[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:gov.nist.usgcb.windowsseven:def:207
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to discover the topology of a network it's connected to. It also allows a computer to initiate Quality-of-Service requests such as bandwidth estimation and network health an ...

oval:gov.nist.usgcb.windowsseven:def:217
This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connectivity to a remote network. If you disable or do not configure this policy setting, the local host settings is used. If you enable this policy setting, you can specify an I ...

oval:org.secpod.oval:def:14593
The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing acce ...

oval:gov.nist.usgcb.windowsseven:def:289
Use this setting to control whether or not a user is given the choice to report an error. When Display Error Notification is enabled, the user will be notified that an error has occurred and will be given access to details about the error. If the Configure Error Reporting setting is also enabled, ...

oval:org.secpod.oval:def:14577
Specifies a set of parameters for controlling the Windows NTP Client. NtpServer: The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where flags is a hexadecimal bitmask of the flags for that host. For more information, see t ...

oval:gov.nist.usgcb.windowsseven:def:145
Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running. Fix: (1) GPO: NOT ...

oval:gov.nist.usgcb.windowsseven:def:144
Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running. ...

oval:gov.nist.usgcb.windowsseven:def:147
If you have no need for controlling your children (as in, you do not have any), this service can safely be disabled.This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LO ...

oval:gov.nist.usgcb.windowsseven:def:146
If you do not use any external devices as a WMC extender, this service can safely be left in its default (disabled) value. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc!Start

oval:gov.nist.usgcb.windowsseven:def:219
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If this policy setting is enabled, the wizards are disabled and users will have no access to any of the wizard tasks. All the configuration related tasks, including 'Set up a wireless router or access point' and &a ...

oval:gov.nist.usgcb.windowsseven:def:284
Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cached mode. The default behavior for search is to not index uncached Exchange folders. Disabling this policy will block any indexing of uncached Exchange folders. Delegate ma ...

oval:org.secpod.oval:def:14583
Specifies whether to automatically update root certificates using the Windows Update Web site. Typically, a certificate is used when you use a secure Web site or when you send and receive secure e-mail. Anyone can issue certificates, but to have transactions that are as secure as possible, certifi ...

oval:org.secpod.oval:def:14768
This security setting determines which subsystems can optionally be started up to support your applications. With this security setting, you can specify as many subsystems to support your applications as your environment demands. Default: POSIX. This policy setting determines which subsystems are ...

oval:gov.nist.usgcb.windowsseven:def:117
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ...

oval:gov.nist.usgcb.windowsseven:def:283
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ...

oval:gov.nist.USGCB.win7firewall:def:20908
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

oval:gov.nist.USGCB.win7firewall:def:20907
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain ...

oval:gov.nist.usgcb.windowsseven:def:108
This security setting determines whether a computer can be shut down without having to log on to Windows. When this policy is enabled, the Shut Down command is available on the Windows logon screen. When this policy is disabled, the option to shut down the computer does not appear on the Windows l ...

oval:gov.nist.usgcb.windowsseven:def:261
By default administrator accounts are not displayed when attempting to elevate a running application. If you enable this policy setting, all local administrator accounts on the machine will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, ...

oval:gov.nist.usgcb.windowsseven:def:278
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconnect ...

oval:gov.nist.usgcb.windowsseven:def:258
Sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program ...

oval:gov.nist.usgcb.windowsseven:def:298
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. When this policy is enabled, programs are not able to acquire lice ...

oval:gov.nist.usgcb.windowsseven:def:113
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the opera ...

oval:gov.nist.usgcb.windowsseven:def:220
This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local ...

oval:gov.nist.usgcb.windowsseven:def:270
Manages download of game update information from Windows Metadata Services. If you enable this setting, game update information will not be downloaded. If you disable or do not configure this setting, game update information will be downloaded from Windows Metadata Services. Fix: (1) GPO: Compu ...

oval:gov.nist.usgcb.windowsseven:def:252
Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication information. Disabling this setting will cause RPC Clients that need to communicate with the End ...

oval:gov.nist.usgcb.windowsseven:def:215
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. ...

oval:gov.nist.USGCB.win7firewall:def:20921
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.usgcb.windowsseven:def:130
The default IPsec exemptions that were present in Windows XP and Windows 2000 except for the Internet Key Exchange (IKE) exemption were removed from Windows Server 2003. The IKE exemption is specific to source and destination port UDP 500. IKE always receives this type of packet from any source addr ...

