[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97389

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:gov.nist.usgcb.windowsseven:def:241
Customer Experience Improvement Program

oval:gov.nist.usgcb.windowsseven:def:276
Set client connection encryption level

oval:org.secpod.oval:def:14576
The 'Configure Windows NTP Client\Type' setting should be configured correctly.

oval:org.secpod.oval:def:14589
The 'Configure Windows NTP Client\SpecialPollInterval' setting should be configured correctly.

oval:org.secpod.oval:def:14588
The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' setting should be configured correctly.

oval:org.secpod.oval:def:14582
The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' setting should be configured correctly.

oval:gov.nist.usgcb.windowsseven:def:100215
configure windows time provider

oval:org.secpod.oval:def:14805
The 'Configure Windows NTP Client\CrossSiteSyncFlags' setting should be configured correctly.

oval:org.secpod.oval:def:14750
Auditing of 'Object Access:File Share' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14752
Auditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14753
Auditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14745
Auditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14761
Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14765
Auditing of 'Object Access:Other Object Access Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14764
Auditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14757
Auditing of 'Object Access:Certification Services' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14725
Auditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14673
Auditing of 'Object Access:Detailed File Share' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14795
Auditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14671
Auditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14550
Auditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14792
Auditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14672
Auditing of 'Object Access:Application Generated' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14556
Auditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14554
Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14555
Auditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14791
Auditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14549
Auditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14668
Auditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14564
Auditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14561
Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14567
Auditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14568
Auditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14686
Auditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14560
Auditing of 'Object Access:Handle Manipulation' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14770
Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14776
Auditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14775
Auditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14767
Auditing of 'Object Access:Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14782
Auditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14785
Auditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14665
Auditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14705
Auditing of 'Object Access:Kernel Object' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14714
Auditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14802
Auditing of 'Object Access:SAM' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14800
Auditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14807
Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14804
Auditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14813
Auditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.windowsseven:def:227
Registry Policy Processing

oval:org.secpod.oval:def:14740
Auditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14737
Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.windowsseven:def:20020
This policy setting determines whether or not users can connect to the computer using Remote Desktop Services.

oval:gov.nist.usgcb.windowsseven:def:85
Determines if an anonymous user can request security identifier (SID) attributes for another user.

oval:gov.nist.usgcb.windowsseven:def:200
This policy setting allows you to audit events generated by the IPsec filter driver such as the following: Startup and shutdown of the IPsec services. Network packets dropped due to integrity check failure. Network packets dropped due to replay check failure. Network packets dropped ...

oval:gov.nist.usgcb.windowsseven:def:202
This policy setting allows you to audit events generated by changes in the security state of the computer such as the following events: Startup and shutdown of the computer. Change of system time. Recovering the system from CrashOnAuditFail, which is logged after a system restarts when t ...

oval:gov.nist.usgcb.windowsseven:def:301
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic updating service. This setting lets you specify if automatic updates are enabled on this computer. If the service is enabled, you must select one of the four options in the Grou ...

oval:gov.nist.usgcb.windowsseven:def:300
Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in th ...

oval:org.secpod.oval:def:7711
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:gov.nist.usgcb.windowsseven:def:104
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: Require NTLMv2 session security: The connection will fail if NTLMv2 prot ...

oval:gov.nist.usgcb.windowsseven:def:107
Enabling this security option makes the Recovery Console SET command available, which allows you to set the following Recovery Console environment variables: AllowWildCards: Enable wildcard support for some commands (such as the DEL command). AllowAllPaths: Allow access to all files and folders on ...

oval:org.secpod.oval:def:7712
Determines whether screen savers used on the computer are password protected. If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver. This setting also disables the "Password protected" che ...

oval:gov.nist.usgcb.windowsseven:def:106
This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. Default: This policy is not de ...

oval:gov.nist.usgcb.windowsseven:def:229
Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP. Note: This setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits dow ...

oval:org.secpod.oval:def:7714
Specifies the screen saver for the user's desktop. If you enable this setting, the system displays the specified screen saver on the user's desktop. Also, this setting disables the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, ...

oval:gov.nist.usgcb.windowsseven:def:231
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples wi ...

oval:gov.nist.usgcb.windowsseven:def:110
For the Schannel Security Service Provider (SSP), this security setting disables the weaker Secure Sockets Layer (SSL) protocols and supports only the Transport Layer Security (TLS) protocols as a client and as a server (if applicable). If this setting is enabled, Transport Layer Security/Secure Soc ...

oval:gov.nist.usgcb.windowsseven:def:230
Specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, "More Information" is placed at the end of the de ...

oval:gov.nist.usgcb.windowsseven:def:233
Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs). If you enable this setting, the "Choose a list of Internet Service Providers" path in the Internet Connection Wizard will cause the wizard to exit. This prev ...

oval:gov.nist.usgcb.windowsseven:def:232
The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of ...

oval:gov.nist.usgcb.windowsseven:def:114
This policy setting controls the behavior of the elevation prompt for administrators. The options are: * Elevate without prompting: Allows privileged accounts to perform an operation that requires elevation without requiring consent or credentials. Note: Use this option only in the most constraine ...

oval:gov.nist.usgcb.windowsseven:def:235
Specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandled file association. When a user opens a file that has an extension that is not associated with any applications on the machine, the user is given the choice to choose a local application or ...

oval:gov.nist.usgcb.windowsseven:def:113
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: * Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the opera ...

oval:gov.nist.usgcb.windowsseven:def:234
Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded f ...

oval:gov.nist.usgcb.windowsseven:def:116
This policy setting controls the behavior of application installation detection for the computer. The options are: * Enabled: (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and ...

oval:gov.nist.usgcb.windowsseven:def:115
This policy setting controls the behavior of the elevation prompt for standard users. The options are: * Prompt for credentials: When an operation requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the oper ...

oval:gov.nist.usgcb.windowsseven:def:236
Specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to printers on the intranet as well as the Internet. Note: This setting affects the client side of Internet printing only. It does not prevent this machine from acting as an Internet Printin ...

oval:gov.nist.usgcb.windowsseven:def:118
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - ...\Program Files\, including subfolders - ...\Windows\system32\ ...

oval:gov.nist.usgcb.windowsseven:def:238
Specifies whether Search Companion should automatically download content updates during local and Internet searches. When the user searches the local machine or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used ...

oval:gov.nist.usgcb.windowsseven:def:117
This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local ...

oval:gov.nist.usgcb.windowsseven:def:119
This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are: * Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy ...

