[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:35051
This policy setting determines the amount of time before previously scheduled Automatic Update installations will proceed after system startup. If you configure this policy setting to Enabled, a previously scheduled installation will begin after a specified number of minutes when you next start the ...

oval:org.secpod.oval:def:35159
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:35091
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ...

oval:org.secpod.oval:def:35190
Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:35211
Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:35202
This policy setting specifies that Automatic Updates will wait for computers to be restarted by the users who are logged on to them to complete a scheduled installation. If you enable the No auto-restart for scheduled Automatic Updates installations setting, Automatic Updates does not restart co ...

oval:org.secpod.oval:def:35431
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog. Note that this policy setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not ...

oval:org.secpod.oval:def:35416
This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box. This policy setting works in conjunction with the following Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows Dialog box sett ...

oval:org.secpod.oval:def:35250
Select On (recommended) to have Windows Firewall with Advanced Security use the settings for this profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:35240
This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy.

oval:org.secpod.oval:def:35005
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:35002
This setting controls whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy.

oval:org.secpod.oval:def:34982
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ...

oval:org.secpod.oval:def:35407
Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections. Note When the Apply local firewall rules setting is configured to No, Microsoft recommends also configuring the Display a notificat ...

oval:org.secpod.oval:def:35294
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file rea ...

oval:org.secpod.oval:def:35295
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. The LM hash is relatively weak and prone to attack compared to the cryptographically stronger Microsoft Windows NT hash. Note Older operating systems and some thi ...

oval:org.secpod.oval:def:35292
By default, all administrator accounts are displayed when you attempt to elevate a running application.

oval:org.secpod.oval:def:35171
MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)

oval:org.secpod.oval:def:35293
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares. If you enable this policy setting, anonymous users will not be able to enumerate domain account user names and network share names on the workstations in your environment. The Network access: ...

oval:org.secpod.oval:def:35290
Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable this policy or do not configure it, users can see and cha ...

oval:org.secpod.oval:def:35291
This policy setting allows you to manage the installation of app packages that do not originate from the Windows Store. If you enable this policy setting, you can install any trusted app package. A trusted app package is one that is signed with a certificate chain that can be successfully valida ...

oval:org.secpod.oval:def:35056
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:35298
This policy setting controls the behavior of the elevation prompt for standard users. The options are: - Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, th ...

oval:org.secpod.oval:def:35057
This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server. A certificate is needed to authenticate an RD Session Host server when SSL (TLS 1.0) is used to secure communicati ...

oval:org.secpod.oval:def:35299
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connecti ...

oval:org.secpod.oval:def:35178
Directs Windows Installer to use system permissions when it installs any program on the system. This setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (ins ...

oval:org.secpod.oval:def:35055
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)

oval:org.secpod.oval:def:35162
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature will be turned off, and all programs on this computer will not be able to use location information from the location feature. If you disable or do not ...

oval:org.secpod.oval:def:35284
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). If you enable this policy setting, users with anonymous connections cannot enumerate domain account user names on the workstations in your environment. This policy setting al ...

oval:org.secpod.oval:def:35163
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application will not offer updates to the latest version of Windows. If you disable or do not configure this setting the Store application will offer updates to the latest ve ...

oval:org.secpod.oval:def:35042
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not config ...

oval:org.secpod.oval:def:35281
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file rea ...

oval:org.secpod.oval:def:35280
This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges.

oval:org.secpod.oval:def:35049
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)

oval:org.secpod.oval:def:35047
This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths. Note: This setting does not exist in Windows XP. There was a setting with that name in Windows XP, but it is called "Network access: Remotely acce ...

oval:org.secpod.oval:def:35289
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality includi ...

oval:org.secpod.oval:def:35045
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)

oval:org.secpod.oval:def:35288
This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access. Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, t ...

oval:org.secpod.oval:def:35286
LAN Manager (LM) is a family of early Microsoft client/server software that allows users to link personal computers together on a single network. Network capabilities include transparent file and print sharing, user security features, and network administration tools. In Active Directory domains, th ...

oval:org.secpod.oval:def:36495
If the Screen Saver Timeout setting is enabled, then the screen saver will be launched when the specified amount of time has passed since the last user action. Valid values range from 1 to 89,400 seconds (24 hours). The setting has no effect if the wait time is set to zero or no screen saver has bee ...

oval:org.secpod.oval:def:35393
This policy setting determines whether a user can log on to a Windows domain using cached account information. Logon information for domain accounts can be cached locally to allow users to log on even if a domain controller cannot be contacted. This policy setting determines the number of unique use ...

oval:org.secpod.oval:def:35392
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file rea ...

oval:org.secpod.oval:def:35038
This policy setting determines what additional permissions are assigned for anonymous connections to the computer. If you enable this policy setting, anonymous Windows users are allowed to perform certain activities, such as enumerate the names of domain accounts and network shares. An unauthorized ...