oval:gov.nist.usgcb.windowsseven:def:291
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, Internet Explorer will not opt-in to Data Execution Prevention on platforms that support the SetPro ...

oval:gov.nist.usgcb.windowsseven:def:212
This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable this policy setting, domain users must elevate when setting a network's location. If you disable or do not configure this policy setting, domain users can set a netw ...

oval:gov.nist.usgcb.windowsseven:def:235
Specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. When a user opens a file that has an extension that is not associated with any applications on the machine, the user is given the choice to choose a local application or ...

oval:gov.nist.usgcb.windowsseven:def:134
This setting is used to enable or disabled the Internet Router Discovery Protocol (IRDP). IRDP allows the system to detect and configure Default Gateway addresses automatically. HKLM\System\CurrentControlSet\Tcpip\Parameters\PerformRouterDiscovery It enables or disables the Internet Router Discover ...

oval:org.secpod.oval:def:14748
This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Saved credentials of users may be compromised if this privilege is ...

oval:gov.nist.usgcb.windowsseven:def:216
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. If you enable this policy setting, you will be able to configure Teredo with one of the following settings: If you disable ...

oval:gov.nist.usgcb.windowsseven:def:100203
This check verifies that Windows Mail will not check newsgroups for Communities support. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities features (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail!DisableComm ...

oval:gov.nist.usgcb.windowsseven:def:245
This setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Logon\Always use ...

oval:gov.nist.USGCB.win7firewall:def:20910
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.usgcb.windowsseven:def:230
Specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the de ...

oval:gov.nist.USGCB.win7firewall:def:20917
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:gov.nist.usgcb.windowsseven:def:293
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only op ...

oval:gov.nist.usgcb.windowsseven:def:118
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ ...

oval:gov.nist.USGCB.win7firewall:def:20905
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.usgcb.windowsseven:def:107
Enabling this security option makes the Recovery Console SET command available, which allows you to set the following Recovery Console environment variables: AllowWildCards: Enable wildcard support for some commands (such as the DEL command). AllowAllPaths: Allow access to all files and folders on ...

oval:gov.nist.usgcb.windowsseven:def:123
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. Microsoft recommends to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable ...

oval:gov.nist.usgcb.windowsseven:def:243
Controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this setting, users will not be given the option to repor ...

oval:gov.nist.usgcb.windowsseven:def:301
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Grou ...

oval:gov.nist.usgcb.windowsseven:def:119
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: * Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy ...

oval:gov.nist.usgcb.windowsseven:def:236
Specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This setting affects the client side of Internet printing only. It does not prevent this machine from acting as an Internet Printin ...

oval:gov.nist.usgcb.windowsseven:def:250
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files will be generated. If you disable this policy setting, log files will not be generated. If you do not configure ...

oval:gov.nist.usgcb.windowsseven:def:292
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\T ...

oval:gov.nist.usgcb.windowsseven:def:259
Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately. Prior to XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and ...

oval:gov.nist.usgcb.windowsseven:def:286
Adjusts membership in Microsoft SpyNet. Microsoft SpyNet is the online community that helps you choose how to respond to potential spyware threats. The community also helps stop the spread of new spyware infections. Here's how it works. When Windows Defender detects software or changes by so ...

oval:gov.nist.usgcb.windowsseven:def:232
The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of ...

oval:gov.nist.usgcb.windowsseven:def:279
Specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes ...

oval:gov.nist.usgcb.windowsseven:def:269
Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not configure this setting, game information will be downloaded from Windows Metadata Services. ...

oval:gov.nist.usgcb.windowsseven:def:129
This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. HKLM\System\CurrentControlSet\Tcpip\Parameters\KeepAliveTime Fix: (1) GPO: Computer Configu ...

oval:gov.nist.usgcb.windowsseven:def:295
Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. It permits installations to complete that otherwise would be halted due to a security violation. The security features ...

oval:gov.nist.USGCB.win7firewall:def:20918
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Privat ...

oval:gov.nist.usgcb.windowsseven:def:105
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if message int ...

