[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:40245
The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:40246
This security setting determines which users are prevented from logging on at the computer.

oval:org.secpod.oval:def:40243
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates.

oval:org.secpod.oval:def:40244
The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40249
This policy setting controls the behavior of application installation detection for the computer.

oval:org.secpod.oval:def:40247
This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted.

oval:org.secpod.oval:def:40248
The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user.

oval:org.secpod.oval:def:40252
When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.

oval:org.secpod.oval:def:40253
Specify the maximum log file size for Security (KB)

oval:org.secpod.oval:def:40250
This policy setting controls the behavior of the elevation prompt for standard users on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:40251
This policy setting determines which users can create symbolic links.

oval:org.secpod.oval:def:40256
This policy setting determines the strength of the default discretionary access control list (DACL) for objects.

oval:org.secpod.oval:def:40257
This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password.

oval:org.secpod.oval:def:40254
This policy setting audits Other Account Management events.

oval:org.secpod.oval:def:40255
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting.

oval:org.secpod.oval:def:40258
This policy setting in the DS Access audit category enables reports to result when changes to create, modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS).

oval:org.secpod.oval:def:40259
This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network.

oval:org.secpod.oval:def:40260
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:40263
This policy setting allows users to shut down Windows Vista-based computers from remote locations on the network.

oval:org.secpod.oval:def:40264
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing.

oval:org.secpod.oval:def:40261
This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.

oval:org.secpod.oval:def:40262
The "Domain Controller: Refuse machine account password changes" setting should be configured correctly.

oval:org.secpod.oval:def:40267
This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares.

oval:org.secpod.oval:def:40268
This policy setting allows users to dynamically load a new device driver on a system.

oval:org.secpod.oval:def:40265
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption.

oval:org.secpod.oval:def:40266
This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again.

oval:org.secpod.oval:def:40269
Network security: Minimum session security for NTLM SSP based (including secure RPC) client applications.

oval:org.secpod.oval:def:40270
This setting determines the behavior for inbound connections that do not match an inbound firewall rule.

oval:org.secpod.oval:def:40271
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.

oval:org.secpod.oval:def:40274
Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.

oval:org.secpod.oval:def:40275
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings.

oval:org.secpod.oval:def:40272
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:40273
This policy setting determines the length of time before the Account lockout threshold resets to zero.

oval:org.secpod.oval:def:40278
This setting allows other users on the network to connect to the computer.

oval:org.secpod.oval:def:40279
The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.

oval:org.secpod.oval:def:40276
This policy setting allows users to change the amount of processor time that a process uses.

oval:org.secpod.oval:def:40277
This setting determines the behavior for outbound connections that do not match an outbound firewall rule.

oval:org.secpod.oval:def:40281
The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself.

oval:org.secpod.oval:def:40282
This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.

oval:org.secpod.oval:def:40280
This policy setting determines whether packet signing is required by the SMB client component.

oval:org.secpod.oval:def:40285
This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista.

oval:org.secpod.oval:def:40286
This policy setting audits Account Management events.

oval:org.secpod.oval:def:40283
This policy setting allows users to manage the system's volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition.

oval:org.secpod.oval:def:40284
The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials.

oval:org.secpod.oval:def:40322
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox and mail files, according to their specific format, in order to analyze the mail bodies and attachments. Several e-mail formats are currently supported, for example: pst (O ...

oval:org.secpod.oval:def:40201
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.

oval:org.secpod.oval:def:40202
This policy setting determines which users can change the auditing options for files and directories and clear the Security log.

oval:org.secpod.oval:def:40323
This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.If you enable or do not configure this policy setting, the device securely saves the users credentials (including the user name, domain and encrypted password) ...

oval:org.secpod.oval:def:40320
The registry value entry NoNameReleaseOnDemand was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\ registry key. The entry appears as MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS serv ...

oval:org.secpod.oval:def:40200
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).

oval:org.secpod.oval:def:40321
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Group Policy.If you enable this setting, the local preference setting will take priority over Group Policy.If you disable or do not configure this setting, Group Policy will ...

oval:org.secpod.oval:def:40205
This policy setting determines whether the LDAP server requires a signature before it will negotiate with LDAP clients.

oval:org.secpod.oval:def:40326
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set ...

oval:org.secpod.oval:def:40327
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones. If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.

oval:org.secpod.oval:def:40206
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:40203
This policy setting audits Computer Account Management events.