oval:org.secpod.oval:def:35036
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)

oval:org.secpod.oval:def:35278
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests, as follows: - None. The LDAP BIND request is issued with the caller-specified options. - Negotiate signing. If Transport Layer Security/Secure Sockets Layer (TLS/SSL ...

oval:org.secpod.oval:def:35034
This policy setting determines whether case insensitivity is enforced for all subsystems. The Microsoft Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX). Because Windows is case i ...

oval:org.secpod.oval:def:35276
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: - Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the ...

oval:org.secpod.oval:def:36487
If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver. Counter Measure: Configure this policy setting to Enabled so that when the other screen saver ...

oval:org.secpod.oval:def:35156
Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate.

oval:org.secpod.oval:def:35277
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in t ...

oval:org.secpod.oval:def:35032
This policy setting determines whether packet signing is required by the SMB client component. If you enable this policy setting, the Microsoft network client computer cannot communicate with a Microsoft network server unless that server agrees to sign SMB packets. In mixed environments with legacy ...

oval:org.secpod.oval:def:35140
Enables or disables the automatic download and update of map data. If you enable this setting the automatic download and update of map data is turned off. If you disable this setting the automatic download and update of map data is turned on. If you don't configure this setting the autom ...

oval:org.secpod.oval:def:35382
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. - Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elev ...

oval:org.secpod.oval:def:35262
This policy setting determines whether a computer can be shut down when a user is not logged on. If this policy setting is enabled, the shutdown command is available on the Windows logon screen. Microsoft recommends to disable this policy setting to restrict the ability to shut down the computer to ...

oval:org.secpod.oval:def:35020
This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password-distinct from their domain password-every time that they use a key, then it will be more difficult for an a ...

oval:org.secpod.oval:def:35027
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning

oval:org.secpod.oval:def:35388
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.

oval:org.secpod.oval:def:35025
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable this policy setting, local accounts that have blank passwords will not be able to log on to the network from remote clien ...

oval:org.secpod.oval:def:35026
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes

oval:org.secpod.oval:def:36476
This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes. Passwords that are stored with reversible encryption are ...

oval:org.secpod.oval:def:35023
Dictates whether or not Windows is allowed to use standby states when sleeping the computer. When this policy is enabled, Windows may use standby states to sleep the computer. If this policy is disabled, the only sleep state a computer may enter is hibernate.

oval:org.secpod.oval:def:35265
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that block the connection. Important If you set Outbound connections to Block and then deploy the firewall p ...

oval:org.secpod.oval:def:36475
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:35021
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. ...

oval:org.secpod.oval:def:35022
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. Digital signatures protect the traffic from being modified by anyone who captures the data as it traverses the network. Microsoft reco ...

oval:org.secpod.oval:def:35385
Specifies whether or not the user is prompted for a password when the system resumes from sleep.

oval:org.secpod.oval:def:35264
This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used.

oval:org.secpod.oval:def:35018
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)

oval:org.secpod.oval:def:35093
This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.

oval:org.secpod.oval:def:35090
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not config ...

oval:org.secpod.oval:def:35098
This policy setting prevents users from adding new Microsoft accounts on this computer. If you select the "Users can't add Microsoft accounts" option, users will not be able to create new Microsoft accounts on this computer, switch a local account to a Microsoft account, or connect a domain acco ...

oval:org.secpod.oval:def:35085
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.

oval:org.secpod.oval:def:35086
Specifies the period of inactivity before Windows turns off the display. If you enable this policy, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display. If you disable this policy or do not configure it, users can see and cha ...

oval:org.secpod.oval:def:35084
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\sy ...

oval:org.secpod.oval:def:35081
This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign different types of access to different users for the same resource. The Guest only option allows you to tre ...

oval:org.secpod.oval:def:35080
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. The implementation of digital signing in Windows-based networks helps to prevent sessions from being hijacked. If you enable this policy setting, the Microsoft network client will use signing only if ...

oval:org.secpod.oval:def:35089
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers

oval:org.secpod.oval:def:35195
This policy setting determines whether a domain member can periodically change its computer account password. If you enable this policy setting, the domain member will be prevented from changing its computer account password. If you disable this policy setting, the domain member can change its compu ...

oval:org.secpod.oval:def:35196
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. ...

oval:org.secpod.oval:def:35193
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to t ...

oval:org.secpod.oval:def:35070
This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions. Note: In Windows XP this setting is called "Network access: Remotely accessible registry paths," the setting with that sa ...

oval:org.secpod.oval:def:35191
This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ...

oval:org.secpod.oval:def:35078
MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.

oval:org.secpod.oval:def:35079
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)

oval:org.secpod.oval:def:35077
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)

oval:org.secpod.oval:def:35063
This policy setting determines which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. The setting does not modify how the authentication sequence works but instead require certai ...

oval:org.secpod.oval:def:35185
This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policies, an audit event will be generated for every file that is backed up or restored. If the Audit: Audit the use ...

oval:org.secpod.oval:def:35061
This policy setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.