oval:gov.nist.usgcb.windowsseven:def:121
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\system32, or HKLM\Software. Th ...

oval:gov.nist.usgcb.windowsseven:def:120
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. The options are: * Enabled: (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and st ...

oval:gov.nist.usgcb.windowsseven:def:123
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should take through the network. Microsoft recommends to configure this setting to Not Defined for enterprise environments and to Highest Protection for high security environments to completely disable ...

oval:gov.nist.usgcb.windowsseven:def:243
Controls whether or not errors are reported to Microsoft. Error Reporting is used to report information about a system or application that has failed or has stopped responding and is used to improve the quality of the product. If you enable this setting, users will not be given the option to repor ...

oval:gov.nist.usgcb.windowsseven:def:122
Determines whether the automatic logon feature is enabled. Automatic logon uses the domain, user name, and password stored in the registry to log users on to the computer when the system starts. The Log On to Windows dialog box is not displayed. This entry determines whether the automatic logon fea ...

oval:gov.nist.usgcb.windowsseven:def:246
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:245
This setting forces the user to log on to the computer using the classic logon screen. By default, a workgroup is set to use the simple logon screen. This setting only works when the computer is not on a domain. Fix: (1) GPO: Computer Configuration\Administrative Templates\System\Logon\Always use ...

oval:gov.nist.usgcb.windowsseven:def:204
This policy setting allows you to audit events that violate the integrity of the security subsystem, such as the following: Events that could not be written to the event log because of a problem with the auditing system. A process that uses a local procedure call (LPC) port that is not valid ...

oval:gov.nist.usgcb.windowsseven:def:203
This policy setting allows you to audit events related to security system extensions or services such as the following: A security system extension, such as an authentication, notification, or security package is loaded and is registered with the Local Security Authority (LSA). It is used to aut ...

oval:gov.nist.usgcb.windowsseven:def:209
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to stop working. Peer-to-Peer protocols allow for applications in the areas of RTC, collaboration, content distribution and distributed processing. If you enable this settin ...

oval:gov.nist.usgcb.windowsseven:def:210
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS do ...

oval:gov.nist.usgcb.windowsseven:def:213
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly. When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: throu ...

oval:gov.nist.usgcb.windowsseven:def:212
This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable this policy setting, domain users must elevate when setting a network's location. If you disable or do not configure this policy setting, domain users can set a netw ...

oval:gov.nist.usgcb.windowsseven:def:215
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and host-to-host, host-to-router and router-to-host automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. ...

oval:gov.nist.usgcb.windowsseven:def:214
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 uses the global address prefix: 2002:WWXX:YYZZ::/48 in which the l ...

oval:gov.nist.usgcb.windowsseven:def:216
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides unicast IPv6 connectivity across the IPv4 Internet. If you enable this policy setting, you will be able to configure Teredo with one of the following settings: If you disable ...

oval:gov.nist.usgcb.windowsseven:def:218
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 Wi-Fi, through the Windows Portable Device API (WPD), and via USB Flash drives. Additiona ...

oval:gov.nist.usgcb.windowsseven:def:220
This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy setting, the client computer will continue to search for compatible Point and Print drivers from Windows Update after it fails to find the compatible driver from the local ...

oval:gov.nist.usgcb.windowsseven:def:101
This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB server to be f ...

oval:gov.nist.usgcb.windowsseven:def:222
This policy setting allows you to specify whether to send a Windows error report when a generic driver is installed on a device. If you enable this policy setting, a Windows error report is not sent when a generic driver is installed. If you disable or do not configure this policy setting, a Windo ...

oval:gov.nist.usgcb.windowsseven:def:221
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, remote connections to the Plug and Play interface are allowed. If you disable or do not configure this policy setting, remote connections to the Plug and Play interface ...

oval:gov.nist.usgcb.windowsseven:def:100
This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. The LM hash is relatively weak and prone to attack, as compared with the cryptographically stronger Windows NT hash. Since the LM hash is stored on the local computer in ...

oval:gov.nist.usgcb.windowsseven:def:102
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: Send LM & ...

oval:gov.nist.USGCB.win7firewall:def:20922
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.USGCB.win7firewall:def:20921
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.usgcb.windowsseven:def:269
Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game information including box art and ratings will not be downloaded. If you disable or do not configure this setting, game information will be downloaded from Windows Metadata Services. ...

oval:gov.nist.USGCB.win7firewall:def:20920
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fire ...

oval:gov.nist.USGCB.win7firewall:def:20927
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20926
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:org.secpod.oval:def:14593
The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing acce ...

oval:gov.nist.USGCB.win7firewall:def:20925
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.USGCB.win7firewall:def:20924
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Fi ...

oval:gov.nist.USGCB.win7firewall:def:20923
The Private Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\P ...

oval:gov.nist.usgcb.windowsseven:def:270
Manages download of game update information from Windows Metadata Services. If you enable this setting, game update information will not be downloaded. If you disable or do not configure this setting, game update information will be downloaded from Windows Metadata Services. Fix: (1) GPO: Compu ...

oval:gov.nist.usgcb.windowsseven:def:272
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Conne ...

oval:gov.nist.usgcb.windowsseven:def:275
Specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client. By default, ...

oval:gov.nist.usgcb.windowsseven:def:277
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting, you must select the desired time limit in the Idle session limit drop-down ...

oval:gov.nist.usgcb.windowsseven:def:279
Specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes ...

oval:gov.nist.usgcb.windowsseven:def:278
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Remote Desktop Services allows users to disconnect ...

oval:gov.nist.usgcb.windowsseven:def:157
This policy setting allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted. If you configure this policy setting, an audit event is generated when an attempt to change a computer account is made. Success audits record suc ...

oval:gov.nist.USGCB.win7firewall:def:20933
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20932
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.usgcb.windowsseven:def:159
This policy setting allows you to audit events generated by other user account changes that are not covered in this category, such as the following: The password hash of a user account was accessed. This typically happens during an Active Directory Management Tool password migration. The Pas ...

oval:gov.nist.USGCB.win7firewall:def:20931
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security ...

oval:gov.nist.USGCB.win7firewall:def:20930
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firew ...

oval:gov.nist.USGCB.win7firewall:def:20936
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:gov.nist.USGCB.win7firewall:def:20935
The Public Profile is the default profile for a computer connected to a public network but not connected to a domain controller. This should be the most restricted profile. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Securi ...

oval:gov.nist.usgcb.windowsseven:def:161
This policy setting allows you to audit changes to user accounts. Events include the following: A user account is created, changed, deleted; renamed, disabled, enabled, locked out, or unlocked. A user account's password is set or changed. A security identifier (SID) is added to the ...

