Download
| Alert*
oval:gov.nist.usgcb.xp:def:6022
Accounts: Rename Administrator Account oval:gov.nist.usgcb.xp:def:6027 Audit: Shut down system immediately if unable to log security audits oval:gov.nist.usgcb.xp:def:6029 Devices: Allowed to format and eject removable media oval:gov.nist.usgcb.xp:def:6132 Background Intelligent Transfer Service (a.k.a. BITS) oval:gov.nist.usgcb.xp:def:6121 Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer. oval:gov.nist.usgcb.xp:def:6120 Disable IE security prompt for Windows Installer scripts oval:gov.nist.usgcb.xp:def:6122 This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor. oval:gov.nist.usgcb.xp:def:6596 Do not allow passwords to be saved oval:gov.nist.usgcb.xp:def:6595 Disable remote Desktop Sharing oval:gov.nist.usgcb.xp:def:6119 Turn off shell protocol protected mode oval:gov.nist.usgcb.xp:def:7796 MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering oval:gov.nist.usgcb.xp:def:6572 Turn off downloading of print drivers over HTTP oval:gov.nist.usgcb.xp:def:6571 Turn off printing over HTTP oval:gov.nist.usgcb.xp:def:6570 Turn off Search Companion content file updates oval:gov.nist.usgcb.xp:def:6682 Turn Off the "Order Prints" Picture Task oval:gov.nist.usgcb.xp:def:6681 Turn Off Registration if URL Connection is Referring to Microsoft.com oval:gov.nist.usgcb.xp:def:6563 Offer Remote Assistance oval:gov.nist.usgcb.xp:def:6683 Turn off Windows Error Reporting oval:gov.nist.usgcb.xp:def:6686 Always Use Classic Logon oval:gov.nist.usgcb.xp:def:6564 Solicited Remote Assistance oval:gov.nist.usgcb.xp:def:6567 Turn off the "Publish to Web" task for files and folders oval:gov.nist.usgcb.xp:def:6566 RPC Endpoint Mapper Client Authentication oval:gov.nist.usgcb.xp:def:6569 Turn off the Windows Messenger Customer Experience Improvement Program oval:gov.nist.usgcb.xp:def:6568 Turn off Internet download for Web publishing and online ordering wizards oval:gov.nist.usgcb.xp:def:6680 Turn Off Internet File Association Service oval:gov.nist.usgcb.xp:def:6672 Registry Policy Processing oval:gov.nist.usgcb.xp:def:6675 Turn Off Event Views "Events.asp" Links oval:gov.nist.usgcb.xp:def:6679 Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com oval:gov.nist.usgcb.xp:def:6662 Turn Off Microsoft Peer-to-Peer Networking Services oval:gov.nist.usgcb.xp:def:100212 do not display install updates and shut down oval:gov.nist.usgcb.xp:def:100214 reschedule automatic updates oval:gov.nist.usgcb.xp:def:100213 no auto restart with logged on users oval:gov.nist.usgcb.xp:def:100215 configure windows time provider oval:gov.nist.usgcb.xp:def:100208 configure automatic updates oval:gov.nist.usgcb.xp:def:6600 Set client connection encryption level oval:gov.nist.usgcb.xp:def:6725 This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min) oval:gov.nist.usgcb.xp:def:6726 You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Terminal Services allows users to disconnect from a remote session without logging off and ending the session. (1 min) oval:gov.nist.usgcb.xp:def:6719 WMI Performance Adapter should be configured to start "Manual" oval:gov.nist.usgcb.xp:def:3366994 Display Error Notification oval:gov.nist.usgcb.xp:def:3366993 Prohibit use of Internet Connection Sharing on your DNS domain network oval:gov.nist.usgcb.xp:def:3366992 Prohibit use of Internet Connection Firewall on your DNS domain network oval:gov.nist.usgcb.xp:def:3366991 Prohibit installation and configuration of Network Bridge on your DNS domain network oval:gov.nist.usgcb.xp:def:198 This definition tests the maximum allowed size of the security log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:197 This definition tests the maximum allowed size of the application log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:199 This definition tests the maximum allowed size of the system log is at least as big as the supplied value. oval:gov.nist.usgcb.xp:def:217 NetMeeting Remote Desktop Sharing Service should be disabled oval:gov.nist.usgcb.xp:def:216 Messenger Service should be disabled oval:gov.nist.usgcb.xp:def:219 Routing and Remote Access Service should be disabled oval:gov.nist.usgcb.xp:def:211 Computer Browser Service should be disabled oval:gov.nist.usgcb.xp:def:210 ClipBook Service should be disabled oval:gov.nist.usgcb.xp:def:213 FTP Publishing Service should be disabled oval:gov.nist.usgcb.xp:def:212 Fax Service should be disabled oval:gov.nist.usgcb.xp:def:215 Indexing Service should be disabled oval:gov.nist.usgcb.xp:def:205 Retention method for system log oval:gov.nist.usgcb.xp:def:209 Alerter Service should be disabled oval:gov.nist.usgcb.xp:def:204 Retention method for security log oval:gov.nist.usgcb.xp:def:203 This definition tests the retention method for the application log. Possible methods are - overwrite as necessary, do not overwrite, or overwrite events older than X seconds. oval:gov.nist.usgcb.xp:def:118 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers oval:gov.nist.usgcb.xp:def:238 No one may synchronize directory service data oval:gov.nist.usgcb.xp:def:119 MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames oval:gov.nist.usgcb.xp:def:110 MSS: (AutoAdminLogon) Enable Automatic Logon disabled