Account Policies
1.1.1
Length of password history maintained
Low Not defined None24
Length of password history maintained
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.1.2
Maximum password age
Low Not defined 4260
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.1.3
Minimum password age
Low Not defined 01
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.1.4
Minimum password length
Medium Not defined 014
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.1.5
Password must meet complexity requirements
Medium Not defined 01
Password must meet complexity requirements
Table of settings
UIX
Not defined :
Method
Method :
secedit
Method Argument :
System Access\PasswordComplexity
Values
Type : Possible Values :
More Informations
1.1.6
Store passwords using reversible encryption
High Not defined 00
Store passwords using reversible encryption
Table of settings
UIX
Not defined :
Method
Method :
secedit
Method Argument :
System Access\ClearTextPassword
Values
Type : Possible Values :
More Informations
1.2.1
Account lockout duration
Low Not defined 3015
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.2.2
Account lockout threshold
Low Not defined Never10
Account lockout threshold
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
1.2.3
Reset account lockout counter
Low Not defined 3015
Reset account lockout counter
Table of settings
UIX
Not defined :
Method
Method :
accountpolicy
Values
Type : Possible Values :
More Informations
User Rights Assignment
2.2.1
Access Credential Manager as a trusted caller
Medium Not defined
Access Credential Manager as a trusted caller
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeTrustedCredManAccessPrivilege
Values
Type : Possible Values :
More Informations
2.2.2
Access this computer from the network (DC)
Medium Not defined NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS;NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS;
Access this computer from the network (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeNetworkLogonRight
Values
Type : Possible Values :
More Informations
2.2.3
Access this computer from the network (Member)
Medium Not defined BUILTIN\Pre-Windows 2000 Compatible Access;BUILTIN\Administrators;
Access this computer from the network (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeNetworkLogonRight
Values
Type : Possible Values :
More Informations
2.2.4
Act as part of the operating system
Medium Not defined
Act as part of the operating system
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeTcbPrivilege
Values
Type : Possible Values :
More Informations
2.2.5
Add workstations to domain (DC)
Medium Not defined NT AUTHORITY\Authenticated UsersBUILTIN\Administrators
Add workstations to domain (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeMachineAccountPrivilege
Values
Type : Possible Values :
More Informations
2.2.6
Adjust memory quotas for a process
Medium Not defined BUILTIN\Administrators;BUILTIN\Administrators;
Adjust memory quotas for a process
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeIncreaseQuotaPrivilege
Values
Type : Possible Values :
More Informations
2.2.7
Allow log on locally
Medium Not defined BUILTIN\Backup Operators;BUILTIN\Administrators
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.8
Allow log on through Remote Desktop Services (DC)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Allow log on through Remote Desktop Services (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeRemoteInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.9
Allow log on through Remote Desktop Services (Member)
Medium Not defined BUILTIN\Remote Desktop Users;BUILTIN\Remote Desktop Users;
Allow log on through Remote Desktop Services (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeRemoteInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.10
Back up files and directories
Medium Not defined BUILTIN\Administrators;BUILTIN\Administrators
Back up files and directories
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeBackupPrivilege
Values
Type : Possible Values :
More Informations
2.2.11
Change the system time
Medium Not defined BUILTIN\Administrators;BUILTIN\Administrators;
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSystemTimePrivilege
Values
Type : Possible Values :
More Informations
2.2.12
Change the time zone
Medium Not defined BUILTIN\Device Owners;BUILTIN\Administrators;
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeTimeZonePrivilege
Values
Type : Possible Values :
More Informations
2.2.13
Create a pagefile
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreatePagefilePrivilege
Values
Type : Possible Values :
More Informations
2.2.14
Create a token object
Medium Not defined
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreateTokenPrivilege
Values
Type : Possible Values :
More Informations
2.2.15
Create global objects
Medium Not defined NT AUTHORITY\SERVICE;NT AUTHORITY\SERVICE;
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreateGlobalPrivilege
Values
Type : Possible Values :
More Informations
2.2.16
Create permanent shared objects
Medium Not defined
Create permanent shared objects
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreatePermanentPrivilege
Values
Type : Possible Values :
More Informations
2.2.17
Create symbolic links (DC)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Create symbolic links (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreateSymbolicLinkPrivilege
Values
Type : Possible Values :
More Informations
2.2.18.1
Create symbolic links (Member)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Create symbolic links (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreateSymbolicLinkPrivilege
Values
Type : Possible Values :
More Informations
2.2.18.2
Create symbolic links (Member, Hyper-V)
Medium Not defined S-1-5-83-0;NT VIRTUAL MACHINE\Virtual Machines;
Create symbolic links (Member, Hyper-V)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeCreateSymbolicLinkPrivilege
Values
Type : Possible Values :
More Informations
2.2.19
Debug programs
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDebugPrivilege
Values
Type : Possible Values :
More Informations
2.2.20
Deny access to this computer from the network (DC)
Medium Not defined BUILTIN\GuestsBUILTIN\Guests
Deny access to this computer from the network (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyNetworkLogonRight
Values
Type : Possible Values :
More Informations
2.2.21
Deny access to this computer from the network (Member)
Medium Not defined BUILTIN\GuestsBUILTIN\Guests;
Deny access to this computer from the network (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyNetworkLogonRight
Values
Type : Possible Values :
More Informations
2.2.22
Deny log on as a batch job
Medium Not defined BUILTIN\Guests
Deny log on as a batch job
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyBatchLogonRight
Values
Type : Possible Values :
More Informations
2.2.23
Deny log on as a service
Medium Not defined BUILTIN\Guests
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyServiceLogonRight
Values
Type : Possible Values :
More Informations
2.2.24
Deny log on locally
Medium Not defined BUILTIN\GuestsBUILTIN\Guests
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.25
Deny log on through Remote Desktop Services (DC)
Medium Not defined BUILTIN\Guests
Deny log on through Remote Desktop Services (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyRemoteInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.26
Deny log on through Remote Desktop Services (Member)
Medium Not defined BUILTIN\Guests;
Deny log on through Remote Desktop Services (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeDenyRemoteInteractiveLogonRight
Values
Type : Possible Values :
More Informations
2.2.27
Enable computer and user accounts to be trusted for delegation (DC)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Enable computer and user accounts to be trusted for delegation (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeEnableDelegationPrivilege
Values
Type : Possible Values :
More Informations
2.2.28
Enable computer and user accounts to be trusted for delegation (Member)
Medium Not defined
Enable computer and user accounts to be trusted for delegation (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeEnableDelegationPrivilege
Values
Type : Possible Values :
More Informations
2.2.29
Force shutdown from a remote system
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Force shutdown from a remote system
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeRemoteShutdownPrivilege
Values
Type : Possible Values :
More Informations
2.2.30
Generate security audits
Medium Not defined NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\NETWORK SERVICE;
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeAuditPrivilege
Values
Type : Possible Values :
More Informations
2.2.31
Impersonate a client after authentication (DC)
Medium Not defined NT AUTHORITY\SERVICE;NT AUTHORITY\SERVICE;
Impersonate a client after authentication (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeImpersonatePrivilege
Values
Type : Possible Values :
More Informations
2.2.32
Impersonate a client after authentication (Member)
Medium Not defined NT AUTHORITY\SERVICE;NT AUTHORITY\SERVICE;
Impersonate a client after authentication (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeImpersonatePrivilege
Values
Type : Possible Values :
More Informations
2.2.33
Increase scheduling priority
Medium Not defined Window Manager\Window Manager Group;Window Manager\Window Manager Group;
Increase scheduling priority
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeIncreaseBasePriorityPrivilege
Values
Type : Possible Values :
More Informations
2.2.34
Load and unload device drivers
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Load and unload device drivers
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeLoadDriverPrivilege
Values
Type : Possible Values :
More Informations
2.2.35
Lock pages in memory
Medium Not defined
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeLockMemoryPrivilege
Values
Type : Possible Values :
More Informations
2.2.36
Log on as a batch job (DC)
Medium Not defined BUILTIN\Performance Log Users;BUILTIN\Administrators
Log on as a batch job (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeBatchLogonRight
Values
Type : Possible Values :
More Informations
2.2.37.1
Manage auditing and security log (DC)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Manage auditing and security log (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSecurityPrivilege
Values
Type : Possible Values :
More Informations
2.2.37.2
Manage auditing and security log (DC and Exchange)
Medium Not defined BUILTIN\AdministratorsNT AUTHORITY\EXCHANGE SERVERS;
Manage auditing and security log (DC and Exchange)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSecurityPrivilege
Values
Type : Possible Values :
More Informations
2.2.38
Manage auditing and security log (Member)
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Manage auditing and security log (Member)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSecurityPrivilege
Values
Type : Possible Values :
More Informations
2.2.39
Modify an object label
Medium Not defined
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeReLabelPrivilege
Values
Type : Possible Values :
More Informations
2.2.40
Modify firmware environment values
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Modify firmware environment values
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSystemEnvironmentPrivilege
Values
Type : Possible Values :
More Informations
2.2.41
Perform volume maintenance tasks
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Perform volume maintenance tasks
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeManageVolumePrivilege
Values
Type : Possible Values :
More Informations
2.2.42
Profile single process
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeProfileSingleProcessPrivilege
Values
Type : Possible Values :
More Informations
2.2.43
Profile system performance
Medium Not defined NT SERVICE\WdiServiceHost;NT SERVICE\WdiServiceHost;
Profile system performance
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSystemProfilePrivilege
Values
Type : Possible Values :
More Informations
2.2.44
Replace a process level token
Medium Not defined NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\NETWORK SERVICE;
Replace a process level token
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeAssignPrimaryTokenPrivilege
Values
Type : Possible Values :
More Informations
2.2.45
Restore files and directories
Medium Not defined BUILTIN\Backup Operators;BUILTIN\Administrators
Restore files and directories
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeRestorePrivilege
Values
Type : Possible Values :
More Informations
2.2.46
Shut down the system
Medium Not defined BUILTIN\Backup Operators;BUILTIN\Administrators
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeShutdownPrivilege
Values
Type : Possible Values :
More Informations
2.2.47
Synchronize directory service data (DC)
Medium Not defined
Synchronize directory service data (DC)
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeSyncAgentPrivilege
Values
Type : Possible Values :
More Informations
2.2.48
Take ownership of files or other objects
Medium Not defined BUILTIN\AdministratorsBUILTIN\Administrators
Take ownership of files or other objects
Table of settings
UIX
Not defined :
Method
Method :
accesschk
Method Argument :
SeTakeOwnershipPrivilege
Values
Type : Possible Values :
More Informations
Security Options
2.3.1.1
Accounts: Administrator account status (Member)
Medium Not defined TrueFalse
Accounts: Administrator account status (Member)
Table of settings
UIX
Not defined :
Method
Method :
localaccount
Method Argument :
500
Values
Type : Possible Values :
More Informations
2.3.1.2
Accounts: Block Microsoft accounts
Low Not defined 03
Accounts: Block Microsoft accounts
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
NoConnectedUser
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'NoConnectedUser'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'NoConnectedUser' -value 3
More Informations
2.3.1.3
Accounts: Guest account status (Member)
Medium Not defined FalseFalse
Accounts: Guest account status (Member)
Table of settings
UIX
Not defined :
Method
Method :
localaccount
Method Argument :
501
Values
Type : Possible Values :
More Informations
2.3.1.4
Accounts: Limit local account use of blank passwords to console logon only
Medium Not defined 11
Accounts: Limit local account use of blank passwords to console logon only
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
LimitBlankPasswordUse
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'LimitBlankPasswordUse'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'LimitBlankPasswordUse' -value 1
More Informations
2.3.1.5
Accounts: Rename administrator account
Low Not defined AdministratorAdministrator
Accounts: Rename administrator account
Table of settings
UIX
Not defined :
Method
Method :
localaccount
Method Argument :
500
Values
Type : Possible Values :
More Informations
2.3.1.6
Accounts: Rename guest account
Low Not defined GuestGuest
Accounts: Rename guest account
Table of settings
UIX
Not defined :
Method
Method :
localaccount
Method Argument :
501
Values
Type : Possible Values :
More Informations
2.3.2.1
Audit: Force audit policy subcategory settings to override audit policy category settings
Low Not defined 1
Audit: Force audit policy subcategory settings to override audit policy category settings
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
SCENoApplyLegacyAuditPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'SCENoApplyLegacyAuditPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'SCENoApplyLegacyAuditPolicy' -value 1
More Informations
2.3.2.2
Audit: Shut down system immediately if unable to log security audits
Low Not defined 00
Audit: Shut down system immediately if unable to log security audits
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Lsa
RegistryItem :
CrashOnAuditFail
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -name 'CrashOnAuditFail'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -name 'CrashOnAuditFail' -value 0
More Informations
2.3.4.1
Devices: Allowed to format and eject removable media
Medium Not defined 2
Devices: Allowed to format and eject removable media
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
AllocateDASD
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'AllocateDASD'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'AllocateDASD' -value 2
More Informations
2.3.4.2
Devices: Prevent users from installing printer drivers
Medium Not defined 01
Devices: Prevent users from installing printer drivers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers
RegistryItem :
AddPrinterDrivers
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers' -name 'AddPrinterDrivers'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers' -name 'AddPrinterDrivers' -value 1
More Informations
2.3.5.1
Domain controller: Allow server operators to schedule tasks (DC)
Medium Not defined 0
Domain controller: Allow server operators to schedule tasks (DC)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Lsa
RegistryItem :
SubmitControl
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -name 'SubmitControl'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -name 'SubmitControl' -value 0
More Informations
2.3.5.2
Domain controller: Allow vulnerable Netlogon secure channel connections
Medium Not defined
Domain controller: Allow vulnerable Netlogon secure channel connections
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
VulnerableChannelAllowList
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -name 'VulnerableChannelAllowList'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -name 'VulnerableChannelAllowList' -value
More Informations
2.3.5.3
Domain controller: LDAP server channel binding token requirements
Medium Not defined 12
Domain controller: LDAP server channel binding token requirements
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\NTDS\Parameters
RegistryItem :
LdapEnforceChannelBinding
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -name 'LdapEnforceChannelBinding'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -name 'LdapEnforceChannelBinding' -value 2
More Informations
2.3.5.4
Domain controller: LDAP server signing requirements
Medium Not defined 12
Domain controller: LDAP server signing requirements
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\NTDS\Parameters
RegistryItem :
LDAPServerIntegrity
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -name 'LDAPServerIntegrity'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\NTDS\Parameters' -name 'LDAPServerIntegrity' -value 2
More Informations
2.3.5.5
Domain controller: Refuse machine account password changes (DC)
Medium Not defined 10
Domain controller: Refuse machine account password changes (DC)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
RefusePasswordChange
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -name 'RefusePasswordChange'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters' -name 'RefusePasswordChange' -value 0
More Informations
2.3.6.1
Domain member: Digitally encrypt or sign secure channel data (always)
Medium Not defined 11
Domain member: Digitally encrypt or sign secure channel data (always)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
RequireSignOrSeal
