org.secpod.oval:def:19569
The 'Do not allow local administrators to customize permissions' machine setting should be configured correctly.

oval:org.secpod.oval:def:19441
The 'Server Authentication Certificate Template' machine setting should be configured correctly.

oval:org.secpod.oval:def:8809
The "Turn off Search Companion content file updates" machine setting should be configured correctly.

oval:org.secpod.oval:def:8803
The 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly.

oval:org.secpod.oval:def:8925
The Accounts: Guest account status setting should be configured correctly. This policy setting determines whether the Guest account is enabled or disabled. The Guest account allows unauthenticated network users to gain access to the system. Note that this setting will have no impact when applied to ...

oval:org.secpod.oval:def:8804
The 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.

oval:org.secpod.oval:def:8926
The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.

oval:org.secpod.oval:def:8806
The "Restrictions for Unauthenticated RPC clients" machine setting should be configured correctly.

oval:org.secpod.oval:def:8927
The 'Devices: Prevent users from installing printer drivers' setting should be configured correctly.

oval:org.secpod.oval:def:8812
The 'Domain member: Maximum machine account password age' setting should be configured correctly.

oval:org.secpod.oval:def:19456
The 'Allow users to connect remotely using Remote Desktop Services' machine setting should be configured correctly.

oval:org.secpod.oval:def:19214
The 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' machine setting should be configured correctly.

oval:org.secpod.oval:def:8818
The 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.

oval:org.secpod.oval:def:19452
The 'Allow Remote Shell Access' machine setting should be configured correctly.

oval:org.secpod.oval:def:19210
The 'Configure minimum PIN length for startup' machine setting should be configured correctly.

oval:org.secpod.oval:def:8819
The 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' setting should be configured correctly.

oval:org.secpod.oval:def:8907
Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client

oval:org.secpod.oval:def:8908
Customer Experience Improvement Program

oval:org.secpod.oval:def:18901
The 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.

oval:org.secpod.oval:def:8915
The "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly.

oval:org.secpod.oval:def:7706
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)

oval:org.secpod.oval:def:18836
The Deny log on as a batch job user right should be assigned to the appropriate accounts. This policy setting determines which accounts will not be able to log on to the computer as a batch job. A batch job is not a batch (.bat) file, but rather a batch-queue facility. Accounts that use the Task Sc ...

oval:org.secpod.oval:def:18962
The 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.

oval:org.secpod.oval:def:18846
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.

oval:org.secpod.oval:def:19014
Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.

oval:org.secpod.oval:def:19492
The 'Allow unencrypted traffic' machine setting should be configured correctly for the WinRM client.

oval:org.secpod.oval:def:18960
The 'Retain old events' machine setting should be configured correctly for the application log.

oval:org.secpod.oval:def:8788
The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.

oval:org.secpod.oval:def:8785
The 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.

oval:org.secpod.oval:def:8787
The 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.

oval:org.secpod.oval:def:19586
The 'Disallow Digest authentication' machine setting should be configured correctly.

oval:org.secpod.oval:def:18928
The 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly.

oval:org.secpod.oval:def:8780
The 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.

oval:org.secpod.oval:def:18927
Windows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.

oval:org.secpod.oval:def:18806
The Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.

oval:org.secpod.oval:def:8782
The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.

oval:org.secpod.oval:def:18942
The Deny log on through Remote Desktop Services user right should be assigned to the appropriate accounts. This policy setting determines whether users can log on as Terminal Services clients. After the baseline member server is joined to a domain environment, there is no need to use local accounts ...

oval:org.secpod.oval:def:18940
The 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.

oval:org.secpod.oval:def:7900
The Minimum password length setting should be configured correctly.

oval:org.secpod.oval:def:19478
The 'Reschedule Automatic Updates scheduled installations' machine setting should be configured correctly.

oval:org.secpod.oval:def:8795
The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly.

oval:org.secpod.oval:def:8797
The 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.

oval:org.secpod.oval:def:7901
The 'Password must meet complexity requirements' policy should be set correctly.

oval:org.secpod.oval:def:7902
Maximum password age is the profile defined number of days

oval:org.secpod.oval:def:8792
The 'Network access: Sharing and security model for local accounts' setting should be configured correctly.

oval:org.secpod.oval:def:8793
The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.

oval:org.secpod.oval:def:8790
The 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.

oval:org.secpod.oval:def:18997
Windows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.

oval:org.secpod.oval:def:8766
RPC Endpoint Mapper Client Authentication

oval:org.secpod.oval:def:8768
The Deny access to this computer from the network user right should be assigned to the appropriate accounts. This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely. In high security environmen ...