oval:org.secpod.oval:def:35182
This policy setting determines whether users must press CTRL+ALT+DEL before they log on. If you enable this policy setting, users can log on without this key combination. If you disable this policy setting, users must press CTRL+ALT+DEL before they log on to Windows unless they use a smart card for ...

oval:org.secpod.oval:def:35183
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)

oval:org.secpod.oval:def:35069
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconne ...

oval:org.secpod.oval:def:35335
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately. An attacker could use this feature to launch a program to damage the computer or data on the computer. You can enable the Turn off Autoplay set ...

oval:org.secpod.oval:def:35215
This policy setting determines whether the Stored User Names and Passwords feature may save passwords or credentials for later use when it gains domain authentication. If you enable this policy setting, the Stored User Names and Passwords feature of Windows does not store passwords and credentials.

oval:org.secpod.oval:def:35212
This policy setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards.

oval:org.secpod.oval:def:35455
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the Bit ...

oval:org.secpod.oval:def:35213
This policy setting specifies whether Windows will search Windows Update for device drivers when no local drivers for a device are present. Note See also Turn off Windows Update device driver search prompt in Administrative Templates/System, which governs whether an administrator is prompted b ...

oval:org.secpod.oval:def:35452
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the Bit ...

oval:org.secpod.oval:def:35210
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy settings available in Windows Server 2003 Active Directory do not yet contain settings for managing the new auditing subcategories. To properly apply the auditin ...

oval:org.secpod.oval:def:35209
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:36538
This policy setting, which determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours, affects the SMB component. If you enable this policy setting, client sessions with the SMB server will be disconnected when the client's logon hou ...

oval:org.secpod.oval:def:35205
This policy setting determines if the server side SMB service is required to perform SMB packet signing. Enable this policy setting in a mixed environment to prevent downstream clients from using the workstation as a network server.

oval:org.secpod.oval:def:35327
This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders.

oval:org.secpod.oval:def:36532
This policy setting determines the maximum allowable age for a computer account password. By default, domain members automatically change their domain passwords every 30 days. If you increase this interval significantly or set it to 0 so that the computers no longer change their passwords, an attack ...

oval:org.secpod.oval:def:35434
This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server ...

oval:org.secpod.oval:def:35314
This policy setting allows you to manage BitLocker's use of hardware-based encryption on operating system drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent readin ...

oval:org.secpod.oval:def:35430
This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. Administrators can use this policy setting to control when a computer suspends an inactive SMB session. If client activity resumes, the ...

oval:org.secpod.oval:def:35307
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-d ...

oval:org.secpod.oval:def:35423
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands.

oval:org.secpod.oval:def:35421
Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain c ...

oval:org.secpod.oval:def:35301
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ...

oval:org.secpod.oval:def:35422
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. When this policy setting is enabled, the system pagefile is cleared each time that the system shuts down properly. If you enable this security setting, the hibernation file (Hiberfil.sys) is z ...

oval:org.secpod.oval:def:35420
This policy setting causes the run once list, which is the list of programs that Windows Vista runs automatically when it starts, to be ignored. This policy setting differs from the Do not process the legacy run list setting in that programs on this list will run once the next time the client comput ...

oval:org.secpod.oval:def:36509
This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps 'pass phrase' is a better term than 'password.' In Microsoft Windows 2000 or la ...

oval:org.secpod.oval:def:35419
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. The setting helps secure objects that can be located and shared among processes and its default configuration strengthens the DACL, because it allows users who are not administrators to r ...

oval:org.secpod.oval:def:36504
This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords. When this policy is enabled, passwords must meet the following minimum requirements: - Not contain the user's account name or parts of the user's full name that exceed two consecuti ...

oval:org.secpod.oval:def:35414
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format: \\TSClient\<driveletter>$ If local drives are shared they are left vul ...

oval:org.secpod.oval:def:35492
This subcategory reports when connections are allowed or blocked by WFP. These events can be high in volume. Events for this subcategory include: - 5031: The Windows Firewall Service blocked an application from accepting incoming connections on the network. - 5154: The Windows Filtering Pla ...

oval:org.secpod.oval:def:35493
This subcategory reports when a user's account is locked out as a result of too many failed logon attempts. Events for this subcategory include: - 4625: An account failed to log on. Refer to the Microsoft Knowledgebase article 'Description of security events in Windows Vista and in Windows ...

oval:org.secpod.oval:def:35490
This subcategory reports changes in authorization policy including permissions (DACL) changes. Events for this subcategory include: - 4704: A user right was assigned. - 4705: A user right was removed. - 4706: A new trust was created to a domain. - 4707: A trust to a domain was remo ...

oval:org.secpod.oval:def:35491
This subcategory reports changes in policy rules used by the Microsoft Protection Service (MPSSVC.exe). This service is used by Windows Firewall and by Microsoft OneCare. Events for this subcategory include: - 4944: The following policy was active when the Windows Firewall started. - 4945: ...