oval:gov.nist.usgcb.windowsseven:def:137
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.USGCB.win7firewall:def:20932
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20933
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.usgcb.windowsseven:def:234
Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded f ...

oval:gov.nist.usgcb.windowsseven:def:218
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:gov.nist.usgcb.windowsseven:def:299
This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options from being displayed when the Playe ...

oval:gov.nist.usgcb.windowsseven:def:238
Specifies whether Search Companion should automatically download content updates during local and Internet searches. When the user searches the local machine or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used ...

oval:gov.nist.USGCB.win7firewall:def:20915
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.USGCB.win7firewall:def:20924
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.usgcb.windowsseven:def:100201
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker. If you enable this setti ...

oval:gov.nist.usgcb.windowsseven:def:254
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking 'Yes' when they are prom ...

oval:gov.nist.usgcb.windowsseven:def:290
If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send addi ...

oval:gov.nist.usgcb.windowsseven:def:142
The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY ...

oval:gov.nist.USGCB.win7firewall:def:20926
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.USGCB.win7firewall:def:20911
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.usgcb.windowsseven:def:268
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.USGCB.win7firewall:def:20935
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:gov.nist.usgcb.windowsseven:def:253
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users will be able to use MSDT to collect and send diagnostic data to a support professional to resolve a problem. By default, the support provider is s ...

oval:gov.nist.usgcb.windowsseven:def:102
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send LM & ...

oval:gov.nist.USGCB.win7firewall:def:20931
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.usgcb.windowsseven:def:246
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:233
Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard will cause the wizard to exit. This prev ...

oval:org.secpod.oval:def:14553
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections will be rejected by the server. If you disable o ...

oval:gov.nist.usgcb.windowsseven:def:100202
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop s ...

oval:org.secpod.oval:def:14701
This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction poli ...

oval:gov.nist.usgcb.windowsseven:def:106
This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not de ...

oval:gov.nist.usgcb.windowsseven:def:239
Specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The "Order Prints Online" Wizard is used to download a list of providers and allow users to order prints online. If you enable this setting, the task "Order Prints Online&q ...

oval:gov.nist.usgcb.windowsseven:def:288
If this setting is enabled, Windows Error Reporting will not send any problem information to Microsoft. Additionally, solution information will not be available in the Action Center control panel. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Repor ...

oval:gov.nist.usgcb.windowsseven:def:265
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:277
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-down ...

oval:gov.nist.usgcb.windowsseven:def:209
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ...

oval:org.secpod.oval:def:14749
This security setting determines if users' private keys require a password to be used. The options are: User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public ...

oval:gov.nist.usgcb.windowsseven:def:275
Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. By default, ...

oval:gov.nist.usgcb.windowsseven:def:100204
Denies or allows access to the Windows Mail application. If you enable this setting, access to the Windows Mail application is denied. If you disable or do not configure this setting, access to the Windows Mail application is allowed. Fix: (1) GPO: Computer Configuration\Administrative Templates ...

oval:gov.nist.usgcb.windowsseven:def:100212
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box. If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even ...

oval:gov.nist.usgcb.windowsseven:def:237
Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online. If you disable or do not configure this ...

oval:gov.nist.usgcb.windowsseven:def:251
If you enable this setting, it directs the RPC Runtime on an RPC server to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC I ...

oval:gov.nist.usgcb.windowsseven:def:116
This policy setting controls the behavior of application installation detection for the computer. The options are: * Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and ...

oval:gov.nist.USGCB.win7firewall:def:20919
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Adva ...

oval:gov.nist.usgcb.windowsseven:def:214
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the l ...

oval:gov.nist.usgcb.windowsseven:def:135
Most programs on the Windows platform make use of various Dynamic Link Libraries (DLL) to avoid having to reimplement functionality. The operating system actually loads several DLLs for each program, depending on what type of program it is. When the program does not specify an absolute location for ...

oval:gov.nist.usgcb.windowsseven:def:264
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windows will not run any user-installed gadgets. If you disable or do not configure this setting, Windows will run user-installed gadgets. The default is for Windows to run ...

oval:gov.nist.USGCB.win7firewall:def:20916
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20930
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firew ...

oval:gov.nist.USGCB.win7firewall:def:20913
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:org.secpod.oval:def:14585
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. Note: This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Manag ...