oval:org.secpod.oval:def:40324
This policy setting allows you to manage whether a user can run the Firefox web browser or not. This policy sets AppLocker rules to prevent users from running the Firefox web browser.If you enable this setting, users will be unable to run the Firefox web browser.If you disable or do not configure th ...

oval:org.secpod.oval:def:40325
This setting controls whether local accounts can be used for remote administration via network logon (e.g., NET USE, connecting to C

oval:org.secpod.oval:def:40204
This setting determines the behavior for inbound connections that do not match an inbound firewall rule. The default behavior is to block connections unless there are firewall rules to allow the connection.

oval:org.secpod.oval:def:40209
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings.

oval:org.secpod.oval:def:40207
This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components.

oval:org.secpod.oval:def:40328
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.If you disable or do not configure this ...

oval:org.secpod.oval:def:40329
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.

oval:org.secpod.oval:def:40208
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.

oval:org.secpod.oval:def:40330
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connecti ...

oval:org.secpod.oval:def:40212
This policy setting determines what additional permissions are assigned for anonymous connections to the computer

oval:org.secpod.oval:def:40333
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content (access restrictions will still apply). If you disable this policy setting, the search service components (including non-Microsoft components) are expe ...

oval:org.secpod.oval:def:40213
This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.

oval:org.secpod.oval:def:40334
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client will not use Digest authentication.If you enable this policy setting, the WinRM client will not use Digest authentication.If you disable or do not configure this policy setting, the WinRM client will use Di ...

oval:org.secpod.oval:def:40331
The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE.Internet Control Mes ...

oval:org.secpod.oval:def:40210
This policy setting determines if the server side SMB service is required to perform SMB packet signing.

oval:org.secpod.oval:def:40211
This policy setting allows users to create directory objects in the object manager.

oval:org.secpod.oval:def:40332
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network.If you enable this policy setting, the WinRM client sends and receives unencrypted messages over the network.If you disable or do not configure this ...

oval:org.secpod.oval:def:40337
This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.If you enable this policy setting, the PCs network connectivity state cannot be changed without signing into Windows.If you disable or dont configure this policy setting, any user can ...

oval:org.secpod.oval:def:40216
This policy setting controls the behavior of the elevation prompt for administrators on computers running Windows 7, Windows Server 2008 R2, and later versions of Windows.

oval:org.secpod.oval:def:40217
Autoplay starts to read from a drive as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.

oval:org.secpod.oval:def:40338
This policy setting allows you to configure behavior monitoring.If you enable or do not configure this setting, behavior monitoring will be enabled.If you disable this setting, behavior monitoring will be disabled.

oval:org.secpod.oval:def:40335
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.By default, users can enable invocation of an available camera on the lock screen.If you enable this setting, users will no longer be able to enable or disable lock screen camera ...

oval:org.secpod.oval:def:40214
This policy setting determines which users can use tools to monitor the performance of non-system processes. if System Monitor is configured to collect data using Windows Management Instrumentation (WMI) this setting is required.

oval:org.secpod.oval:def:40336
Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.By default, users can enable a slide show that will run after they lock the machine.If you enable this setting, users will no longer be able to modify slide show settings in PC Setti ...

oval:org.secpod.oval:def:40215
This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.

oval:org.secpod.oval:def:40339
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents of removable drives, such as USB flash drives, when running a full scan.If you enable this setting, removable drives will be scanned during any type of scan.If you disable or ...

oval:org.secpod.oval:def:40218
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:40219
Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.

oval:org.secpod.oval:def:40340
This setting allows you to enable enforcement of AppLocker Executable Rules.If you enable this setting, the AppLocker Executable Rules are enforced.If you disable or do not configure this setting, the AppLocker Executable Rules are not enforced.

oval:org.secpod.oval:def:40220
This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity.

oval:org.secpod.oval:def:40341
This policy setting allows you to manage whether a user can run the Firefox web browser or not. This policy sets AppLocker rules to prevent users from running the Internet Explorer web browser.If you enable this setting, users will be unable to run the Internet Explorer web browser.If you disable or ...

oval:org.secpod.oval:def:40223
This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed.

oval:org.secpod.oval:def:40344
This setting allows members of the Everyone group to run applications that are located in (or beneath) the Windows folder. If you enable this setting, members of the Everyone group will be able to run applications that are located in (or beneath) the Windows folder. If you disable this setting, memb ...

oval:org.secpod.oval:def:40224
This policy setting audits Security Group Management events.