oval:org.secpod.oval:def:35016
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. The default behavior is to allow connections unless there are firewall rules that block the connection. Important If you set Outbound connections to Block and then deploy the firewall po ...

oval:org.secpod.oval:def:35259
This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objects to be audited. If the Audit: Audit the access of global system objects setting is enabl ...

oval:org.secpod.oval:def:35498
This subcategory reports each event of application group management on a computer, such as when an application group is created, changed, or deleted or when a member is added to or removed from an application group. If you enable this Audit policy setting, administrators can track events to detect m ...

oval:org.secpod.oval:def:35499
This subcategory reports when an AD DS object is accessed. Only objects with SACLs cause audit events to be generated, and only when they are accessed in a manner that matches their SACL. These events are similar to the directory service access events in previous versions of Windows Server. This sub ...

oval:org.secpod.oval:def:35496
This subcategory reports the events that occur in response to credentials submitted for a user account logon request that do not relate to credential validation or Kerberos tickets. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controll ...

oval:org.secpod.oval:def:35497
This subcategory reports encrypt or decrypt calls into the data protections application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. Events for this subcategory include: - 4692: Backup of data protection master key was attempted. ...

oval:org.secpod.oval:def:35010
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: - Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and s ...

oval:org.secpod.oval:def:35494
This subcategory reports changes in security state of the system, such as when the security subsystem starts and stops. Events for this subcategory include: - 4608: Windows is starting up. - 4609: Windows is shutting down. - 4616: The system time was changed. - 4621: Administrator ...

oval:org.secpod.oval:def:35495
This subcategory reports when applications attempt to generate audit events by using the Windows auditing application programming interfaces (APIs). Events for this subcategory include: - 4665: An attempt was made to create an application client context. - 4666: An application attempted an ...

oval:org.secpod.oval:def:35374
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. If no signing request comes from the client, a connection will be allowed without a signature if the Microsoft network server: Di ...

oval:org.secpod.oval:def:35128
Minimum PIN length configures the minimum number of characters required for the work PIN. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, which ...

oval:org.secpod.oval:def:35007
Specifies whether or not the user is prompted for a password when the system resumes from sleep.

oval:org.secpod.oval:def:35481
This subcategory reports the results of AuthIP during Extended Mode negotiations. Events for this subcategory include: - 4978: During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or re ...

oval:org.secpod.oval:def:35482
This subcategory reports each event of computer account management, such as when a computer account is created, changed, deleted, renamed, disabled, or enabled. Events for this subcategory include: - 4741: A computer account was created. - 4742: A computer account was changed. - 4743: A ...

oval:org.secpod.oval:def:35480
This subcategory reports on violations of integrity of the security subsystem. Events for this subcategory include: - 4612 : Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. - 4615 : Invalid use of LPC port. - 4618 ...

oval:org.secpod.oval:def:35489
This subcategory reports each event of user account management, such as when a user account is created, changed, or deleted; a user account is renamed, disabled, or enabled; or a password is set or changed. If you enable this Audit policy setting, administrators can track events to detect malicious, ...

oval:org.secpod.oval:def:35487
This subcategory reports other account management events. Events for this subcategory include: - 4782: The password hash an account was accessed. - 4793: The Password Policy Checking API was called. Refer to the Microsoft Knowledgebase article "Description of security events in Windows V ...

oval:org.secpod.oval:def:35488
This subcategory reports on other system events. Events for this subcategory include: - 5024 : The Windows Firewall Service has started successfully. - 5025 : The Windows Firewall Service has been stopped. - 5027 : The Windows Firewall Service was unable to retrieve the security policy ...

oval:org.secpod.oval:def:35243
Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In previous versions of Windows, Negotiate decides whether to use Kerberos or NTLM for authentication. The extension SSP for Negotiate, Negoexts, which is treated as an authentication pro ...

oval:org.secpod.oval:def:35001
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to requi ...

oval:org.secpod.oval:def:35485
This subcategory reports detailed information about the information replicating between domain controllers. These events can be very high in volume. Events for this subcategory include: - 4928: An Active Directory replica source naming context was established. - 4929 : An Active Directory r ...

oval:org.secpod.oval:def:35486
This subcategory reports when Certification Services operations are performed. Events for this subcategory include: - 4868: The certificate manager denied a pending certificate request. - 4869: Certificate Services received a resubmitted certificate request. - 4870: Certificate Service ...

oval:org.secpod.oval:def:35483
This subcategory reports when a special logon is used. A special logon is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. Events for this subcategory include: - 4964 : Special groups have been assigned to a new logon. Refer to the ...

oval:org.secpod.oval:def:35000
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds

oval:org.secpod.oval:def:35363
This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server. Note: It can be very dangerous to add othe ...

oval:org.secpod.oval:def:35242
This policy setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. It affects the SMB component. If you enable this policy setting, client sessions with the SMB service will be forcibly disconnected when the client's log ...