oval:gov.nist.usgcb.windowsseven:def:247
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:112
This security setting determines the strength of the default discretionary access control list (DACL) for objects. Active Directory maintains a global list of shared system resources, such as DOS device names, mutexes, and semaphores. In this way, objects can be located and shared among processes. ...

oval:gov.nist.usgcb.windowsseven:def:249
This policy setting allows you to enable or disable Solicited (Ask for) Remote Assistance on this computer. If you enable this policy, users on this computer can use e-mail or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer ...

oval:gov.nist.usgcb.windowsseven:def:222
This policy setting allows you to specify whether to send a Windows error report when a generic driver is installed on a device. If you enable this policy setting, a Windows error report is not sent when a generic driver is installed. If you disable or do not configure this policy setting, a Windo ...

oval:gov.nist.usgcb.windowsseven:def:272
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Conne ...

oval:org.secpod.oval:def:14559
This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. If you enable this setting, Windows Update will not be searched when a new device is installed. If you disable this setting, Windows Update will always be searched for d ...

oval:gov.nist.usgcb.windowsseven:def:229
Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. Note: This setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits dow ...

oval:gov.nist.USGCB.win7firewall:def:20909
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.USGCB.win7firewall:def:20906
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:org.secpod.oval:def:14796
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, ...

oval:gov.nist.usgcb.windowsseven:def:213
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly. When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: throu ...

oval:gov.nist.usgcb.windowsseven:def:139
The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in th ...

oval:gov.nist.usgcb.windowsseven:def:231
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ...

oval:gov.nist.usgcb.windowsseven:def:227
This setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enable this setting, you can use the check boxes pro ...

oval:gov.nist.usgcb.windowsseven:def:287
If this setting is enabled Windows Error Reporting events will not be logged to the system event log. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Er ...

oval:gov.nist.usgcb.windowsseven:def:257
This policy controls the state of the Program Inventory collector in the system. The PDU inventories programs and files on the system and sends information about those files to Microsoft. This information is used to help associate files to programs and diagnose application compatibility prob ...

oval:gov.nist.USGCB.win7firewall:def:20914
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:gov.nist.usgcb.windowsseven:def:300
Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in th ...

oval:gov.nist.usgcb.windowsseven:def:122
Determines whether the automatic logon feature is enabled. Automatic logon uses the domain, user name, and password stored in the registry to log users on to the computer when the system starts. The Log On to Windows dialog box is not displayed. This entry determines whether the automatic logon fea ...

oval:gov.nist.usgcb.windowsseven:def:143
Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax!Start

oval:gov.nist.USGCB.win7firewall:def:20927
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.usgcb.windowsseven:def:285
By default Windows Anytime Upgrade is available for all administrators. If you enable this policy setting, Windows Anytime Upgrade will not run. If you disable this policy setting or set it to Not Configured, Windows Anytime Upgrade will run. Fix: (1) GPO: Computer Configuration\Administrative ...

oval:gov.nist.usgcb.windowsseven:def:127
Internet Control Message Protocol (ICMP) redirects cause the stack to plumb host routes. These routes override the Open Shortest Path First (OSPF)-generated routes, attackers can use source routed packets to conceal the address of their computer. HKLM\System\CurrentControlSet\Services\Tcpip\Paramete ...

oval:gov.nist.usgcb.windowsseven:def:240
Specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the selected items to the Web," are available from File and Folder Tasks in Windows folders. The Web Publishing Wizard is used to download a list of providers and ...

oval:gov.nist.usgcb.windowsseven:def:221
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug and Play interface ...

oval:gov.nist.USGCB.win7firewall:def:20929
Use this option to specify the size limit of the file in which Windows Firewall will write its log information. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public ...

oval:gov.nist.usgcb.windowsseven:def:255
This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, responsiveness events are processed and aggregated. The aggregated data will be transmitted to Microsoft through SQM. if you disable this policy setting, responsiveness ...

oval:org.secpod.oval:def:14661
Windows Server operating systems support 8.3 file name formats for backward compatibility with16-bit applications. The 8.3 file name convention is a naming format that allows file names up to eight characters long. The registry value entry NtfsDisable8dot3NameCreation was added to the template file ...