oval:gov.nist.usgcb.windowsseven:def:281
This policy setting prevents users from having enclosures (file attachments) downloaded from a feed to the user's computer. If you enable this policy setting, the setting to download an enclosure is disabled. A developer cannot change the download setting through the Feed application programmi ...

oval:gov.nist.usgcb.windowsseven:def:160
This policy setting allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed. If you configure this policy setting, an audit event is ...

oval:gov.nist.usgcb.windowsseven:def:163
This policy setting allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited. If you configure this policy setting, an audit event is generated when a process is created. Success audits record successful a ...

oval:gov.nist.usgcb.windowsseven:def:285
By default Windows Anytime Upgrade is available for all administrators. If you enable this policy setting, Windows Anytime Upgrade will not run. If you disable this policy setting or set it to Not Configured, Windows Anytime Upgrade will run. Fix: (1) GPO: Computer Configuration\Administrative ...

oval:gov.nist.usgcb.windowsseven:def:288
If this setting is enabled, Windows Error Reporting will not send any problem information to Microsoft. Additionally, solution information will not be available in the Action Center control panel. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Repor ...

oval:gov.nist.usgcb.windowsseven:def:287
If this setting is enabled Windows Error Reporting events will not be logged to the system event log. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Er ...

oval:gov.nist.usgcb.windowsseven:def:289
Use this setting to control whether or not a user is given the choice to report an error. When Display Error Notification is enabled, the user will be notified that an error has occurred and will be given access to details about the error. If the Configure Error Reporting setting is also enabled, ...

oval:gov.nist.usgcb.windowsseven:def:248
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this policy, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you disable this policy, users o ...

oval:gov.nist.usgcb.windowsseven:def:127
Internet Control Message Protocol (ICMP) redirects cause the stack to plumb host routes. These routes override the Open Shortest Path First (OSPF)-generated routes, attackers can use source routed packets to conceal the address of their computer. HKLM\System\CurrentControlSet\Services\Tcpip\Paramete ...

oval:gov.nist.usgcb.windowsseven:def:247
Specifies whether or not the user is prompted for a password when the system resumes from sleep. If you enable this policy, or if it is not configured, the user is prompted for a password when the system resumes from sleep. If you disable this policy, the user is not prompted for a password when ...

oval:gov.nist.usgcb.windowsseven:def:129
This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. HKLM\System\CurrentControlSet\Tcpip\Parameters\KeepAliveTime Fix: (1) GPO: Computer Configu ...

oval:org.secpod.oval:def:14693
This policy setting allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock. Ifyou configure this policy setting, an audit event is generated for each IAS and NAP user acce ...

oval:org.secpod.oval:def:14577
Specifies a set of parameters for controlling the Windows NTP Client. NtpServer: The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of "dnsName,flags" where flags is a hexadecimal bitmask of the flags for that host. For more information, see t ...

oval:org.secpod.oval:def:14692
This security setting determines whether to audit each instance of a user exercising a user right. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit this type of event at all. Success audits generate an audit entry when the exercise of a use ...

oval:gov.nist.usgcb.windowsseven:def:130
The default IPsec exemptions that were present in Windows XP and Windows 2000 except for the Internet Key Exchange (IKE) exemption were removed from Windows Server 2003. The IKE exemption is specific to source and destination port UDP 500. IKE always receives this type of packet from any source addr ...

oval:gov.nist.usgcb.windowsseven:def:250
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance. If you enable this policy setting, log files will be generated. If you disable this policy setting, log files will not be generated. If you do not configure ...

oval:gov.nist.usgcb.windowsseven:def:132
Network basic input/output system (NetBIOS) over TCP/IP is a networking protocol that, among other things, provides a means of easily resolving NetBIOS names registered on Windows- based systems to the IP addresses configured on those systems. This value determines whether the computer releases its ...

oval:gov.nist.usgcb.windowsseven:def:253
Microsoft Support Diagnostic Tool (MSDT) gathers diagnostic data for analysis by support professionals. If you leave this policy setting enabled, Users will be able to use MSDT to collect and send diagnostic data to a support professional to resolve a problem. By default, the support provider is s ...

oval:gov.nist.usgcb.windowsseven:def:134
This setting is used to enable or disabled the Internet Router Discovery Protocol (IRDP). IRDP allows the system to detect and configure Default Gateway addresses automatically. HKLM\System\CurrentControlSet\Tcpip\Parameters\PerformRouterDiscovery It enables or disables the Internet Router Discover ...

oval:gov.nist.usgcb.windowsseven:def:254
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking 'Yes' when they are prom ...

oval:gov.nist.usgcb.windowsseven:def:136
Setting Added to Registry to Make Screensaver Password Protection Immediate The default grace period allowed for user movement before the screen - saver lock takes effect is five seconds. Leaving the grace period in the default setting makes your computer vulnerable to a potential attack from someon ...

oval:gov.nist.usgcb.windowsseven:def:135
Most programs on the Windows platform make use of various Dynamic Link Libraries (DLL) to avoid having to reimplement functionality. The operating system actually loads several DLLs for each program, depending on what type of program it is. When the program does not specify an absolute location for ...

oval:org.secpod.oval:def:14585
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet. Note: This setting only has effect if "Turn off Windows Update device driver searching" in "Administrative Templates/System/Internet Communication Manag ...

oval:gov.nist.usgcb.windowsseven:def:258
Sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program ...

oval:gov.nist.usgcb.windowsseven:def:137
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.usgcb.windowsseven:def:139
The registry value entry WarningLevel was added to the template file in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ registry key. The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in th ...

oval:org.secpod.oval:def:14580
Windows Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC. If you enable this setting, all features in the Windows Explorer that allow you to use your CD writer are removed. If you disable or do not configure this setting, users are able to use t ...

oval:gov.nist.usgcb.windowsseven:def:262
This policy setting allows you to override the More Gadgets link. The Gadget Gallery contains a link for users to download more gadgets from a website. Microsoft hosts a default website where many gadget authors can post their gadgets. This link can be redirected to a website where alternate gadge ...

oval:gov.nist.usgcb.windowsseven:def:261
By default administrator accounts are not displayed when attempting to elevate a running application. If you enable this policy setting, all local administrator accounts on the machine will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, ...

oval:gov.nist.usgcb.windowsseven:def:264
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windows will not run any user-installed gadgets. If you disable or do not configure this setting, Windows will run user-installed gadgets. The default is for Windows to run ...