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'RequireSignOrSeal'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'RequireSignOrSeal' -value 1
More Informations
2.3.6.2
Domain member: Digitally encrypt secure channel data (when possible)
Medium Not defined 11
Domain member: Digitally encrypt secure channel data (when possible)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
SealSecureChannel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'SealSecureChannel'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'SealSecureChannel' -value 1
More Informations
2.3.6.3
Domain member: Digitally sign secure channel data (when possible)
Medium Not defined 11
Domain member: Digitally sign secure channel data (when possible)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
SignSecureChannel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'SignSecureChannel'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'SignSecureChannel' -value 1
More Informations
2.3.6.4
Domain member: Disable machine account password changes
Medium Not defined 00
Domain member: Disable machine account password changes
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
DisablePasswordChange
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'DisablePasswordChange'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'DisablePasswordChange' -value 0
More Informations
2.3.6.5
Domain member: Maximum machine account password age
Medium Not defined 3030
Domain member: Maximum machine account password age
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
MaximumPasswordAge
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'MaximumPasswordAge'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'MaximumPasswordAge' -value 30
More Informations
2.3.6.6
Domain member: Require strong (Windows 2000 or later) session key
Medium Not defined 11
Domain member: Require strong (Windows 2000 or later) session key
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters
RegistryItem :
RequireStrongKey
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'RequireStrongKey'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters' -name 'RequireStrongKey' -value 1
More Informations
2.3.7.1
Interactive logon: Do not require CTRL+ALT+DEL
Low Not defined 10
Interactive logon: Do not require CTRL+ALT+DEL
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
DisableCAD
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableCAD'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableCAD' -value 0
More Informations
2.3.7.2
Interactive logon: Don't display last signed-in
Low Not defined 01
Interactive logon: Don't display last signed-in
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
DontDisplayLastUserName
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DontDisplayLastUserName'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DontDisplayLastUserName' -value 1
More Informations
2.3.7.3
Interactive logon: Machine inactivity limit
Medium Not defined 900900
Interactive logon: Machine inactivity limit
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
InactivityTimeoutSecs
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'InactivityTimeoutSecs'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'InactivityTimeoutSecs' -value 900
More Informations
2.3.7.4
Interactive logon: Message text for users attempting to log on
Low Not defined
Interactive logon: Message text for users attempting to log on
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
LegalNoticeText
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LegalNoticeText'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LegalNoticeText' -value
More Informations
2.3.7.5
Interactive logon: Message title for users attempting to log on
Low Not defined
Interactive logon: Message title for users attempting to log on
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
LegalNoticeCaption
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LegalNoticeCaption'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LegalNoticeCaption' -value
More Informations
2.3.7.6
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Medium Not defined 104
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
CachedLogonsCount
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'CachedLogonsCount'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'CachedLogonsCount' -value 4
More Informations
2.3.7.7.1
Interactive logon: Prompt user to change password before expiration (Max)
Low Not defined 514
Interactive logon: Prompt user to change password before expiration (Max)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
PasswordExpiryWarning
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PasswordExpiryWarning'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PasswordExpiryWarning' -value 14
More Informations
2.3.7.7.2
Interactive logon: Prompt user to change password before expiration (Min)
Low Not defined 55
Interactive logon: Prompt user to change password before expiration (Min)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
PasswordExpiryWarning
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PasswordExpiryWarning'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PasswordExpiryWarning' -value 5
More Informations
2.3.7.8
Interactive logon: Require Domain Controller Authentication to unlock workstation (Member)
Medium Not defined 1
Interactive logon: Require Domain Controller Authentication to unlock workstation (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
ForceUnlockLogon
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ForceUnlockLogon'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ForceUnlockLogon' -value 1
More Informations
2.3.7.9
Interactive logon: Smart card removal behavior
Medium Not defined 01
Interactive logon: Smart card removal behavior
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
ScRemoveOption
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ScRemoveOption'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ScRemoveOption' -value 1
More Informations
2.3.8.1
Microsoft network client: Digitally sign communications (always)
Medium Not defined 01
Microsoft network client: Digitally sign communications (always)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
RegistryItem :
RequireSecuritySignature
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'RequireSecuritySignature'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'RequireSecuritySignature' -value 1
More Informations
2.3.8.2
Microsoft network client: Digitally sign communications (if server agrees)
Medium Not defined 11
Microsoft network client: Digitally sign communications (if server agrees)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
RegistryItem :
EnableSecuritySignature
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'EnableSecuritySignature'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'EnableSecuritySignature' -value 1
More Informations
2.3.8.3
Microsoft network client: Send unencrypted password to third-party SMB servers
Medium Not defined 00
Microsoft network client: Send unencrypted password to third-party SMB servers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
RegistryItem :
EnablePlainTextPassword
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'EnablePlainTextPassword'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters' -name 'EnablePlainTextPassword' -value 0
More Informations
2.3.9.1
Microsoft network server: Amount of idle time required before suspending session
Medium Not defined 1515
Microsoft network server: Amount of idle time required before suspending session
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
AutoDisconnect
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters' -name 'AutoDisconnect'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters' -name 'AutoDisconnect' -value 15
More Informations
2.3.9.2
Microsoft network server: Digitally sign communications (always)
Medium Not defined 01
Microsoft network server: Digitally sign communications (always)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
RequireSecuritySignature
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'RequireSecuritySignature'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'RequireSecuritySignature' -value 1
More Informations
2.3.9.3
Microsoft network server: Digitally sign communications (if client agrees)
Medium Not defined 01
Microsoft network server: Digitally sign communications (if client agrees)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
EnableSecuritySignature
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'EnableSecuritySignature'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'EnableSecuritySignature' -value 1
More Informations
2.3.9.4
Microsoft network server: Disconnect clients when logon hours expire
Medium Not defined 11
Microsoft network server: Disconnect clients when logon hours expire
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
enableforcedlogoff
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'enableforcedlogoff'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'enableforcedlogoff' -value 1
More Informations
2.3.9.5
Microsoft network server: Server SPN target name validation level (Member)
Medium Not defined 1
Microsoft network server: Server SPN target name validation level (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
SMBServerNameHardeningLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'SMBServerNameHardeningLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'SMBServerNameHardeningLevel' -value 1
More Informations
2.3.10.1
Network access: Allow anonymous SID/Name translation
Medium Not defined 00
Network access: Allow anonymous SID/Name translation
Table of settings
UIX
Not defined :
Method
Method :
secedit
Method Argument :
System Access\LSAAnonymousNameLookup
Values
Type : Possible Values :
More Informations
2.3.10.2
Network access: Do not allow anonymous enumeration of SAM accounts (Member)
Medium Not defined 11
Network access: Do not allow anonymous enumeration of SAM accounts (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
RestrictAnonymousSAM
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictAnonymousSAM'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictAnonymousSAM' -value 1
More Informations
2.3.10.3
Network access: Do not allow anonymous enumeration of SAM accounts and shares (Member)
Medium Not defined 01
Network access: Do not allow anonymous enumeration of SAM accounts and shares (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
RestrictAnonymous
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictAnonymous'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictAnonymous' -value 1
More Informations
2.3.10.4
Network access: Do not allow storage of passwords and credentials for network authentication
Medium Not defined 01
Network access: Do not allow storage of passwords and credentials for network authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
DisableDomainCreds
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'DisableDomainCreds'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'DisableDomainCreds' -value 1
More Informations
2.3.10.5
Network access: Let Everyone permissions apply to anonymous users
Medium Not defined 00
Network access: Let Everyone permissions apply to anonymous users
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
EveryoneIncludesAnonymous
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'EveryoneIncludesAnonymous'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'EveryoneIncludesAnonymous' -value 0
More Informations
2.3.10.6
Network access: Named Pipes that can be accessed anonymously (DC)
Medium Not defined netlogon samr lsarpc
Network access: Named Pipes that can be accessed anonymously (DC)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
RegistryItem :
NullSessionPipes
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'NullSessionPipes'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'NullSessionPipes' -value netlogon samr lsarpc
More Informations
2.3.10.7
Network access: Named Pipes that can be accessed anonymously (Member)
Medium Not defined
Network access: Named Pipes that can be accessed anonymously (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
RegistryItem :
NullSessionPipes
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'NullSessionPipes'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'NullSessionPipes' -value
More Informations
2.3.10.8
Network access: Remotely accessible registry paths
Medium Not defined System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersionSystem\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths
RegistryItem :
Machine
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths' -name 'Machine'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths' -name 'Machine' -value System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion
More Informations
2.3.10.9
Network access: Remotely accessible registry paths and sub-paths
Medium Not defined System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows NT\CurrentVersion\Windows System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\UserConfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration Software\Microsoft\Windows NT\CurrentVersion\Perflib System\CurrentControlSet\Services\SysmonLogSystem\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows NT\CurrentVersion\Windows System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\UserConfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration Software\Microsoft\Windows NT\CurrentVersion\Perflib System\CurrentControlSet\Services\SysmonLog
Network access: Remotely accessible registry paths and sub-paths
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths
RegistryItem :
Machine
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths' -name 'Machine'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths' -name 'Machine' -value System\CurrentControlSet\Control\Print\Printers System\CurrentControlSet\Services\Eventlog Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows NT\CurrentVersion\Windows System\CurrentControlSet\Control\ContentIndex System\CurrentControlSet\Control\Terminal Server System\CurrentControlSet\Control\Terminal Server\UserConfig System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration Software\Microsoft\Windows NT\CurrentVersion\Perflib System\CurrentControlSet\Services\SysmonLog
More Informations
2.3.10.10
Network access: Restrict anonymous access to Named Pipes and Shares
Medium Not defined 11
Network access: Restrict anonymous access to Named Pipes and Shares
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
RestrictNullSessAccess
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'RestrictNullSessAccess'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'RestrictNullSessAccess' -value 1
More Informations
2.3.10.11
Network access: Restrict clients allowed to make remote calls to SAM (Member)
Medium Not defined O:BAG:BAD:(A;
Network access: Restrict clients allowed to make remote calls to SAM (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
RestrictRemoteSAM
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictRemoteSAM'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'RestrictRemoteSAM' -value O:BAG:BAD:(A;;RC;;;BA)
More Informations
2.3.10.12
Network access: Shares that can be accessed anonymously
Medium Not defined
Network access: Shares that can be accessed anonymously
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters
RegistryItem :
NullSessionShares
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'NullSessionShares'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters' -name 'NullSessionShares' -value
More Informations
2.3.10.13
Network access: Sharing and security model for local accounts
Medium Not defined 00
Network access: Sharing and security model for local accounts
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
ForceGuest
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'ForceGuest'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'ForceGuest' -value 0
More Informations
2.3.11.1
Network security: Allow Local System to use computer identity for NTLM
Medium Not defined 1
Network security: Allow Local System to use computer identity for NTLM
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
UseMachineId
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'UseMachineId'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'UseMachineId' -value 1
More Informations
2.3.11.2
Network security: Allow LocalSystem NULL session fallback
Medium Not defined 00
Network security: Allow LocalSystem NULL session fallback
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0
RegistryItem :
allownullsessionfallback
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'allownullsessionfallback'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'allownullsessionfallback' -value 0
More Informations
2.3.11.3
Network security: Allow PKU2U authentication requests to this computer to use online identities
Medium Not defined 0
Network security: Allow PKU2U authentication requests to this computer to use online identities
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa\pku2u
RegistryItem :
AllowOnlineID
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\pku2u' -name 'AllowOnlineID'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\pku2u' -name 'AllowOnlineID' -value 0
More Informations
2.3.11.4
Network security: Configure encryption types allowed for Kerberos
Medium Not defined 2147483640
Network security: Configure encryption types allowed for Kerberos
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters
RegistryItem :
SupportedEncryptionTypes
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' -name 'SupportedEncryptionTypes'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters' -name 'SupportedEncryptionTypes' -value 2147483640
More Informations
2.3.11.5
Network security: Do not store LAN Manager hash value on next password change
High Not defined 11
Network security: Do not store LAN Manager hash value on next password change
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
NoLMHash
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'NoLMHash'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'NoLMHash' -value 1
More Informations
2.3.11.6
Network security: Force logoff when logon hours expires
Low Not defined 01
Network security: Force logoff when logon hours expires
Table of settings
UIX
Not defined :
Method
Method :
secedit
Method Argument :
System Access\ForceLogoffWhenHourExpire
Values
Type : Possible Values :
More Informations
2.3.11.7
Network security: LAN Manager authentication level
Medium Not defined 35
Network security: LAN Manager authentication level
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa
RegistryItem :
LmCompatibilityLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'LmCompatibilityLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa' -name 'LmCompatibilityLevel' -value 5
More Informations
2.3.11.8
Network security: LDAP client signing requirements
Medium Not defined 11
Network security: LDAP client signing requirements
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\LDAP
RegistryItem :
LDAPClientIntegrity
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LDAP' -name 'LDAPClientIntegrity'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\LDAP' -name 'LDAPClientIntegrity' -value 1
More Informations
2.3.11.9
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Medium Not defined 536870912537395200
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0