oval:gov.nist.usgcb.windowsseven:def:100205
Ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts. If you enable ...

oval:gov.nist.usgcb.windowsseven:def:136
Setting Added to Registry to Make Screensaver Password Protection Immediate The default grace period allowed for user movement before the screen - saver lock takes effect is five seconds. Leaving the grace period in the default setting makes your computer vulnerable to a potential attack from someon ...

oval:gov.nist.usgcb.windowsseven:def:294
Allows Web-based programs to install software on the computer without notifying the user. By default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. This setting suppresses the warnin ...

oval:gov.nist.usgcb.windowsseven:def:109
This security setting determines whether the virtual memory pagefile is cleared when the system is shut down. Virtual memory support uses a system pagefile to swap pages of memory to disk when they are not used. On a running system, this pagefile is opened exclusively by the operating system, and i ...

oval:gov.nist.usgcb.windowsseven:def:208
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a computer to participate in Link Layer Topology Discovery requests so that it can be discovered and located on the network. It also allows a computer to participate in Quality-of-Ser ...

oval:gov.nist.usgcb.windowsseven:def:120
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: * Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and st ...

oval:gov.nist.usgcb.windowsseven:def:280
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate tem ...

oval:org.secpod.oval:def:14558
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user's Windows credentials. Note: This policy affects nonlogon authentication tasks only. As a security best practice, ...

oval:gov.nist.usgcb.windowsseven:def:121
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Th ...

oval:gov.nist.USGCB.win7firewall:def:20922
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.usgcb.windowsseven:def:223
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity, such as the installation of an unsigned driver. A sy ...

oval:org.secpod.oval:def:14811
Ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and servic ...

oval:gov.nist.usgcb.windowsseven:def:260
If this policy is enabled, autoplay will not be enabled for non-volume devices like MTP devices. If you disable or not configure this policy, autoplay will continue to be enabled for non-volume devices. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\AutoPlay Poli ...

oval:gov.nist.usgcb.windowsseven:def:132
Network basic input/output system (NetBIOS) over TCP/IP is a networking protocol that, among other things, provides a means of easily resolving NetBIOS names registered on Windows- based systems to the IP addresses configured on those systems. This value determines whether the computer releases its ...

oval:gov.nist.usgcb.windowsseven:def:224
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation S ...

oval:gov.nist.usgcb.windowsseven:def:297
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information. If enabled, a notification popup will be displayed to the user when the user logs on with cached credenti ...

oval:gov.nist.usgcb.windowsseven:def:296
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users. If yo ...

oval:gov.nist.USGCB.win7firewall:def:20928
Use this option to specify the path and name of the file in which Windows Firewall will write its log information. Default: %systemroot%\system32\logfiles\firewall\pfirewall.log Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows ...

oval:gov.nist.usgcb.windowsseven:def:210
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

oval:gov.nist.usgcb.windowsseven:def:267
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:100214
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes afte ...

oval:gov.nist.USGCB.win7firewall:def:20936
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:gov.nist.usgcb.windowsseven:def:281
This policy setting prevents users from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the setting to download an enclosure is disabled. A developer cannot change the download setting through the Feed application programmi ...

oval:gov.nist.USGCB.win7firewall:def:20904
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.usgcb.windowsseven:def:271
By default, users can add their computer to a homegroup on a home network. If you enable this policy setting, a user on this computer will not be able to add this computer to a homegroup. This setting does not affect other network sharing features. If you disable or do not configure this policy s ...

oval:gov.nist.USGCB.win7firewall:def:20925
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.usgcb.windowsseven:def:263
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed files, either digitally signed or unsigned. If you enable this setting, gadgets that have not been digitally signed will not be extracted. If you disable or do not confi ...

oval:gov.nist.usgcb.windowsseven:def:248
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy, users o ...

oval:gov.nist.usgcb.windowsseven:def:225
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting, you can select whether Windows searches Windows Update first, searches Windows Update last, or does not search Windows Update. If you disable or d ...

oval:org.secpod.oval:def:14548
This policy setting allows users to have their feeds authenticated using the Basic authentication scheme over an unencrypted HTTP connection. If you enable this policy setting, the RSS Platform will authenticate to servers using the Basic authentication scheme in combination with an insecure HTTP c ...