oval:org.secpod.oval:def:35484
This subcategory reports when SAM objects are accessed. Refer to the Microsoft Knowledgebase article "Description of security events in Windows Vista and in Windows Server 2008" for the most recent information about this setting: http://support.microsoft.com/kb/947226.

oval:org.secpod.oval:def:35470
This subcategory reports the results of Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. Events for this subcategory include: - 4646: IKE DoS-prevention mode started. - 4650: An IPsec Main Mode security association was establish ...

oval:org.secpod.oval:def:35471
This subcategory is not used.

oval:org.secpod.oval:def:35478
This subcategory reports other logon/logoff-related events, such as Terminal Services session disconnects and reconnects, using RunAs to run processes under a different account, and locking and unlocking a workstation. Events for this subcategory include: - 4649: A replay attack was detected. ...

oval:org.secpod.oval:def:35116
Support for device authentication using certificate will require connectivity to a DC in the device account domain which supports certificate authentication for computer accounts. This policy setting allows you to set support for Kerberos to attempt authentication using the certificate for the ...

oval:org.secpod.oval:def:35113
When you enable this setting, planned password expiration longer than password age dictated by "Password Settings" policy is NOT allowed. When such expiration is detected, password is changed immediately and password expiration is set according to policy. When you disable or not configure this s ...

oval:org.secpod.oval:def:35355
This policy setting controls the behavior of the elevation prompt for administrators. The options are: - Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most cons ...

oval:org.secpod.oval:def:35476
This subcategory reports when registry objects are accessed. Only registry objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the ...

oval:org.secpod.oval:def:35477
This subcategory reports when file system objects are accessed. Only file system objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. By itself, this policy setting will not cause auditing of any events. It determines whether to audi ...

oval:org.secpod.oval:def:35111
Configures password parameters Password complexity: which characters are used when generating a new password Default: Large letters + small letters + numbers + special characters Password length Minimum: 8 characters Maximum: 64 characters Default: 14 characters ...

oval:org.secpod.oval:def:35232
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings. This policy setting controls null session access to sha ...

oval:org.secpod.oval:def:35474
This subcategory reports other object access-related events such as Task Scheduler jobs and COM+ objects. Events for this subcategory include: - 4671: An application attempted to access a blocked ordinal through the TBS. - 4691: Indirect access to an object was requested. - 4698: A sch ...

oval:org.secpod.oval:def:35354
Enables or disables the automatic download and installation of app updates. If you enable this setting, the automatic download and installation of app updates is turned off. If you disable this setting, the automatic download and installation of app updates is turned on. If you don't con ...

oval:org.secpod.oval:def:35475
This subcategory reports when a user attempts to log on to the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged on to. If a network logon takes place to access a share, these events generate on the compu ...

oval:org.secpod.oval:def:35472
This subcategory reports when a user logs off from the system. These events occur on the accessed computer. For interactive logons, the generation of these events occurs on the computer that is logged on to. If a network logon takes place to access a share, these events generate on the computer that ...

oval:org.secpod.oval:def:35352
This policy setting controls the behavior of application installation detection for the computer. The options are: - Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user nam ...

oval:org.secpod.oval:def:35231
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug an ...

oval:org.secpod.oval:def:35473
This subcategory reports when a user account or service uses a non-sensitive privilege. A non-sensitive privilege includes the following user rights: Access Credential Manager as a trusted caller, Access this computer from the network, Add workstations to domain, Adjust memory quotas for a process, ...

oval:org.secpod.oval:def:35469
This subcategory reports the results of IKE protocol and AuthIP during Quick Mode negotiations. - 4654: An IPsec Quick Mode negotiation failed. Events for this subcategory include: - 4977: During Quick Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, ...

oval:org.secpod.oval:def:35346
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7.

oval:org.secpod.oval:def:35467
This subcategory reports on the activities of the Internet Protocol security (IPsec) driver. Events for this subcategory include: - 4960: IPsec dropped an inbound packet that failed an integrity check. If this problem persists, it could indicate a network issue or that packets are being modified ...

oval:org.secpod.oval:def:35225
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. In Windows Vista, the default behavior is to allow connections unless there are firewall rules that block the connection.

oval:org.secpod.oval:def:35468
This subcategory reports the results of validation tests on credentials submitted for a user account logon request. These events occur on the computer that is authoritative for the credentials. For domain accounts, the domain controller is authoritative, whereas for local accounts, the local compute ...

oval:org.secpod.oval:def:35102
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Active session limit drop-down list. Remote Desktop ...

oval:org.secpod.oval:def:35224
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:35103
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Although this policy setting increases security, most public Web sites that are secured with TLS or SSL do not support th ...

oval:org.secpod.oval:def:35100
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits. If you enable this policy se ...

oval:org.secpod.oval:def:35222
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: - Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC p ...

oval:org.secpod.oval:def:36551
This policy setting determines the number of days that you must use a password before you can change it. The range of values for this policy setting is between 1 and 999 days. (You may also set the value to 0 to allow immediate password changes.) The default value for this setting is 0 days. ...