RegistryItem :
NTLMMinClientSec
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'NTLMMinClientSec'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'NTLMMinClientSec' -value 537395200
More Informations
2.3.11.10
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Medium Not defined 536870912537395200
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0
RegistryItem :
NTLMMinServerSec
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'NTLMMinServerSec'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0' -name 'NTLMMinServerSec' -value 537395200
More Informations
2.3.13.1
Shutdown: Allow system to be shut down without having to log on
Medium Not defined 10
Shutdown: Allow system to be shut down without having to log on
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
ShutdownWithoutLogon
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ShutdownWithoutLogon'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ShutdownWithoutLogon' -value 0
More Informations
2.3.15.1
System objects: Require case insensitivity for non-Windows subsystem
Medium Not defined 1
System objects: Require case insensitivity for non-Windows subsystem
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel
RegistryItem :
ObCaseInsensitive
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel' -name 'ObCaseInsensitive'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel' -name 'ObCaseInsensitive' -value 1
More Informations
2.3.15.2
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)
Medium Not defined 11
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Control\Session Manager
RegistryItem :
ProtectionMode
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Session Manager' -name 'ProtectionMode'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Control\Session Manager' -name 'ProtectionMode' -value 1
More Informations
2.3.17.1
User Account Control: Admin Approval Mode for the Built-in Administrator account
Medium Not defined 01
User Account Control: Admin Approval Mode for the Built-in Administrator account
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
FilterAdministratorToken
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'FilterAdministratorToken'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'FilterAdministratorToken' -value 1
More Informations
2.3.17.2
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
Medium Not defined 52
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
ConsentPromptBehaviorAdmin
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ConsentPromptBehaviorAdmin'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ConsentPromptBehaviorAdmin' -value 2
More Informations
2.3.17.3
User Account Control: Behavior of the elevation prompt for standard users
Medium Not defined 00
User Account Control: Behavior of the elevation prompt for standard users
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
ConsentPromptBehaviorUser
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ConsentPromptBehaviorUser'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'ConsentPromptBehaviorUser' -value 0
More Informations
2.3.17.4
User Account Control: Detect application installations and prompt for elevation
Medium Not defined 11
User Account Control: Detect application installations and prompt for elevation
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
EnableInstallerDetection
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableInstallerDetection'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableInstallerDetection' -value 1
More Informations
2.3.17.5
User Account Control: Only elevate UIAccess applications that are installed in secure locations
Medium Not defined 11
User Account Control: Only elevate UIAccess applications that are installed in secure locations
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
EnableSecureUIAPaths
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableSecureUIAPaths'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableSecureUIAPaths' -value 1
More Informations
2.3.17.6
User Account Control: Run all administrators in Admin Approval Mode
Medium Not defined 11
User Account Control: Run all administrators in Admin Approval Mode
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
EnableLUA
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableLUA'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableLUA' -value 1
More Informations
2.3.17.7
User Account Control: Switch to the secure desktop when prompting for elevation
Medium Not defined 11
User Account Control: Switch to the secure desktop when prompting for elevation
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
PromptOnSecureDesktop
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PromptOnSecureDesktop'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'PromptOnSecureDesktop' -value 1
More Informations
2.3.17.8
User Account Control: Virtualize file and registry write failures to per-user locations
Medium Not defined 11
User Account Control: Virtualize file and registry write failures to per-user locations
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
EnableVirtualization
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableVirtualization'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'EnableVirtualization' -value 1
More Informations
Windows Firewall
9.1.1
EnableFirewall (Domain Profile, Policy)
Medium Not defined 01
EnableFirewall (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
RegistryItem :
EnableFirewall
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'EnableFirewall'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'EnableFirewall' -value 1
More Informations
9.1.2
Inbound Connections (Domain Profile, Policy)
Medium Not defined 11
Inbound Connections (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
RegistryItem :
DefaultInboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DefaultInboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DefaultInboundAction' -value 1
More Informations
9.1.3
Outbound Connections (Domain Profile, Policy)
Medium Not defined 00
Outbound Connections (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
RegistryItem :
DefaultOutboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DefaultOutboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DefaultOutboundAction' -value 0
More Informations
9.1.4
Display a notification (Domain Profile, Policy)
Low Not defined 01
Display a notification (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
RegistryItem :
DisableNotifications
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DisableNotifications'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile' -name 'DisableNotifications' -value 1
More Informations
9.1.5
Name of log file (Domain Profile, Policy)
Low Not defined %SystemRoot%\System32\logfiles\firewall\pfirewall.log%SystemRoot%\System32\logfiles\firewall\domainfw.log
Name of log file (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging
RegistryItem :
LogFilePath
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogFilePath'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogFilePath' -value %SystemRoot%\System32\logfiles\firewall\domainfw.log
More Informations
9.1.6
Log size limit (Domain Profile, Policy)
Medium Not defined 409616384
Log size limit (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging
RegistryItem :
LogFileSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogFileSize'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogFileSize' -value 16384
More Informations
9.1.7
Log dropped packets (Domain Profile, Policy)
Medium Not defined 01
Log dropped packets (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging
RegistryItem :
LogDroppedPackets
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogDroppedPackets'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogDroppedPackets' -value 1
More Informations
9.1.8
Log successful connections (Domain Profile, Policy)
Low Not defined 01
Log successful connections (Domain Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging
RegistryItem :
LogSuccessfulConnections
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogSuccessfulConnections'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging' -name 'LogSuccessfulConnections' -value 1
More Informations
9.2.1
EnableFirewall (Private Profile, Policy)
Medium Not defined 01
EnableFirewall (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile
RegistryItem :
EnableFirewall
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'EnableFirewall'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'EnableFirewall' -value 1
More Informations
9.2.2
Inbound Connections (Private Profile, Policy)
Medium Not defined 11
Inbound Connections (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile
RegistryItem :
DefaultInboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DefaultInboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DefaultInboundAction' -value 1
More Informations
9.2.3
Outbound Connections (Private Profile, Policy)
Medium Not defined 00
Outbound Connections (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile
RegistryItem :
DefaultOutboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DefaultOutboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DefaultOutboundAction' -value 0
More Informations
9.2.4
Display a notification (Private Profile, Policy)
Low Not defined 01
Display a notification (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile
RegistryItem :
DisableNotifications
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DisableNotifications'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile' -name 'DisableNotifications' -value 1
More Informations
9.2.5
Name of log file (Private Profile, Policy)
Low Not defined %SystemRoot%\System32\logfiles\firewall\pfirewall.log%SystemRoot%\System32\logfiles\firewall\privatefw.log
Name of log file (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging
RegistryItem :
LogFilePath
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogFilePath'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogFilePath' -value %SystemRoot%\System32\logfiles\firewall\privatefw.log
More Informations
9.2.6
Log size limit (Private Profile, Policy)
Medium Not defined 409616384
Log size limit (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging
RegistryItem :
LogFileSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogFileSize'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogFileSize' -value 16384
More Informations
9.2.7
Log dropped packets (Private Profile, Policy)
Medium Not defined 01
Log dropped packets (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging
RegistryItem :
LogDroppedPackets
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogDroppedPackets'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogDroppedPackets' -value 1
More Informations
9.2.8
Log successful connections (Private Profile, Policy)
Low Not defined 01
Log successful connections (Private Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging
RegistryItem :
LogSuccessfulConnections
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogSuccessfulConnections'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging' -name 'LogSuccessfulConnections' -value 1
More Informations
9.3.1
EnableFirewall (Public Profile, Policy)
Medium Not defined 01
EnableFirewall (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
EnableFirewall
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'EnableFirewall'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'EnableFirewall' -value 1
More Informations
9.3.2
Inbound Connections (Public Profile, Policy)
Medium Not defined 11
Inbound Connections (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
DefaultInboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DefaultInboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DefaultInboundAction' -value 1
More Informations
9.3.3
Outbound Connections (Public Profile, Policy)
Medium Not defined 00
Outbound Connections (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
DefaultOutboundAction
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DefaultOutboundAction'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DefaultOutboundAction' -value 0
More Informations
9.3.4
Display a notification (Public Profile, Policy)
Low Not defined 01
Display a notification (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
DisableNotifications
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DisableNotifications'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'DisableNotifications' -value 1
More Informations
9.3.5
Apply local firewall rules (Public Profile, Policy)
Low Not defined 00
Apply local firewall rules (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
AllowLocalPolicyMerge
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'AllowLocalPolicyMerge'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'AllowLocalPolicyMerge' -value 0
More Informations
9.3.6
Apply local connection security rules (Public Profile, Policy)
Low Not defined 00
Apply local connection security rules (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
RegistryItem :
AllowLocalIPsecPolicyMerge
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'AllowLocalIPsecPolicyMerge'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile' -name 'AllowLocalIPsecPolicyMerge' -value 0
More Informations
9.3.7
Name of log file (Public Profile, Policy)
Low Not defined %SystemRoot%\System32\logfiles\firewall\pfirewall.log%SystemRoot%\System32\logfiles\firewall\publicfw.log
Name of log file (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging
RegistryItem :
LogFilePath
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogFilePath'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogFilePath' -value %SystemRoot%\System32\logfiles\firewall\publicfw.log
More Informations
9.3.8
Log size limit (Public Profile, Policy)
Medium Not defined 409616384
Log size limit (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging
RegistryItem :
LogFileSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogFileSize'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogFileSize' -value 16384
More Informations
9.3.9
Log dropped packets (Public Profile, Policy)
Medium Not defined 01
Log dropped packets (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging
RegistryItem :
LogDroppedPackets
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogDroppedPackets'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogDroppedPackets' -value 1
More Informations
9.3.10
Log successful connections (Public Profile, Policy)
Low Not defined 01
Log successful connections (Public Profile, Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging
RegistryItem :
LogSuccessfulConnections
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogSuccessfulConnections'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging' -name 'LogSuccessfulConnections' -value 1
More Informations
Advanced Audit Policy Configuration
17.1.1
Credential Validation
Low Not defined No AuditingSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE923F-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.1.2
Kerberos Authentication Service
Low Not defined Success and Failure
Kerberos Authentication Service
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9242-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.1.3
Kerberos Service Ticket Operations
Low Not defined Success and Failure
Kerberos Service Ticket Operations
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9240-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.1
Application Group Management
Low Not defined No AuditingSuccess and Failure
Application Group Management
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9239-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.2
Computer Account Management
Low Not defined Success
Computer Account Management
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9236-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.3
Distribution Group Management
Low Not defined Success
Distribution Group Management
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9238-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.4
Other Account Management Events
Low Not defined Success
Other Account Management Events
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE923A-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.5
Security Group Management
Low Not defined SuccessSuccess
Security Group Management
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9237-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.2.6
User Account Management
Low Not defined SuccessSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9235-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.3.1
Plug and Play Events
Low Not defined No AuditingSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0cce9248-69ae-11d9-bed3-505054503030}
Values
Type : Possible Values :
More Informations
17.3.2
Process Creation
Low Not defined No AuditingSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE922B-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.4.1
Directory Service Access
Low Not defined Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE923B-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.4.2
Directory Service Changes
Low Not defined Success
Directory Service Changes
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE923C-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.1
Account Lockout
Low Not defined SuccessFailure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9217-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.2
Group Membership
Low Not defined No AuditingSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0cce9249-69ae-11d9-bed3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.3
Logoff
Low Not defined SuccessSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9216-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.4
Logon
Low Not defined Success and FailureSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9215-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.5
Other Logon/Logoff Events
Low Not defined No AuditingSuccess and Failure
Other Logon/Logoff Events
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE921C-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.5.6
Special Logon
Low Not defined SuccessSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE921B-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.6.1
Detailed File Share
Low Not defined No AuditingFailure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9244-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.6.2
File Share
Low Not defined No AuditingSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9224-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.6.3
Other Object Access Events
Low Not defined No AuditingSuccess and Failure
Other Object Access Events
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9227-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.6.4
Removable Storage
Low Not defined No AuditingSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9245-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.7.1
Audit Policy Change
Low Not defined SuccessSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE922F-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.7.2
Authentication Policy Change
Low Not defined SuccessSuccess
Authentication Policy Change
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9230-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.7.3
Authorization Policy Change
Low Not defined No AuditingSuccess