oval:gov.nist.usgcb.windowsseven:def:262
This policy setting allows you to override the More Gadgets link. The Gadget Gallery contains a link for users to download more gadgets from a website. Microsoft hosts a default website where many gadget authors can post their gadgets. This link can be redirected to a website where alternate gadge ...

oval:gov.nist.USGCB.win7firewall:def:20920
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.usgcb.windowsseven:def:100
This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in ...

oval:gov.nist.usgcb.windowsseven:def:114
This policy setting controls the behavior of the elevation prompt for administrators. The options are: * Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constraine ...

oval:org.secpod.oval:def:14674
This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. Fix: (1) GPO: Computer Configuration\Windo ...

oval:org.secpod.oval:def:14678
This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or unde ...

oval:gov.nist.usgcb.windowsseven:def:115
This policy setting controls the behavior of the elevation prompt for standard users. The options are: * Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the oper ...

oval:gov.nist.usgcb.windowsseven:def:100213
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. If the status is set to Enabled, Automatic Updates will not restart a computer automatically duri ...

oval:gov.nist.usgcb.windowsseven:def:104
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 prot ...

oval:gov.nist.usgcb.windowsseven:def:111
This security setting determines whether case insensitivity is enforced for all subsystems. The Win32 subsystem is case insensitive. However, the kernel supports case sensitivity for other subsystems, such as POSIX. If this setting is enabled, case insensitivity is enforced for all directory object ...

oval:gov.nist.usgcb.windowsseven:def:103
This security setting determines the level of data signing that is requested on behalf of clients issuing LDAP BIND requests, as follows: None: The LDAP BIND request is issued with the options that are specified by the caller. Negotiate signing: If Transport Layer Security/Secure Sockets Layer (TLS ...

oval:gov.nist.usgcb.windowsseven:def:6
This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum passw ...

oval:gov.nist.usgcb.windowsseven:def:5
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:gov.nist.usgcb.windowsseven:def:8
This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least ...

oval:gov.nist.usgcb.windowsseven:def:7
This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. Default: 7 on domain controllers. 0 on sta ...

oval:gov.nist.usgcb.windowsseven:def:10
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default on workstations and ser ...

oval:gov.nist.usgcb.windowsseven:def:11
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separ ...

oval:gov.nist.usgcb.windowsseven:def:12
This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Note: This privilege is useful for system tuning, but i ...

oval:gov.nist.usgcb.windowsseven:def:13
Determines which users can log on to the computer. Important Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (http://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft websit ...

oval:gov.nist.usgcb.windowsseven:def:18
This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. This user right is def ...

oval:gov.nist.usgcb.windowsseven:def:19
This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. For information about how to ...

oval:gov.nist.usgcb.windowsseven:def:14
This security setting determines which users or groups have permission to log on as a Remote Desktop Services client. Default: On workstation and servers: Administrators, Remote Desktop Users. On domain controllers: Administrators. Important This setting does not have any effect on Windows 2000 ...

oval:gov.nist.usgcb.windowsseven:def:15
This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders ...

oval:gov.nist.usgcb.windowsseven:def:16
This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. This user right is defined in the Default Domain Co ...

oval:gov.nist.usgcb.windowsseven:def:17
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time ...

oval:gov.nist.usgcb.windowsseven:def:2
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:gov.nist.usgcb.windowsseven:def:1
This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator exp ...

oval:gov.nist.usgcb.windowsseven:def:4
This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused ...

oval:gov.nist.usgcb.windowsseven:def:3
This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less ...

oval:gov.nist.usgcb.windowsseven:def:43
This security setting determines which users can use performance monitoring tools to monitor the performance of nonsystem processes. Default: Administrators, Power users. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile single p ...

oval:gov.nist.usgcb.windowsseven:def:44
This security setting determines which users can use performance monitoring tools to monitor the performance of system processes. Default: Administrators. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance (2) ...

oval:gov.nist.usgcb.windowsseven:def:45
This security setting determines whether a user can undock a portable computer from its docking station without logging on. If this policy is enabled, the user must log on before removing the portable computer from its docking station. If this policy is disabled, the user may remove the portable co ...

oval:gov.nist.usgcb.windowsseven:def:46
This security setting determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler. For information about Task Scheduler, see Task Scheduler overvie ...