oval:org.secpod.oval:def:35216
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this p ...

oval:org.secpod.oval:def:36547
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The default value for Windows Vista is 0 passwords, but the default settin ...

oval:org.secpod.oval:def:34999
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:34996
This policy setting allows you to manage BitLocker's use of hardware-based encryption on fixed data drives and specify which encryption algorithms it can use with hardware-based encryption. Using hardware-based encryption can improve performance of drive operations that involve frequent reading or w ...

oval:org.secpod.oval:def:34997
When enabled, this policy setting causes Local System services that use Negotiate to use the computer identity when NTLM authentication is selected by the negotiation. This policy is supported on at least Windows 7 or Windows Server 2008 R2.

oval:org.secpod.oval:def:34992
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not config ...

oval:org.secpod.oval:def:34993
By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting does not affect other network sharing features. If you disable or do not configure this po ...

oval:org.secpod.oval:def:34990
This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen. Enable this policy setting to prevent intruders from collecting account names visually from the screen ...

oval:org.secpod.oval:def:34989
This policy setting makes the Recovery Console SET command available, which allows you to set the following recovery console environment variables: - AllowWildCards. Enables wildcard support for some commands (such as the DEL command). - AllowAllPaths. Allows access to all files and folders ...

oval:org.secpod.oval:def:34987
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. Microsoft recommends that you disable this policy setting unless there is a strong business case to enable it. If this ...

oval:org.secpod.oval:def:34983
This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

oval:org.secpod.oval:def:34978
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the ...

oval:org.secpod.oval:def:34979
This policy setting determines how far in advance users are warned that their password will expire. Microsoft recommends that you configure this policy setting to 14 days to sufficiently warn users when their passwords will expire.

oval:org.secpod.oval:def:34975
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Windows Location Provider feature will be turned off, and all programs on this computer will not be able to use the Windows Location Provider feature. ...

oval:org.secpod.oval:def:34972
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. To enable this policy setting, all domain controllers in the domain must be able to encrypt secure channel ...

oval:org.secpod.oval:def:34973
The recovery console is a command-line environment that is used to recover from system problems. If you enable this policy setting, the administrator account is automatically logged on to the recovery console when it is invoked during startup.

oval:org.secpod.oval:def:36501
This policy setting determines the number of failed logon attempts before a lock occurs. Authorized users can lock themselves out of an account by mistyping their password or by remembering it incorrectly, or by changing their password on one computer while logged on to another computer. The compute ...

oval:org.secpod.oval:def:35408
This policy setting determines whether the system shuts down if it is unable to log Security events. It is a requirement for Trusted Computer System Evaluation Criteria (TCSEC)-C2 and Common Criteria certification to prevent auditable events from occurring if the audit system is unable to log them. ...

oval:org.secpod.oval:def:35405
This policy setting allows you to disable the client computer's ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet.

oval:org.secpod.oval:def:35403
This policy setting permits users to change installation options that typically are available only to system administrators. If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due ...

oval:org.secpod.oval:def:35515
This subcategory reports changes to objects in Active Directory Domain Services (AD DS). The types of changes that are reported are create, modify, move, and undelete operations that are performed on an object. DS Change auditing, where appropriate, indicates the old and new values of the changed pr ...

oval:org.secpod.oval:def:35516
This subcategory reports when a handle to an object is opened or closed. Only objects with SACLs cause these events to be generated, and only if the attempted handle operation matches the SACL. Handle Manipulation events are only generated for object types where the corresponding Object Access subca ...

oval:org.secpod.oval:def:35514
This subcategory reports other types of security policy changes such as configuration of the Trusted Platform Module (TPM) or cryptographic providers. Events for this subcategory include: - 4909: The local policy settings for the TBS were changed. - 4910: The group policy settings for the T ...

oval:org.secpod.oval:def:35511
This subcategory reports when a process terminates. Events for this subcategory include: - 4689: A process has exited. Refer to the Microsoft Knowledgebase article 'Description of security events in Windows Vista and in Windows Server 2008' for the most recent information about this setting: ...

oval:org.secpod.oval:def:35512
This subcategory reports the loading of extension code such as authentication packages by the security subsystem. Events for this subcategory include: - 4610: An authentication package has been loaded by the Local Security Authority. - 4611: A trusted logon process has been registered with ...

oval:org.secpod.oval:def:35510
This subcategory reports when kernel objects such as processes and mutexes are accessed. Only kernel objects with SACLs cause audit events to be generated, and only when they are accessed in a manner matching their SACL. Typically kernel objects are only given SACLs if the AuditBaseObjects or AuditB ...

oval:org.secpod.oval:def:35508
This subcategory reports changes in authentication policy. Events for this subcategory include: - 4706: A new trust was created to a domain. - 4707: A trust to a domain was removed. - 4713: Kerberos policy was changed. - 4716: Trusted domain information was modified. - 4717: S ...