Authorization Policy Change
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9231-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.7.4
MPSSVC Rule-Level Policy Change
Low Not defined No AuditingSuccess and Failure
MPSSVC Rule-Level Policy Change
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9232-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.7.5
Other Policy Change Events
Low Not defined No AuditingFailure
Other Policy Change Events
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9234-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.8.1
Sensitive Privilege Use
Low Not defined No AuditingSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9228-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.9.1
IPsec Driver
Low Not defined No AuditingSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9213-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.9.2
Other System Events
Low Not defined Success and FailureSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9214-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.9.3
Security State Change
Low Not defined SuccessSuccess
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9210-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.9.4
Security System Extension
Low Not defined No AuditingSuccess
Security System Extension
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9211-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
17.9.5
System Integrity
Low Not defined Success and FailureSuccess and Failure
Table of settings
UIX
Not defined :
Method
Method :
auditpol
Method Argument :
{0CCE9212-69AE-11D9-BED3-505054503030}
Values
Type : Possible Values :
More Informations
Administrative Templates: Control Panel
18.1.1.1
Personalization: Prevent enabling lock screen camera
Low Not defined 01
Personalization: Prevent enabling lock screen camera
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Personalization
RegistryItem :
NoLockScreenCamera
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' -name 'NoLockScreenCamera'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' -name 'NoLockScreenCamera' -value 1
More Informations
18.1.1.2
Personalization: Prevent enabling lock screen slide
Low Not defined 01
Personalization: Prevent enabling lock screen slide
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Personalization
RegistryItem :
NoLockScreenSlideshow
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' -name 'NoLockScreenSlideshow'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Personalization' -name 'NoLockScreenSlideshow' -value 1
More Informations
18.1.2.2
Regional and Language Options: Allow users to enable online speech recognition services
Medium Not defined 10
Regional and Language Options: Allow users to enable online speech recognition services
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization
RegistryItem :
AllowInputPersonalization
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization' -name 'AllowInputPersonalization'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\InputPersonalization' -name 'AllowInputPersonalization' -value 0
More Informations
18.1.3
Allow Online Tips
Medium Not defined 10
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
AllowOnlineTips
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'AllowOnlineTips'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'AllowOnlineTips' -value 0
More Informations
Administrative Templates: LAPS
18.2.1
LAPS AdmPwd GPO Extension / CSE (Member)
Medium Not defined C:\Program Files\LAPS\CSE\AdmPwd.dll
LAPS AdmPwd GPO Extension / CSE (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}
RegistryItem :
DllName
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}' -name 'DllName'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA}' -name 'DllName' -value C:\Program Files\LAPS\CSE\AdmPwd.dll
More Informations
18.2.2
Do not allow password expiration time longer than required by policy (Member)
Medium Not defined 1
Do not allow password expiration time longer than required by policy (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd
RegistryItem :
PwdExpirationProtectionEnabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PwdExpirationProtectionEnabled'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PwdExpirationProtectionEnabled' -value 1
More Informations
18.2.3
Enable local admin password management (Member)
Medium Not defined 1
Enable local admin password management (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft Services\AdmPwd
RegistryItem :
AdmPwdEnabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft Services\AdmPwd' -name 'AdmPwdEnabled'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft Services\AdmPwd' -name 'AdmPwdEnabled' -value 1
More Informations
18.2.4
Password Settings: Password Complexity (Member)
Medium Not defined 4
Password Settings: Password Complexity (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd
RegistryItem :
PasswordComplexity
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordComplexity'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordComplexity' -value 4
More Informations
18.2.5
Password Settings: Password Length (Member)
Medium Not defined 15
Password Settings: Password Length (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd
RegistryItem :
PasswordLength
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordLength'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordLength' -value 15
More Informations
18.2.6
Password Settings: Password Age (Days) (Member)
Medium Not defined 30
Password Settings: Password Age (Days) (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd
RegistryItem :
PasswordLength
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordLength'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft Services\AdmPwd' -name 'PasswordLength' -value 30
More Informations
MS Security Guide
18.3.1
Apply UAC restrictions to local accounts on network logons (Member)
Medium Not defined 0
Apply UAC restrictions to local accounts on network logons (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
LocalAccountTokenFilterPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LocalAccountTokenFilterPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'LocalAccountTokenFilterPolicy' -value 0
More Informations
18.3.2
Configure SMB v1 client driver
Medium Not defined 4
Configure SMB v1 client driver
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10
RegistryItem :
Start
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10' -name 'Start'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10' -name 'Start' -value 4
More Informations
18.3.3
Configure SMB v1 server
Medium Not defined 0
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
RegistryItem :
SMB1
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'SMB1'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -name 'SMB1' -value 0
More Informations
18.3.4
Enable Structured Exception Handling Overwrite Protection (SEHOP)
Medium Not defined 0
Enable Structured Exception Handling Overwrite Protection (SEHOP)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
RegistryItem :
DisableExceptionChainValidation
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' -name 'DisableExceptionChainValidation'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' -name 'DisableExceptionChainValidation' -value 0
More Informations
18.3.5
NetBT NodeType configuration
Medium Not defined 02
NetBT NodeType configuration
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
RegistryItem :
NodeType
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters' -name 'NodeType'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters' -name 'NodeType' -value 2
More Informations
18.3.6
WDigest Authentication
High Not defined 00
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
RegistryItem :
UseLogonCredential
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' -name 'UseLogonCredential'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest' -name 'UseLogonCredential' -value 0
More Informations
MSS (Legacy)
18.4.1
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
Medium Not defined 00
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
AutoAdminLogon
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'AutoAdminLogon'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'AutoAdminLogon' -value 0
More Informations
18.4.2
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)
Medium Not defined 2
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters
RegistryItem :
DisableIPSourceRouting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters' -name 'DisableIPSourceRouting'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters' -name 'DisableIPSourceRouting' -value 2
More Informations
18.4.3
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
Medium Not defined 2
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters
RegistryItem :
DisableIPSourceRouting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'DisableIPSourceRouting'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'DisableIPSourceRouting' -value 2
More Informations
18.4.4
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes
Medium Not defined 0
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters
RegistryItem :
EnableICMPRedirect
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'EnableICMPRedirect'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'EnableICMPRedirect' -value 0
More Informations
18.4.5
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
Medium Not defined 300000
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
RegistryItem :
KeepAliveTime
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -name 'KeepAliveTime'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -name 'KeepAliveTime' -value 300000
More Informations
18.4.6
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers
Medium Not defined 01
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Netbt\Parameters
RegistryItem :
NoNameReleaseOnDemand
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netbt\Parameters' -name 'NoNameReleaseOnDemand'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Netbt\Parameters' -name 'NoNameReleaseOnDemand' -value 1
More Informations
18.4.7
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
Medium Not defined 0
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
RegistryItem :
PerformRouterDiscovery
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -name 'PerformRouterDiscovery'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -name 'PerformRouterDiscovery' -value 0
More Informations
18.4.8
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
Medium Not defined 01
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager
RegistryItem :
SafeDLLSearchMode
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager' -name 'SafeDLLSearchMode'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager' -name 'SafeDLLSearchMode' -value 1
More Informations
18.4.9
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
Medium Not defined 55
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
RegistryItem :
ScreenSaverGracePeriod
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ScreenSaverGracePeriod'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name 'ScreenSaverGracePeriod' -value 5
More Informations
18.4.10
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted
Medium Not defined 53
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters
RegistryItem :
TcpMaxDataRetransmissions
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters' -name 'TcpMaxDataRetransmissions'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters' -name 'TcpMaxDataRetransmissions' -value 3
More Informations
18.4.11
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted
Medium Not defined 53
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters
RegistryItem :
TcpMaxDataRetransmissions
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'TcpMaxDataRetransmissions'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -name 'TcpMaxDataRetransmissions' -value 3
More Informations
18.4.12
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
Medium Not defined 090
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Security
RegistryItem :
WarningLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Security' -name 'WarningLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\Eventlog\Security' -name 'WarningLevel' -value 90
More Informations
Administrative Templates: Network
18.5.4.1
DNS Client: Turn off multicast name resolution (LLMNR)
Medium Not defined 10
DNS Client: Turn off multicast name resolution (LLMNR)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient
RegistryItem :
EnableMulticast
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' -name 'EnableMulticast'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient' -name 'EnableMulticast' -value 0
More Informations
18.5.5.1
Fonts: Enable Font Providers
Medium Not defined 10
Fonts: Enable Font Providers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
EnableFontProviders
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableFontProviders'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableFontProviders' -value 0
More Informations
18.5.8.1
Lanman Workstation: Enable insecure guest logons
Medium Not defined 10
Lanman Workstation: Enable insecure guest logons
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation
RegistryItem :
AllowInsecureGuestAuth
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation' -name 'AllowInsecureGuestAuth'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation' -name 'AllowInsecureGuestAuth' -value 0
More Informations
18.5.9.1.1
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (AllowLLTDIOOndomain)
Medium Not defined 00
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (AllowLLTDIOOndomain)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
AllowLLTDIOOndomain
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowLLTDIOOndomain'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowLLTDIOOndomain' -value 0
More Informations
18.5.9.1.2
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (AllowLLTDIOOnPublicNet)
Medium Not defined 00
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (AllowLLTDIOOnPublicNet)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
AllowLLTDIOOnPublicNet
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowLLTDIOOnPublicNet'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowLLTDIOOnPublicNet' -value 0
More Informations
18.5.9.1.3
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (EnableLLTDIO)
Medium Not defined 00
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (EnableLLTDIO)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
EnableLLTDIO
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'EnableLLTDIO'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'EnableLLTDIO' -value 0
More Informations
18.5.9.1.4
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (ProhibitLLTDIOOnPrivateNet)
Medium Not defined 00
Link-Layer Topology Discovery: Turn on Mapper I/O (LLTDIO) driver (ProhibitLLTDIOOnPrivateNet)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
ProhibitLLTDIOOnPrivateNet
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'ProhibitLLTDIOOnPrivateNet'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'ProhibitLLTDIOOnPrivateNet' -value 0
More Informations
18.5.9.2.1
Turn on Responder (RSPNDR) driver (AllowRspndrOnDomain)
Medium Not defined 00
Turn on Responder (RSPNDR) driver (AllowRspndrOnDomain)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\LLTD
RegistryItem :
AllowRspndrOnDomain
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LLTD' -name 'AllowRspndrOnDomain'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LLTD' -name 'AllowRspndrOnDomain' -value 0
More Informations
18.5.9.2.2
Turn on Responder (RSPNDR) driver (AllowRspndrOnPublicNet)
Medium Not defined 00
Turn on Responder (RSPNDR) driver (AllowRspndrOnPublicNet)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
AllowRspndrOnPublicNet
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowRspndrOnPublicNet'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'AllowRspndrOnPublicNet' -value 0
More Informations
18.5.9.2.3
Turn on Responder (RSPNDR) driver (EnableRspndr)
Medium Not defined 00
Turn on Responder (RSPNDR) driver (EnableRspndr)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
EnableRspndr
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'EnableRspndr'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'EnableRspndr' -value 0
More Informations
18.5.9.2.4
Turn on Responder (RSPNDR) driver (ProhibitRspndrOnPrivateNet)
Medium Not defined 00
Turn on Responder (RSPNDR) driver (ProhibitRspndrOnPrivateNet)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\LLTD
RegistryItem :
ProhibitRspndrOnPrivateNet
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'ProhibitRspndrOnPrivateNet'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\LLTD' -name 'ProhibitRspndrOnPrivateNet' -value 0
More Informations
18.5.10.2
Turn off Microsoft Peer-to-Peer Networking Services
Medium Not defined 01
Turn off Microsoft Peer-to-Peer Networking Services
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\policies\Microsoft\Peernet
RegistryItem :
Disabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Peernet' -name 'Disabled'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Peernet' -name 'Disabled' -value 1
More Informations
18.5.11.2
Network Connections: Prohibit installation and configuration of Network Bridge on your DNS domain network
Medium Not defined 00
Network Connections: Prohibit installation and configuration of Network Bridge on your DNS domain network
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Network Connections
RegistryItem :
NC_AllowNetBridge_NLA
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_AllowNetBridge_NLA'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_AllowNetBridge_NLA' -value 0
More Informations
18.5.11.3
Network Connections: Prohibit use of Internet Connection Sharing on your DNS domain network
Medium Not defined 10
Network Connections: Prohibit use of Internet Connection Sharing on your DNS domain network
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Network Connections
RegistryItem :
NC_ShowSharedAccessUI
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_ShowSharedAccessUI'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_ShowSharedAccessUI' -value 0
More Informations
18.5.11.4
Network Connections: Require domain users to elevate when setting a network's location
Medium Not defined 01
Network Connections: Require domain users to elevate when setting a network's location
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Network Connections
RegistryItem :
NC_StdDomainUserSetLocation
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_StdDomainUserSetLocation'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -name 'NC_StdDomainUserSetLocation' -value 1
More Informations
18.5.14.1.1
Network Provider: Hardened UNC Paths (NETLOGON)
Medium Not defined RequireMutualAuthentication=1,
Network Provider: Hardened UNC Paths (NETLOGON)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
RegistryItem :
\\*\NETLOGON
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' -name '\\*\NETLOGON'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' -name '\\*\NETLOGON' -value RequireMutualAuthentication=1, RequireIntegrity=1
More Informations
18.5.14.1.2
Network Provider: Hardened UNC Paths (SYSVOL)