oval:gov.nist.usgcb.windowsseven:def:142
The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated. Fix: (1) GPO: NOT AVAILABLE (2) REG: HKEY ...

oval:gov.nist.usgcb.windowsseven:def:145
Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running. Fix: (1) GPO: NOT ...

oval:gov.nist.usgcb.windowsseven:def:144
Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running. ...

oval:gov.nist.usgcb.windowsseven:def:265
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:268
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:267
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure th ...

oval:gov.nist.usgcb.windowsseven:def:192
This policy setting allows you to audit events generated by changes to the authentication policy such as the following: Creation of forest and domain trusts. Modification of forest and domain trusts. Removal of forest and domain trusts. Changes to Kerberos policy under Computer Confi ...

oval:gov.nist.usgcb.windowsseven:def:191
This policy setting allows you to audit changes in the security audit policy settings such as the following: Settings permissions and audit settings on the Audit Policy object. Changes to the system audit policy. Registration of security event sources. De-registration of security eve ...

oval:gov.nist.usgcb.windowsseven:def:199
This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following: A privileged service is called. One of the following privileges are called: Act as part of the operating system. Back up files and directories. ...

oval:gov.nist.usgcb.windowsseven:def:9
This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption ...

oval:gov.nist.usgcb.windowsseven:def:6
This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998 days, or you can allow changes immediately by setting the number of days to 0. The minimum password age must be less than the Maximum passw ...

oval:gov.nist.usgcb.windowsseven:def:5
This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If ...

oval:gov.nist.usgcb.windowsseven:def:8
This security setting determines whether passwords must meet complexity requirements. If this policy is enabled, passwords must meet the following minimum requirements: Not contain the user's account name or parts of the user's full name that exceed two consecutive characters Be at least ...

oval:gov.nist.usgcb.windowsseven:def:7
This security setting determines the least number of characters that a password for a user account may contain. You can set a value of between 1 and 14 characters, or you can establish that no password is required by setting the number of characters to 0. Default: 7 on domain controllers. 0 on sta ...

oval:gov.nist.usgcb.windowsseven:def:10
This user right determines which users and groups are allowed to connect to the computer over the network. Remote Desktop Services are not affected by this user right. Note: Remote Desktop Services was called Terminal Services in previous versions of Windows Server. Default on workstations and ser ...

oval:gov.nist.usgcb.windowsseven:def:11
This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Processes that require this privilege should use the LocalSystem account, which already includes this privilege, rather than using a separ ...

oval:gov.nist.usgcb.windowsseven:def:12
This privilege determines who can change the maximum memory that can be consumed by a process. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Note: This privilege is useful for system tuning, but i ...

oval:gov.nist.usgcb.windowsseven:def:13
Determines which users can log on to the computer. Important Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting, see Allow log on locally (http://go.microsoft.com/fwlink/?LinkId=24268 ) at the Microsoft websit ...

oval:gov.nist.usgcb.windowsseven:def:18
This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone. This user right is def ...

oval:gov.nist.usgcb.windowsseven:def:19
This user right determines which users and groups can call an internal application programming interface (API) to create and change the size of a page file. This user right is used internally by the operating system and usually does not need to be assigned to any users. For information about how to ...

oval:gov.nist.usgcb.windowsseven:def:14
This security setting determines which users or groups have permission to log on as a Remote Desktop Services client. Default: On workstation and servers: Administrators, Remote Desktop Users. On domain controllers: Administrators. Important This setting does not have any effect on Windows 2000 ...

oval:gov.nist.usgcb.windowsseven:def:15
This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders ...

oval:gov.nist.usgcb.windowsseven:def:16
This user right determines which users can traverse directory trees even though the user may not have permissions on the traversed directory. This privilege does not allow the user to list the contents of a directory, only to traverse directories. This user right is defined in the Default Domain Co ...

oval:gov.nist.usgcb.windowsseven:def:17
This user right determines which users and groups can change the time and date on the internal clock of the computer. Users that are assigned this user right can affect the appearance of event logs. If the system time is changed, events that are logged will reflect this new time, not the actual time ...

oval:gov.nist.USGCB.win7firewall:def:20908
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

oval:gov.nist.USGCB.win7firewall:def:20905
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20904
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.usgcb.windowsseven:def:291
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, Internet Explorer will not opt-in to Data Execution Prevention on platforms that support the SetPro ...

oval:gov.nist.usgcb.windowsseven:def:290
If this setting is enabled any additional data requests from Microsoft in response to a Windows Error Reporting event will be automatically declined without notice to the user. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send addi ...

oval:gov.nist.usgcb.windowsseven:def:292
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\T ...

oval:gov.nist.usgcb.windowsseven:def:2
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:gov.nist.usgcb.windowsseven:def:295
Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. It permits installations to complete that otherwise would be halted due to a security violation. The security features ...

oval:gov.nist.usgcb.windowsseven:def:174
This policy setting allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to. If you configure this policy setting, ...

oval:gov.nist.usgcb.windowsseven:def:1
This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. The available range is from 0 minutes through 99,999 minutes. If you set the account lockout duration to 0, the account will be locked out until an administrator exp ...

oval:gov.nist.usgcb.windowsseven:def:294
Allows Web-based programs to install software on the computer without notifying the user. By default, when a script hosted by an Internet browser tries to install a program on the system, the system warns users and allows them to select or refuse the installation. This setting suppresses the warnin ...

oval:gov.nist.usgcb.windowsseven:def:4
This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. The value must be between 0 and 24 passwords. This policy enables administrators to enhance security by ensuring that old passwords are not reused ...

oval:gov.nist.usgcb.windowsseven:def:297
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and he has been logged on using previously stored account information. If enabled, a notification popup will be displayed to the user when the user logs on with cached credenti ...

oval:gov.nist.usgcb.windowsseven:def:3
This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less ...

oval:gov.nist.usgcb.windowsseven:def:175
This policy setting allows you to audit events generated by user account logon attempts on the computer. Events in this subcategory are related to the creation of logon sessions and occur on the computer which was accessed. For an interactive logon, the security audit event is generated on the compu ...

oval:gov.nist.usgcb.windowsseven:def:296
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users. If yo ...

oval:gov.nist.usgcb.windowsseven:def:178
This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Specia ...

oval:gov.nist.USGCB.win7firewall:def:20911
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.USGCB.win7firewall:def:20910
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.USGCB.win7firewall:def:20919
The Private Profile is used only if a local administrator changes the profile for a computer connected previously to a public network (using a Public Profile). Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Adva ...