oval:gov.nist.usgcb.xp:def:112 MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways oval:gov.nist.usgcb.xp:def:111 MSS: (DisableIPSourceRouting) IP source routing protection level oval:gov.nist.usgcb.xp:def:113 MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes disabled oval:gov.nist.usgcb.xp:def:115 MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds oval:gov.nist.usgcb.xp:def:107 System objects: Require case insensitivity for non-Windows subsystems oval:gov.nist.usgcb.xp:def:228 World Wide Web Publishing Service should be disabled oval:gov.nist.usgcb.xp:def:106 System objects: Default owner for objects created by members of the Administrators group oval:gov.nist.usgcb.xp:def:227 Universal Plug and Play Device Host Service should be disabled oval:gov.nist.usgcb.xp:def:109 System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) oval:gov.nist.usgcb.xp:def:101 Recovery console: Allow automatic administrative logon oval:gov.nist.usgcb.xp:def:103 Shutdown: Allow system to be shut down without having to log on disabled oval:gov.nist.usgcb.xp:def:102 Recovery console: Allow floppy copy and access to all drives and all folders disabled oval:gov.nist.usgcb.xp:def:223 Simple Service Discovery Protocol (SSDP) Discovery Service should be disabled oval:gov.nist.usgcb.xp:def:105 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing oval:gov.nist.usgcb.xp:def:226 Telnet Services Service should be disabled oval:gov.nist.usgcb.xp:def:104 Shutdown: Clear virtual memory pagefile oval:gov.nist.usgcb.xp:def:225 Telnet Service should be disabled oval:gov.nist.usgcb.xp:def:139 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net1.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:132 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/debug.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:131 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/cacls.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:134 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventcreate.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:133 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/edlin.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:135 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventtriggers.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:138 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:130 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/attrib.exe file oval:gov.nist.usgcb.xp:def:129 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/at.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:128 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/arp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:242 This definition verifies that the Administrator account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.xp:def:121 MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses oval:gov.nist.usgcb.xp:def:123 MSS (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires oval:gov.nist.usgcb.xp:def:122 MSS: (SafeDllSearchMode) Enable Safe DLL search mode oval:gov.nist.usgcb.xp:def:246 Network DDE Share Database Manager (DSDM) Service should be disabled oval:gov.nist.usgcb.xp:def:245 Network Dynamic Data Exchange (DDE) Service should be disabled oval:gov.nist.usgcb.xp:def:127 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning oval:gov.nist.usgcb.xp:def:154 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/secedit.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:153 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/sc.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:156 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/systeminfo.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:155 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/subst.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:158 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tftp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:159 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tlntsvr.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:150 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rexec.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:152 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rsh.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:151 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/route.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:145 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/reg.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:144 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rcp.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:147 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regedt32.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:146 The Administrators group and the System user should have full access to the SYSTEMROOT/regedit.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:149 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regsvr32.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:148 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regini.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:140 The Administrators group and the System user should have full access to the SYSTEMROOT/system32/netsh.