oval:org.secpod.oval:def:40345
This setting allows members of the local Administrators group to run all applications on computers, regardless of their location.If you enable this setting, members of the Administrators group will be able to run applications, regardless of their location. If you disable this setting, members of the ...

oval:org.secpod.oval:def:40221
Always install with elevated privileges

oval:org.secpod.oval:def:40342
This policy setting allows you to manage whether a user can run the Google Chrome web browser or not. This policy sets AppLocker rules to prevent users from running the Firefox web browser.If you enable this setting, users will be unable to run the Google Chrome web browser.If you disable or do not ...

oval:org.secpod.oval:def:40222
This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.

oval:org.secpod.oval:def:40343
This setting allows members of the Everyone group to run applications that are located in (or beneath) the Program Files folder. If you enable this setting, members of the Everyone group will be able to run applications that are located in (or beneath) the Program Files folder. If you disable this s ...

oval:org.secpod.oval:def:40227
This policy setting determines which users or processes can generate audit records in the Security log.

oval:org.secpod.oval:def:40228
Enables desktop screen savers. If you disable this setting, screen savers do not run. Also, this setting disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not configure ...

oval:org.secpod.oval:def:40225
This policy setting allows users to change the size of the pagefile.

oval:org.secpod.oval:def:40346
When WDigest authentication is enabled, Lsass.exe retains a copy of the users plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed.If this setting is not configured, WDigest authentication is disabled in Windows 8.1 ...

oval:org.secpod.oval:def:40226
This setting requires users to wait for a certain number of days before changing their password again.

oval:org.secpod.oval:def:40229
This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account.

oval:org.secpod.oval:def:40230
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

oval:org.secpod.oval:def:40231
Disable: 'Restrict Unauthenticated RPC clients'

oval:org.secpod.oval:def:40234
This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely.

oval:org.secpod.oval:def:40235
This policy setting controls whether application write failures are redirected to defined registry and file system locations.

oval:org.secpod.oval:def:40232
This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.

oval:org.secpod.oval:def:40233
This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide.

oval:org.secpod.oval:def:40238
Specify the maximum log file size for Application (KB)

oval:org.secpod.oval:def:40239
Determines and verifies the identity of an application.

oval:org.secpod.oval:def:40236
The "Domain member: Disable machine account password changes" setting should be configured correctly.

oval:org.secpod.oval:def:40237
This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.

oval:org.secpod.oval:def:40241
This policy setting determines which users or groups have the right to log on as a Terminal Services client.

oval:org.secpod.oval:def:40242
Specify the maximum log file size for System (KB)

oval:org.secpod.oval:def:40240
This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection.

oval:org.secpod.oval:def:40300
Enable: 'Default behavior for AutoRun'

oval:org.secpod.oval:def:40301
This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.

oval:org.secpod.oval:def:40304
Allow NTLM to fall back to NULL session when used with LocalSystem.

oval:org.secpod.oval:def:40305
This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration.

oval:org.secpod.oval:def:40302
This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.

oval:org.secpod.oval:def:40303
This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40308
This setting requires if users need to maintain certain complexity or not.

oval:org.secpod.oval:def:40309
This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.

oval:org.secpod.oval:def:40306
This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects and give ownership to the specified user.

oval:org.secpod.oval:def:40307
The "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly.

oval:org.secpod.oval:def:40311
This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon UI will enumerate all local users on domain-joined computers.If you disable or do not configure this policy setting, the Logon UI will not enumerate local users on domain-joi ...

oval:org.secpod.oval:def:40312
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs credentials to be stored for any plug-ins.If you enable this policy setting, the WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug ...

oval:org.secpod.oval:def:40310
The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40315
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentication from a remote client.If you enable this policy setting, the WinRM service will accept Basic authentication from a remote client.If you disable or do not configure this policy s ...

oval:org.secpod.oval:def:40316
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting, the WinRM client will use Basic authentication. If WinRM is configured to use HTTP transport, then the user name and password are sent over the n ...

oval:org.secpod.oval:def:40313
Turns off Windows Defender Real-Time Protection, and no more scans are scheduled.If you enable this policy setting, Windows Defender does not run, and computers will not be scanned for spyware or other potentially unwanted software.If you disable or do not configure this policy setting, by default W ...

oval:org.secpod.oval:def:40314
This policy setting helps prevent Terminal Services clients from saving passwords on a computer. Note If this policy setting was previously configured as Disabled or Not configured, any previously saved passwords will be deleted the first time a Terminal Services client disconnects from any server ...

