Policy definitions for DISA templates
Policy definitions for all DISA templates available in BMC Server Automation are listed below:
For a list of DISA properties included in the server built-in, custom, and local property class, see:
Microsoft Windows Server 2012 DC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Microsoft Windows Server 2012 DC.
Asset/Part Used
Part name | Part type |
|---|---|
??DIR_PATH_NTDS?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR?? | |
??TARGET.WINDIR??/SYSVOL/sysvol | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services1 (SeRemoteInteractiveLogonRight) | |
Allow log on through Remote Desktop Services2 (SeRemoteInteractiveLogonRight) | |
Back up files and directories (SeBackupPrivilege) | |
build version | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
Enforce user logon restrictions | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Get List of NTP servers | |
Get NTDS Drive | |
Get NTDS Path Database log files path | |
Get NTDS Path DSA Database file | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
List of unauthorized shares | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Maximum lifetime for service ticket | |
Maximum lifetime for user ticket | |
Maximum lifetime for user ticket renewal | |
Maximum tolerance for computer clock synchronization | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Automatic_V-8327 | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
Synchronize directory service data (SeSyncAgentPrivilege) | |
Take ownership of files or other objects | |
User Password Requirement | |
V-1080 | |
V-1088 | |
V-1120 | |
V-1121 | |
V-14225 | |
V-14831 | |
V-36662 | |
V-6840 | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
??PATH_NTDS?? | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | Registry Value |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\UseWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultpassword | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Enabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International\BlockUserInputMethodsForSignIn | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisablePcaUI | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredUI\DisablePasswordReveal | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DriverServerSelection | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoUseStoreOpenWith | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\DisableLockScreenAppNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\EnableSmartScreen | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsStore\RemoveWindowsStore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsStore\WindowsUpdate\AutoDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Database log files path | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\DSA Database file | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableIPAutoConfigurationLimits | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit Credential Validation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Computer Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Other Account Management Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Security Group Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit User Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit Process Creation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit directory service access | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\DS Access\Audit Directory Service Changes | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logoff | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Special Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Central Policy Staging | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit File System | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Handle Manipulation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Registry | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Removable Storage | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Audit Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Authentication Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Privilege Use\Audit Sensitive Privilege Use | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit IPsec Driver | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security State Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security System Extension | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit System Integrity | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshhold | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Microsoft Network server : Server SPN target name validation level | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback | |
Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM | |
Security Settings\Local Policies\Security Options\Network security: Allow PKU2U authentication requests to this computer to use online identities | |
Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account | |
Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop | |
Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | |
Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users | |
Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations | |
Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode | |
Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation | |
Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations | |
/ | Windows Application |
EMET* | |
Fax | Windows Service |
McAfee Framework Service | |
Microsoft FTP Service | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Smart Card Removal Policy | |
Telnet | |
Windows Time |
Microsoft Windows Server 2012 MS
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Microsoft Windows Server 2012 MS .
Asset/Part Used
Part name | Part type |
|---|---|
??TARGET.SYSTEMDRIVE?? | Directory |
??TARGET.WINDIR?? | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Act as part of the operating system | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services1 (SeRemoteInteractiveLogonRight) | |
Allow log on through Remote Desktop Services2 (SeRemoteInteractiveLogonRight) | |
Back up files and directories (SeBackupPrivilege) | |
build version | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Get List of NTP servers | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
Take ownership of files or other objects | |
User Password Requirement | |
V-1080 | |
V-1088 | |
V-1120 | |
V-1121 | |
V-14225 | |
V-36662 | |
V-6840 | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | Registry Value |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing\UseWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\ProcessCreationIncludeCmdLine_Enabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableAutomaticRestartSignOn | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\MSAOptional | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultpassword | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Enabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International\BlockUserInputMethodsForSignIn | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClear | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisablePcaUI | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredUI\DisablePasswordReveal | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DriverServerSelection | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoUseStoreOpenWith | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization\NoLockScreenSlideshow | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\DisableLockScreenAppNotifications | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DontDisplayNetworkSelectionUI | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\EnableSmartScreen | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\EnumerateLocalUsers | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowBasic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowDigest | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client\AllowUnencryptedTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\AllowBasic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\AllowUnencryptedTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\DisableRunAs | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsStore\RemoveWindowsStore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsStore\WindowsUpdate\AutoDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\EarlyLaunch\DriverLoadPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableIPAutoConfigurationLimits | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold | |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Minimum password length | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Logon\Audit Credential Validation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Computer Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Other Account Management Events | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit Security Group Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Account Management\Audit User Account Management | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Detailed Tracking\Audit Process Creation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logoff | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Logon/Logoff\Audit Special Logon | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Central Policy Staging | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit File System | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Handle Manipulation | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Registry | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Object Access\Audit Removable Storage | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Audit Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Policy Change\Audit Authentication Policy Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\Privilege Use\Audit Sensitive Privilege Use | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit IPsec Driver | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security State Change | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit Security System Extension | |
Security Settings\Advanced Audit Policy Configuration\System Audit Policies - Local Group Policy Object\System\Audit System Integrity | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine account lockout threshhold | |
Security Settings\Local Policies\Security Options\Interactive logon: Machine inactivity limit | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Microsoft Network server : Server SPN target name validation level | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback | |
Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM | |
Security Settings\Local Policies\Security Options\Network security: Allow PKU2U authentication requests to this computer to use online identities | |
Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account | |
Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop | |
Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | |
Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users | |
Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations | |
Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode | |
Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation | |
Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations | |
/ | Windows Application |
EMET* | |
Fax | Windows Service |
McAfee Framework Service | |
Microsoft FTP Service | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Smart Card Removal Policy | |
Telnet |
Microsoft Windows Server 2008 R2 DC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Asset/Part Used
Part name | Part type |
|---|---|
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
??TARGET.WINDIR??/SYSVOL/sysvol | |
/C | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Account lockout threshold | |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services (SeRemoteInteractiveLogonRight) | |
Audit - Computer Account Management - Failure | |
Audit - Computer Account Management - Success | |
Audit - Credential Validation - Failure | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver - Failure | |
Audit - IPSec Driver - Success | |
Audit - Other Account Management Events - Failure | |
Audit - Other Account Management Events - Success | |
Audit - Security Group Management - Failure | |
Audit - Security Group Management - Success | |
Back up files and directories (SeBackupPrivilege) | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
Enforce user logon restrictions | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Maximum lifetime for service ticket | |
Maximum lifetime for user ticket | |
Maximum lifetime for user ticket renewal | |
Maximum tolerance for computer clock synchronization | |
Minimum password length | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network Security: Allow LocalSystem NULL session fallback | |
Network Security: Allow Local System to use computer identity for NTLM | |
Network Security: Allow PKU2U authentication requests to this computer to use online identities | |
Network Security: Configure encryption types allowed for Kerberos | |
Network security: LAN Manager authentication level | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Remove computer from docking station (SeUndockPrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
Synchronize directory service data (SeSyncAgentPrivilege) | |
System cryptography: Force strong key protection for user keys stored in the computer | |
Take ownership of files or other objects | |
The number of allowed bad-logon attempts will meet minimum requirements | |
User Password Requirement | |
V-1080 | |
V-1120 | |
V-1121 | |
V-14271 | |
V-14831 | |
V-15823 | |
V-16006 | |
V-6840 | |
Add workstations to domain | Extended Object Entry |
Audit - Audit Policy Change - Failure//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Failure//findings/PolicyChange/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/PolicyChange/AuditPolicyChange | |
Audit - Authentication Policy Change - Success//findings/AccountManagement/AuthenticationPolicyChange | |
Audit - Authentication Policy Change - Success//findings/PolicyChange/AuthenticationPolicyChange | |
Audit - Computer Account Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Computer Account Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Credential Validation - Failure//findings/AccountLogon/CredentialValidation | |
Audit - Credential Validation - Success//findings/AccountLogon/CredentialValidation | |
Audit - File System - Failure//findings/AccountManagement/FileSystem | |
Audit - File System - Failure//findings/ObjectAccess/FileSystem | |