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:6626 Administrators, SERVICE, Local Service and Network Service may Create Global Objects oval:gov.nist.usgcb.xp:def:182 Administrators may increase scheduling priority oval:gov.nist.usgcb.xp:def:186 LOGON SERVICE and NETWORK SERVICE may log on as a service oval:gov.nist.usgcb.xp:def:170 Administrators may create a pagefile oval:gov.nist.usgcb.xp:def:100 Network security: Minimum session security for NTLM SSP based (including secure RPC) servers oval:gov.nist.usgcb.xp:def:164 Administrators, LOCAL SERVICE, NETWORK SERVICE may adjust memory quotas for a process oval:gov.nist.usgcb.xp:def:125 MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged oval:gov.nist.usgcb.xp:def:100205 do not process the run once list oval:gov.nist.usgcb.xp:def:677 No one is denied logon as a service oval:gov.nist.usgcb.xp:def:190 Administrators may profile a single process oval:gov.nist.usgcb.xp:def:243 This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user. oval:gov.nist.usgcb.xp:def:185 No one may log on as a batch job oval:gov.nist.usgcb.xp:def:175 Guests and SUPPORT_388945a0 are denied access to this computer from the network. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:244 Network security: Force logoff when logon hours expire oval:gov.nist.usgcb.xp:def:169 Administrators may change the system time oval:gov.nist.usgcb.xp:def:6640 Administrators and SERVICE may Impersonate a Client after Authentication oval:gov.nist.usgcb.xp:def:6565 Restrictions for Unauthenticated RPC clients oval:gov.nist.usgcb.xp:def:124 MSS: (SynAttackProtect) Syn attack protection level oval:gov.nist.usgcb.xp:def:162 No one has the right to act as part of the operating system oval:gov.nist.usgcb.xp:def:126 (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted oval:gov.nist.usgcb.xp:def:174 Administrators are allowed to debug programs oval:gov.nist.usgcb.xp:def:180 Administrators may force shutdown from a remote system oval:gov.nist.usgcb.xp:def:196 Administrators may take ownership of files or other objects oval:gov.nist.usgcb.xp:def:165 Administrators and Users are allowed to log on locally oval:gov.nist.usgcb.xp:def:176 Guests and SUPPORT_388945a0 are denied logon as a batch job. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:161 Administrators may access this computer from the network. NOTE: This can break IPSec see Microsoft Knowledge Base article 823659 for further guidance oval:gov.nist.usgcb.xp:def:192 Users and Administrators may remove the computer from its docking station oval:gov.nist.usgcb.xp:def:171 No one is allowed to create a token object oval:gov.nist.usgcb.xp:def:188 Administrators may modify firmware environment variables oval:gov.nist.usgcb.xp:def:187 Administrators may manage the auditing and security log oval:gov.nist.usgcb.xp:def:195 Administrators and Users may shut down the system oval:gov.nist.usgcb.xp:def:117 MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives oval:gov.nist.usgcb.xp:def:191 Administrators may profile the system performance oval:gov.nist.usgcb.xp:def:168 Administrators and Users may bypass traverse checking oval:gov.nist.usgcb.xp:def:181 LOCAL SERVICE and NETWORK SERVICE may generate security audits oval:gov.nist.usgcb.xp:def:194 Administrators may restore files and directories oval:gov.nist.usgcb.xp:def:167 Administrators are allowed to back up files and directories oval:gov.nist.usgcb.xp:def:183 Administrators may load and unload device drivers oval:gov.nist.usgcb.xp:def:177 Guests, SUPPORT_388945a0, and any service accounts are denied logon locally. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually. oval:gov.nist.usgcb.xp:def:172 No one is allowed to create permanent shared objects oval:gov.nist.usgcb.xp:def:184 No one may lock pages in memory oval:gov.nist.usgcb.xp:def:193 LOCAL SERVICE and NETWORK SERVICE may replace a process level token oval:gov.nist.usgcb.xp:def:189 Administrators may perform volume maintenance tasks oval:gov.nist.usgcb.xp:def:6023 Accounts: Rename Guest Account oval:gov.nist.usgcb.xp:def:2271 oval:gov.nist.usgcb.xp:def:30 Audit Directory Service Access oval:gov.nist.usgcb.xp:def:32 Audit logon events oval:gov.nist.usgcb.xp:def:35 Audit policy changes oval:gov.nist.usgcb.xp:def:34 Audit object access oval:gov.nist.usgcb.xp:def:37 Audit system events oval:gov.nist.usgcb.xp:def:36 Audit privilege use oval:gov.nist.usgcb.xp:def:22 Passwords must be stored using reversible encryption for all users in the domain oval:gov.nist.usgcb.xp:def:21 Passwords must meet complexity requirements oval:gov.nist.usgcb.xp:def:24 The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ... oval:gov.nist.usgcb.xp:def:23 This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked. oval:gov.nist.usgcb.xp:def:26 Reset account lockout counters after the profile defined number of minutes oval:gov.nist.usgcb.xp:def:27 Audit account logon events oval:gov.nist.usgcb.xp:def:29 Audit account management oval:gov.nist.usgcb.xp:def:17 Maximum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:16 Password history enforcement is enabled and the profile defined number of passwords are remembered