oval:org.secpod.oval:def:35509
This subcategory reports when replication between two domain controllers begins and ends. Events for this subcategory include: - 4932: Synchronization of a replica of an Active Directory naming context has begun. - 4933: Synchronization of a replica of an Active Directory naming context has ...

oval:org.secpod.oval:def:35506
This subcategory reports the addition and removal of objects from WFP, including startup filters. These events can be very high in volume. Events for this subcategory include: - 4709: IPsec Services was started. - 4710: IPsec Services was disabled. - 4711: May contain any one of the fo ...

oval:org.secpod.oval:def:35507
This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back up files and directories, Create a token object, Debug programs, Enable computer and user accounts to be trusted fo ...

oval:org.secpod.oval:def:35504
This subcategory reports each event of security group management, such as when a security group is created, changed, or deleted or when a member is added to or removed from a security group. If you enable this Audit policy setting, administrators can track events to detect malicious, accidental, and ...

oval:org.secpod.oval:def:35505
This subcategory reports each event of distribution group management, such as when a distribution group is created, changed, or deleted or when a member is added to or removed from a distribution group. If you enable this Audit policy setting, administrators can track events to detect malicious, acc ...

oval:org.secpod.oval:def:35502
This subcategory reports the creation of a process and the name of the program or user that created it. Note: These events now get audited earlier than in previous versions of Windows. The creation of smss.exe and other early processes is now audited. Default settings that cannot be altered unt ...

oval:org.secpod.oval:def:35503
This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: - 5152: The Windows Filtering Platform blocked a packet. - 5153: A more restrictive Windows Filtering Platform filter has bloc ...

oval:org.secpod.oval:def:35500
This subcategory reports remote procedure call (RPC) connection events. Events for this subcategory include: - 5712: A Remote Procedure Call (RPC) was attempted. Refer to the Microsoft Knowledgebase article "Description of security events in Windows Vista and in Windows Server 2008" for the ...

oval:org.secpod.oval:def:35501
This subcategory reports when a file share is accessed. By itself, this policy setting will not cause auditing of any events. It determines whether to audit the event of a user who accesses a file share object that has a specified system access control list (SACL), effectively enabling auditing to t ...

oval:org.secpod.oval:def:35050
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log.

oval:org.secpod.oval:def:35296
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:35165
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur immediately after service startup. If you enable this setting, a check for new definitions will occur after service startup. If you disable this setting or do not configure this setting, ...

oval:org.secpod.oval:def:35394
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:35396
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispyware definitions are disabled. It is recommended that this setting remain disabled. If you enable this setting, the antimalware service will always remain running even if ...

oval:org.secpod.oval:def:35147
This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages.

oval:org.secpod.oval:def:35266
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate", but it has no effect on scans initiated manually from the user interface. ...

oval:org.secpod.oval:def:35094
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:35087
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable this setting, a system restore point will be created. If you disable or do not configure this setting, a system restore point will not be created.

oval:org.secpod.oval:def:35192
This policy setting specifies whether computers in your environment will receive security updates from Windows Update or WSUS. If you configure this policy setting to Enabled, the operating system will recognize when a network connection is available and then use the network connection to search Win ...

oval:org.secpod.oval:def:35189
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:35214
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log.

oval:org.secpod.oval:def:35207
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned. If you enable this setting, downloaded files and attachments smaller than the size specified will be scanned. If you disable or do not configure this setting, a default size ...

oval:org.secpod.oval:def:35306
This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a ...

oval:org.secpod.oval:def:35305
This policy setting allows you to configure network protection against exploits of known vulnerabilities. If you enable or do not configure this setting, the network protection will be enabled. If you disable this setting, the network protection will be disabled.

oval:org.secpod.oval:def:35302
This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. If definitions are determined to be out of date, this state may trigger several additional actions, including falling back to an alternative update source or displaying a w ...

oval:org.secpod.oval:def:35256
This policy setting allows you to manage whether or not end users can pause a scan in progress. If you enable or do not configure this setting, a new context menu will be added to the task tray icon to allow the user to pause a scan. If you disable this setting, users will not be able to pau ...

oval:org.secpod.oval:def:35254
This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the number of hours between quick scans. Valid values range from 1 (every hour) to 24 (once per day). If set to zero, interval quick scans will not occur. By default, this setting ...

oval:org.secpod.oval:def:35373
Use this option to specify the path and name of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:35253
This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Group Policy. If you enable this setting, the local preference setting will take priority over Group Policy. If you disable or do not configure this setting, Group Po ...

oval:org.secpod.oval:def:35008
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log.

oval:org.secpod.oval:def:35360
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedule ...

oval:org.secpod.oval:def:35004
This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages.

oval:org.secpod.oval:def:35351
This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remediation. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. The schedule is based on local time ...

oval:org.secpod.oval:def:35349
This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as the number of minutes past midnight (00:00). For example, 120 (0x78) is equivalent to 02:00 AM. By default, this setting is set to a time value of 2:00 AM. The schedul ...