Audit - File System - Success//findings/AccountManagement/FileSystem | |
Audit - IPSec Driver - Failure//findings/System/IPSecDriver | |
Audit - IPSec Driver - Success//findings/PrivilegeUse/IPSecDriver | |
Audit - IPSec Driver - Success//findings/System/IPSecDriver | |
Audit - Logoff - Success//findings/AccountManagement/Logoff | |
Audit - Logoff - Success//findings/LogonLogoff/Logoff | |
Audit - Logon - Failure//findings/AccountManagement/Logon | |
Audit - Logon - Failure//findings/LogonLogoff/Logon | |
Audit - Logon - Success//findings/AccountManagement/Logon | |
Audit - Logon - Success//findings/LogonLogoff/Logon | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Other Account Management Events - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Success//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Success//findings/AccountManagement/Other Account Management Events | |
Audit - Process Creation - Success//findings/AccountManagement/ProcessCreation | |
Audit - Process Creation - Success//findings/DetailedTracking/ProcessCreation | |
Audit - Registry - Failure//findings/AccountManagement/Registry | |
Audit - Registry - Failure//findings/ObjectAccess/Registry | |
Audit - Security Group Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Security Group Management - Failure//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Security Group Management | |
Audit - Security Group Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Other Account Management Events | |
Audit - SecurityGroupManagement - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Security Group Management | |
Audit - Security State Change - Failure//findings/System/SecurityStateChange | |
Audit - Security State Change - Success//findings/System/SecurityStateChange | |
Audit - Security System Extension - Failure//findings/System/SecuritySystemExtension | |
Audit - Security System Extension - Success//findings/System/SecuritySystemExtension | |
Audit - Sensitive Privilege Use - Failure//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/AccountManagement/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Special Logon - Success//findings/AccountManagement/Special Logon | |
Audit - Special Logon - Success//findings/LogonLogoff/SpecialLogon | |
Audit - Special Logon - Success//findings/LogonLogoff/Special Logon | |
Audit - System Integrity - Failure//findings/System/SystemIntegrity | |
Audit - System Integrity - Success//findings/System/SystemIntegrity | |
Audit - User Account Management - Failure//findings/AccountManagement/UserAccountManagement | |
Audit - User Account Management - Success//findings/AccountManagement/UserAccountManagement | |
Inactive User Accounts//SRR_Result/status | |
Restore files and directories (SeRestorePrivilege)//SRR_Result/status | |
The number of allowed bad-logon attempts will meet minimum requirements//SRR_Result/status | |
User Password Requirement//SRR_Result/status | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 4.0 | |
DFS Namespace | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Netlogon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
Microsoft Windows Server 2008 R2 MS
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 65% |
EO based | 35% |
Asset/Part Used
Part name | Part type |
|---|---|
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
/C | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Account lockout threshold | |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services (SeRemoteInteractiveLogonRight) | |
Audit - Audit Policy Change - Failure | |
Audit - Audit Policy Change - Success | |
Audit - Authentication Policy Change - Success | |
Audit - Computer Account Management - Failure | |
Audit - Computer Account Management - Success | |
Audit - Credential Validation - Failure | |
Audit - Credential Validation - Success | |
Audit - File System - Failure | |
Audit - File System - Success | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver - Failure | |
Audit - IPSec Driver - Success | |
Audit - Logoff - Success | |
Audit - Logon - Failure | |
Audit - Logon - Success | |
Audit - Other Account Management Events - Failure | |
Audit - Other Account Management Events - Success | |
Audit - Process Creation - Success | |
Audit - Registry - Failure | |
Audit - Security Group Management - Failure | |
Audit - SecurityGroupManagement - Success | |
Audit - Security Group Management - Success | |
Audit - Security State Change - Failure | |
Audit - Security State Change - Success | |
Audit - Security System Extension - Failure | |
Audit - Security System Extension - Success | |
Audit - Sensitive Privilege Use - Failure | |
Audit - Sensitive Privilege Use - Success | |
Audit - Special Logon - Success | |
Audit - System Integrity - Failure | |
Audit - System Integrity - Success | |
Audit - User Account Management - Failure | |
Audit - User Account Management - Success | |
Back up files and directories (SeBackupPrivilege) | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Minimum password length | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network Security: Allow LocalSystem NULL session fallback | |
Network Security: Allow Local System to use computer identity for NTLM | |
Network Security: Allow PKU2U authentication requests to this computer to use online identities | |
Network Security: Configure encryption types allowed for Kerberos | |
Network security: LAN Manager authentication level | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Remove computer from docking station (SeUndockPrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
System cryptography: Force strong key protection for user keys stored in the computer | |
Take ownership of files or other objects | |
The number of allowed bad-logon attempts will meet minimum requirements | |
User Password Requirement | |
V-1080 | |
V-1120 | |
V-1121 | |
V-1131-32 | |
V-1131-64 | |
V-14271 | |
V-15823 | |
V-16006 | |
V-6840 | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 4.0 | |
DFS Namespace | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Netlogon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
Microsoft Windows Server 2008 DC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Asset/Part Used
Part name | Part type |
|---|---|
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
/C | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Account lockout threshold | |
Act as part of the operating system | |
Audit - Account Lockout | |
Audit - Application Generated | |
Audit - Application Group Management | |
Audit - Audit Policy Change | |
Audit - Authentication Policy Change | |
Audit - Authorization Policy Change | |
Audit - Certification Services | |
Audit - Computer Account Management | |
Audit - Credential Validation | |
Audit - Detailed Directory Service Replication | |
Audit - Directory Service Access | |
Audit - Directory Service Changes | |
Audit - Directory Service Replication | |
Audit - Distribution Group Management | |
Audit - DPAPI Activity | |
Audit - File Share | |
Audit - File System | |
Audit - Filtering Platform Connection | |
Audit - Filtering Platform Packet Drop | |
Audit - Filtering Platform Policy Change | |
Audit - Handle Manipulation | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver | |
Audit - IPsec Extended Mode | |
Audit - IPsec Main Mode | |
Audit - IPsec Quick Mode | |
Audit - Kerberos Authentication Service | |
Audit - Kerberos Service Ticket Operations | |
Audit - Kernel Object | |
Audit - Logoff | |
Audit - Logon | |
Audit - MPSSVC Rule-Level Policy Change | |
Audit - Network Policy Server | |
Audit - Non Sensitive Privilege Use | |
Audit - Other Account Logon Events | |
Audit - Other Account Management Events | |
Audit - Other LogonLogoff Events | |
Audit - Other Object Access Events | |
Audit - Other Policy Change Events | |
Audit - Other Privilege Use Events | |
Audit - Other System Events | |
Audit - Process Creation | |
Audit - Process Termination | |
Audit - Registry | |
Audit - RPC Events | |
Audit - SAM | |
Audit - Security Group Management | |
Audit - Security State Change | |
Audit - Security System Extension | |
Audit - Sensitive Privilege Use | |
Audit - Special Logon | |
Audit - System Integrity | |
Audit - User Account Management | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enforce user logon restrictions | |
File System information | |
Inactive User Accounts | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Maximum lifetime for service ticket | |
Maximum lifetime for user ticket | |
Maximum lifetime for user ticket renewal | |
Maximum tolerance for computer clock synchronization | |
Minimum password length | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network security: LAN Manager authentication level | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Synchronize directory service data (SeSyncAgentPrivilege) | |
System cryptography: Force strong key protection for user keys stored in the computer | |
The number of allowed bad-logon attempts will meet minimum requirements | |
User Password Requirement | |
V-1080 | |
V-1103: Access Credential Manager as a trusted caller | |
V-1103: Access this computer from the network | |
V-1103: Add workstations to domain | |
V-1103: Adjust memory quotas for a process | |
V-1103: Allow log on locally | |
V-1103: Allow log on through Terminal Services | |
V-1103: Backup files and directories | |
V-1103: Bypass traverse checking | |
V-1103: Change the system time | |
V-1103: Change the time zone | |
V-1103: Create a pagefile | |
V-1103: Create a token object | |
V-1103: Create global objects | |
V-1103: Create permanent shared objects | |
V-1103: Create symbolic links | |
V-1103: Enable computer and user accounts to be trusted for delegation | |
V-1103: Force shutdown from a remote system | |
V-1103: Generate security audits | |
V-1103: Impersonate a client after authentication | |
V-1103: Increase a process working set | |
V-1103: Increase scheduling priority | |
V-1103: Load and unload device drivers | |
V-1103: Lock pages in memory | |
V-1103: Log on as a batch job | |
V-1103: Manage auditing and security log | |
V-1103: Modify an object label | |
V-1103: Modify firmware environment values | |
V-1103: Perform volume maintenance tasks | |
V-1103: Profile single process | |
V-1103: Profile system performance | |
V-1103: Remove computer from docking station | |
V-1103: Replace a process level token | |
V-1103: Restore files and directories | |
V-1103: Shut down the system | |
V-1103: Take ownership of files or other objects | |
V-1120 | |
V-1121 | |
V-1131-32 | |
V-1131-64 | |
V-14271 | |
V-14831 | |
V-15823 | |
V-16006 | |
V-16007 | |
V-6840 | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
??TARGET.WINDIR??\SYSVOL/domain/Policies/** | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\(Default) | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultpasswordvalue | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContent | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\defaultpassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContent | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFolders | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Mail\DisableCommunities | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\CodecDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\Webhelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\WebPublish | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\Webhelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublish | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmcia\Start | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 4.0 | |
DFS Namespace | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Netlogon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
Microsoft Windows Server 2008 MS
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Asset/Part Used
Part name | Part type |
|---|---|
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
/C | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Account lockout threshold | |
Act as part of the operating system | |
Audit - Account Lockout | |
Audit - Application Generated | |
Audit - Application Group Management | |
Audit - Audit Policy Change | |
Audit - Authentication Policy Change | |
Audit - Authorization Policy Change | |
Audit - Certification Services | |
Audit - Computer Account Management | |
Audit - Credential Validation | |
Audit - Detailed Directory Service Replication | |
Audit - Directory Service Access | |
Audit - Directory Service Changes | |
Audit - Directory Service Replication | |
Audit - Distribution Group Management | |
Audit - DPAPI Activity | |
Audit - File Share | |
Audit - File System | |
Audit - Filtering Platform Connection | |
Audit - Filtering Platform Packet Drop | |
Audit - Filtering Platform Policy Change | |
Audit - Handle Manipulation | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver | |
Audit - IPsec Extended Mode | |
Audit - IPsec Main Mode | |
Audit - IPsec Quick Mode | |
Audit - Kerberos Authentication Service | |
Audit - Kerberos Service Ticket Operations | |
Audit - Kernel Object | |
Audit - Logoff | |
Audit - Logon | |
Audit - MPSSVC Rule-Level Policy Change | |
Audit - Network Policy Server | |
Audit - Non Sensitive Privilege Use | |
Audit - Other Account Logon Events | |
Audit - Other Account Management Events | |
Audit - Other LogonLogoff Events | |
Audit - Other Object Access Events | |
Audit - Other Policy Change Events | |
Audit - Other Privilege Use Events | |
Audit - Other System Events | |
Audit - Process Creation | |
Audit - Process Termination | |
Audit - Registry | |
Audit - RPC Events | |
Audit - SAM | |
Audit - Security Group Management | |
Audit - Security State Change | |
Audit - Security System Extension | |
Audit - Sensitive Privilege Use | |
Audit - Special Logon | |
Audit - System Integrity | |
Audit - User Account Management | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
File System information | |
Inactive User Accounts | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Minimum password length | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network security: LAN Manager authentication level | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
System cryptography: Force strong key protection for user keys stored in the computer | |
The number of allowed bad-logon attempts will meet minimum requirements | |
User Password Requirement | |
V-1080 | |
V-1103: Access Credential Manager as a trusted caller | |
V-1103: Access this computer from the network | |
V-1103: Add workstations to domain | |
V-1103: Adjust memory quotas for a process | |
V-1103: Allow log on locally | |
V-1103: Allow log on through Terminal Services | |