oval:gov.nist.USGCB.win7firewall:def:20916
Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Settings\Securit ...

oval:gov.nist.USGCB.win7firewall:def:20915
Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log. Default: No Fix: (1) GPO: Computer Configuration\Windows Setting ...

oval:gov.nist.USGCB.win7firewall:def:20914
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Allow Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:gov.nist.USGCB.win7firewall:def:20913
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Block Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewa ...

oval:gov.nist.USGCB.win7firewall:def:20912
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Do ...

oval:gov.nist.usgcb.windowsseven:def:183
This policy setting allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the reques ...

oval:gov.nist.USGCB.win7firewall:def:20909
The Domain Profile is used when the computer is connected to a network and is authenticated to a domain controller. Default: Yes Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall ...

oval:gov.nist.usgcb.windowsseven:def:189
This policy setting allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request matc ...

oval:org.secpod.oval:def:14754
This policy setting allows you to audit events generated by the management of task scheduler jobs or COM+ objects. For scheduler jobs, the following are audited: Job created. Job deleted. Job enabled. Job disabled. Job updated. For COM+ objects, the following are audited: C ...

oval:org.secpod.oval:def:14755
This policy setting allows you to audit Active Directory Certificate Services (AD CS) operations. AD CS operations include the following: AD CS startup/shutdown/backup/restore. Changes to the certificate revocation list (CRL). New certificate requests. Issuing of a certificate. R ...

oval:gov.nist.usgcb.windowsseven:def:45
This security setting determines whether a user can undock a portable computer from its docking station without logging on. If this policy is enabled, the user must log on before removing the portable computer from its docking station. If this policy is disabled, the user may remove the portable co ...

oval:gov.nist.usgcb.windowsseven:def:40
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege. Default: Non ...

oval:gov.nist.usgcb.windowsseven:def:41
This security setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On x86-based computers, the only firmware environment value that can ...

oval:gov.nist.usgcb.windowsseven:def:42
This security setting determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Use caution when assigning this user right. Users with this user right can explore disks and extend files in to memory that contains other data. When the extended files are ...

oval:org.secpod.oval:def:14747
This policy setting allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only fai ...

oval:gov.nist.usgcb.windowsseven:def:20011
This policy setting controls the level of validation a computer with shared folders or printers (the server) performs on the service principal name (SPN) that is provided by the client computer when it establishes a session using the server message block (SMB) protocol. The server message block (SM ...

oval:gov.nist.usgcb.windowsseven:def:20010
This security setting determines whether the local Administrator account is enabled or disabled. Notes If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In ...

oval:org.secpod.oval:def:14748
This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Saved credentials of users may be compromised if this privilege is ...

oval:org.secpod.oval:def:14627
This security setting determines whether the OS audits any of the following events: * Attempted system time change * Attempted security system startup or shutdown * Attempt to load extensible authentication components * Loss of audited events due to auditing system failure * Security log size exce ...

oval:gov.nist.usgcb.windowsseven:def:20013
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network. You can configure a computer so that it does not send announcements to browsers on the domain. If you do, you hide the computer from the Network Browser list; it doe ...

oval:gov.nist.usgcb.windowsseven:def:20012
Allowing source routed network traffic allows attackers to obscure their identity and location. IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Vulnerability: Source routing allows a computer that sends a pack ...

oval:org.secpod.oval:def:14746
This security setting determines whether the OS audits each instance of a user attempting to log on to or to log off to this computer. Log off events are generated whenever a logged on user account's logon session is terminated. If this policy setting is defined, the administrator can specif ...

oval:gov.nist.usgcb.windowsseven:def:47
This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Specifically, this user right is sim ...

oval:gov.nist.usgcb.windowsseven:def:48
This security setting determines which users who are logged on locally to the computer can shut down the operating system using the Shut Down command. Misuse of this user right can result in a denial of service. Default on Workstations: Administrators, Backup Operators, Users. Default on Servers: ...

oval:org.secpod.oval:def:14749
This security setting determines if users' private keys require a password to be used. The options are: User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public ...

oval:gov.nist.usgcb.windowsseven:def:20019
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. * Enabled: UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevati ...

oval:gov.nist.usgcb.windowsseven:def:100216
This policy setting allows you to audit events generated by validation tests on user account logon credentials. Events in this subcategory occur only on the computer that is authoritative for those credentials. For domain accounts, the domain controller is authoritative. For local accounts, the loc ...

oval:gov.nist.usgcb.windowsseven:def:20018
This policy setting allows you to set the encryption types that Kerberos is allowed to use. If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted. This policy is supporte ...

oval:gov.nist.usgcb.windowsseven:def:100214
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled installation that was missed previously. If the status is set to Enabled, a scheduled installation that did not take place earlier will occur the specified number of minutes afte ...

oval:gov.nist.usgcb.windowsseven:def:100213
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user who is logged on, instead of causing the computer to restart automatically. If the status is set to Enabled, Automatic Updates will not restart a computer automatically duri ...

oval:gov.nist.usgcb.windowsseven:def:20015
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication request ...

oval:gov.nist.usgcb.windowsseven:def:20014
The registry value entry TCPMaxDataRetransmissions was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is ...

oval:gov.nist.usgcb.windowsseven:def:20017
This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7. Windows 7 and Windows Server 2008 R2 introduce an extension to the Negotiate authentication package, Spnego.dll. In pr ...

oval:gov.nist.usgcb.windowsseven:def:20016
Allow NTLM to fall back to NULL session when used with LocalSystem. The default is TRUE up to Windows Vista and FALSE in Windows 7. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2 ...

oval:gov.nist.usgcb.windowsseven:def:100212
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box. If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even ...

oval:gov.nist.usgcb.windowsseven:def:54
This security setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-known Guest account makes it slightly more difficult for unauthorized persons to guess this user name and password combination. Def ...

oval:gov.nist.usgcb.windowsseven:def:55
This security setting determines whether to audit the access of global system objects. If this policy is enabled, it causes system objects, such as mutexes, events, semaphores and DOS devices, to be created with a default system access control list (SACL). Only named objects are given a SACL; SACLs ...

oval:gov.nist.usgcb.windowsseven:def:56
This security setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use policy is in effect. Enabling this option when the Audit privilege use policy is also enabled generates an audit event for every file that is backed up or rest ...