Medium Not defined RequireMutualAuthentication=1,
Network Provider: Hardened UNC Paths (SYSVOL)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
RegistryItem :
\\*\SYSVOL
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' -name '\\*\SYSVOL'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths' -name '\\*\SYSVOL' -value RequireMutualAuthentication=1, RequireIntegrity=1
More Informations
18.5.19.2.1
Disable IPv6
Medium Not defined 0255
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters
RegistryItem :
DisabledComponents
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters' -name 'DisabledComponents'
Set Value :
Set-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters' -name 'DisabledComponents' -value 255
More Informations
18.5.20.1.1
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (EnableRegistrars)
Medium Not defined 10
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (EnableRegistrars)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars
RegistryItem :
EnableRegistrars
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'EnableRegistrars'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'EnableRegistrars' -value 0
More Informations
18.5.20.1.2
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableUPnPRegistrar)
Medium Not defined 10
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableUPnPRegistrar)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars
RegistryItem :
DisableUPnPRegistrar
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableUPnPRegistrar'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableUPnPRegistrar' -value 0
More Informations
18.5.20.1.3
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableInBand802DOT11Registrar)
Medium Not defined 10
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableInBand802DOT11Registrar)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars
RegistryItem :
DisableInBand802DOT11Registrar
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableInBand802DOT11Registrar'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableInBand802DOT11Registrar' -value 0
More Informations
18.5.20.1.4
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableFlashConfigRegistrar)
Medium Not defined 10
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableFlashConfigRegistrar)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars
RegistryItem :
DisableFlashConfigRegistrar
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableFlashConfigRegistrar'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableFlashConfigRegistrar' -value 0
More Informations
18.5.20.1.5
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableWPDRegistrar)
Medium Not defined 10
Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableWPDRegistrar)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars
RegistryItem :
DisableWPDRegistrar
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableWPDRegistrar'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars' -name 'DisableWPDRegistrar' -value 0
More Informations
18.5.20.2
Windows Connect Now: Prohibit access of the Windows Connect Now wizards
Medium Not defined 01
Windows Connect Now: Prohibit access of the Windows Connect Now wizards
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\UI
RegistryItem :
DisableWcnUi
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\UI' -name 'DisableWcnUi'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\UI' -name 'DisableWcnUi' -value 1
More Informations
18.5.21.1
Windows Connection Manager: Minimize the number of simultaneous connections to the Internet or a Windows Domain
Medium Not defined 13
Windows Connection Manager: Minimize the number of simultaneous connections to the Internet or a Windows Domain
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
RegistryItem :
fMinimizeConnections
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' -name 'fMinimizeConnections'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' -name 'fMinimizeConnections' -value 3
More Informations
18.5.21.2
Windows Connection Manager: Prohibit connection to non-domain networks when connected to domain authenticated network
Medium Not defined 1
Windows Connection Manager: Prohibit connection to non-domain networks when connected to domain authenticated network
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
RegistryItem :
fBlockNonDomain
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' -name 'fBlockNonDomain'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' -name 'fBlockNonDomain' -value 1
More Informations
Administrative Templates: Start Menu and Taskbar
18.7.1.1
Notifications: Turn off notifications network usage
Medium Not defined 01
Notifications: Turn off notifications network usage
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications
RegistryItem :
NoCloudApplicationNotification
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications' -name 'NoCloudApplicationNotification'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications' -name 'NoCloudApplicationNotification' -value 1
More Informations
Administrative Templates: System
18.8.3.1
Audit Process Creation: Include command line in process creation events
Medium Not defined 00
Audit Process Creation: Include command line in process creation events
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit
RegistryItem :
ProcessCreationIncludeCmdLine_Enabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit' -name 'ProcessCreationIncludeCmdLine_Enabled'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit' -name 'ProcessCreationIncludeCmdLine_Enabled' -value 0
More Informations
18.8.4.1
Credentials Delegation: Encryption Oracle Remediation
Medium Not defined 00
Credentials Delegation: Encryption Oracle Remediation
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
RegistryItem :
AllowEncryptionOracle
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name 'AllowEncryptionOracle'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -name 'AllowEncryptionOracle' -value 0
More Informations
18.8.4.2
Credentials Delegation: Remote host allows delegation of non-exportable credentials
Medium Not defined 1
Credentials Delegation: Remote host allows delegation of non-exportable credentials
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation
RegistryItem :
AllowProtectedCreds
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation' -name 'AllowProtectedCreds'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation' -name 'AllowProtectedCreds' -value 1
More Informations
18.8.5.1
Device Guard: Turn On Virtualization Based Security (Policy)
Medium Not defined 1
Device Guard: Turn On Virtualization Based Security (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
EnableVirtualizationBasedSecurity
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'EnableVirtualizationBasedSecurity'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'EnableVirtualizationBasedSecurity' -value 1
More Informations
18.8.5.2
Device Guard: Select Platform Security Level (Policy)
Medium Not defined 3
Device Guard: Select Platform Security Level (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
RequirePlatformSecurityFeatures
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'RequirePlatformSecurityFeatures'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'RequirePlatformSecurityFeatures' -value 3
More Informations
18.8.5.3
Device Guard: Virtualization Based Protection of Code Integrity (Policy)
Medium Not defined 1
Device Guard: Virtualization Based Protection of Code Integrity (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
HypervisorEnforcedCodeIntegrity
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'HypervisorEnforcedCodeIntegrity'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'HypervisorEnforcedCodeIntegrity' -value 1
More Informations
18.8.5.4
Device Guard: Require UEFI Memory Attributes Table (Policy)
Medium Not defined 1
Device Guard: Require UEFI Memory Attributes Table (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
HVCIMATRequired
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'HVCIMATRequired'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'HVCIMATRequired' -value 1
More Informations
18.8.5.5
Device Guard: Credential Guard Configuration (Member)
Medium Not defined 1
Device Guard: Credential Guard Configuration (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
LsaCfgFlags
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'LsaCfgFlags'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'LsaCfgFlags' -value 1
More Informations
18.8.5.6
Device Guard: Credential Guard Configuration (DC)
Medium Not defined 0
Device Guard: Credential Guard Configuration (DC)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
LsaCfgFlags
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'LsaCfgFlags'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'LsaCfgFlags' -value 0
More Informations
18.8.5.7
Device Guard: Secure Launch Configuration (Policy)
Medium Not defined 01
Device Guard: Secure Launch Configuration (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard
RegistryItem :
ConfigureSystemGuardLaunch
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'ConfigureSystemGuardLaunch'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard' -name 'ConfigureSystemGuardLaunch' -value 1
More Informations
18.8.14.1
Early Launch Antimalware: Boot-Start Driver Initialization Policy
Medium Not defined 03
Early Launch Antimalware: Boot-Start Driver Initialization Policy
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\System\CurrentControlSet\Policies\EarlyLaunch
RegistryItem :
DriverLoadPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\System\CurrentControlSet\Policies\EarlyLaunch' -name 'DriverLoadPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\System\CurrentControlSet\Policies\EarlyLaunch' -name 'DriverLoadPolicy' -value 3
More Informations
18.8.21.2
Group Policy: Do not apply during periodic background processing
Medium Not defined 00
Group Policy: Do not apply during periodic background processing
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
RegistryItem :
NoGPOListChanges
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' -name 'NoGPOListChanges'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' -name 'NoGPOListChanges' -value 0
More Informations
18.8.21.3
Group Policy: Process even if the Group Policy objects have not changed
Medium Not defined 10
Group Policy: Process even if the Group Policy objects have not changed
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}
RegistryItem :
NoBackgroundPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' -name 'NoBackgroundPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}' -name 'NoBackgroundPolicy' -value 0
More Informations
18.8.21.4
Group Policy: Continue experiences on this device
Medium Not defined 10
Group Policy: Continue experiences on this device
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
EnableCdp
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableCdp'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableCdp' -value 0
More Informations
18.8.21.5
Group Policy: Turn off background refresh of Group Policy
Medium Not defined 00
Group Policy: Turn off background refresh of Group Policy
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
DisableBkGndGroupPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableBkGndGroupPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableBkGndGroupPolicy' -value 0
More Informations
18.8.22.1.1
Internet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTP
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTP
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows NT\Printers
RegistryItem :
DisableWebPnPDownload
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' -name 'DisableWebPnPDownload'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Printers' -name 'DisableWebPnPDownload' -value 1
More Informations
18.8.22.1.2
Internet Communication Management: Internet Communication settings: Turn off handwriting personalization data sharing
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off handwriting personalization data sharing
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\TabletPC
RegistryItem :
PreventHandwritingDataSharing
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\TabletPC' -name 'PreventHandwritingDataSharing'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\TabletPC' -name 'PreventHandwritingDataSharing' -value 1
More Informations
18.8.22.1.3
Internet Communication Management: Internet Communication settings: Turn off handwriting recognition error reporting
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off handwriting recognition error reporting
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports
RegistryItem :
PreventHandwritingErrorReports
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports' -name 'PreventHandwritingErrorReports'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports' -name 'PreventHandwritingErrorReports' -value 1
More Informations
18.8.22.1.4
Internet Communication Management: Internet Communication settings: Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard
RegistryItem :
ExitOnMSICW
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard' -name 'ExitOnMSICW'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard' -name 'ExitOnMSICW' -value 1
More Informations
18.8.22.1.5
Internet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizards
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizards
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
NoWebServices
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoWebServices'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoWebServices' -value 1
More Informations
18.8.22.1.6
Internet Communication Management: Internet Communication settings: Turn off printing over HTTP
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off printing over HTTP
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers
RegistryItem :
DisableHTTPPrinting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers' -name 'DisableHTTPPrinting'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers' -name 'DisableHTTPPrinting' -value 1
More Informations
18.8.22.1.7
Internet Communication Management: Internet Communication settings: Turn off Registration if URL connection is referring to Microsoft.com
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off Registration if URL connection is referring to Microsoft.com
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Registration Wizard Control
RegistryItem :
NoRegistration
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Registration Wizard Control' -name 'NoRegistration'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Registration Wizard Control' -name 'NoRegistration' -value 1
More Informations
18.8.22.1.8
Internet Communication Management: Internet Communication settings: Turn off Search Companion content file updates
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off Search Companion content file updates
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\SearchCompanion
RegistryItem :
DisableContentFileUpdates
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\SearchCompanion' -name 'DisableContentFileUpdates'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\SearchCompanion' -name 'DisableContentFileUpdates' -value 1
More Informations
18.8.22.1.9
Internet Communication Management: Internet Communication settings: Turn off the 'Order Prints' picture task
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off the 'Order Prints' picture task
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
NoOnlinePrintsWizard
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoOnlinePrintsWizard'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoOnlinePrintsWizard' -value 1
More Informations
18.8.22.1.10
Internet Communication Management: Internet Communication settings: Turn off the 'Publish to Web' task for files and folders
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off the 'Publish to Web' task for files and folders
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
NoPublishingWizard
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoPublishingWizard'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoPublishingWizard' -value 1
More Informations
18.8.22.1.11
Internet Communication Management: Internet Communication settings: Turn off the Windows Messenger Customer Experience Improvement Program
Medium Not defined 02
Internet Communication Management: Internet Communication settings: Turn off the Windows Messenger Customer Experience Improvement Program
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Messenger\Client
RegistryItem :
CEIP
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Messenger\Client' -name 'CEIP'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Messenger\Client' -name 'CEIP' -value 2
More Informations
18.8.22.1.12
Internet Communication Management: Internet Communication settings: Turn off Windows Customer Experience Improvement Program
Medium Not defined 10
Internet Communication Management: Internet Communication settings: Turn off Windows Customer Experience Improvement Program
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\SQMClient\Windows
RegistryItem :
CEIPEnable
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\SQMClient\Windows' -name 'CEIPEnable'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\SQMClient\Windows' -name 'CEIPEnable' -value 0
More Informations
18.8.22.1.13.1
Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 1
Medium Not defined 10
Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 1
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\PCHealth\ErrorReporting
RegistryItem :
DoReport
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\PCHealth\ErrorReporting' -name 'DoReport'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\PCHealth\ErrorReporting' -name 'DoReport' -value 0
More Informations
18.8.22.1.13.2
Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 2
Medium Not defined 01
Internet Communication Management: Internet Communication settings: Turn off Windows Error Reporting 2
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Windows Error Reporting
RegistryItem :
Disabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Windows Error Reporting' -name 'Disabled'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Windows Error Reporting' -name 'Disabled' -value 1
More Informations
18.8.25.1.1
Kerberos: Support device authentication using certificate (DevicePKInitBehavior)
Medium Not defined 10
Kerberos: Support device authentication using certificate (DevicePKInitBehavior)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters
RegistryItem :
DevicePKInitBehavior
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters' -name 'DevicePKInitBehavior'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters' -name 'DevicePKInitBehavior' -value 0
More Informations
18.8.25.1.2
Kerberos: Support device authentication using certificate (DevicePKInitEnabled)
Medium Not defined 11
Kerberos: Support device authentication using certificate (DevicePKInitEnabled)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters
RegistryItem :
DevicePKInitEnabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters' -name 'DevicePKInitEnabled'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters' -name 'DevicePKInitEnabled' -value 1
More Informations
18.8.26.1
Kernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA Protection