V-1103: Backup files and directories | |
V-1103: Bypass traverse checking | |
V-1103: Change the system time | |
V-1103: Change the time zone | |
V-1103: Create a pagefile | |
V-1103: Create a token object | |
V-1103: Create global objects | |
V-1103: Create permanent shared objects | |
V-1103: Create symbolic links | |
V-1103: Enable computer and user accounts to be trusted for delegation | |
V-1103: Force shutdown from a remote system | |
V-1103: Generate security audits | |
V-1103: Impersonate a client after authentication | |
V-1103: Increase a process working set | |
V-1103: Increase scheduling priority | |
V-1103: Load and unload device drivers | |
V-1103: Lock pages in memory | |
V-1103: Log on as a batch job | |
V-1103: Manage auditing and security log | |
V-1103: Modify an object label | |
V-1103: Modify firmware environment values | |
V-1103: Perform volume maintenance tasks | |
V-1103: Profile single process | |
V-1103: Profile system performance | |
V-1103: Remove computer from docking station | |
V-1103: Replace a process level token | |
V-1103: Restore files and directories | |
V-1103: Shut down the system | |
V-1103: Take ownership of files or other objects | |
V-1120 | |
V-1121 | |
V-1131-32 | |
V-1131-64 | |
V-14271 | |
V-15823 | |
V-16006 | |
V-6840 | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContent | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFolders | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Mail\DisableCommunities | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Mail\ManualLaunchAllowed | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\CodecDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\Webhelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\WebPublish | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\Webhelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublish | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 3.0.0 | |
EMET 4.0 | |
EMET 4.0.0 | |
DFS Namespace | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Netlogon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
Microsoft Windows Server 2003 DC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Asset/Part Used
Part name | Part type |
|---|---|
LocalComputer/VW-PUN-BLG-QA1G/DefaultAuthenticationLevel | Complus Property |
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
??TARGET.WINDIR??/SYSVOL/sysvol | |
/C | |
/C/WINDOWS | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
Application | Event Log |
Security | |
System | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Account lockout threshold | |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services (SeRemoteInteractiveLogonRight) | |
Audit - Computer Account Management - Failure | |
Audit - Computer Account Management - Success | |
Audit - Credential Validation - Failure | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver - Failure | |
Audit - IPSec Driver - Success | |
Audit - Other Account Management Events - Failure | |
Audit - Other Account Management Events - Success | |
Audit - Security Group Management - Failure | |
Audit - Security Group Management - Success | |
Back up files and directories (SeBackupPrivilege) | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
Enforce user logon restrictions | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Maximum lifetime for service ticket | |
Maximum lifetime for user ticket | |
Maximum lifetime for user ticket renewal | |
Maximum tolerance for computer clock synchronization | |
Minimum password length | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended) | |
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) | |
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection is not acknowledged | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network Security: Allow LocalSystem NULL session fallback | |
Network Security: Allow Local System to use computer identity for NTLM | |
Network Security: Allow PKU2U authentication requests to this computer to use online identities | |
Network Security: Configure encryption types allowed for Kerberos | |
Network security: LAN Manager authentication level | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Remove computer from docking station (SeUndockPrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Restricted accounts are not disabled. | |
Restricted accounts are not disabled.(HelpAssistant) | |
Restricted accounts are not disabled.(SUPPORT_388945a0) | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
Synchronize directory service data (SeSyncAgentPrivilege) | |
System cryptography: Force strong key protection for user keys stored in the computer | |
Take ownership of files or other objects | |
The number of allowed bad-logon attempts will meet minimum requirements | |
The Task Scheduler service must be disabled. | |
User Password Requirement | |
V-1080 | |
V-1103: Access Credential Manager as a trusted caller | |
V-1103: Access this computer from the network | |
V-1103: Add workstations to domain | |
V-1103: Adjust memory quotas for a process | |
V-1103: Allow log on locally | |
V-1103: Allow log on through Terminal Services | |
V-1103: Backup files and directories | |
V-1103: Bypass traverse checking | |
V-1103: Change the system time | |
V-1103: Change the time zone | |
V-1103: Create a pagefile | |
V-1103: Create a token object | |
V-1103: Create global objects | |
V-1103: Create permanent shared objects | |
V-1103: Create symbolic links | |
V-1103: Enable computer and user accounts to be trusted for delegation | |
V-1103: Force shutdown from a remote system | |
V-1103: Generate security audits | |
V-1103: Impersonate a client after authentication | |
V-1103: Increase a process working set | |
V-1103: Increase scheduling priority | |
V-1103: Load and unload device drivers | |
V-1103: Lock pages in memory | |
V-1103: Log on as a batch job | |
V-1103: Log on as a service | |
V-1103: Manage auditing and security log | |
V-1103: Modify an object label | |
V-1103: Modify firmware environment values | |
V-1103: Perform volume maintenance tasks | |
V-1103: Profile single process | |
V-1103: Profile system performance | |
V-1103: Remove computer from docking station | |
V-1103: Replace a process level token | |
V-1103: Restore files and directories | |
V-1103: Shut down the system | |
V-1103: Take ownership of files or other objects | |
V-1120 | |
V-1121 | |
V-14271 | |
V-14831 | |
V-15823 | |
V-16006 | |
V-6840 | |
Add workstations to domain | Extended Object Entry |
Audit - Audit Policy Change - Failure//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Failure//findings/PolicyChange/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/PolicyChange/AuditPolicyChange | |
Audit - Authentication Policy Change - Success//findings/AccountManagement/AuthenticationPolicyChange | |
Audit - Authentication Policy Change - Success//findings/PolicyChange/AuthenticationPolicyChange | |
Audit - Computer Account Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Computer Account Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Credential Validation - Failure//findings/AccountLogon/CredentialValidation | |
Audit - Credential Validation - Success//findings/AccountLogon/CredentialValidation | |
Audit - File System - Failure//findings/AccountManagement/FileSystem | |
Audit - File System - Failure//findings/ObjectAccess/FileSystem | |
Audit - File System - Success//findings/AccountManagement/FileSystem | |
Audit - IPSec Driver - Failure//findings/System/IPSecDriver | |
Audit - IPSec Driver - Success//findings/PrivilegeUse/IPSecDriver | |
Audit - IPSec Driver - Success//findings/System/IPSecDriver | |
Audit - Logoff - Success//findings/AccountManagement/Logoff | |
Audit - Logoff - Success//findings/LogonLogoff/Logoff | |
Audit - Logon - Failure//findings/AccountManagement/Logon | |
Audit - Logon - Failure//findings/LogonLogoff/Logon | |
Audit - Logon - Success//findings/AccountManagement/Logon | |
Audit - Logon - Success//findings/LogonLogoff/Logon | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Other Account Management Events - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Success//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Success//findings/AccountManagement/Other Account Management Events | |
Audit - Process Creation - Success//findings/AccountManagement/ProcessCreation | |
Audit - Process Creation - Success//findings/DetailedTracking/ProcessCreation | |
Audit - Registry - Failure//findings/AccountManagement/Registry | |
Audit - Registry - Failure//findings/ObjectAccess/Registry | |
Audit - Security Group Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Security Group Management - Failure//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Security Group Management | |
Audit - Security Group Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Other Account Management Events | |
Audit - SecurityGroupManagement - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Security Group Management | |
Audit - Security State Change - Failure//findings/System/SecurityStateChange | |
Audit - Security State Change - Success//findings/System/SecurityStateChange | |
Audit - Security System Extension - Failure//findings/System/SecuritySystemExtension | |
Audit - Security System Extension - Success//findings/System/SecuritySystemExtension | |
Audit - Sensitive Privilege Use - Failure//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/AccountManagement/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Special Logon - Success//findings/AccountManagement/Special Logon | |
Audit - Special Logon - Success//findings/LogonLogoff/SpecialLogon | |
Audit - Special Logon - Success//findings/LogonLogoff/Special Logon | |
Audit - System Integrity - Failure//findings/System/SystemIntegrity | |
Audit - System Integrity - Success//findings/System/SystemIntegrity | |
Audit - User Account Management - Failure//findings/AccountManagement/UserAccountManagement | |
Audit - User Account Management - Success//findings/AccountManagement/UserAccountManagement | |
Inactive User Accounts//SRR_Result/status | |
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)//SRR_Result/status | |
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection is not acknowledged//SRR_Result/status | |
Restore files and directories (SeRestorePrivilege)//SRR_Result/status | |
Restricted accounts are not disabled.//SRR_Result/status | |
Restricted accounts are not disabled.(HelpAssistant)//SRR_Result/status | |
Restricted accounts are not disabled.(SUPPORT_388945a0)//SRR_Result/status | |
The number of allowed bad-logon attempts will meet minimum requirements//SRR_Result/status | |
User Password Requirement//SRR_Result/status | |
V-1103: Log on as a service//SRR_Result/status | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
/C/WINDOWS/regedit.exe | |
/C/WINDOWS/system32/arp.exe | |
/C/WINDOWS/system32/at.exe | |
/C/WINDOWS/system32/attrib.exe | |
/C/WINDOWS/system32/cacls.exe | |
/C/WINDOWS/system32/debug.exe | |
/C/WINDOWS/system32/edlin.exe | |
/C/WINDOWS/system32/eventcreate.exe | |
/C/WINDOWS/system32/eventtriggers.exe | |
/C/WINDOWS/system32/ftp.exe | |
/C/WINDOWS/system32/nbtstat.exe | |
/C/WINDOWS/system32/net.exe | |
/C/WINDOWS/system32/net1.exe | |
/C/WINDOWS/system32/netsh.exe | |
/C/WINDOWS/system32/netstat.exe | |
/C/WINDOWS/system32/nslookup.exe | |
/C/WINDOWS/system32/ntbackup.exe | |
/C/WINDOWS/system32/rcp.exe | |
/C/WINDOWS/system32/reg.exe | |
/C/WINDOWS/system32/regedt32.exe | |
/C/WINDOWS/system32/regini.exe | |
/C/WINDOWS/system32/regsvr32.exe | |
/C/WINDOWS/system32/rexec.exe | |
/C/WINDOWS/system32/route.exe | |
/C/WINDOWS/system32/rsh.exe | |
/C/WINDOWS/system32/sc.exe | |
/C/WINDOWS/system32/secedit.exe | |
/C/WINDOWS/system32/subst.exe | |
/C/WINDOWS/system32/Systeminfo.exe | |
/C/WINDOWS/system32/telnet.exe | |
/C/WINDOWS/system32/tftp.exe | |
/C/WINDOWS/system32/tlntsvr.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7z.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7zfm.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7zg.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\acrobat.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\acrord32.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\chrome.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\communicator.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\Defaults\7z.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\Defaults\7zfm.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\excel.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\firefox.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\foxit reader.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\googletalk.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\iexplore.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\iexplorer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\infopath.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\itunes.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\java.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\javaw.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\javaws.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\lync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mirc.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\moe.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msaccess.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msnmsgr.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mspub.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mspup.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msworks.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\ois.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\opera.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\outlook.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\photoshop.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pidgen.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pidgin.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\plugin-container.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\powerpnt.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pptview.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\quicktimeplayer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\rar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\realconverter.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\realplay.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\safari.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\skydrive.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\skype.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\thunderbird.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\unrar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\visio.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\vlc.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\vpreview.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winamp.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\windowslivesync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\windowslivewriter.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winrar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winword.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winzip32.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winzip64.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wkscal.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wkscalrem.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlmail.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlsync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlxphotogallery.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wmplayer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wordpad.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Conferencing\NoRDS | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRunHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\SyncForegroundPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fReconnectSame | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxInstanceCount | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Shadow | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6 | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit account logon events | |