oval:gov.nist.usgcb.xp:def:19 Minimum password length is the profile defined number of characters oval:gov.nist.usgcb.xp:def:18 Minimum password age is the profile defined number of days oval:gov.nist.usgcb.xp:def:2121 oval:gov.nist.usgcb.xp:def:20020 This policy setting determines whether or not users can connect to the computer using Terminal Services. oval:gov.nist.usgcb.xp:def:2111 Error Reporting Service should be disabled oval:gov.nist.usgcb.xp:def:612261221 Do Not Show First Use Dialog Boxes This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options f ... oval:gov.nist.usgcb.xp:def:612261222 Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in the ... oval:gov.nist.usgcb.xp:def:20000 Games are not installed oval:gov.nist.usgcb.xp:def:20001 Internet Information Services is not installed oval:gov.nist.usgcb.xp:def:20002 Simple TCPIP Services is not installed oval:gov.nist.usgcb.xp:def:1351 The Administrators group and the System user should have full access and the Users group has read access to the SYSTEMROOT/system32/mshta.exe file and all other users should have no file access privileges oval:gov.nist.usgcb.xp:def:93 Network access: Shares that can be accessed anonymously oval:gov.nist.usgcb.xp:def:92 Network access: Remotely accessible registry paths oval:gov.nist.usgcb.xp:def:95 Network security: Do not store LAN Manager hash value on next password change oval:gov.nist.usgcb.xp:def:94 Network access: Sharing and security model for local accounts oval:gov.nist.usgcb.xp:def:96 Network security: LAN Manager authentication level oval:gov.nist.usgcb.xp:def:99 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients oval:gov.nist.usgcb.xp:def:98 Network security: LDAP client signing requirements oval:gov.nist.usgcb.xp:def:2881 Disabling this setting will prevent all wireless wi-fi interfaces from working unless a third party management software is used to manage the device. This will not be an issue on managed desktops but will impact mobile devices. oval:gov.nist.usgcb.xp:def:91 Network access: Named Pipes that can be accessed anonymously oval:gov.nist.usgcb.xp:def:90 Network access: Let Everyone permissions apply to anonymous users oval:gov.nist.usgcb.xp:def:82 Microsoft network client: Send unencrypted password to third-party SMB servers disabled oval:gov.nist.usgcb.xp:def:81 Microsoft network client: Digitally sign communications oval:gov.nist.usgcb.xp:def:84 Microsoft network server: Digitally sign communications (always) oval:gov.nist.usgcb.xp:def:83 Microsoft network server: Amount of idle time required before suspending session oval:gov.nist.usgcb.xp:def:86 Microsoft network server: Disconnect clients when logon hours expire oval:gov.nist.usgcb.xp:def:85 Microsoft network server: Digitally sign communications (if client agrees) oval:gov.nist.usgcb.xp:def:88 Network access: Do not allow anonymous enumeration of SAM accounts and shares oval:gov.nist.usgcb.xp:def:87 Network access: Do not allow anonymous enumeration of SAM accounts oval:gov.nist.usgcb.xp:def:89 Network access: Do not allow storage of credentials or .NET Passports for network authentication oval:gov.nist.usgcb.xp:def:1662 No one but Administrators and Remote Desktop Users may logon through Terminal Services oval:gov.nist.usgcb.xp:def:1781 Guests are denied logon through Terminal Services oval:gov.nist.usgcb.xp:def:71 Set message title for users attempting to log on oval:gov.nist.usgcb.xp:def:70 Set message text for users attempting to log on oval:gov.nist.usgcb.xp:def:72 Number of previous logons to cache (in case domain controller is not available) is profile defined oval:gov.nist.usgcb.xp:def:75 Require Domain Controller authentication to unlock workstation oval:gov.nist.usgcb.xp:def:74 Prompt user to change password before expiration oval:gov.nist.usgcb.xp:def:77 Determines if an anonymous user can request security identifier (SID) attributes for another user. oval:gov.nist.usgcb.xp:def:79 Microsoft network client: Digitally sign communications (always) oval:gov.nist.usgcb.xp:def:78 Smart card removal behavior for interactive logon oval:gov.nist.usgcb.xp:def:60 Warn for unsigned driver installation oval:gov.nist.usgcb.xp:def:62 Digitally encrypt secure channel data (when possible) oval:gov.nist.usgcb.xp:def:61 Digitally encrypt or sign secure channel data (always) oval:gov.nist.usgcb.xp:def:64 Disable machine account password changes oval:gov.nist.usgcb.xp:def:63 Digitally sign secure channel data (when possible) oval:gov.nist.usgcb.xp:def:66 Require strong (Windows 2000 or later) session key oval:gov.nist.usgcb.xp:def:65 Maximum machine account password age is profile defined number of days oval:gov.nist.usgcb.xp:def:68 Do not display last user name logged on oval:gov.nist.usgcb.xp:def:69 Do not require CTRL+ALT+DEL for logon oval:gov.nist.usgcb.xp:def:52 Audit the use of Backup and Restore privileges oval:gov.nist.usgcb.xp:def:56 Prevent users from installing printer drivers oval:gov.nist.usgcb.xp:def:59 Restrict floppy access to locally logged-on users only oval:gov.nist.usgcb.xp:def:58 Restrict CD-ROM access to locally logged-on user only oval:gov.nist.usgcb.xp:def:42 oval:gov.nist.usgcb.xp:def:45 Audit the access of global system objects is disabled |