Medium Not defined 20
Kernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA Protection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection
RegistryItem :
DeviceEnumerationPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection' -name 'DeviceEnumerationPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection' -name 'DeviceEnumerationPolicy' -value 0
More Informations
18.8.27.1
Locale Services: Disallow copying of user input methods to the system account for sign-in
Medium Not defined 01
Locale Services: Disallow copying of user input methods to the system account for sign-in
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Control Panel\International
RegistryItem :
BlockUserInputMethodsForSignIn
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Control Panel\International' -name 'BlockUserInputMethodsForSignIn'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Control Panel\International' -name 'BlockUserInputMethodsForSignIn' -value 1
More Informations
18.8.28.1
Logon: Block user from showing account details on sign-in
Medium Not defined 01
Logon: Block user from showing account details on sign-in
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
BlockUserFromShowingAccountDetailsOnSignin
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'BlockUserFromShowingAccountDetailsOnSignin'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'BlockUserFromShowingAccountDetailsOnSignin' -value 1
More Informations
18.8.28.2
Logon: Do not display network selection UI
Medium Not defined 01
Logon: Do not display network selection UI
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\System
RegistryItem :
DontDisplayNetworkSelectionUI
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'DontDisplayNetworkSelectionUI'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'DontDisplayNetworkSelectionUI' -value 1
More Informations
18.8.28.3
Logon: Do not enumerate connected users on domain-joined computers
Medium Not defined 01
Logon: Do not enumerate connected users on domain-joined computers
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
DontEnumerateConnectedUsers
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'DontEnumerateConnectedUsers'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'DontEnumerateConnectedUsers' -value 1
More Informations
18.8.28.4
Logon: Enumerate local users on domain-joined computers (Member)
Medium Not defined 00
Logon: Enumerate local users on domain-joined computers (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\System
RegistryItem :
EnumerateLocalUsers
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'EnumerateLocalUsers'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'EnumerateLocalUsers' -value 0
More Informations
18.8.28.5
Logon: Turn off app notifications on the lock screen
Medium Not defined 01
Logon: Turn off app notifications on the lock screen
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\System
RegistryItem :
DisableLockScreenAppNotifications
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'DisableLockScreenAppNotifications'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'DisableLockScreenAppNotifications' -value 1
More Informations
18.8.28.6
Logon: Turn off picture password sign-in
Medium Not defined 01
Logon: Turn off picture password sign-in
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
BlockDomainPicturePassword
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'BlockDomainPicturePassword'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'BlockDomainPicturePassword' -value 1
More Informations
18.8.28.7
Logon: Turn on convenience PIN sign-in
Medium Not defined 10
Logon: Turn on convenience PIN sign-in
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\System
RegistryItem :
AllowDomainPINLogon
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'AllowDomainPINLogon'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\System' -name 'AllowDomainPINLogon' -value 0
More Informations
18.8.31.1
OS Policies: Allow Clipboard synchronization across devices
Medium Not defined 10
OS Policies: Allow Clipboard synchronization across devices
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
AllowCrossDeviceClipboard
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'AllowCrossDeviceClipboard'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'AllowCrossDeviceClipboard' -value 0
More Informations
18.8.31.2
OS Policies: Allow upload of User Activities
Medium Not defined 10
OS Policies: Allow upload of User Activities
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
UploadUserActivities
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'UploadUserActivities'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'UploadUserActivities' -value 0
More Informations
18.8.34.6.1
Sleep Settings: Allow network connectivity during connected-standby (on battery)
Medium Not defined 10
Sleep Settings: Allow network connectivity during connected-standby (on battery)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9
RegistryItem :
DCSettingIndex
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9' -name 'DCSettingIndex'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9' -name 'DCSettingIndex' -value 0
More Informations
18.8.34.6.2
Sleep Settings: Allow network connectivity during connected-standby (plugged in)
Medium Not defined 10
Sleep Settings: Allow network connectivity during connected-standby (plugged in)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9
RegistryItem :
ACSettingIndex
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9' -name 'ACSettingIndex'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9' -name 'ACSettingIndex' -value 0
More Informations
18.8.34.6.3
Sleep Settings: Require a password when a computer wakes (on battery)
Medium Not defined 01
Sleep Settings: Require a password when a computer wakes (on battery)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
RegistryItem :
DCSettingIndex
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' -name 'DCSettingIndex'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' -name 'DCSettingIndex' -value 1
More Informations
18.8.34.6.4
Sleep Settings: Require a password when a computer wakes (plugged in)
Medium Not defined 01
Sleep Settings: Require a password when a computer wakes (plugged in)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
RegistryItem :
ACSettingIndex
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' -name 'ACSettingIndex'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51' -name 'ACSettingIndex' -value 1
More Informations
18.8.36.1
Remote Assistance: Configure Offer Remote Assistance
Medium Not defined 10
Remote Assistance: Configure Offer Remote Assistance
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fAllowUnsolicited
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services' -name 'fAllowUnsolicited'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services' -name 'fAllowUnsolicited' -value 0
More Informations
18.8.36.2
Remote Assistance: Configure Solicited Remote Assistance
Medium Not defined 10
Remote Assistance: Configure Solicited Remote Assistance
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fAllowToGetHelp
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services' -name 'fAllowToGetHelp'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services' -name 'fAllowToGetHelp' -value 0
More Informations
18.8.37.1
Remote Procedure Call: Enable RPC Endpoint Mapper Client Authentication (Member)
Medium Not defined 01
Remote Procedure Call: Enable RPC Endpoint Mapper Client Authentication (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows NT\Rpc
RegistryItem :
EnableAuthEpResolution
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' -name 'EnableAuthEpResolution'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' -name 'EnableAuthEpResolution' -value 1
More Informations
18.8.37.2
Remote Procedure Call: Restrict Unauthenticated RPC clients (Member)
Medium Not defined 01
Remote Procedure Call: Restrict Unauthenticated RPC clients (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows NT\Rpc
RegistryItem :
RestrictRemoteClients
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' -name 'RestrictRemoteClients'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows NT\Rpc' -name 'RestrictRemoteClients' -value 1
More Informations
18.8.47.5.1
Troubleshooting and Diagnostics: Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
Medium Not defined 10
Troubleshooting and Diagnostics: Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
RegistryItem :
DisableQueryRemoteServer
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' -name 'DisableQueryRemoteServer'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy' -name 'DisableQueryRemoteServer' -value 0
More Informations
18.8.47.11.1
Windows Performance PerfTrack: Enable/Disable PerfTrack
Medium Not defined 10
Windows Performance PerfTrack: Enable/Disable PerfTrack
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
RegistryItem :
ScenarioExecutionEnabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' -name 'ScenarioExecutionEnabled'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}' -name 'ScenarioExecutionEnabled' -value 0
More Informations
18.8.49.1
User Profiles: Turn of the advertising ID
Medium Not defined 01
User Profiles: Turn of the advertising ID
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo
RegistryItem :
DisabledByGroupPolicy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo' -name 'DisabledByGroupPolicy'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo' -name 'DisabledByGroupPolicy' -value 1
More Informations
18.8.52.1.1
Time Providers: Enable Windows NTP Client
Medium Not defined 01
Time Providers: Enable Windows NTP Client
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient
RegistryItem :
Enabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient' -name 'Enabled'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient' -name 'Enabled' -value 1
More Informations
18.8.52.1.2
Time Providers: Enable Windows NTP Server (Member)
Medium Not defined 00
Time Providers: Enable Windows NTP Server (Member)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpServer
RegistryItem :
Enabled
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpServer' -name 'Enabled'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpServer' -name 'Enabled' -value 0
More Informations
Administrative Templates: Windows Components
18.9.4.1
App Package Deployment: Allow a Windows app to share application data between users
Medium Not defined 10
App Package Deployment: Allow a Windows app to share application data between users
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager
RegistryItem :
AllowSharedLocalAppData
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager' -name 'AllowSharedLocalAppData'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager' -name 'AllowSharedLocalAppData' -value 0
More Informations
18.9.6.1
App runtime: Allow Microsoft accounts to be optional
Medium Not defined 1
App runtime: Allow Microsoft accounts to be optional
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
MSAOptional
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'MSAOptional'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -name 'MSAOptional' -value 1
More Informations
18.9.8.1
AutoPlay Policies: Disallow Autoplay for non-volume devices
Medium Not defined 01
AutoPlay Policies: Disallow Autoplay for non-volume devices
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Explorer
RegistryItem :
NoAutoplayfornonVolume
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' -name 'NoAutoplayfornonVolume'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Explorer' -name 'NoAutoplayfornonVolume' -value 1
More Informations
18.9.8.2
AutoPlay Policies: Set the default behavior for AutoRun
Medium Not defined 01
AutoPlay Policies: Set the default behavior for AutoRun
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
NoAutorun
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoAutorun'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoAutorun' -value 1
More Informations
18.9.8.3
AutoPlay Policies: Turn off Autoplay
Medium Not defined 0255
AutoPlay Policies: Turn off Autoplay
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
NoDriveTypeAutoRun
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoDriveTypeAutoRun'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'NoDriveTypeAutoRun' -value 255
More Informations
18.9.10.1.1
Biometrics: Facial Features: Configure enhanced anti-spoofing
Medium Not defined 1
Biometrics: Facial Features: Configure enhanced anti-spoofing
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures
RegistryItem :
EnhancedAntiSpoofing
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures' -name 'EnhancedAntiSpoofing'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures' -name 'EnhancedAntiSpoofing' -value 1
More Informations
18.9.12.1
Camera: Allow Use of Camera
Medium Not defined 10
Camera: Allow Use of Camera
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Camera
RegistryItem :
AllowCamera
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Camera' -name 'AllowCamera'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Camera' -name 'AllowCamera' -value 0
More Informations
18.9.13.1
Cloud Content: Turn off cloud optimized content
Medium Not defined 01
Cloud Content: Turn off cloud optimized content
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\CloudContent
RegistryItem :
DisableCloudOptimizedContent
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' -name 'DisableCloudOptimizedContent'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' -name 'DisableCloudOptimizedContent' -value 1
More Informations
18.9.13.2
Cloud Content: Turn off Microsoft consumer experiences
Medium Not defined 01
Cloud Content: Turn off Microsoft consumer experiences
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\CloudContent
RegistryItem :
DisableWindowsConsumerFeatures
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' -name 'DisableWindowsConsumerFeatures'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CloudContent' -name 'DisableWindowsConsumerFeatures' -value 1
More Informations
18.9.14.1
Connect: Require pin for pairing
Medium Not defined 01
Connect: Require pin for pairing
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Connect
RegistryItem :
RequirePinForPairing
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Connect' -name 'RequirePinForPairing'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Connect' -name 'RequirePinForPairing' -value 1
More Informations
18.9.15.1
Credential User Interface: Do not display the password reveal button
Medium Not defined 01
Credential User Interface: Do not display the password reveal button
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\CredUI
RegistryItem :
DisablePasswordReveal
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CredUI' -name 'DisablePasswordReveal'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\CredUI' -name 'DisablePasswordReveal' -value 1
More Informations
18.9.15.2
Credential User Interface: Enumerate administrator accounts on elevation
Medium Not defined 10
Credential User Interface: Enumerate administrator accounts on elevation
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI
RegistryItem :
EnumerateAdministrators
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI' -name 'EnumerateAdministrators'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI' -name 'EnumerateAdministrators' -value 0
More Informations
18.9.16.1
Data Collection and Preview Builds: Allow Telemetry
Medium Not defined 21
Data Collection and Preview Builds: Allow Telemetry
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\DataCollection
RegistryItem :
AllowTelemetry
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'AllowTelemetry'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'AllowTelemetry' -value 1
More Informations
18.9.16.2
Data Collection and Preview Builds: Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
Medium Not defined 01
Data Collection and Preview Builds: Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\DataCollection
RegistryItem :
DisableEnterpriseAuthProxy
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'DisableEnterpriseAuthProxy'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'DisableEnterpriseAuthProxy' -value 1
More Informations
18.9.16.3
Data Collection and Preview Builds: Do not show feedback notifications
Medium Not defined 01
Data Collection and Preview Builds: Do not show feedback notifications
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\DataCollection
RegistryItem :
DoNotShowFeedbackNotifications
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'DoNotShowFeedbackNotifications'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\DataCollection' -name 'DoNotShowFeedbackNotifications' -value 1
More Informations
18.9.16.4
Data Collection and Preview Builds: Toggle user control over Insider builds
Medium Not defined 10
Data Collection and Preview Builds: Toggle user control over Insider builds
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds
RegistryItem :
AllowBuildPreview
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds' -name 'AllowBuildPreview'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\PreviewBuilds' -name 'AllowBuildPreview' -value 0
More Informations
18.9.26.1.1
Event Log Service: Application: Control Event Log behavior when the log file reaches its maximum size
Medium Not defined 0
Event Log Service: Application: Control Event Log behavior when the log file reaches its maximum size
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application
RegistryItem :
Retention
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' -name 'Retention'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' -name 'Retention' -value 0
More Informations
18.9.26.1.2
Event Log Service: Specify the maximum Application log file size (KB)
Medium Not defined 409632768
Event Log Service: Specify the maximum Application log file size (KB)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application
RegistryItem :
MaxSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' -name 'MaxSize'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application' -name 'MaxSize' -value 32768
More Informations
18.9.26.2.1
Event Log Service: Security: Control Event Log behavior when the log file reaches its maximum size
Medium Not defined 0
Event Log Service: Security: Control Event Log behavior when the log file reaches its maximum size
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security
RegistryItem :
Retention
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' -name 'Retention'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' -name 'Retention' -value 0
More Informations
18.9.26.2.2
Event Log Service: Specify the maximum Security log file size (KB)
Medium Not defined 4096196608
Event Log Service: Specify the maximum Security log file size (KB)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security
RegistryItem :
MaxSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' -name 'MaxSize'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security' -name 'MaxSize' -value 196608
More Informations
18.9.26.3.1
Event Log Service: Setup: Control Event Log behavior when the log file reaches its maximum size
Medium Not defined 0
Event Log Service: Setup: Control Event Log behavior when the log file reaches its maximum size
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup
RegistryItem :
Retention