oval:gov.nist.usgcb.windowsseven:def:40
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. Default: Non ...

oval:gov.nist.usgcb.windowsseven:def:41
This security setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can ...

oval:gov.nist.usgcb.windowsseven:def:42
This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are ...

oval:gov.nist.usgcb.windowsseven:def:20010
This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ...

oval:gov.nist.usgcb.windowsseven:def:20013
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network. You can configure a computer so that it does not send announcements to browsers on the domain. If you do, you hide the computer from the Network Browser list; it doe ...

oval:gov.nist.usgcb.windowsseven:def:20012
Allowing source routed network traffic allows attackers to obscure their identity and location. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Vulnerability: Source routing allows a computer that sends a pack ...

oval:gov.nist.usgcb.windowsseven:def:47
This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is sim ...

oval:gov.nist.usgcb.windowsseven:def:48
This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. Default on Workstations: Administrators, Backup Operators, Users. Default on Servers: ...

oval:gov.nist.usgcb.windowsseven:def:49
This security setting determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Caution Assigning this user right can be a security risk. Since owners of objects have full ...

oval:gov.nist.usgcb.windowsseven:def:20019
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. * Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

oval:gov.nist.usgcb.windowsseven:def:20015
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication request ...

oval:gov.nist.usgcb.windowsseven:def:20014
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.usgcb.windowsseven:def:20017
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In pr ...

oval:gov.nist.usgcb.windowsseven:def:20016
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2 ...

oval:gov.nist.usgcb.windowsseven:def:55
This security setting determines whether to audit the access of global system objects. If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs ...

oval:gov.nist.usgcb.windowsseven:def:56
This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that is backed up or rest ...

oval:gov.nist.usgcb.windowsseven:def:57
Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category le ...

oval:gov.nist.usgcb.windowsseven:def:51
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:gov.nist.usgcb.windowsseven:def:52
This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Ena ...

oval:gov.nist.usgcb.windowsseven:def:21
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other user ...

oval:gov.nist.usgcb.windowsseven:def:22
This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kerne ...

oval:gov.nist.usgcb.windowsseven:def:23
This privilege determines if the user can create a symbolic link from the computer he is logged on to. Default: Administrator WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. ...

oval:gov.nist.usgcb.windowsseven:def:24
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user ri ...

oval:gov.nist.usgcb.windowsseven:def:20
This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operat ...

oval:gov.nist.usgcb.windowsseven:def:29
This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Fix: (1) GPO: Computer Configuration ...

oval:gov.nist.usgcb.windowsseven:def:25
This security setting determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. Default: Guest Fix: (1) GPO: Computer Configuration\Windows ...

oval:gov.nist.usgcb.windowsseven:def:26
This security setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job policy setting if a user account is subject to both policies. Default: None. Fix: (1) GPO: Computer Configuration\Windows Settings\Secur ...

oval:gov.nist.usgcb.windowsseven:def:27
This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies. Note: This security setting does not apply to the System, Local Service, or ...

oval:gov.nist.usgcb.windowsseven:def:28
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. Important If you apply this security policy to the Everyone group, no one will be able to lo ...

oval:gov.nist.usgcb.windowsseven:def:32
Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a serv ...

oval:gov.nist.usgcb.windowsseven:def:33
This privilege determines which user accounts can increase or decrease the size of a process's working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an applicatio ...

oval:gov.nist.usgcb.windowsseven:def:34
This security setting determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. Defau ...

oval:gov.nist.usgcb.windowsseven:def:35
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution Assigning this user right can be a ...

oval:gov.nist.usgcb.windowsseven:def:30
This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy ...

oval:gov.nist.usgcb.windowsseven:def:31
This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causi ...

oval:gov.nist.usgcb.windowsseven:def:36
This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access mem ...

oval:gov.nist.usgcb.windowsseven:def:37
This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an ...

oval:gov.nist.usgcb.windowsseven:def:38
This security setting allows a security principal to log on as a service. Services can be configured to run under the Local System, Local Service, or Network Service accounts, which have a built in right to log on as a service. Any service that runs under a separate user account must be assigned the ...

oval:gov.nist.usgcb.windowsseven:def:39
This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be ena ...