oval:org.secpod.oval:def:35220
This option is useful if you need to control whether this computer receives unicast responses to its outgoing multicast or broadcast messages.

oval:org.secpod.oval:def:35341
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log.

oval:org.secpod.oval:def:34994
Use this option to specify the size limit of the file in which Windows Firewall will write its log information.

oval:org.secpod.oval:def:34991
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log.

oval:org.secpod.oval:def:35413
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log.

oval:org.secpod.oval:def:36488
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ...

oval:org.secpod.oval:def:36526
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:org.secpod.oval:def:36557
This security setting determines whether a different account name is associated with the security identifier (SID) for the account &amp;quot;Guest.&amp;quot; Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combinati ...

oval:org.secpod.oval:def:36492
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time ...

oval:org.secpod.oval:def:36490
This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. For information about how to ...

oval:org.secpod.oval:def:36529
This security setting determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. Default: Guest Counter Measure: Assign the Deny access ...

oval:org.secpod.oval:def:36493
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other user ...

oval:org.secpod.oval:def:36491
This privilege determines if the user can create a symbolic link from the computer he is logged on to. Default: Administrator WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren&amp;apos;t designed to handle th ...

oval:org.secpod.oval:def:36497
This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an ...

oval:org.secpod.oval:def:36496
This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer&amp;apos;s system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. This user right is ...

oval:org.secpod.oval:def:36489
This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. This user right is defined in the Default Domain Co ...

oval:org.secpod.oval:def:36486
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default on workstations and ser ...

oval:org.secpod.oval:def:36546
This security setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can ...

oval:org.secpod.oval:def:36545
This security setting determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. Defau ...

oval:org.secpod.oval:def:36543
This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is sim ...

oval:org.secpod.oval:def:36542
This security setting determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution Assigning this user right can be a security risk. Since owners of objects have full ...

oval:org.secpod.oval:def:36541
This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. Default on Workstations: Administrators, Backup Operators, Users. Default on Servers: ...

oval:org.secpod.oval:def:36540
This security setting determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler. For information about Task Scheduler, see Task Scheduler overvie ...

oval:org.secpod.oval:def:36533
This privilege determines which user accounts can increase or decrease the size of a process&amp;apos;s working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an applic ...

oval:org.secpod.oval:def:36527
Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a serv ...

oval:org.secpod.oval:def:36512
This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access mem ...

oval:org.secpod.oval:def:36508
This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Counter Measure: Assign the Deny ...

oval:org.secpod.oval:def:36507
This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kerne ...

oval:org.secpod.oval:def:36506
This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operat ...

oval:org.secpod.oval:def:36505
This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or unde ...

oval:org.secpod.oval:def:36559
Determines which users can log on to the computer. Important Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (http://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft websit ...

oval:org.secpod.oval:def:36558
This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Note: This privilege is useful for system tuning, but i ...

oval:org.secpod.oval:def:36552
This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are ...

oval:org.secpod.oval:def:36550
This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causi ...

oval:org.secpod.oval:def:36549
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. Important If you apply this security policy to the Everyone group, no one will be able to lo ...

oval:org.secpod.oval:def:36502
This policy setting allows accounts to launch network services or to register a process as a service running on the system. This user right should be restricted on any computer in a high security environment, but because many applications may require this privilege, it should be carefully evaluated ...

oval:org.secpod.oval:def:36494
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user ri ...

oval:org.secpod.oval:def:36499
This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy ...

oval:org.secpod.oval:def:36479
This security setting determines which users or groups have permission to log on as a Remote Desktop Services client. Default: On workstation and servers: Administrators, Remote Desktop Users. On domain controllers: Administrators. Important This setting does not have any effect on Windows 2000 ...

oval:org.secpod.oval:def:36539
This security setting determines which users can use performance monitoring tools to monitor the performance of non system processes. Default: Administrators, Power users. Counter Measure: Ensure that only the local Administrators group is assigned the Profile single process user right. Pote ...

oval:org.secpod.oval:def:36536
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. Default: Non ...

oval:org.secpod.oval:def:36534
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution Assigning this user right can be a ...

oval:org.secpod.oval:def:36560
This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders ...

oval:org.secpod.oval:def:36556
This security setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job policy setting if a user account is subject to both policies. Default: None Counter Measure: Assign the Deny log on as a batch job u ...

oval:org.secpod.oval:def:36553
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separ ...

oval:org.secpod.oval:def:36548
This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be ena ...

oval:org.secpod.oval:def:36535
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:org.secpod.oval:def:36554
This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less ...

oval:org.secpod.oval:def:36555
This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator exp ...

oval:org.secpod.oval:def:35479
This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audit ...

CPE    1
cpe:/o:microsoft:windows_10
CCE    286
CCE-44263-2
CCE-44177-4
CCE-43236-9
CCE-42867-2
...
*XCCDF
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10

© 2013 SecPod Technologies