Security Settings\Local Policies\Audit Policy\Audit account management | |
Security Settings\Local Policies\Audit Policy\Audit directory service access | |
Security Settings\Local Policies\Audit Policy\Audit logon events | |
Security Settings\Local Policies\Audit Policy\Audit object access | |
Security Settings\Local Policies\Audit Policy\Audit policy change | |
Security Settings\Local Policies\Audit Policy\Audit privilege use | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators group | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 4.0 | |
Distributed File System | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Net Logon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
Microsoft Windows Server 2003 MS
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Asset/Part Used
Part name | Part type |
|---|---|
LocalComputer/VW-PUN-BLG-QA1G/DefaultAuthenticationLevel | Complus Property |
??FRS_DIRECTORY_DATA_LOCATION?? | Directory |
??TARGET.SYSTEMDRIVE?? | |
??TARGET.WINDIR??/system32/Winevt/Logs | |
??TARGET.WINDIR??/SYSVOL/domain/Policies | |
??TARGET.WINDIR??/SYSVOL/sysvol | |
/C | |
/C/WINDOWS | |
/C/Windows/SYSVOL/domain/Policies | |
/D | |
/E | |
/F | |
/G | |
/H | |
/I | |
/J | |
/K | |
/L | |
/M | |
/N | |
/O | |
/P | |
/Q | |
/R | |
/S | |
/T | |
/U | |
/W | |
/X | |
/Y | |
/Z | |
Application | Event Log |
Security | |
System | |
(NoDefaultExempt) Configure IPSec exemptions for various types of network traffic | Extended Object |
Access credential Manager as a trusted caller (SeTrustedCredManAccessPrivilege) | |
Access this computer from the network (SeNetworkLogonRight) | |
Account lockout threshold | |
Act as part of the operating system | |
Add workstations to domain | |
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) | |
Allow log on locally (SeInteractiveLogonRight) | |
Allow log on through Remote Desktop Services (SeRemoteInteractiveLogonRight) | |
Audit - Computer Account Management - Failure | |
Audit - Computer Account Management - Success | |
Audit - Credential Validation - Failure | |
Audit - Handle Manipulation - Failure | |
Audit - IPSec Driver - Failure | |
Audit - IPSec Driver - Success | |
Audit - Other Account Management Events - Failure | |
Audit - Other Account Management Events - Success | |
Audit - Security Group Management - Failure | |
Audit - Security Group Management - Success | |
Back up files and directories (SeBackupPrivilege) | |
Bypass traverse checking (SeChangeNotifyPrivilege) | |
Change the system time (SeSystemTimePrivilege) | |
Change the time zone (SeTimeZonePrivilege) | |
Create a pagefile (SeCreatePagefilePrivilege) | |
Create a token object (SeCreateTokenPrivilege) | |
Create global objects (SeCreateGlobalPrivilege) | |
Create permanent shared objects (SeCreatePermanentPrivilege) | |
Create symbolic links (SeCreateSymbolicLinkPrivilege) | |
Debug programs (SeDebugPrivilege) | |
Deny access to this computer from the network | |
Deny logon as a batch job (SeDenyBatchLogonRight) | |
Deny log on as a service | |
Deny log on locally (SeDenyInteractiveLogonRight) | |
Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) | |
Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) | |
Enforce user logon restrictions | |
File System information | |
Force shutdown from a remote system (SeRemoteShutdownPrivilege) | |
Generate security audits (SeAuditPrivilege) | |
Impersonate a client after authentication (SeImpersonatePrivilege) | |
Inactive User Accounts | |
Increase a process working set (SeIncreaseWorkingSetPrivilege) | |
Increase scheduling priority (SeIncreaseBasePriorityPrivilege) | |
Interactive Logon: Do Not Display Last User Name | |
Interactive Logon: Message text for users attempting to log on | |
Interactive Logon: Message title for users attempting to log on | |
List all installed services and roles | |
Load and unload device drivers (SeLoadDriverPrivilege) | |
Lock pages in memory (SeLockMemoryPrivilege) | |
Log on as a batch job (SeBatchLogonRight) | |
Manage auditing and security log (SeSecurityPrivilege) | |
Maximum lifetime for service ticket | |
Maximum lifetime for user ticket | |
Maximum lifetime for user ticket renewal | |
Maximum tolerance for computer clock synchronization | |
Minimum password length | |
Modify an object label (SeRelabelPrivilege) | |
Modify firmware environment values (SeSystemEnvironmentPrivilege) | |
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) | |
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | |
MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended) | |
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) | |
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | |
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds | |
MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS servers | |
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) | |
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) | |
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) | |
MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) | |
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection is not acknowledged | |
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default) | |
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning | |
Network access: Named pipes that can be accessed anonymously | |
Network access: Remotely accessible registry paths | |
Network access: Remotely accessible registry paths and sub-paths | |
Network Security: Allow LocalSystem NULL session fallback | |
Network Security: Allow Local System to use computer identity for NTLM | |
Network Security: Allow PKU2U authentication requests to this computer to use online identities | |
Network Security: Configure encryption types allowed for Kerberos | |
Network security: LAN Manager authentication level | |
Perform Volume Maintenance Tasks (SeManageVolumePrivilege) | |
Profile single process (SeProfileSingleProcessPrivilege) | |
Profile system performance (SeSystemProfilePrivilege) | |
Remove computer from docking station (SeUndockPrivilege) | |
Replace a process level token (SeAssignPrimaryTokenPrivilege) | |
Restore files and directories (SeRestorePrivilege) | |
Restricted accounts are not disabled. | |
Services_Check_Startup_Automatic | |
Services_Check_Startup_Automatic_Delayed | |
Services_Check_Startup_Disabled | |
Services_Check_Startup_Manual | |
Shut down the system (SeShutdownPrivilege) | |
Synchronize directory service data (SeSyncAgentPrivilege) | |
System cryptography: Force strong key protection for user keys stored in the computer | |
Take ownership of files or other objects | |
The number of allowed bad-logon attempts will meet minimum requirements | |
The Task Scheduler service must be disabled. | |
User Password Requirement | |
V-1080 | |
V-1103: Access Credential Manager as a trusted caller | |
V-1103: Access this computer from the network | |
V-1103: Add workstations to domain | |
V-1103: Adjust memory quotas for a process | |
V-1103: Allow log on locally | |
V-1103: Allow log on through Terminal Services | |
V-1103: Backup files and directories | |
V-1103: Bypass traverse checking | |
V-1103: Change the system time | |
V-1103: Change the time zone | |
V-1103: Create a pagefile | |
V-1103: Create a token object | |
V-1103: Create global objects | |
V-1103: Create permanent shared objects | |
V-1103: Create symbolic links | |
V-1103: Enable computer and user accounts to be trusted for delegation | |
V-1103: Force shutdown from a remote system | |
V-1103: Generate security audits | |
V-1103: Impersonate a client after authentication | |
V-1103: Increase a process working set | |
V-1103: Increase scheduling priority | |
V-1103: Load and unload device drivers | |
V-1103: Lock pages in memory | |
V-1103: Log on as a batch job | |
V-1103: Log on as a service | |
V-1103: Manage auditing and security log | |
V-1103: Modify an object label | |
V-1103: Modify firmware environment values | |
V-1103: Perform volume maintenance tasks | |
V-1103: Profile single process | |
V-1103: Profile system performance | |
V-1103: Remove computer from docking station | |
V-1103: Replace a process level token | |
V-1103: Restore files and directories | |
V-1103: Shut down the system | |
V-1103: Take ownership of files or other objects | |
V-1120 | |
V-1121 | |
V-14271 | |
V-14831 | |
V-15823 | |
V-16006 | |
V-6840 | |
Add workstations to domain | Extended Object Entry |
Audit - Audit Policy Change - Failure//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Failure//findings/PolicyChange/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/AccountManagement/AuditPolicyChange | |
Audit - Audit Policy Change - Success//findings/PolicyChange/AuditPolicyChange | |
Audit - Authentication Policy Change - Success//findings/AccountManagement/AuthenticationPolicyChange | |
Audit - Authentication Policy Change - Success//findings/PolicyChange/AuthenticationPolicyChange | |
Audit - Computer Account Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Computer Account Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Credential Validation - Failure//findings/AccountLogon/CredentialValidation | |
Audit - Credential Validation - Success//findings/AccountLogon/CredentialValidation | |
Audit - File System - Failure//findings/AccountManagement/FileSystem | |
Audit - File System - Failure//findings/ObjectAccess/FileSystem | |
Audit - File System - Success//findings/AccountManagement/FileSystem | |
Audit - IPSec Driver - Failure//findings/System/IPSecDriver | |
Audit - IPSec Driver - Success//findings/PrivilegeUse/IPSecDriver | |
Audit - IPSec Driver - Success//findings/System/IPSecDriver | |
Audit - Logoff - Success//findings/AccountManagement/Logoff | |
Audit - Logoff - Success//findings/LogonLogoff/Logoff | |
Audit - Logon - Failure//findings/AccountManagement/Logon | |
Audit - Logon - Failure//findings/LogonLogoff/Logon | |
Audit - Logon - Success//findings/AccountManagement/Logon | |
Audit - Logon - Success//findings/LogonLogoff/Logon | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Other Account Management Events - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Other Account Management Events - Success//findings/AccountManagement/OtherAccountManagementEvents | |
Audit - Other Account Management Events - Success//findings/AccountManagement/Other Account Management Events | |
Audit - Process Creation - Success//findings/AccountManagement/ProcessCreation | |
Audit - Process Creation - Success//findings/DetailedTracking/ProcessCreation | |
Audit - Registry - Failure//findings/AccountManagement/Registry | |
Audit - Registry - Failure//findings/ObjectAccess/Registry | |
Audit - Security Group Management - Failure//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Other Account Management Events | |
Audit - Security Group Management - Failure//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Failure//findings/AccountManagement/Security Group Management | |
Audit - Security Group Management - Success//findings/AccountManagement/ComputerAccountManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Other Account Management Events | |
Audit - SecurityGroupManagement - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/SecurityGroupManagement | |
Audit - Security Group Management - Success//findings/AccountManagement/Security Group Management | |
Audit - Security State Change - Failure//findings/System/SecurityStateChange | |
Audit - Security State Change - Success//findings/System/SecurityStateChange | |
Audit - Security System Extension - Failure//findings/System/SecuritySystemExtension | |
Audit - Security System Extension - Success//findings/System/SecuritySystemExtension | |
Audit - Sensitive Privilege Use - Failure//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/AccountManagement/SensitivePrivilegeUse | |
Audit - Sensitive Privilege Use - Success//findings/PrivilegeUse/SensitivePrivilegeUse | |
Audit - Special Logon - Success//findings/AccountManagement/Special Logon | |
Audit - Special Logon - Success//findings/LogonLogoff/SpecialLogon | |
Audit - Special Logon - Success//findings/LogonLogoff/Special Logon | |
Audit - System Integrity - Failure//findings/System/SystemIntegrity | |
Audit - System Integrity - Success//findings/System/SystemIntegrity | |
Audit - User Account Management - Failure//findings/AccountManagement/UserAccountManagement | |
Audit - User Account Management - Success//findings/AccountManagement/UserAccountManagement | |
Inactive User Accounts//SRR_Result/status | |
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)//SRR_Result/status | |
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection is not acknowledged//SRR_Result/status | |
Restore files and directories (SeRestorePrivilege)//SRR_Result/status | |
Restricted accounts are not disabled.//SRR_Result/status | |
The number of allowed bad-logon attempts will meet minimum requirements//SRR_Result/status | |
User Password Requirement//SRR_Result/status | |
V-1103: Log on as a service//SRR_Result/status | |
??EVENT_LOGS_DIR??/Application.evtx | File |
??EVENT_LOGS_DIR??/Security.evtx | |
??EVENT_LOGS_DIR??/System.evtx | |
/C/WINDOWS/regedit.exe | |
/C/WINDOWS/system32/arp.exe | |
/C/WINDOWS/system32/at.exe | |