oval:org.secpod.oval:def:40319
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately, although Explorer may still terminate unexpectedly later.

oval:org.secpod.oval:def:40317
This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting, some of the security features of Windows Installer are bypassed. It permits installations to complete that otherwise would be halted due to a ...

oval:org.secpod.oval:def:40318
This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access. Mapped drives appear in the session folder tree in Windows Explorer in the following format:\\TSClient\<driveletter>

oval:org.secpod.oval:def:40289
The "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly.

oval:org.secpod.oval:def:40287
This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems.

oval:org.secpod.oval:def:40288
This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows.

oval:org.secpod.oval:def:40292
Network security: Minimum session security for NTLM SSP based (including secure RPC) server applications.

oval:org.secpod.oval:def:40293
This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory.

oval:org.secpod.oval:def:40290
This policy setting determines which users can interactively log on to computers in your environment.

oval:org.secpod.oval:def:40291
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

oval:org.secpod.oval:def:40296
This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista.

oval:org.secpod.oval:def:40297
This policy setting allows users to circumvent file and directory permissions to back up the system.

oval:org.secpod.oval:def:40294
This policy setting determines the least number of characters that make up a password for a user account.

oval:org.secpod.oval:def:40295
Select On to allow Windows Firewall to filter network traffic. Select Off to prevent Windows Firewall from using any firewall rules or connection security rules for this profile.

oval:org.secpod.oval:def:40298
The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation.

oval:org.secpod.oval:def:40299
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system.

oval:org.secpod.oval:def:40186
Enables management of password for local administrator account If you enable this setting, local administrator password is managed If you disable or not configure this setting, local administrator password is NOT managed. Disabling or not configuring this setting can compromise security as it ...

oval:org.secpod.oval:def:40187
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or t ...

oval:org.secpod.oval:def:40184
Allow all users to run signed packaged Windows Store apps. This setting is configured by using an XML blob that is store in the registry setting for this setting. You can obtain the XML blob by configuring the desired setting in the Local Group Policy console and then retrieving the blob from the r ...

oval:org.secpod.oval:def:40185
Allows you to enable or disable Packaged app rules. Packaged apps (also known as Windows Store apps) are based on a model that ensures all the files within an app package share the same identity. With classic Win32 applications, each file within the application could have a unique identity. With P ...

oval:org.secpod.oval:def:40189
This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font installed outside of the %windir%\Fonts directory. This feature can be configured to be in 3 modes: On, Off, and Audit. By default, it is Off and no fonts are blocked. If yo ...

oval:org.secpod.oval:def:40190
Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to provide support for security services. Virtualization Based Security requires Secure Boot, and can optionally be enabled with the use of DMA Protections. DMA protections require ...

oval:org.secpod.oval:def:40193
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons. If you disable this policy setting, the SMB client will reject inse ...

oval:org.secpod.oval:def:40194
Disable: 'Configure Windows SmartScreen'

oval:org.secpod.oval:def:40191
This policy setting determines whether enhanced anti-spoofing is configured for devices which support it. If you do not configure this policy setting, users will be able to choose whether or not to use enhanced anti-spoofing on supported devices. If you enable this policy setting, Windows will req ...

oval:org.secpod.oval:def:40192
This policy setting configures behavior of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0x0) Always prompt (0x1) Send safe samples automatically (0x2) Never send (0x3) Send all samples automatically Enabling or not con ...

oval:org.secpod.oval:def:40197
When Windows Defender detects software or changes by software not yet classified for risks, you see how other members responded to the alert. In turn, the action you apply help other members choose how to respond. Your actions also help Microsoft choose which software to investigate for potential th ...

oval:org.secpod.oval:def:40198
Enable: 'Boot-Start Driver Initialization Policy'

oval:org.secpod.oval:def:40195
This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.

oval:org.secpod.oval:def:40196
Disable: 'Configure registry policy processing' for NoBackgroundPolicy

oval:org.secpod.oval:def:40199
Windows notices inactivity of a logon session, and if the amount of inactive time exceeds the inactivity limit, then the screen saver will run, locking the session.

CPE    1
cpe:/o:microsoft:windows_server_2016
CCE    162
CCE-46343-0
CCE-44499-2
CCE-50915-8
CCE-45061-9
...
*XCCDF
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© 2013 SecPod Technologies