oval:gov.nist.usgcb.windowsseven:def:57
Windows Vista and later versions of Windows allow audit policy to be managed in a more precise way using audit policy subcategories. Setting audit policy at the category level will override the new subcategory audit policy feature. Group Policy only allows audit policy to be set at the category le ...

oval:gov.nist.usgcb.windowsseven:def:51
This security setting determines if the Guest account is enabled or disabled. Default: Disabled. Note: If the Guest account is disabled and the security option Network Access: Sharing and Security Model for local accounts is set to Guest Only, network logons, such as those performed by the Microso ...

oval:gov.nist.usgcb.windowsseven:def:52
This security setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If enabled, local accounts that are not password protected will only be able to log on at the computer's keyboard. Default: Ena ...

oval:gov.nist.usgcb.windowsseven:def:53
This security setting determines whether a different account name is associated with the security identifier (SID) for the account Administrator. Renaming the well-known Administrator account makes it slightly more difficult for unauthorized persons to guess this privileged user name and password co ...

oval:org.secpod.oval:def:14758
This policy setting allows you to audit inbound remote procedure call (RPC) connections. If you configure this policy setting, an audit event is generated when a remote RPC connection is attempted. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do ...

oval:gov.nist.usgcb.windowsseven:def:21
This security setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. Users who can create global objects could affect processes that run under other user ...

oval:gov.nist.usgcb.windowsseven:def:22
This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kerne ...

oval:gov.nist.usgcb.windowsseven:def:24
This user right determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components will need this user right to be able to do so. This user ri ...

oval:gov.nist.usgcb.windowsseven:def:20
This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operat ...

oval:gov.nist.usgcb.windowsseven:def:29
This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. Fix: (1) GPO: Computer Configuration ...

oval:gov.nist.usgcb.windowsseven:def:25
This security setting determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies. Default: Guest Fix: (1) GPO: Computer Configuration\Windows ...

oval:org.secpod.oval:def:14729
This policy setting allows you to audit events generated when a process ends. If you configure this policy setting, an audit event is generated when a process ends. Success audits record successful attempts and Failure audits record unsuccessful attempts. If you do not configure this policy setti ...

oval:gov.nist.usgcb.windowsseven:def:26
This security setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job policy setting if a user account is subject to both policies. Default: None. Fix: (1) GPO: Computer Configuration\Windows Settings\Secur ...

oval:gov.nist.usgcb.windowsseven:def:27
This security setting determines which service accounts are prevented from registering a process as a service. This policy setting supersedes the Log on as a service policy setting if an account is subject to both policies. Note: This security setting does not apply to the System, Local Service, or ...

oval:gov.nist.usgcb.windowsseven:def:28
This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. Important If you apply this security policy to the Everyone group, no one will be able to lo ...

oval:org.secpod.oval:def:14728
This security setting determines whether the OS audits user attempts to access Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making the re ...

oval:org.secpod.oval:def:14744
This security setting determines whether the OS audits process-related events such as process creation, process termination, handle duplication, and indirect object access. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, both success ...

oval:org.secpod.oval:def:14741
This security setting determines whether the OS audits each time this computer validates an account's credentials. Account logon events are generated whenever a computer validates the credentials of an account for which it is authoritative. Domain members and non-domain-joined machines are au ...

oval:org.secpod.oval:def:14742
This security setting determines whether to audit each event of account management on a computer. Examples of account management events include: A user account or group is created, changed, or deleted. A user account is renamed, disabled, or enabled. A password is set or changed. If you define this ...

oval:gov.nist.usgcb.windowsseven:def:32
Assigning this privilege to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a serv ...

oval:gov.nist.usgcb.windowsseven:def:33
This privilege determines which user accounts can increase or decrease the size of a process's working set. Default: Users The working set of a process is the set of memory pages currently visible to the process in physical RAM memory. These pages are resident and available for an applicatio ...

oval:gov.nist.usgcb.windowsseven:def:34
This security setting determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. A user with this privilege can change the scheduling priority of a process through the Task Manager user interface. Defau ...

oval:gov.nist.usgcb.windowsseven:def:35
This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. It is recommended that you do not assign this privilege to other users. Caution Assigning this user right can be a ...

oval:gov.nist.usgcb.windowsseven:def:30
This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy ...

oval:gov.nist.usgcb.windowsseven:def:31
This security setting determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access. Misuse of this user right can result in the generation of many auditing events, potentially hiding evidence of an attack or causi ...

oval:org.secpod.oval:def:14735
This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT request. Success audits record successful requests and Failure audits reco ...

oval:gov.nist.usgcb.windowsseven:def:36
This security setting determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Exercising this privilege could significantly affect system performance by decreasing the amount of available random access mem ...

oval:gov.nist.usgcb.windowsseven:def:37
This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows. For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an ...

oval:gov.nist.usgcb.windowsseven:def:38
This security setting allows a security principal to log on as a service. Services can be configured to run under the Local System, Local Service, or Network Service accounts, which have a built in right to log on as a service. Any service that runs under a separate user account must be assigned the ...

oval:gov.nist.usgcb.windowsseven:def:39
This security setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. This security setting does not allow a user to enable file and object access auditing in general. For such auditing to be ena ...

oval:org.secpod.oval:def:14794
This policy setting allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events. If you configure this policy setting, an audit event is generated when a handle is manipulated. Suc ...

oval:org.secpod.oval:def:14552
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's e-mail server ...

oval:org.secpod.oval:def:14553
This policy setting allows you to manage configuration of remote access to all supported shells to execute scripts and commands. Configures access to remote shells. If you enable this policy setting and set it to False, new remote shell connections will be rejected by the server. If you disable o ...

oval:org.secpod.oval:def:14674
This security setting determines who is allowed to format and eject removable NTFS media. This capability can be given to: Administrators Administrators and Interactive Users Default: This policy is not defined and only Administrators have this ability. Fix: (1) GPO: Computer Configuration\Windo ...

oval:org.secpod.oval:def:14793
This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. Only AD DS objects with a matching system access control list (SACL) are logged. Events in this subcategory are similar to the Directory Service Access events available in ...

oval:org.secpod.oval:def:14798
This policy setting allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets. Currently, there are no events in this subcategory. Default: No Auditing. Fix: (1) GPO: Computer Configuration\W ...

oval:org.secpod.oval:def:14678
This security setting determines which users can set the Trusted for Delegation setting on a user or computer object. The user or object that is granted this privilege must have write access to the account control flags on the user or computer object. A server process running on a computer (or unde ...

oval:org.secpod.oval:def:14799
This policy setting allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function. Events in this subcategory inc ...