/C/WINDOWS/system32/attrib.exe | |
/C/WINDOWS/system32/cacls.exe | |
/C/WINDOWS/system32/debug.exe | |
/C/WINDOWS/system32/edlin.exe | |
/C/WINDOWS/system32/eventcreate.exe | |
/C/WINDOWS/system32/eventtriggers.exe | |
/C/WINDOWS/system32/ftp.exe | |
/C/WINDOWS/system32/nbtstat.exe | |
/C/WINDOWS/system32/net.exe | |
/C/WINDOWS/system32/net1.exe | |
/C/WINDOWS/system32/netsh.exe | |
/C/WINDOWS/system32/netstat.exe | |
/C/WINDOWS/system32/nslookup.exe | |
/C/WINDOWS/system32/ntbackup.exe | |
/C/WINDOWS/system32/rcp.exe | |
/C/WINDOWS/system32/reg.exe | |
/C/WINDOWS/system32/regedt32.exe | |
/C/WINDOWS/system32/regini.exe | |
/C/WINDOWS/system32/regsvr32.exe | |
/C/WINDOWS/system32/rexec.exe | |
/C/WINDOWS/system32/route.exe | |
/C/WINDOWS/system32/rsh.exe | |
/C/WINDOWS/system32/sc.exe | |
/C/WINDOWS/system32/secedit.exe | |
/C/WINDOWS/system32/subst.exe | |
/C/WINDOWS/system32/Systeminfo.exe | |
/C/WINDOWS/system32/telnet.exe | |
/C/WINDOWS/system32/tftp.exe | |
/C/WINDOWS/system32/tlntsvr.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID | Registry Key |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon | |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties | Registry Value |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation | |
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus | |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInPlaceSharing | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoExplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Assistance\Client\1.0\NoImplicitFeedback | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure | |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut | |
HKEY_Current_User\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7z.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7zfm.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\7zg.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\acrobat.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\acrord32.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\chrome.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\communicator.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\excel.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\firefox.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\foxit reader.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\googletalk.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\iexplore.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\iexplorer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\infopath.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\itunes.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\java.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\javaw.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\javaws.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\lync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mirc.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\moe.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msaccess.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msnmsgr.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mspub.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\mspup.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\msworks.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\ois.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\opera.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\outlook.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\photoshop.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pidgen.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pidgin.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\plugin-container.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\powerpnt.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\pptview.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\quicktimeplayer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\rar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\realconverter.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\realplay.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\safari.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\skydrive.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\skype.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\thunderbird.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\unrar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\visio.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\vlc.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\vpreview.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winamp.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\windowslivesync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\windowslivewriter.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winrar.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winword.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winzip32.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\winzip64.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wkscal.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wkscalrem.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlmail.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlsync.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wlxphotogallery.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wmplayer.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EMET\wordpad.exe | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDisconnect | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\Disabled | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableBkGndGroupPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop | |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing | |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Conferencing\NoRDS | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7z | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zFM | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\7zGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Access14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Acrobat9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader8 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\AcrobatReader9 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Calendar | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\CalendarReminder | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Chrome | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Excel14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Firefox | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FirefoxPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\FoxitReader | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\GoogleTalk | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\InfoPath14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\iTunes | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre6_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_java | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaw | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\jre7_javaws | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveMessenger | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LiveWriter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Lync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\LyncCommunicator | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\mIRC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MOE | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\MSWorks | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Opera | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Outlook14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoGallery | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Photoshop | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS2 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS264 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS3 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS364 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS4 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS464 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS51 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS5164 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PhotoshopCS564 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Picture Manager | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Pidgin | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PowerPoint14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\PPTViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Publisher14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\QuickTimePlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealConverter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\RealPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Safari | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\SkyDrive | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Skype | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Thunderbird | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\ThunderbirdPluginContainer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\UnRAR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Visio14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VisioViewer14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\VLC | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winamp | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveMail | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsLiveSync | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WindowsMediaPlayer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARConsole | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\WinRARGUI | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Winzip64 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word10 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word11 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word12 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Word14 | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\Wordpad | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\ASLR | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\DEP | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings\SEHOP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinks | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client\CEIP | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRunHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Peernet\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\NTPServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\Parameters\Type | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat\DisableInventory | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendRequestAdditionalSoftwareToWER | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdate | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\MaxSize | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolume | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptions | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Homegroup\DisableHomeGroup | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOndomain | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIO | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\EnableRspndr | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNet | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetType | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServer | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_State | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11Registrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrar | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\SyncForegroundPolicy | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdate | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSaving | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCcm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableClip | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisableLPT | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDisablePNPRedir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEnableSmartCard | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fEncryptRPCTraffic | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fReconnectSame | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxInstanceCount | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RedirectOnlyDefaultClientPrinter | |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Shadow | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsUpdate\WUServer | |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnline | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicyValue | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\RestrictGuestAccess | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6 | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\EventLogFlags | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type | |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\Enabled | |
Security Settings\Account Policies\Account Lockout Policy\Account lockout duration | Security Setting |
Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after | |
Security Settings\Account Policies\Password Policy\Enforce password history | |
Security Settings\Account Policies\Password Policy\Maximum password age | |
Security Settings\Account Policies\Password Policy\Minimum password age | |
Security Settings\Account Policies\Password Policy\Passwords must meet complexity requirements | |
Security Settings\Account Policies\Password Policy\Store password using reversible encryption | |
Security Settings\Local Policies\Audit Policy\Audit account logon events | |
Security Settings\Local Policies\Audit Policy\Audit account management | |
Security Settings\Local Policies\Audit Policy\Audit directory service access | |
Security Settings\Local Policies\Audit Policy\Audit logon events | |
Security Settings\Local Policies\Audit Policy\Audit object access | |
Security Settings\Local Policies\Audit Policy\Audit policy change | |
Security Settings\Local Policies\Audit Policy\Audit privilege use | |
Security Settings\Local Policies\Audit Policy\Audit system events | |
Security Settings\Local Policies\Security Options\Accounts: Guest account status | |
Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only | |
Security Settings\Local Policies\Security Options\Accounts: Rename administrator account | |
Security Settings\Local Policies\Security Options\Accounts: Rename guest account | |
Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects | |
Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege | |
Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits | |
Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media | |
Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on | |
Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers | |
Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior | |
Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasks | |
Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirements | |
Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) | |
Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes | |
Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age | |
Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key | |
Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL | |
Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) | |
Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration | |
Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation | |
Security Settings\Local Policies\Security Options\Interactive logon: Require smart card | |
Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers | |
Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) | |
Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire | |
Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts | |
Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares | |
Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials or .NET Passports for network authentication | |
Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users | |
Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares | |
Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously | |
Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts | |
Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change | |
Security Settings\Local Policies\Security Options\Network security: Force logoff when logon hours expire | |
Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | |
Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | |
Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon | |
Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders | |
Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on | |
Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing | |
Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators group | |
Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems | |
Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | |
Security Settings\Local Policies\Security Options\System settings: Optional subsystems | |
Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | |
Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated | |
EMET | Windows Application |
EMET 3.0 | |
EMET 4.0 | |
DFS Namespace | Windows Service |
DNS Client | |
Fax | |
File Replication Service | |
Intersite Messaging | |
Kerberos Key Distribution Center | |
McAfee Framework Service | |
Microsoft FTP Service | |
Net Logon | |
Peer Networking Identity Manager | |
Simple TCP/IP Services | |
Telnet | |
Windows Time |
RHEL ES/AS 6.x
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for RHEL ES/AS 6.x.
Asset/Part Used
Part name | Part type |
|---|---|
egrep '(^| )com2sec($| )|(^| )v1($| )|(^| )v2c($| )' /etc/snmp/snmpd.conf | grep -v '^ *#' | wc -l | sed 's/ //g' | Command |
egrep '(^| )--nosignature($| )' /etc/rpmrc|grep -v '^ *#'|wc -l | |
egrep '(^| )--nosignature($| )' /root/.rpmrc|grep -v '^ *#'|wc -l | |
egrep '(^| )--nosignature($| )' /usr/lib/rpm/redhat/rpmrc|grep -v '^ *#'|wc -l | |
egrep '(^| )--nosignature($| )' /usr/lib/rpm/rpmrc|grep -v '^ *#'|wc -l | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)deny(.*)' /etc/pam.d/system-auth-ac | grep -v '^ *#' | awk -F'deny=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)deny=(.*)' /etc/pam.d/system-auth-ac | tr '\t' ' ' | grep -v '^ *#' | egrep ' deny' | egrep -v 'deny=( |$)' | wc -l | sed 's/ //g' | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)fail_interval(.*)' /etc/pam.d/system-auth-ac | grep -v '^ *#' | awk -F'fail_interval=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)fail_interval=(.*)' /etc/pam.d/system-auth-ac | tr '\t' ' ' | grep -v '^ *#' | egrep ' fail_interval' | egrep -v 'fail_interval=($| )' | wc -l | sed 's/ //g' | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)unlock_time(.*)' /etc/pam.d/system-auth-ac | grep -v '^ *#' | awk -F'unlock_time=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'auth(.*)required(.*)pam_faillock.so(.*)unlock_time=(.*)' /etc/pam.d/system-auth-ac|tr '\t' ' '|grep -v '^ *#'|egrep ' unlock_time'|wc -l|sed 's/ //g' | |
egrep 'password(.*)(sufficient|required|requisite)(.*)pam_unix.so(.*)remember(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'remember=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)(sufficient|required|requisite)(.*)pam_unix.so(.*)remember=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' remember' | egrep -v 'remember=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)dcredit(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'dcredit=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)dcredit=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' dcredit' | egrep -v 'dcredit=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)difok(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'difok=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)difok=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' difok' | egrep -v 'difok=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)lcredit(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'lcredit=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)lcredit=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' lcredit' | egrep -v 'lcredit=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)maxrepeat(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'maxrepeat=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)maxrepeat=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' maxrepeat' | egrep -v 'maxrepeat=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)ocredit(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'ocredit=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)ocredit=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' ocredit' | egrep -v 'ocredit=( |$)' | wc -l | sed 's/ //g' | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)ucredit(.*)' /etc/pam.d/system-auth | grep -v '^ *#' | awk -F'ucredit=' '{print $NF}'| cut -d ' ' -f1 | |
egrep 'password(.*)required(.*)pam_cracklib.so(.*)ucredit=(.*)' /etc/pam.d/system-auth | tr '\t' ' ' | grep -v '^ *#' | egrep ' ucredit' | egrep -v 'ucredit=( |$)' | wc -l | sed 's/ //g' | |
egrep -v '^ *#' /etc/exports|egrep \[\(,\]all_squash\[,\)\]|wc -l | |
egrep -v '^ *#' /etc/exports|egrep \[\(,\]insecure_locks\[,\)\]|wc -l | |
gconftool-2 -g /apps/gnome-screensaver/idle_activation_enabled | |
gconftool-2 -g /apps/gnome-screensaver/lock_enabled | egrep 'true' | |
gconftool-2 -g /apps/gnome-screensaver/mode | egrep 'blank-only' | |
grep -v '^ *#' /etc/pam.d/system-auth|egrep 'password(.*)(required|requisite|sufficient)(.*)pam_unix.so(.*)sha512(.*)'|tr -s '\t' ' '|egrep ' sha512 '|wc -l | sed 's/ //g' | |
grep -v '^ *#' /etc/snmp/snmpd.conf | egrep '(^| )public($| )' | wc -l | sed 's/ //g' | |
lsmod | cut -d ' ' -f1 | egrep 'bluetooth' | |
lsmod | cut -d ' ' -f1 | egrep 'ip_tables' | |
lsmod | cut -d ' ' -f1 | egrep 'ip6_tables' | |
lsmod | cut -d ' ' -f1 | egrep 'netconsole'' | |
mount|grep ' /home '|cut -d' ' -f3 | |
mount |grep ' /home ' | wc -l | tr -d ' ' | |
mount|grep ' /tmp ' | |
mount|grep ' /tmp '|cut -d' ' -f3 | |
mount|grep ' /var/log/audit '|cut -d' ' -f3 | |
mount |grep ' /var/log/audit ' | wc -l | tr -d ' ' | |
mount|grep ' /var/log '|cut -d' ' -f3 | |
mount |grep ' /var/log ' | wc -l | tr -d ' ' | |
mount|grep ' /var '|cut -d' ' -f3 | |
mount |grep ' /var ' | wc -l | tr -d ' ' | |
mount|grep -c ' /tmp ' | |
sed -i '/^V-38597-2/d' ??TARGET.RSCD_DIR??/tmp/preDISA/parameter_remediation | |
su - ??USER_TO_EXECUTE_GNOME_CMD?? -s ??USER_LOGIN_SHELL_FOR_GNOME?? -c 'gconftool-2 -g /apps/gdm/simple-greeter/banner_message_enable' | |
/etc/audisp/plugins.d/syslog.conf | Configuration File |
/etc/audit/auditd.conf | |
/etc/default/useradd | |
/etc/fstab | |
/etc/inittab | |
/etc/libuser.conf | |
/etc/login.defs | |
/etc/pam_ldap.conf | |
/etc/pam.d/system-auth | |
/etc/pam.d/system-auth-ac | |
/etc/passwd | |
/etc/securetty | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/sysconfig/init | |
/etc/sysctl.conf | |
/etc/vsftpd/vsftpd.conf | |
??TARGET.RSCD_DIR??/tmp/preDISA | Directory |
/tmp | |
Emergency accounts must be provisioned with an expiration date | Extended Object |
Kernel Parameters | |
Running Processes | |
Temporary accounts must be provisioned with an expiration date | |
The nosuid option must be enabled on all Network File System (NFS) client mounts | |
Unix Services | |
V-12005 | |
V-38438 | |
V-38445 | |
V-38446 | |
V-38446-precheck | |
V-38447 verify checksum | |
V-38452 verify mode of all packages | |
V-38453 verify group ownership of all packages | |
V-38454 verify user ownership of all packages | |
V-38464 | |
V-38465 | |
V-38466 | |
V-38468 | |
V-38469 | |
V-38470 | |
V-38471 | |
V-38472 | |
V-38475 | |
V-38477 | |
V-38479 | |
V-38480 | |
V-38483 | |
V-38484 | |
V-38485 | |
V-38487 The system package management tool must cryptographically verify the authenticity of all software packages during installation | |
V-38490 | |
V-38491 | |
V-38493 | |
V-38495 | |
V-38498 | |
V-38511-2 | |
V-38514 | |
V-38515 | |
V-38516 | |
V-38517 | |
V-38518 | |
V-38519 | |
V-38520 To ensure logs are sent to a remote host | |
V-38521 To ensure logs are sent to a remote host | |
V-38522-1 | |
V-38523-2 | |
V-38524-2 | |
V-38525-1 | |
V-38526-2 | |
V-38527-1 | |
V-38528-2 | |
V-38529-2 | |
V-38530-1 | |
V-38531-1 | |
V-38532-2 | |
V-38533-2 | |
V-38534-1 | |
V-38535-2 | |
V-38536-1 | |
V-38537-2 | |
V-38538-1 | |
V-38539-2 | |
V-38540-1 | |
V-38540-2 | |
V-38541-1 | |
V-38542-2 | |
V-38543-1 | |
V-38544-2 | |
V-38545-1 | |
V-38546 | |
V-38547-1 | |
V-38548-2 | |
V-38550-1 | |
V-38552-1 | |
V-38554-1 | |
V-38556-1 | |
V-38557-1 | |
V-38558-1 | |
V-38559-1 | |
V-38561-1 | |
V-38563-1 | |
V-38565-1 | |
V-38566 | |
V-38567 | |
V-38568-1 | |
V-38575-1 | |
V-38576 | |
V-38578-1 | |
V-38580-1 | |
V-38580-2 | |
V-38585 | |
V-38585-precheck | |
V-38586 | |
V-38588 | |
V-38596-2 | |
V-38597-2 | |
V-38600-2 | |
V-38601-2 | |
V-38607 | |
V-38608 | |
V-38610 | |
V-38611 | |
V-38612 | |
V-38613 | |
V-38614 | |
V-38615 | |
V-38616 | |
V-38617 | |
V-38619 | |
V-38621 | |
V-38623 | |
V-38625 | |
V-38626-1 | |
V-38626-2 | |
V-38629 | |
V-38633 | |
V-38634 | |
V-38635-1 | |
V-38636 | |
V-38637 verify checksum of audit package | |
V-38642 | |
V-38643 | |
V-38647 | |
V-38649 | |
V-38651 | |
V-38652 Remote file systems must be mounted with the nodev option. | |
V-38655 The noexec option must be added to removable media partitions | |
V-38656 | |
V-38657 | |
V-38663 verify mode of audit package | |
V-38664 verify user ownership of audit package | |
V-38665 verify group ownership of audit package | |
V-38675 | |
V-38678-1 | |
V-38680-1 | |
V-38681 | |
V-38682-1 | |
V-38682-2 | |
V-38683 All accounts on the system must have unique user or account names | |
V-38684 | |
V-38689 | |
V-38697 | |
V-38699 | |
V-38701 | |
V-38702 The FTP daemon must be configured for logging or verbose mode-vsftpd_xferlog_enable | |
/etc/exports | File |
/etc/fstab | |
/etc/group | |
/etc/grub.conf | |
/etc/gshadow | |
/etc/hosts.equiv | |
/etc/hushlogins | |
/etc/issue | |
/etc/pam.d/system-auth | |
/etc/pam.d/system-auth-ac | |
/etc/passwd | |
/etc/rpmrc | |
/etc/securetty | |
/etc/shadow | |
/etc/snmp/snmpd.conf | |
/etc/ssh/sshd_config | |
/etc/vsftpd/vsftpd.conf | |
/root/.rpmrc | |
/usr/lib/rpm/redhat/rpmrc | |
/usr/lib/rpm/rpmrc | |
root/.rpmrc | |
aide | RPM |
gpg-pubkey | |
openldap-servers | |
openswan | |
rsh-server | |
screen | |
sendmail | |
telnet-server | |
tftp-server | |
xinetd | |
xorg-x11-server-common | |
ypserv |
RHEL ES/AS 5.x
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 65% |
EO based | 35% |
Asset/Part Used
Part name | Part type |
|---|---|
/etc/grub.conf | Configuration File |
/etc/passwd | |
/etc/shadow | |
??AT_SPOOL_DIR?? | Directory |
/proc/bus/usb | |
Access to the at utility must be controlled via the at.allow file | Extended Object |
Access to the at utility must be controlled via the at.deny file | |
All .Xauthority files must have mode 0600 or less permissive | |
All files and directories contained in interactive user home directories must be owned by the home directory's owner. | |
All files and directories contained in user home directories must be group-owned by a group of which the home directory's owner is a member | |
All files and directories contained in user home directories must have mode 0750 or less permissive | |
All files and directories must have a valid owner | |
All global initialization files must be group-owned by root, sys, bin, other, system, or the system default | |
All global initialization files must be owned by root | |
All global initialization files must have mode 0644 or less permissive | |
All global initialization files must not have extended ACLs | |
All library files must not have extended ACLs | |
All local initialization files must be owned by the home directorys user or root | |
All network services daemon files must have mode 0755 or less permissive | |
All NFS exported system files and system directories must be group-owned by root, bin, sys, or system | |
All public directories must be group-owned by root, sys, bin, or an application group | |
All run control scripts must have no extended ACLs | |
All shell files must be group-owned by root, bin, sys, or system | |
All shell files must not have extended ACLs | |
All skeleton files (typically in etc skel) must be group-owned by root, bin, sys, system, or other | |
All skeleton files and directories must be owned by root or bin | |
All system audit files must not have extended ACLs | |
All system command files must have mode 0755 or less permissive | |
All system files, programs, and directories must be owned by a system account | |
Anonymous FTP accounts must not have a functional shell | |
An X server must have none of the following options enabled: -ac, -core (except for debugging purposes), or -nolock | |
A separate file system must be used for user home directories (such as home or an equivalent) | |
Auditing must be enabled at boot by setting a kernel parameter | |
Check samba-common package installed | |
Cron logging must be implemented | |
Crontab files must be group-owned by root, cron, or the crontab creator's primary group | |
Crontab files must have mode 0600 or less permissive, and files in cron script directories must have mode 0700 or less permissive | |