oval:org.secpod.oval:def:8769
The 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly.

oval:org.secpod.oval:def:8762
The 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.

oval:org.secpod.oval:def:8763
The "Prevent the computer from joining a homegroup" machine setting should be configured correctly.

oval:org.secpod.oval:def:19600
The 'Always install with elevated privileges' machine setting should be configured correctly.

oval:org.secpod.oval:def:18878
The Manage auditing and security log user right should be assigned to the appropriate accounts. This policy setting determines which users can change the auditing options for files and directories and clear the Security log. When configuring a user right in the SCM enter a comma delimited list of a ...

oval:org.secpod.oval:def:8885
Turn off the "Publish to Web" task for files and folders

oval:org.secpod.oval:def:19288
The 'No auto-restart with logged on users for scheduled automatic updates installations' machine setting should be configured correctly.

oval:org.secpod.oval:def:8880
This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min)

oval:org.secpod.oval:def:8760
The 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.

oval:org.secpod.oval:def:18749
The 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.

oval:org.secpod.oval:def:8898
This definition tests the the maximum allowed size of the setup log is at least as big as the supplied value.

oval:org.secpod.oval:def:8777
The 'Domain member: Disable machine account password changes' setting should be configured correctly.

oval:org.secpod.oval:def:18886
The 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.

oval:org.secpod.oval:def:8899
Solicited Remote Assistance

oval:org.secpod.oval:def:18764
The 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly.

oval:org.secpod.oval:def:8779
The 'Interactive logon: Do not display last user name' setting should be configured correctly.

oval:org.secpod.oval:def:8773
The 'Minimum password age' setting should be configured correctly.

oval:org.secpod.oval:def:8894
Require a Password when a Computer Wakes (Plugged in)

oval:org.secpod.oval:def:8895
Set client connection encryption level

oval:org.secpod.oval:def:8774
The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.

oval:org.secpod.oval:def:8897
Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers.

oval:org.secpod.oval:def:18883
The 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.

oval:org.secpod.oval:def:19295
The 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' machine setting should be configured correctly.

oval:org.secpod.oval:def:8892
The system is configured to allow unsolicited remote assistance offers.

oval:org.secpod.oval:def:8772
The Deny log on locally user right should be assigned to the appropriate accounts. This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies.Important:I ...

oval:org.secpod.oval:def:8744
The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly.

oval:org.secpod.oval:def:18733
The 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.

oval:org.secpod.oval:def:7897
The number of passwords remembered

oval:org.secpod.oval:def:7898
The Account lockout duration setting should be configured correctly. This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain un ...

oval:org.secpod.oval:def:8866
Always prompt client for password upon connection

oval:org.secpod.oval:def:18853
The 'Retain old events' machine setting should be configured correctly for the security log.

oval:org.secpod.oval:def:8746
The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.

oval:org.secpod.oval:def:7899
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:org.secpod.oval:def:8747
The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.

oval:org.secpod.oval:def:8861
The "Allow remote access to the Plug and Play interface" machine setting should be configured correctly.

oval:org.secpod.oval:def:18735
The 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly.

oval:org.secpod.oval:def:19021
The 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.

oval:org.secpod.oval:def:18848
The 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly.

oval:org.secpod.oval:def:18744
The 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.

oval:org.secpod.oval:def:8755
The 'Devices: Allowed to format and eject removable media' setting should be configured correctly.

oval:org.secpod.oval:def:8756
Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders

oval:org.secpod.oval:def:8877
Default behavior for AutoRun

oval:org.secpod.oval:def:8878
Enumerate administrator accounts on elevation

oval:org.secpod.oval:def:8757
The 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.

oval:org.secpod.oval:def:18748
Windows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.

oval:org.secpod.oval:def:8751
The Network security: LDAP client signing requirements setting should be configured correctly. This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: * None. The LDAP BIND request is issued with the caller-specified ...

oval:org.secpod.oval:def:18747
The 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly.

oval:org.secpod.oval:def:8875
Allowing unsecure RPC communication exposes the server to man in the middle attacks and data disclosure attacks. A man in the middle attack occurs when an intruder captures packets between a client and server and modifies them before allowing the packets to be exchanged. Usually the attacker will mo ...

oval:org.secpod.oval:def:19034
The 'Retain old events' machine setting should be configured correctly for the system log.

oval:org.secpod.oval:def:19030
The Windows Firewall should be enabled or disabled as appropriate for the Public Profile.

oval:org.secpod.oval:def:18739
The 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly.

CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    144
CCE-10970-2
CCE-11103-9
CCE-10978-5
CCE-11431-4
...
*XCCDF
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2008_R2

© 2013 SecPod Technologies