oval:org.secpod.oval:def:14796
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer. ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, ...

oval:org.secpod.oval:def:14797
This policy setting allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events. Note: The Audit: Audit the access of global system objects policy setting controls the ...

oval:gov.nist.usgcb.windowsseven:def:80
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, t ...

oval:gov.nist.usgcb.windowsseven:def:81
This security setting determines whether packet signing is required by the SMB server component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent "man-in-the-m ...

oval:gov.nist.usgcb.windowsseven:def:82
This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it. The server message block (SMB) protocol provides the ba ...

oval:org.secpod.oval:def:14790
This policy setting allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information. For more information about DPAPI, see http://go.micr ...

oval:gov.nist.usgcb.windowsseven:def:87
This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to gr ...

oval:gov.nist.usgcb.windowsseven:def:88
Network access: Do not allow storage of credentials or .NET Passports for network authentication This security setting determines whether Credential Manager saves passwords and credentials for later use when it gains domain authentication. If you enable this setting, Credential Manager does not st ...

oval:gov.nist.usgcb.windowsseven:def:89
This security setting determines what additional permissions are granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrat ...

oval:gov.nist.usgcb.windowsseven:def:83
This security setting determines whether to disconnect users who are connected to the local computer outside their user account's valid logon hours. This setting affects the Server Message Block (SMB) component. When this policy is enabled, it causes client sessions with the SMB Service to be ...

oval:gov.nist.usgcb.windowsseven:def:86
This security setting determines what additional permissions will be granted for anonymous connections to the computer. Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an adminis ...

oval:org.secpod.oval:def:14789
This policy setting allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted. When possible, events logged in this subcategory indicate the old and new values of the ob ...

oval:org.secpod.oval:def:14548
This policy setting allows users to have their feeds authenticated using the Basic authentication scheme over an unencrypted HTTP connection. If you enable this policy setting, the RSS Platform will authenticate to servers using the Basic authentication scheme in combination with an insecure HTTP c ...

oval:org.secpod.oval:def:14669
This policy setting allows you to audit events generated by a failed attempt to log on to an account that is locked out. If you configure this policy setting, an audit event is generated when an account cannot log on to a computer because the account is locked out. Success audits record successful ...

oval:org.secpod.oval:def:14565
Specifies how much user idle time must elapse before the screen saver is launched. When configured, this idle time can be set from a minimum of 1 second to a maximum of 599,940 seconds, or 24 hours. If set to zero, the screen saver will not be started. This setting has no effect under any of the f ...

oval:gov.nist.usgcb.windowsseven:def:90
This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Restricting access over named pipes such as COMNAP and LOCATOR helps prevent unauthorized access to the network. The table in the Vulnerability section lists default na ...

oval:gov.nist.usgcb.windowsseven:def:91
This security setting determines which registry keys can be accessed over the network, regardless of the users or groups listed in the access control list (ACL) of the winreg registry key. Default: System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications ...

oval:org.secpod.oval:def:14680
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Main Mode negotiation. Success audits record ...

oval:gov.nist.usgcb.windowsseven:def:94
This security setting determines which network shares can accessed by anonymous users. Default: None specified. This policy setting determines which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be a ...

oval:gov.nist.usgcb.windowsseven:def:95
This security setting determines how network logons that use local accounts are authenticated. If this setting is set to Classic, network logons that use local account credentials authenticate by using those credentials. The Classic model allows fine control over access to resources. By using the Cl ...

oval:org.secpod.oval:def:14558
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user's Windows credentials. Note: This policy affects nonlogon authentication tasks only. As a security best practice, ...

oval:org.secpod.oval:def:14559
This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present. If you enable this setting, Windows Update will not be searched when a new device is installed. If you disable this setting, Windows Update will always be searched for d ...

oval:gov.nist.usgcb.windowsseven:def:100205
Ignores customized run-once lists. You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts. If you enable ...

oval:org.secpod.oval:def:14773
This policy setting allows you to audit other logon/logoff-related events that are not covered in the "Logon/Logoff" policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking ...

oval:gov.nist.usgcb.windowsseven:def:100202
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop s ...

oval:org.secpod.oval:def:14771
This policy setting allows you to audit events generated by other security policy changes that are not audited in the policy change category, such as the following: Trusted Platform Module (TPM) configuration changes. Kernel-mode cryptographic self tests. Cryptographic provider operation ...

oval:org.secpod.oval:def:14777
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Quick Mode negotiation. Success audits reco ...

oval:org.secpod.oval:def:14774
This policy setting allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers. Volume: High. Default: No Auditing. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Sy ...

oval:gov.nist.usgcb.windowsseven:def:60
Devices: Prevent users from installing printer drivers when connecting to shared printers For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of c ...

oval:gov.nist.usgcb.windowsseven:def:65
This security setting determines whether a domain member attempts to negotiate signing for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channe ...

oval:gov.nist.usgcb.windowsseven:def:66
Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified ...

oval:gov.nist.usgcb.windowsseven:def:67
This setting controls the maximum password age that a machine account may have. This security setting determines how often a domain member will attempt to change its computer account password. Default: 30 days. Important This setting applies to Windows 2000 computers, but it is not available thr ...

oval:gov.nist.usgcb.windowsseven:def:68
This security setting determines whether 128-bit key strength is required for encrypted secure channel data. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a domain controller w ...

oval:gov.nist.usgcb.windowsseven:def:61
This security setting determines whether a CD-ROM is accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively logged-on user to access removable CD-ROM media. If this policy is enabled and no one is logged on interactively, the CD-ROM can ...

oval:gov.nist.usgcb.windowsseven:def:62
This value determines if access to the floppy drive is restricted to locally logged-on users. 1 = restricted This security setting determines whether removable floppy media are accessible to both local and remote users simultaneously. If this policy is enabled, it allows only the interactively log ...

oval:gov.nist.usgcb.windowsseven:def:63
This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure channel with a ...

oval:gov.nist.usgcb.windowsseven:def:64
This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. When a computer joins a domain, a computer account is created. After that, when the system starts, it uses the computer account password to create a secure cha ...

oval:org.secpod.oval:def:14769
This policy setting allows you to audit any of the following events: Startup and shutdown of the Windows Firewall service and driver. Security policy processing by the Windows Firewall Service. Cryptography key file and migration operations. Volume: Low. Default: Success, Failure. Fi ...

oval:gov.nist.usgcb.windowsseven:def:69
This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen. If this policy is enabled, the name of the last user to successfully log on is not displayed in the Logon Screen. ". If this policy is disabled, the name of t ...