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup' -name 'Retention'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup' -name 'Retention' -value 0
More Informations
18.9.26.3.2
Event Log Service: Setup: Specify the maximum log file size (KB)
Medium Not defined 409632768
Event Log Service: Setup: Specify the maximum log file size (KB)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup
RegistryItem :
MaxSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup' -name 'MaxSize'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\Setup' -name 'MaxSize' -value 32768
More Informations
18.9.26.4.1
Event Log Service: System: Control Event Log behavior when the log file reaches its maximum size
Medium Not defined 0
Event Log Service: System: Control Event Log behavior when the log file reaches its maximum size
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\System
RegistryItem :
Retention
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' -name 'Retention'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' -name 'Retention' -value 0
More Informations
18.9.26.4.2
Event Log Service: Specify the maximum System log file size (KB)
Medium Not defined 409632768
Event Log Service: Specify the maximum System log file size (KB)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\EventLog\System
RegistryItem :
MaxSize
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' -name 'MaxSize'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\EventLog\System' -name 'MaxSize' -value 32768
More Informations
18.9.30.2
File Explorer: Turn off Data Execution Prevention for Explorer
Medium Not defined 0
File Explorer: Turn off Data Execution Prevention for Explorer
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer
RegistryItem :
NoDataExecutionPrevention
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -name 'NoDataExecutionPrevention'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -name 'NoDataExecutionPrevention' -value 0
More Informations
18.9.30.3
File Explorer: Turn off heap termination on corruption
Medium Not defined 0
File Explorer: Turn off heap termination on corruption
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer
RegistryItem :
NoHeapTerminationOnCorruption
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -name 'NoHeapTerminationOnCorruption'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer' -name 'NoHeapTerminationOnCorruption' -value 0
More Informations
18.9.30.4
File Explorer: Turn off shell protocol protected mode
Medium Not defined 0
File Explorer: Turn off shell protocol protected mode
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
RegistryItem :
PreXPSP2ShellProtocolBehavior
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'PreXPSP2ShellProtocolBehavior'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer' -name 'PreXPSP2ShellProtocolBehavior' -value 0
More Informations
18.9.39.1
Location and Sensors: Turn off location
Medium Not defined 01
Location and Sensors: Turn off location
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors
RegistryItem :
DisableLocation
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' -name 'DisableLocation'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors' -name 'DisableLocation' -value 1
More Informations
18.9.43.1
Messaging: Allow Message Service Cloud Sync
Medium Not defined 10
Messaging: Allow Message Service Cloud Sync
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Messaging
RegistryItem :
AllowMessageSync
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Messaging' -name 'AllowMessageSync'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Messaging' -name 'AllowMessageSync' -value 0
More Informations
18.9.44.1
Microsoft account: Block all consumer Microsoft account user authentication
Medium Not defined 1
Microsoft account: Block all consumer Microsoft account user authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftAccount
RegistryItem :
DisableUserAuth
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftAccount' -name 'DisableUserAuth'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\MicrosoftAccount' -name 'DisableUserAuth' -value 1
More Informations
Microsoft Defender Antivirus
18.9.45.3.1
MAPS: Configure local setting override for reporting to Microsoft MAPS
Medium Not defined 0
MAPS: Configure local setting override for reporting to Microsoft MAPS
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet
RegistryItem :
LocalSettingOverrideSpynetReporting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -name 'LocalSettingOverrideSpynetReporting'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -name 'LocalSettingOverrideSpynetReporting' -value 0
More Informations
18.9.45.3.2
MAPS: Join Microsoft MAPS
Medium Not defined 0
MAPS: Join Microsoft MAPS
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet
RegistryItem :
SpynetReporting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -name 'SpynetReporting'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet' -name 'SpynetReporting' -value 0
More Informations
Microsoft Defender Exploit Guard
18.9.45.4.1.1
Attack Surface Reduction rules
Medium Not defined 01
Attack Surface Reduction rules
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR
RegistryItem :
ExploitGuard_ASR_Rules
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' -name 'ExploitGuard_ASR_Rules'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR' -name 'ExploitGuard_ASR_Rules' -value 1
More Informations
18.9.45.4.1.2.1.1
ASR: Block Office applications from creating child processes (Policy)
Medium Not defined 01
ASR: Block Office applications from creating child processes (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
d4f940ab-401b-4efc-aadc-ad5f3c50688a
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'd4f940ab-401b-4efc-aadc-ad5f3c50688a'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'd4f940ab-401b-4efc-aadc-ad5f3c50688a' -value 1
More Informations
18.9.45.4.1.2.1.2
ASR: Block Office applications from creating child processes
Medium Not defined 01
ASR: Block Office applications from creating child processes
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
d4f940ab-401b-4efc-aadc-ad5f3c50688a
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.2.1
ASR: Block Office applications from creating executable content (Policy)
Medium Not defined 01
ASR: Block Office applications from creating executable content (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
3b576869-a4ec-4529-8536-b80a7769e899
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '3b576869-a4ec-4529-8536-b80a7769e899'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '3b576869-a4ec-4529-8536-b80a7769e899' -value 1
More Informations
18.9.45.4.1.2.2.2
ASR: Block Office applications from creating executable content
Medium Not defined 01
ASR: Block Office applications from creating executable content
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
3b576869-a4ec-4529-8536-b80a7769e899
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.3.1
ASR: Block execution of potentially obfuscated scripts (Policy)
Medium Not defined 01
ASR: Block execution of potentially obfuscated scripts (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
5beb7efe-fd9a-4556-801d-275e5ffc04cc
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '5beb7efe-fd9a-4556-801d-275e5ffc04cc'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '5beb7efe-fd9a-4556-801d-275e5ffc04cc' -value 1
More Informations
18.9.45.4.1.2.3.2
ASR: Block execution of potentially obfuscated scripts
Medium Not defined 01
ASR: Block execution of potentially obfuscated scripts
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
5beb7efe-fd9a-4556-801d-275e5ffc04cc
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.4.1
ASR: Block Office applications from injecting into other processes (Policy)
Medium Not defined 01
ASR: Block Office applications from injecting into other processes (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84' -value 1
More Informations
18.9.45.4.1.2.4.2
ASR: Block Office applications from injecting into other processes
Medium Not defined 01
ASR: Block Office applications from injecting into other processes
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.5.1
ASR: Block Adobe Reader from creating child processes (Policy)
Medium Not defined 01
ASR: Block Adobe Reader from creating child processes (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c' -value 1
More Informations
18.9.45.4.1.2.5.2
ASR: Block Adobe Reader from creating child processes
Medium Not defined 01
ASR: Block Adobe Reader from creating child processes
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.6.1
ASR: Block Win32 imports from Macro code in Office (Policy)
Medium Not defined 01
ASR: Block Win32 imports from Macro code in Office (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b' -value 1
More Informations
18.9.45.4.1.2.6.2
ASR: Block Win32 imports from Macro code in Office
Medium Not defined 01
ASR: Block Win32 imports from Macro code in Office
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.7.1
ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy)
Medium Not defined 01
ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2' -value 1
More Informations
18.9.45.4.1.2.7.2
ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Medium Not defined 01
ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.8.1
ASR: Block untrusted and unsigned processes that run from USB (Policy)
Medium Not defined 01
ASR: Block untrusted and unsigned processes that run from USB (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4' -value 1
More Informations
18.9.45.4.1.2.8.2
ASR: Block untrusted and unsigned processes that run from USB
Medium Not defined 01
ASR: Block untrusted and unsigned processes that run from USB
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.9.1
ASR: Block executable content from email client and webmail (Policy)
Medium Not defined 01
ASR: Block executable content from email client and webmail (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550' -value 1
More Informations
18.9.45.4.1.2.9.2
ASR: Block executable content from email client and webmail
Medium Not defined 01
ASR: Block executable content from email client and webmail
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
be9ba2d9-53ea-4cdc-84e5-9b1eeee46550
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.10.1
ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy)
Medium Not defined 01
ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
d3e037e1-3eb8-44c8-a917-57927947596d
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'd3e037e1-3eb8-44c8-a917-57927947596d'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'd3e037e1-3eb8-44c8-a917-57927947596d' -value 1
More Informations
18.9.45.4.1.2.10.2
ASR: Block JavaScript or VBScript from launching downloaded executable content
Medium Not defined 01
ASR: Block JavaScript or VBScript from launching downloaded executable content
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
d3e037e1-3eb8-44c8-a917-57927947596d
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.11.1
ASR: Block Office communication applications from creating child processes (Policy)
Medium Not defined 01
ASR: Block Office communication applications from creating child processes (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
26190899-1602-49e8-8b27-eb1d0a1ce869
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '26190899-1602-49e8-8b27-eb1d0a1ce869'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name '26190899-1602-49e8-8b27-eb1d0a1ce869' -value 1
More Informations
18.9.45.4.1.2.11.2
ASR: Block Office communication applications from creating child processes
Medium Not defined 01
ASR: Block Office communication applications from creating child processes
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
26190899-1602-49e8-8b27-eb1d0a1ce869
Values
Type : Possible Values :
More Informations
18.9.45.4.1.2.12.1
ASR: Block persistence through WMI event subscription (Policy)
Medium Not defined 01
ASR: Block persistence through WMI event subscription (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules
RegistryItem :
e6db77e5-3df2-4cf1-b95a-636979351e5b
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'e6db77e5-3df2-4cf1-b95a-636979351e5b'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules' -name 'e6db77e5-3df2-4cf1-b95a-636979351e5b' -value 1
More Informations
18.9.45.4.1.2.12.2
ASR: Block persistence through WMI event subscription
Medium Not defined 01
ASR: Block persistence through WMI event subscription
Table of settings
UIX
Not defined :
Method
Method :
MpPreferenceAsr
Method Argument :
e6db77e5-3df2-4cf1-b95a-636979351e5b
Values
Type : Possible Values :
More Informations
18.9.45.4.3.1
Network Protection: Prevent users and apps from accessing dangerous websites
Medium Not defined 1
Network Protection: Prevent users and apps from accessing dangerous websites
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
RegistryItem :
EnableNetworkProtection
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' -name 'EnableNetworkProtection'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection' -name 'EnableNetworkProtection' -value 1
More Informations
Microsoft Defender Antivirus
18.9.45.5.1
MpEngine: Enable file hash computation feature
Medium Not defined 1
MpEngine: Enable file hash computation feature
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine
RegistryItem :
EnableFileHashComputation
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine' -name 'EnableFileHashComputation'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine' -name 'EnableFileHashComputation' -value 1
More Informations
18.9.45.8.1
Real-time Protection: Scan all downloaded files and attachments
Medium Not defined 00
Real-time Protection: Scan all downloaded files and attachments
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection
RegistryItem :
DisableIOAVProtection
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableIOAVProtection'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableIOAVProtection' -value 0
More Informations
18.9.45.8.2
Real-time Protection: Turn off real-time protection
Medium Not defined 00
Real-time Protection: Turn off real-time protection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection
RegistryItem :
DisableRealtimeMonitoring
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableRealtimeMonitoring'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableRealtimeMonitoring' -value 0
More Informations
18.9.45.8.3
Real-time Protection: Turn on behavior monitoring (Policy)
Medium Not defined 00
Real-time Protection: Turn on behavior monitoring (Policy)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
RegistryItem :
DisableBehaviorMonitoring
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableBehaviorMonitoring'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection' -name 'DisableBehaviorMonitoring' -value 0
More Informations
18.9.45.10.1
Reporting: Configure Watson events
Medium Not defined 1
Reporting: Configure Watson events
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting
RegistryItem :
DisableGenericRePorts
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' -name 'DisableGenericRePorts'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting' -name 'DisableGenericRePorts' -value 1
More Informations
18.9.45.11.1
Scan: Scan removable drives
Medium Not defined 0
Scan: Scan removable drives
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Scan
RegistryItem :
DisableRemovableDriveScanning
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' -name 'DisableRemovableDriveScanning'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' -name 'DisableRemovableDriveScanning' -value 0
More Informations
18.9.45.11.2
Scan: Turn on e-mail scanning
Medium Not defined 0
Scan: Turn on e-mail scanning
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender\Scan
RegistryItem :
DisableEmailScanning
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' -name 'DisableEmailScanning'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender\Scan' -name 'DisableEmailScanning' -value 0
More Informations
18.9.45.14
Configure detection for potentially unwanted applications
Medium Not defined 01
Configure detection for potentially unwanted applications
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender
RegistryItem :
PUAProtection
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender' -name 'PUAProtection'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender' -name 'PUAProtection' -value 1
More Informations
18.9.45.15
Turn off Windows Defender Antivirus
Medium Not defined 00
Turn off Windows Defender Antivirus
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows Defender
RegistryItem :
DisableAntiSpyware
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender' -name 'DisableAntiSpyware'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows Defender' -name 'DisableAntiSpyware' -value 0
More Informations
Administrative Templates: Windows Components
18.9.55.1
OneDrive: Prevent the usage of OneDrive for file storage
Medium Not defined 01
OneDrive: Prevent the usage of OneDrive for file storage
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\OneDrive
RegistryItem :
DisableFileSyncNGSC
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\OneDrive' -name 'DisableFileSyncNGSC'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\OneDrive' -name 'DisableFileSyncNGSC' -value 1
More Informations
18.9.62.2.2
Remote Desktop Connection Client: Do not allow passwords to be saved
Medium Not defined 01
Remote Desktop Connection Client: Do not allow passwords to be saved
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
DisablePasswordSaving
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'DisablePasswordSaving'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'DisablePasswordSaving' -value 1
More Informations
18.9.62.3.2.1
Remote Desktop Session Host: Connections: Restrict Remote Desktop Services users to a single Remote Desktop Services session
Medium Not defined 1
Remote Desktop Session Host: Connections: Restrict Remote Desktop Services users to a single Remote Desktop Services session
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fSingleSessionPerUser
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fSingleSessionPerUser'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fSingleSessionPerUser' -value 1
More Informations
18.9.62.3.3.1
Remote Desktop Session Host: Device and Resource Redirection: Do not allow COM port redirection
Medium Not defined 01
Remote Desktop Session Host: Device and Resource Redirection: Do not allow COM port redirection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fDisableCcm
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableCcm'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableCcm' -value 1
More Informations
18.9.62.3.3.2
Remote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirection
Medium Not defined 01
Remote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fDisableCdm
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableCdm'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableCdm' -value 1
More Informations
18.9.62.3.3.3
Remote Desktop Session Host: Device and Resource Redirection: Do not allow LPT port redirection
Medium Not defined 01
Remote Desktop Session Host: Device and Resource Redirection: Do not allow LPT port redirection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fDisableLPT
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableLPT'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisableLPT' -value 1