oval:gov.nist.usgcb.windowsseven:def:80
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, t ...

oval:gov.nist.usgcb.windowsseven:def:81
This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent "man-in-the-m ...

oval:gov.nist.usgcb.windowsseven:def:82
This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. The server message block (SMB) protocol provides the ba ...

oval:gov.nist.usgcb.windowsseven:def:87
This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to gr ...

oval:gov.nist.usgcb.windowsseven:def:88
Network access: Do not allow storage of credentials or .NET Passports for network authentication This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not st ...

oval:gov.nist.usgcb.windowsseven:def:89
This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrat ...

oval:gov.nist.usgcb.windowsseven:def:83
This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be ...

oval:gov.nist.usgcb.windowsseven:def:86
This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an adminis ...

oval:gov.nist.usgcb.windowsseven:def:90
This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Restricting access over named pipes such as COMNAP and LOCATOR helps prevent unauthorized access to the network. The table in the Vulnerability section lists default na ...

oval:gov.nist.usgcb.windowsseven:def:91
This security setting determines which registry keys can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications ...

oval:gov.nist.usgcb.windowsseven:def:92
This security setting determines which registry paths and subpaths can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Even ...

oval:gov.nist.usgcb.windowsseven:def:93
When enabled, this security setting restricts anonymous access to shares and pipes to the settings for: Network access: Named pipes that can be accessed anonymously Network access: Shares that can be accessed anonymously Default: Enabled. The server service restricts unauthenticated clients acces ...

oval:gov.nist.usgcb.windowsseven:def:94
This security setting determines which network shares can accessed by anonymous users. Default: None specified. This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be a ...

oval:gov.nist.usgcb.windowsseven:def:95
This security setting determines how network logons that use local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. The Classic model allows fine control over access to resources. By using the Cl ...

oval:gov.nist.usgcb.windowsseven:def:60
Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of c ...

oval:gov.nist.usgcb.windowsseven:def:65
This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channe ...

oval:gov.nist.usgcb.windowsseven:def:66
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified ...

oval:gov.nist.usgcb.windowsseven:def:67
This setting controls the maximum password age that a machine account may have. This security setting determines how often a domain member will attempt to change its computer account password. Default: 30 days. Important This setting applies to Windows 2000 computers, but it is not available thr ...

oval:gov.nist.usgcb.windowsseven:def:68
This security setting determines whether 128-bit key strength is required for encrypted secure channel data. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller w ...

oval:gov.nist.usgcb.windowsseven:def:61
This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can ...

oval:gov.nist.usgcb.windowsseven:def:62
This value determines if access to the floppy drive is restricted to locally logged-on users. 1 = restricted This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively log ...

oval:gov.nist.usgcb.windowsseven:def:69
This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen. If this policy is enabled, the name of the last user to successfully log on is not displayed in the Logon Screen. ". If this policy is disabled, the name of t ...

oval:gov.nist.usgcb.windowsseven:def:70
This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the us ...

oval:gov.nist.usgcb.windowsseven:def:71
This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. Fix: ( ...

oval:gov.nist.usgcb.windowsseven:def:76
This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: * No Action * Lock Workstation * Force Logoff * Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog bo ...

oval:gov.nist.usgcb.windowsseven:def:77
This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:78
This security setting determines whether the SMB client attempts to negotiate SMB packet signing. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:79
If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled. Fix: (1) GPO: Com ...

oval:gov.nist.usgcb.windowsseven:def:72
This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. The logon banner should be titled with a warning label containing the name of the owning organiz ...

oval:gov.nist.usgcb.windowsseven:def:73
All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a mess ...

oval:gov.nist.usgcb.windowsseven:def:74
Determines how far in advance (in days) users are warned that their password is about to expire. With this advance warning, the user has time to construct a password that is sufficiently strong. Default: 14 days. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Polici ...

oval:gov.nist.usgcb.windowsseven:def:75
Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, ...

oval:gov.nist.USGCB.win7firewall:def:20923
The Private Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\P ...

oval:gov.nist.USGCB.win7firewall:def:20912
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

CPE    1
cpe:/o:microsoft:windows_7
CCE    270
CCE-9361-7
CCE-9222-1
CCE-10763-1
CCE-10183-2
...
*XCCDF
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7

© SecPod Technologies