oval:org.secpod.oval:def:14783
This policy setting disables the Windows registry editors Regedit.exe and Regedt32.exe. If this setting is enabled and the user tries to start a registry editor, a message appears explaining that a setting prevents the action. To prevent users from using other administrative tools, use the "R ...

oval:org.secpod.oval:def:14781
This policy setting allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations. If you configure this policy setting, an audit event is generated during an IPsec Extended Mode negotiation. Success audit ...

oval:org.secpod.oval:def:14661
Windows Server operating systems support 8.3 file name formats for backward compatibility with16-bit applications. The 8.3 file name convention is a naming format that allows file names up to eight characters long. The registry value entry NtfsDisable8dot3NameCreation was added to the template file ...

oval:org.secpod.oval:def:14787
This policy setting allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP). The following events are included: The Windows Firewall Service blocks an application from accepting incoming connections on the network. The WFP allows a connection. ...

oval:org.secpod.oval:def:14664
This policy setting allows you to audit events generated by changes to application groups such as the following: Application group is created, changed, or deleted. Member is added or removed from an application group. If you configure this policy setting, an audit event is generated when an ...

oval:org.secpod.oval:def:14786
This policy setting allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share ...

oval:gov.nist.usgcb.windowsseven:def:70
This security setting determines whether pressing CTRL+ALT+DEL is required before a user can log on. If this policy is enabled on a computer, a user is not required to press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible to attacks that attempt to intercept the us ...

oval:gov.nist.usgcb.windowsseven:def:71
This security setting specifies a text message that is displayed to users when they log on. This text is often used for legal reasons, for example, to warn users about the ramifications of misusing company information or to warn them that their actions may be audited. Default: No message. Fix: ( ...

oval:org.secpod.oval:def:14780
This policy setting allows you to audit events generated by changes to distribution groups such as the following: Distribution group is created, changed, or deleted. Member is added or removed from a distribution group. Distribution group type is changed. If you configure this policy se ...

oval:gov.nist.usgcb.windowsseven:def:76
This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. The options are: * No Action * Lock Workstation * Force Logoff * Disconnect if a Remote Desktop Services session If you click Lock Workstation in the Properties dialog bo ...

oval:gov.nist.usgcb.windowsseven:def:77
This security setting determines whether packet signing is required by the SMB client component. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:78
This security setting determines whether the SMB client attempts to negotiate SMB packet signing. The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle ...

oval:gov.nist.usgcb.windowsseven:def:79
If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication. Sending unencrypted passwords is a security risk. Default: Disabled. Fix: (1) GPO: Com ...

oval:gov.nist.usgcb.windowsseven:def:72
This security setting allows the specification of a title to appear in the title bar of the window that contains the Interactive logon: Message text for users attempting to log on. Default: No message. The logon banner should be titled with a warning label containing the name of the owning organiz ...

oval:gov.nist.usgcb.windowsseven:def:73
All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a mess ...

oval:gov.nist.usgcb.windowsseven:def:74
Determines how far in advance (in days) users are warned that their password is about to expire. With this advance warning, the user has time to construct a password that is sufficiently strong. Default: 14 days. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Polici ...

oval:gov.nist.usgcb.windowsseven:def:75
Logon information must be provided to unlock a locked computer. For domain accounts, this security setting determines whether a domain controller must be contacted to unlock a computer. If this setting is disabled, a user can unlock the computer using cached credentials. If this setting is enabled, ...

oval:org.secpod.oval:def:14778
This policy setting allows you to audit events generated by changes to the authorization policy such as the following: Assignment of user rights (privileges), such as SeCreateTokenPrivilege, that are not audited through the "Authentication Policy Change" subcategory. Removal of u ...

oval:org.secpod.oval:def:14779
This policy setting allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers. If you configure this policy setting, an audit event is generated during AD DS replication. Success audits record successful replication and Failure audits record unsuccessfu ...

oval:org.secpod.oval:def:14704
This subcategory reports when packets are dropped by Windows Filtering Platform (WFP). These events can be very high in volume. Events for this subcategory include: - 5152: The Windows Filtering Platform blocked a packet. - 5153: A more restrictive Windows Filtering Platform filter has blocked a p ...

oval:org.secpod.oval:def:14701
This security setting determines if digital certificates are processed when a user or process attempts to run software with an .exe file name extension. This security settings is used to enable or disable certificate rules, a type of software restriction policies rule. With software restriction poli ...

oval:org.secpod.oval:def:14721
This policy setting allows you to audit events generated by the use of non-sensitive privileges (user rights). The following privileges are non-sensitive: Access Credential Manager as a trusted caller. Access this computer from the network. Add workstations to domain. ...

oval:org.secpod.oval:def:14712
This policy setting allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts. If you configure this policy setting, an audit event is generated after a Kerberos authentication TGT is requested for a user account. Success audit ...

oval:org.secpod.oval:def:14713
This policy setting allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall. Events include the following: Reporting of active policies when Windows Firewall service starts. Changes to Windows ...

oval:org.secpod.oval:def:14719
This security setting determines whether the OS audits each instance of attempts to change user rights assignment policy, audit policy, account policy, or trust policy. The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these ...

oval:org.secpod.oval:def:14716
This security setting determines whether the OS audits user attempts to access non-Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making th ...

oval:org.secpod.oval:def:14803
This policy setting allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects. SAM objects include the following: SAM_ALIAS -- A local group. SAM_GROUP -- A group that is not a local group. SAM_USER - A user account. SAM_DOMAIN - A domain. ...

oval:org.secpod.oval:def:14806
This policy setting allows you to audit events generated by changes to the Windows Filtering Platform (WFP) such as the following: IPsec services status. Changes to IPsec policy settings. Changes to Windows Firewall policy settings. Changes to WFP providers and engine. If you confi ...

oval:org.secpod.oval:def:14811
Ignores the customized run list. You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista, Windows XP Professional, and Windows 2000 Professional. These programs are added to the standard run list of programs and servic ...

oval:org.secpod.oval:def:14812
This subcategory reports when a user account or service uses a sensitive privilege. A sensitive privilege includes the following user rights: Act as part of the operating system, Back up files and directories, Create a token object, Debug programs, Enable computer and user accounts to be tr ...

CPE    1
cpe:/o:microsoft:windows_7
CCE    370
CCE-10644-3
CCE-10774-8
CCE-10531-2
CCE-9892-1
...
*XCCDF
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_7

© 2013 SecPod Technologies