More Informations
18.9.62.3.3.4
Remote Desktop Session Host: Device and Resource Redirection: Do not allow supported Plug and Play device redirection
Medium Not defined 01
Remote Desktop Session Host: Device and Resource Redirection: Do not allow supported Plug and Play device redirection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fDisablePNPRedir
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisablePNPRedir'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fDisablePNPRedir' -value 1
More Informations
18.9.62.3.9.1
Remote Desktop Session Host: Security: Always prompt for password upon connection
Medium Not defined 01
Remote Desktop Session Host: Security: Always prompt for password upon connection
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fPromptForPassword
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fPromptForPassword'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fPromptForPassword' -value 1
More Informations
18.9.62.3.9.2
Remote Desktop Session Host: Security: Require secure RPC communication
Medium Not defined 01
Remote Desktop Session Host: Security: Require secure RPC communication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
fEncryptRPCTraffic
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fEncryptRPCTraffic'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'fEncryptRPCTraffic' -value 1
More Informations
18.9.62.3.9.3
Remote Desktop Session Host: Security: Require use of specific security layer for remote (RDP) connections
Medium Not defined 02
Remote Desktop Session Host: Security: Require use of specific security layer for remote (RDP) connections
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
SecurityLayer
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'SecurityLayer'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'SecurityLayer' -value 2
More Informations
18.9.62.3.9.4
Remote Desktop Session Host: Security: Require user authentication for remote connections by using Network Level Authentication
Medium Not defined 1
Remote Desktop Session Host: Security: Require user authentication for remote connections by using Network Level Authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
UserAuthentication
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'UserAuthentication'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'UserAuthentication' -value 1
More Informations
18.9.62.3.9.5
Remote Desktop Session Host: Security: Set client connection encryption level
Medium Not defined 03
Remote Desktop Session Host: Security: Set client connection encryption level
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
MinEncryptionLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MinEncryptionLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MinEncryptionLevel' -value 3
More Informations
18.9.62.3.10.1
Remote Desktop Session Host: Session Time Limits: Set time limit for active but idle Remote Desktop Services sessions
Medium Not defined 900000
Remote Desktop Session Host: Session Time Limits: Set time limit for active but idle Remote Desktop Services sessions
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
MaxIdleTime
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MaxIdleTime'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MaxIdleTime' -value 900000
More Informations
18.9.62.3.10.2
Remote Desktop Session Host: Session Time Limits: Set time limit for disconnected sessions
Medium Not defined 60000
Remote Desktop Session Host: Session Time Limits: Set time limit for disconnected sessions
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
MaxDisconnectionTime
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MaxDisconnectionTime'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'MaxDisconnectionTime' -value 60000
More Informations
18.9.62.3.11.1
Remote Desktop Session Host: Temporary folders: Do not delete temp folders upon exit
Medium Not defined 1
Remote Desktop Session Host: Temporary folders: Do not delete temp folders upon exit
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
DeleteTempDirsOnExit
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'DeleteTempDirsOnExit'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'DeleteTempDirsOnExit' -value 1
More Informations
18.9.62.3.11.2
Remote Desktop Session Host: Temporary folders: Do not use temporary folders per session
Medium Not defined 1
Remote Desktop Session Host: Temporary folders: Do not use temporary folders per session
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
RegistryItem :
PerSessionTempDir
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'PerSessionTempDir'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name 'PerSessionTempDir' -value 1
More Informations
18.9.63.1
RSS Feeds: Prevent downloading of enclosures
Medium Not defined 1
RSS Feeds: Prevent downloading of enclosures
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds
RegistryItem :
DisableEnclosureDownload
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds' -name 'DisableEnclosureDownload'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds' -name 'DisableEnclosureDownload' -value 1
More Informations
18.9.64.2
Search: Allow Cloud Search
Medium Not defined 10
Search: Allow Cloud Search
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search
RegistryItem :
AllowCloudSearch
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -name 'AllowCloudSearch'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -name 'AllowCloudSearch' -value 0
More Informations
18.9.64.3
Search: Allow indexing of encrypted files
Medium Not defined 10
Search: Allow indexing of encrypted files
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search
RegistryItem :
AllowIndexingEncryptedStoresOrItems
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -name 'AllowIndexingEncryptedStoresOrItems'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search' -name 'AllowIndexingEncryptedStoresOrItems' -value 0
More Informations
18.9.69.1
Software Protection Platform: Turn off KMS Client Online AVS Validation
Medium Not defined 1
Software Protection Platform: Turn off KMS Client Online AVS Validation
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform
RegistryItem :
NoGenTicket
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform' -name 'NoGenTicket'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform' -name 'NoGenTicket' -value 1
More Informations
18.9.80.1.1.1
File Explorer: Configure Windows Defender SmartScreen
Medium Not defined 11
File Explorer: Configure Windows Defender SmartScreen
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
EnableSmartScreen
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableSmartScreen'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'EnableSmartScreen' -value 1
More Informations
18.9.80.1.1.2
File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass
Medium Not defined WarnBlock
File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\System
RegistryItem :
ShellSmartScreenLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'ShellSmartScreenLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -name 'ShellSmartScreenLevel' -value Block
More Informations
18.9.84.1
Windows Ink Workspace: Allow suggested apps in Windows Ink Workspace
Medium Not defined 10
Windows Ink Workspace: Allow suggested apps in Windows Ink Workspace
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace
RegistryItem :
AllowSuggestedAppsInWindowsInkWorkspace
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' -name 'AllowSuggestedAppsInWindowsInkWorkspace'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' -name 'AllowSuggestedAppsInWindowsInkWorkspace' -value 0
More Informations
18.9.84.2
Windows Ink Workspace: Allow Windows Ink Workspace
Medium Not defined 11
Windows Ink Workspace: Allow Windows Ink Workspace
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace
RegistryItem :
AllowWindowsInkWorkspace
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' -name 'AllowWindowsInkWorkspace'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace' -name 'AllowWindowsInkWorkspace' -value 1
More Informations
18.9.85.1
Windows Installer: Allow user control over installs
Medium Not defined 10
Windows Installer: Allow user control over installs
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Installer
RegistryItem :
EnableUserControl
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'EnableUserControl'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'EnableUserControl' -value 0
More Informations
18.9.85.2
Windows Installer: Always install with elevated privileges
Medium Not defined 10
Windows Installer: Always install with elevated privileges
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Installer
RegistryItem :
AlwaysInstallElevated
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'AlwaysInstallElevated'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'AlwaysInstallElevated' -value 0
More Informations
18.9.85.3
Windows Installer: Prevent Internet Explorer security prompt for Windows Installer scripts
Medium Not defined 10
Windows Installer: Prevent Internet Explorer security prompt for Windows Installer scripts
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\Installer
RegistryItem :
SafeForScripting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'SafeForScripting'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\Installer' -name 'SafeForScripting' -value 0
More Informations
18.9.86.1
Windows Logon Options: Sign-in and lock last interactive user automatically after a restart
Medium Not defined 01
Windows Logon Options: Sign-in and lock last interactive user automatically after a restart
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
RegistryItem :
DisableAutomaticRestartSignOn
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableAutomaticRestartSignOn'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -name 'DisableAutomaticRestartSignOn' -value 1
More Informations
PowerShell
18.9.95.1
Turn on PowerShell Script Block Logging
Medium Not defined 00
Turn on PowerShell Script Block Logging
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging
RegistryItem :
EnableScriptBlockLogging
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' -name 'EnableScriptBlockLogging'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging' -name 'EnableScriptBlockLogging' -value 0
More Informations
18.9.95.2
Turn on PowerShell Transcription
Medium Not defined 00
Turn on PowerShell Transcription
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription
RegistryItem :
EnableTranscripting
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription' -name 'EnableTranscripting'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\PowerShell\Transcription' -name 'EnableTranscripting' -value 0
More Informations
Administrative Templates: Windows Components
18.9.97.1.1
WinRM Client: Allow Basic authentication
Medium Not defined 10
WinRM Client: Allow Basic authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client
RegistryItem :
AllowBasic
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowBasic'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowBasic' -value 0
More Informations
18.9.97.1.2
WinRM Client: Allow unencrypted traffic
Medium Not defined 10
WinRM Client: Allow unencrypted traffic
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client
RegistryItem :
AllowUnencryptedTraffic
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowUnencryptedTraffic'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowUnencryptedTraffic' -value 0
More Informations
18.9.97.1.3
WinRM Client: Disallow Digest authentication
Medium Not defined 10
WinRM Client: Disallow Digest authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client
RegistryItem :
AllowDigest
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowDigest'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client' -name 'AllowDigest' -value 0
More Informations
18.9.97.2.1
WinRM Service: Allow Basic authentication
Medium Not defined 10
WinRM Service: Allow Basic authentication
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service
RegistryItem :
AllowBasic
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowBasic'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowBasic' -value 0
More Informations
18.9.97.2.2
WinRM Service: Allow remote server management through WinRM
Medium Not defined 10
WinRM Service: Allow remote server management through WinRM
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:Software\Policies\Microsoft\Windows\WinRM\Service
RegistryItem :
AllowAutoConfig
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowAutoConfig'
Set Value :
Set-ItemProperty -path 'HKLM:Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowAutoConfig' -value 0
More Informations
18.9.97.2.3
WinRM Service: Allow unencrypted traffic
Medium Not defined 10
WinRM Service: Allow unencrypted traffic
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service
RegistryItem :
AllowUnencryptedTraffic
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowUnencryptedTraffic'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'AllowUnencryptedTraffic' -value 0
More Informations
18.9.97.2.4
WinRM Service: Disallow WinRM from storing RunAs credentials
Medium Not defined 01
WinRM Service: Disallow WinRM from storing RunAs credentials
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service
RegistryItem :
DisableRunAs
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'DisableRunAs'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service' -name 'DisableRunAs' -value 1
More Informations
18.9.98.1
Windows Remote Shell: Allow Remote Shell Access
Medium Not defined 10
Windows Remote Shell: Allow Remote Shell Access
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS
RegistryItem :
AllowRemoteShellAccess
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS' -name 'AllowRemoteShellAccess'
Set Value :
Set-ItemProperty -path 'HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS' -name 'AllowRemoteShellAccess' -value 0
More Informations
18.9.99.2.1
App and browser protection: Prevent users from modifying settings
Medium Not defined 1
App and browser protection: Prevent users from modifying settings
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection
RegistryItem :
DisallowExploitProtectionOverride
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection' -name 'DisallowExploitProtectionOverride'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection' -name 'DisallowExploitProtectionOverride' -value 1
More Informations
18.9.102.1.1.1
Windows Update: Windows Update for Business: Manage preview builds (ManagePreviewBuilds)
Medium Not defined 1
Windows Update: Windows Update for Business: Manage preview builds (ManagePreviewBuilds)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
ManagePreviewBuilds
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'ManagePreviewBuilds'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'ManagePreviewBuilds' -value 1
More Informations
18.9.102.1.1.2
Windows Update: Windows Update for Business: Manage preview builds (ManagePreviewBuildsPolicyValue)
Medium Not defined 0
Windows Update: Windows Update for Business: Manage preview builds (ManagePreviewBuildsPolicyValue)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
ManagePreviewBuildsPolicyValue
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'ManagePreviewBuildsPolicyValue'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'ManagePreviewBuildsPolicyValue' -value 0
More Informations
18.9.102.1.2.1
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (DeferFeatureUpdates)
Medium Not defined 1
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (DeferFeatureUpdates)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
DeferFeatureUpdates
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferFeatureUpdates'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferFeatureUpdates' -value 1
More Informations
18.9.102.1.2.2
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (BranchReadinessLevel)
Medium Not defined 16
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (BranchReadinessLevel)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
BranchReadinessLevel
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'BranchReadinessLevel'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'BranchReadinessLevel' -value 16
More Informations
18.9.102.1.2.3
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (DeferFeatureUpdatesPeriodInDays)
Medium Not defined 180
Windows Update: Windows Update for Business: Select when Preview Builds and Feature Updates are received (DeferFeatureUpdatesPeriodInDays)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
DeferFeatureUpdatesPeriodInDays
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferFeatureUpdatesPeriodInDays'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferFeatureUpdatesPeriodInDays' -value 180
More Informations
18.9.102.1.3.1
Windows Update: Windows Update for Business: Select when Quality Updates are received (DeferQualityUpdates)
Medium Not defined 1
Windows Update: Windows Update for Business: Select when Quality Updates are received (DeferQualityUpdates)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
DeferQualityUpdates
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferQualityUpdates'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferQualityUpdates' -value 1
More Informations
18.9.102.1.3.2
Windows Update: Windows Update for Business: Select when Quality Updates are received (DeferQualityUpdatesPeriodInDays)
Medium Not defined 0
Windows Update: Windows Update for Business: Select when Quality Updates are received (DeferQualityUpdatesPeriodInDays)
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
RegistryItem :
DeferQualityUpdatesPeriodInDays
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferQualityUpdatesPeriodInDays'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -name 'DeferQualityUpdatesPeriodInDays' -value 0
More Informations
18.9.102.2
Windows Update: Configure Automatic Updates
Medium Not defined 0
Windows Update: Configure Automatic Updates
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au
RegistryItem :
NoAutoUpdate
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'NoAutoUpdate'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'NoAutoUpdate' -value 0
More Informations
18.9.102.3
Windows Update: Configure Automatic Updates: Scheduled install day
Medium Not defined 0
Windows Update: Configure Automatic Updates: Scheduled install day
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au
RegistryItem :
ScheduledInstallDay
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'ScheduledInstallDay'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'ScheduledInstallDay' -value 0
More Informations
18.9.102.4
Windows Update: No auto-restart with logged on users for scheduled automatic updates installations
Medium Not defined 0
Windows Update: No auto-restart with logged on users for scheduled automatic updates installations
Table of settings
UIX
Not defined :
Method
Method :
Registry
Registry
RegistryPath :
HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au
RegistryItem :
NoAutoRebootWithLoggedOnUsers
Values
Type : Possible Values :
Powershell Command
Get Value :
Get-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'NoAutoRebootWithLoggedOnUsers'
Set Value :
Set-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\Au' -name 'NoAutoRebootWithLoggedOnUsers' -value 0
More Informations