Crontab files must not have extended ACLs | |
Default system accounts (with the exception of root) must not be listed in the at.allow file or must be included in the at.deny file if the at.allow file does not exist | |
Default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist | |
fEthereal Network analysis tools must not be installed | |
fNc Network analysis tools must not be installed | |
fSnoop Network analysis tools must not be installed | |
fTcpdump Network analysis tools must not be installed | |
fTshark Network analysis tools must not be installed | |
fWireshark Network analysis tools must not be installed | |
GIDs reserved for system accounts must not be assigned to non-system groups | |
Global initialization files library search paths must contain only absolute paths | |
Global initialization files lists of preloaded libraries must contain only absolute paths | |
Global initialization files must contain the mesg -n\mesg n commands | |
Graphical desktop environments must automatically lock after 15 minutes of inactivity and must require users to re-authenticate | |
If system is using LDAP, the TLS certificate authority file and\or directory must be group-owned by root, bin, sys, or system | |
If system is using LDAP, the TLS certificate authority file and\or directory must be owned by root | |
If the system is using LDAP for authentication or account information, the LDAP TLS certificate file must not have an extended ACL | |
If the system is using LDAP for authentication or account information, the LDAP TLS key file must be group-owned by root, bin, or sys | |
If the system is using LDAP for authentication or account information, the LDAP TLS key file must be owned by root | |
If the system is using LDAP for authentication or account information, the LDAP TLS key file must have mode 0600 or less permissive | |
If the system is using LDAP for authentication or account information, the LDAP TLS key file must not have an extended ACL | |
If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms | |
If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms_1 | |
If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms_2 | |
Inetd or xinetd loggingtracing must be enabled-log_on_failure | |
Inetd or xinetd loggingtracing must be enabled-log_on_success | |
Inetd or xinetd loggingtracing must be enabled-log_type | |
Inetd or xinetd loggingtracing must be enabled-xinetd.conf_log_on_failure | |
Inetd or xinetd loggingtracing must be enabled-xinetd.conf_log_on_success | |
Inetd or xinetd loggingtracing must be enabled-xinetd.conf_log_type | |
IP forwarding for IPv4 must not be enabled, unless the system is a router-1 | |
IP forwarding for IPv4 must not be enabled, unless the system is a router-2 | |
Kernel core dumps must be disabled unless needed | |
Local initialization files must be group-owned by the user's primary group or root | |
Local initialization files must not have extended ACLs. | |
NFS exports configuration file must not have an extended ACL | |
NIS NIS+ yp command files must not have extended ACLs | |
NISNIS+yp files must be group-owned by root, sys, or bin | |
NISNIS+yp files must be owned by root, sys, or bin | |
Part1: Public directories must be the only world-writable directories and world-writable files must be located only in public directories | |
Part2 : Public directories must be the only world-writable directories and world-writable files must be located only in public directories | |
Portmap package | |
Process core dumps must be disabled unless needed | |
Public directories must be the only world-writable directories and world-writable files must be located only in public directories | |
Removable media, remote file systems, and any file system not containing approved device files must be mounted with the nodev option | |
Run control scripts executable search paths must contain only absolute paths | |
Run control scripts library search paths must contain only absolute paths | |
Run control scripts lists of preloaded libraries must contain only absolute paths | |
Running Processes | |
Samba must be configured to not allow guest access to shares. | |
Samba must be configured to use an authentication mechanism other than share. | |
Samba must be configured to use encrypted passwords | |
Skeleton files must not have extended ACLs | |
System audit logs must be group-owned by root, bin, sys, or system | |
System audit logs must have mode 0640 or less permissive-1 | |
System audit logs must have mode 0640 or less permissive-2 | |
System files, programs, and directories must be group-owned by a system group | |
System log files must not have extended ACLs except as needed to support authorized software | |
TCP backlog queue sizes must be set appropriately_1 | |
TCP backlog queue sizes must be set appropriately_2 | |
The at.allow file must be group-owned by root, bin, sys, or cron | |
The at.allow file must not have an extended ACL | |
The at.deny file must be group-owned by root, bin, sys, or cron | |
The at.deny file must have mode 0600 or less permissive | |
The at.deny file must not be empty if it exists | |
The at.deny file must not have an extended ACL | |
The at directory must be group-owned by root, bin, sys, or cron | |
The at directory must not have an extended ACL | |
The Bluetooth protocol handler must be disabled or not installed | |
The cron.allow file must be group-owned by root, bin, sys, or cron | |
The cron.allow file must not have an extended ACL | |
The cron.deny file must be group-owned by root, bin, or sys | |
The cron.deny file must be owned by root, bin, or sys | |
The cron log files must not have extended ACLs. | |
The DHCP client must be disabled if not needed | |
The etc group file must not have an extended ACL | |
The etcgroup files must not contain a plus (+) without defining entries for NIS+ netgroups | |
The etc gshadow file must be group-owned by root | |
The etc gshadow file must be owned by root | |
The etc gshadow file must have mode 0400 | |
The etcgshadow file must not have an extended ACL | |
The etc hosts file must not have an extended ACL | |
The etcldap.conf (or equivalent) file must be group-owned by root, bin, sys, or system | |
The etc ldap.conf (or equivalent) file must be owned by root | |
The etc ldap.conf (or equivalent) file must have mode 0644 or less permissive | |
The etcldap.conf (or equivalent) file must not have an extended ACL | |
The etc news hosts.nntp.nolimit file must not have an extended ACL | |
The etc news incoming.conf file must not have an extended ACL | |
The etc news nnrp.access file must not have an extended ACL | |
The etc news passwd.nntp file must not have an extended ACL | |
The etc nsswitch.conf file must not have an extended ACL | |
The etc passwd file must have mode 0644 or less permissive | |
The etc passwd file must not have an extended ACL | |
The etcpasswd files must not contain a plus (+) without defining entries for NIS+ netgroups | |
The etc resolv.conf file must be owned by root | |
The etc resolv.conf file must not have an extended ACL | |
The etc securetty file must be group-owned by root, sys, or bin | |
The etc securetty file must be owned by root | |
The etc securetty file must have mode 0600 or less permissive | |
The etc shadow (or equivalent) file must be owned by root | |
The etc shadow (or equivalent) file must have mode 0400 | |
The etc shadow file (or equivalent) must be group-owned by root, bin, or sys | |
The etcshadow files must not contain a plus (+) without defining entries for NIS+ netgroups | |
The etc shells (or equivalent) file must exist | |
The etc smb.conf file must not have an extended ACL | |
The etc smbpasswd file must not have an extended ACL | |
The etc sysctl.conf file must be group-owned by root | |
The etc sysctl.conf file must not have an extended ACL | |
The etcsyslog.conf file must have mode 0640 or less permissive | |
The executable search paths must contain only absolute paths | |
The FTP daemon must be configured for logging or verbose mode-gssftp_log_on_success | |
The FTP daemon must be configured for logging or verbose mode-gssftp_server_args | |
The FTP daemon must be configured for logging or verbose mode-vsftpd_log_on_success | |
The FTP daemon must be configured for logging or verbose mode-vsftpd_xferlog_enable | |
The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp | |
The hosts.lpd (or equivalent) file must not have an extended ACL | |
The hosts.lpd (or equivalent) must have mode 0644 or less permissive | |
The hosts.lpd file (or equivalent) must not contain a + character | |
The inetd.conf and xinetd.conf files must not have extended ACLs | |
The inetd.conf file, xinetd.conf file, and the xinetd.d directory must be group-owned by root, bin, sys, or system | |
The inetd.conf file, xinetd.conf file, and the xinetd.d directory must be owned by root or bin | |
The kernel core dump data directory must be group-owned by root, bin, sys, or system | |
The kernel core dump data directory must have mode 0700 or less permissive | |
The kernel core dump data directory must not have an extended ACL | |
The Linux PAM system must not grant sole access to admin privileges to the first user who logs into the console | |
The Linux PAM system must not grant sole access to admin privileges to the first user who logs into the console_1 | |
The Network File System (NFS) server must not allow remote root access | |
The NFS export configuration file must be group-owned by root, bin, sys, or system | |
The nosuid option must be enabled on all Network File System (NFS) client mounts | |
The RDS protocol must be disabled or not installed unless required | |
There must be no .netrc files on the system | |
The root account must not be used for direct log in | |
The root accounts home directory must not have an extended ACL | |
The rshd service must not be installed | |
The rsHostsAndEquiv files must not contain a plus (+) without defining entries for NIS+ netgroups | |
The sendmail server must have the debug feature disabled | |
The sendmail service must not have the wizard backdoor active | |
The services file must be owned by root | |
The services file must be owned by root or bin | |
The services file must have mode 0644 or less permissive | |
The SMTP service log file must be owned by root | |
The SMTP service log file must have mode 0644 or less permissive | |
The SMTP service log file must not have an extended ACL. | |
The SMTP service must be an up-to-date version | |
The SMTP service must not have a uudecode alias active | |
The SMTP service must not have a uudecode alias active-2 | |
The snmpd.conf file must be group-owned by root, bin, sys, or system | |
The snmpd.conf file must be owned by root | |
The snmpd.conf file must not have an extended ACL | |
The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods | |
The SNMP service must require the use of a FIPS 140-2 approved encryption algorithm for protecting the privacy of SNMP messages | |
The SNMP service must use only SNMPv3 or its successors | |
The SSH client must be configured to not use Cipher-Block Chaining (CBC)-based ciphers | |
The SSH client must be configured to only use FIPS 140-2 approved ciphers | |
The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms | |
The SSH client must not permit GSSAPI authentication unless needed | |
The SSH daemon must be configured for IP filtering-1 | |
The SSH daemon must be configured for IP filtering-2 | |
The SSH daemon must not allow compression or must only allow compression after successful authentication | |
The SSH daemon must not allow compression or must only allow compression after successful authentication_1 | |
The SSH daemon must not allow rhosts RSA authentication | |
The SSH daemon must not permit GSSAPI authentication unless needed | |
The SSH daemon must not permit Kerberos authentication unless needed | |
The SSH daemon must perform strict mode checking of home directory configuration files | |
The SSH daemon must use privilege separation | |
The SSH private host key files must have mode 0600 or less permissive | |
The SSH public host key files must have mode 0644 or less permissive | |
The sticky bit must be set on all public directories | |
The system's access control program must be configured to grant or deny system access to specific hosts | |
The system's access control program must be configured to grant or deny system access to specific hosts_1 | |
The system's boot loader configuration file(s) must be group-owned by root, bin, sys, or system | |
The system's boot loader configuration files must be owned by root | |
The system and user default umask must be 077-1 | |
The system and user default umask must be 077-2 | |
The system must have a host-based intrusion detection tool installed | |
The system must have USB Mass Storage disabled unless needed | |
The system must limit users to 10 simultaneous system logins, or a site-defined number, in accordance with operational requirements | |
The system must log informational authentication data | |
The system must not be configured for network bridging | |
The system must not have 6to4 enabled | |
The system must not have IP tunnels configured | |
The system must not have special privilege accounts, such as shutdown and halt | |
The system must not have unnecessary accounts | |
The system must not permit root logins using remote access programs such as ssh | |
The system must not use .forward files | |
The system must not use .forward files-Sendmail-Conf | |
The system must not use UDP for NIS or NIS+ | |
The system must only use remote syslog servers (log hosts) that is justified and documented using site-defined procedures | |
The system must require at least four characters be changed between the old and new passwords during a password change | |
The system must require at least four characters be changed between the old and new passwords during a password change_1 | |
The system must require at least four characters be changed between the old and new passwords during a password change_2 | |
The system must require at least four characters be changed between the old and new passwords during a password change_3 | |
The system must require passwords contain a minimum of 14 characters | |
The system must require passwords contain at least one lowercase alphabetic character | |
The system must require passwords contain at least one numeric character | |
The system must require passwords contain at least one special character | |
The system must require passwords contain at least one uppercase alphabetic character | |
The system must require passwords contain no more than three consecutive repeating characters | |
The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes | |
The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes_1 | |
The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes_2 | |
The system must use a separate file system for the system audit data path | |
The system must use a separate file system for tmp | |
The system must use a separate file system for var | |
The systems access control program must log each system access attempt | |
The system syslog service must log informational and more severe SMTP service messages | |
The TICP protocol must be disabled or uninstalled | |
The time synchronization configuration file must be group-owned by root, bin, or sys | |
The time synchronization configuration file must be owned by root | |
The time synchronization configuration file must have mode 0640 or less permissive | |
The xinetd.d directory must not have an extended ACL | |
The xinetd configuration files must have mode 0640 or less permissive | |
UIDs reserved for system accounts must not be assigned to non-system accounts | |
Unix Services | |
User home directories must not have extended ACLs | |
User passwords must be changed at least every 60 days | |
V-1025 | |
V-1026-1 | |
V-1026-2 | |
V-1027 | |
V-1028 | |
V-1029 | |
V-1030 | |
V-1032 Users must not be able to change passwords more than once every 24 hours | |
V-1046 Root passwords must never be passed over a network in clear text form | |
V-1048 | |
V-1049 | |
V-1054 | |
V-1055 | |
V-1056 | |
V-1058 | |
V-1059 | |
V-1061 | |
V-1062 The root shell must be located in the file system | |
V-11979 The root account must not be used for direct log in | |
V-11980 | |
V-11980-I | |
V-11986 All local initialization files executable search paths must contain only absolute paths | |
V-11988 | |
V-11989 | |
V-11994 | |
V-11997 | |
V-11999-1 | |
V-11999-2 | |
V-12002-1 The system must not forward IPv4 source-routed packets | |
V-12002-2 The system must not forward IPv4 source-routed packets | |
V-12005 | |
V-12006-Sendmail | |
V-12011 | |
V-12011-I | |
V-12017 The .Xauthority utility must only permit access to authorized hosts | |
V-12021 The syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures | |
V-22290 | |
V-22290-1 | |
V-22290-2 | |
V-22292 | |
V-22297 The time synchronization configuration file (such as etcntp.conf) must not have an extended ACL | |
V-22299-1 The system must display the date and time of the last successful account login upon login | |
V-22299-2 The system must display the date and time of the last successful account login upon login | |
V-22299-3 The system must display the date and time of the last successful account login upon login | |
V-22304 | |
V-22307 | |
V-22308 | |
V-22310 The root account's library search path must be the system default and must contain only absolute paths | |
V-22311 The root account's list of preloaded libraries must be empty | |
V-22312 All files and directories must have a valid group-owner | |
V-22313 All network services daemon files must not have extended ACLs | |
V-22314 All system command files must not have extended ACLs | |
V-22316 | |
V-22320 The etcresolv.conf file must be group-owned by root, bin, or sys | |
V-22321 The etcresolv.conf file must have mode 0644 or less permissive | |
V-22323 The etchosts file must be owned by root | |
V-22324 The etchosts file must be group-owned by root, bin, or sys | |
V-22325 The etchosts file must have mode 0644 or less permissive | |
V-22327 The etcnsswitch.conf file must be owned by root | |
V-22328 The etcnsswitch.conf file must be group-owned by root, bin, or sys | |
V-22329 The etcnsswitch.conf file must have mode 0644 or less permissive | |
V-22332 The etcpasswd file must be owned by root | |
V-22333 The etcpasswd file must be group-owned by root, bin, or sys | |
V-22335 The etcgroup file must be owned by root | |
V-22336 The etcgroup file must be group-owned by root, bin, or sys | |
V-22337 The etcgroup file must have mode 0644 or less permissive | |
V-22340 The etcshadow file must not have an extended ACL | |
V-22347 | |
V-22348 | |
V-22349 | |
V-22363 | |
V-22364 | |
V-22367 | |
V-22370 | |
V-22371 | |
V-22372 | |
V-22373 | |
V-22374 : 1 The audit system must alert the SA in the event of an audit processing failure | |
V-22374 : 2 The audit system must alert the SA in the event of an audit processing failure | |
V-22375-1 | |
V-22375-2 | |
V-22376 | |
V-22377 | |
V-22378 | |
V-22382 | |
V-22383 | |
V-22387 Cron and crontab directories must not have extended ACLs | |
V-22389 The cron.deny file must not have an extended ACL | |
V-22408 | |
V-22410-1 | |
V-22410-2 | |
V-22411-1 The system must not respond to Internet Control Message Protocol (ICMP) timestamp requests sent to a broadcast address | |
V-22411-2 The system must not respond to Internet Control Message Protocol (ICMP) timestamp requests sent to a broadcast address | |
V-22414-Part1 (in-memory) The system must not accept source-routed IPv4 packets | |
V-22414-Part2 (file) The system must not accept source-routed IPv4 packets | |
V-22415-1 | |
V-22415-2 | |
V-22416-1 | |
V-22416-2 | |
V-22417-1 | |
V-22417-2 | |
V-22418 | |
V-22418-1 | |
V-22418-2 | |
V-22419 | |
V-22419-1 | |
V-22419-2 | |
V-22422 | |
V-22425 | |
V-22427 | |
V-22428 | |
V-22433 | |
V-22434 | |
V-22435 | |
V-22437 | |
V-22438-postfix | |
V-22438-sendmail | |
V-22439-postfix | |
V-22439-sendmail | |
V-22440 | |
V-22441 | |
V-22444 | |
V-22445 | |
V-22450 | |
V-22454 | |
V-22455 | |
V-22456 | |
V-22457 | |
V-22457-0 | |
V-22457-1 | |
V-22458 | |
V-22459 | |
V-22460 | |
V-22470-1 | |
V-22470-2 | |
V-22489-Check banner configuration | |
V-22489-Check banner content | |
V-22491-1 | |
V-22491-2 | |
V-22491-3 | |
V-22496 All NFS exported system files and system directories must be group-owned by root, bin, sys, or system | |
V-22511 The Stream Control Transmission Protocol (SCTP) must be disabled unless required | |
V-22514-1 The Datagram Congestion Control Protocol (DCCP) must be disabled unless required | |
V-22514-2 The Datagram Congestion Control Protocol (DCCP) must be disabled unless required | |
V-22514-3 The Datagram Congestion Control Protocol (DCCP) must be disabled unless required | |
V-22524 The AppleTalk protocol must be disabled or not installed | |
V-22541-1 | |
V-22541-2 | |
V-22541-3 | |
V-22542 | |
V-22549 | |
V-22549-dhclient | |
V-22550-1 | |
V-22550-2 | |
V-22553-1 | |
V-22553-2 | |
V-22556 | |
V-22557 | |
V-22558 | |
V-22565 | |
V-22566 | |
V-22567 | |
V-22568 | |
V-22569 | |
V-22576-I | |
V-22576-II | |
V-22578: The system must have USB disabled unless needed | |
V-22580 | |
V-22584: The system must use a Linux Security Module configured to limit the privileges of system services | |
V-22584-I: The system must use a Linux Security Module configured to limit the privileges of system services | |
V-22585 The system's boot loader configuration file(s) must not have extended ACLs | |
V-22588 | |
V-22588-I | |
V-22595 | |
V-23732-Check banner file configuration for gssftp | |
V-23732-Check banner file configuration for vsftpd | |
V-23732-Check banner file content | |
V-23952: Mail relaying must be restricted | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-23953 | |
V-24331-I | |
V-24357-audisp-syslog-conf | |
V-24357-grub-conf | |
V-24357-rsyslog-conf | |
V-24357-syslog-conf | |
V-24384 | |
V-27275 | |
V-27275-inn | |
V-27276 | |
V-27279 | |
V-27279-krb5-workstation | |
V-27279-vsftp | |
V-27283 | |
V-27284 | |
V-27285 | |
V-29236 | |
V-29237 | |
V-29238 | |
V-29239 | |
V-29240 | |
V-29241 | |
V-29242 | |
V-29243 | |
V-29244 | |
V-29245 | |
V-29246 | |
V-29247 | |
V-29248 | |
V-29249 | |
V-29250 | |
V-29251 | |
V-29252 | |
V-29253 | |
V-29255 | |
V-29257 | |
V-29259 | |
V-29261 | |
V-29272 | |
V-29274 | |
V-29275 | |
V-29279 | |
V-29281 | |
V-29284 | |
V-29286 | |
V-29288 | |
V-29289 | |
V-29376 | |
V-4084 | |
V-4084-I | |
V-4084-II | |
V-4084-password_history_file | |
V-4089 | |
V-4090 | |
V-4249 | |
V-4249-precheck | |
V-4250 | |
V-4273 | |
V-4274 | |
V-4275 The etcnewsreaders.conf (or equivalent) must have mode 0600 or less permissive | |
V-4276 The etcnewspasswd.nntp file (or equivalent) must have mode 0600 or less permissive | |
V-4277 Files in etcnews must be owned by root or news | |
V-4278 The files in etcnews must be group-owned by root or news | |
V-4295-1 | |
V-4295-2 | |
V-4298 | |
V-4304 | |
V-4334 The etcsysctl.conf file must be owned by root | |
V-4336 The etcsysctl.conf file must have mode 0600 or less permissive | |
V-4339 | |
V-4342 The x86 CTRL-ALT-DELETE key sequence must be disabled | |
V-4358 The cron.deny file must have mode 0600 or less permissive | |
V-4361 The cron.allow file must be owned by root, bin, or sys | |
V-4364 | |
V-4365 | |
V-4366 | |
V-4367 The at.allow file must be owned by root, bin, or sys | |
V-4368 The at.deny file must be owned by root, bin, or sys | |
V-4369 The traceroute command owner must be root | |
V-4370 The traceroute command must be group-owned by sys, bin, root, or system | |
V-4371 The traceroute file must have mode 0700 or less permissive | |
V-4384-Postfix | |
V-4384-Sendmail | |
V-4393 The etcsyslog.conf file must be owned by root | |
V-4394 The etcsyslog.conf file must be group-owned by root, bin, sys, or system | |
V-4428-1 | |
V-4428-2 | |
V-4428-3 | |
V-4692 The SMTP service must not have the EXPN feature active | |
V-4693-1 The SMTP service must not have the Verify (VRFY) feature active | |
V-4693-2 The SMTP service must not have the Verify (VRFY) feature active | |
V-4693-3 The SMTP service must not have the Verify (VRFY) feature active | |
V-4702-1 Anonymous ftp with guest password | |
V-4702-2 Anonymous ftp with email ID as password | |
V-756 The system must require authentication upon booting into single-user and maintenance modes | |
V-760 Direct logins must not be permitted to shared, default, application, or utility accounts | |
V-761 All accounts on the system must have unique user or account names | |
V-762 All accounts must be assigned unique User Identification Numbers (UIDs) | |
V-763 The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, console login prompts | |
V-765 Successful and unsuccessful logins and logouts must be logged | |
V-766 The system must disable accounts after three consecutive unsuccessful login attempts | |
V-768-1 The delay between login prompts following a failed login attempt must be at least 4 seconds | |
V-768-2 The delay between login prompts following a failed login attempt must be at least 4 seconds | |
V-770-1 The system must not have accounts configured with blank or null passwords | |
V-770-2 The system must not have accounts configured with blank or null passwords | |
V-773 The root account must be the only account having a UID of 0 | |
V-774 The root user's home directory must not be the root directory slash | |
V-775 | |
V-776 The root account's executable search path must be the vendor default and must contain only absolute paths | |
V-777 The root account must not have world-writable directories in its executable search path | |
V-778 The system must prevent the root account from directly logging in except from the system console | |
V-781 | |
V-784 | |
V-787 | |
V-788 | |
V-791 | |
V-792 | |
V-793 | |
V-801 | |
V-802 | |
V-805 | |
V-807 | |
V-810 Default system accounts must be disabled or removed | |
V-812 System audit logs must be owned by root | |
V-814 | |
V-815 | |
V-818 | |
V-818 The audit system must be configured to audit login, logout, and session initiation | |
V-819 | |
V-831-postfix | |
V-831-sendmail | |
V-832-postfix | |
V-832-sendmail | |
V-833 | |
V-834 | |
V-835 Sendmail logging must not be set to less than nine in the sendmail.cf file | |
V-841-1 | |
V-841-2 | |
V-841-3 | |
V-842-gssftp | |
V-842-vsftp | |
V-843-gssftp | |
V-843-vsftp | |
V-846 | |
V-847 | |
V-848 | |
V-849-check tftp user account exist | |
V-849-check tftp user home directory exist | |
V-849-check tftp user shell | |
V-849-user other than the dedicated tftp user | |
V-899 | |
V-900 All interactive user home directories defined in the etcpasswd file must exist | |
V-901 | |
V-902 | |
V-903 | |
V-905 | |
V-906 | |
V-910 find world writable files | |
V-917 | |
V-918 Accounts must be locked upon 35 days of inactivity | |
V-921 | |
V-922 | |
V-924 | |
V-925 Device files used for backup must only be readable andor writable by root or the backup user | |
V-928 | |
V-929 | |
V-931 | |
V-932 | |
V-974 | |
V-975 | |
V-976 Cron must not execute group-writable or world-writable programs | |
V-979 Cron and crontab directories must have mode 0755 or less permissive | |
V-980 Cron and crontab directories must be owned by root or bin | |
V-981 Cron and crontab directories must be group-owned by root, sys, bin or cron | |
V-983 | |
V-987 | |
V-988 The at daemon must not execute group-writable or world-writable programs | |
V-993 | |
V-994 | |
V-995 | |
Xauthority files must not have extended ACLs | |
xorg-x11-server-Xorg package installed | |
??AIDE_CONF_PATH?? | File |
??BOOTLOADER_PATH?? | |
??POSTFIX_ALIASES_DB?? | |
??POSTFIX_ALIASES?? | |
??POSTFIX_MAIN_CF?? | |
??SENDMAIL_ALIASES_DB?? | |
??SENDMAIL_ALIASES?? | |
??SENDMAIL-CONF-FILE?? | |
/etc/at.allow | |
/etc/at.deny | |
/etc/cron.allow | |
/etc/cron.deny | |
/etc/ftpusers | |
/etc/pam.d/system-auth | |
/etc/rsyslog.conf | |
/etc/samba/smb.conf | |
/etc/securetty | |
/etc/security/access.conf | |
/etc/shadow | |
/etc/shells | |
/etc/vsftpd/ftpusers | |
/etc/vsftpd/vsftpd.conf | |
/etc/vsftpd.ftpusers | |
/etc/xinetd.d/gssftp | |
samba-common | RPM |
sendmail | |
tcp_wrappers |
HP-UX 11.31
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions forHP-UX 11.31.
Asset/Part Used
Part name | Part type |
|---|---|
/usr/lbin/getprdef -m dlylntr | cut -d= -f2 | Command |
/usr/lbin/getprdef -m umaxlntr | cut -d= -f2 | |
/usr/lbin/getprdef -r 2> /dev/null >/dev/null ; echo $? | |
cat ??SENDMAIL-CONF-FILE?? | grep SmtpGreetingMessage | grep -v ^#" | |
cat /etc/dfs/dfstab | grep share | egrep 'anon=' | grep -v '^#' | wc -l | sed 's/ //g' | |
cat /etc/dfs/dfstab | grep share | egrep 'anon=(-1|60001|65534|65535)($|,| )' | grep -v '^#' | wc -l | sed 's/ //g' | |
cat /etc/dfs/dfstab | grep -v '^#' | grep share | grep -v 'anon=' | wc -l | sed 's/ //g' | |
cat /etc/dfs/sharetab | grep -v '^#' | grep 'ro=' | wc -l | sed 's/ //g' | |
cat /etc/dfs/sharetab |grep -v '^#'| grep 'root=' | |
cat /etc/dfs/sharetab | grep -v '^#' | grep 'rw=' | wc -l | sed 's/ //g' | |
cat /etc/dfs/sharetab | grep -v '^#' | grep -v 'ro=' | grep -v 'rw=' | egrep 'ro($|,| )' | wc -l | sed 's/ //g' | |
cat /etc/dfs/sharetab | grep -v '^#' | grep -v 'rw=' | grep -v 'ro=' | egrep 'rw($|,| )' | wc -l | sed 's/ //g' | |
cat /etc/ftpd/ftpaccess | grep banner | |
cat /etc/inetd.conf | grep ^ftp | |
cat /etc/opt/ldapux/ldapux_client.conf | tr '\011' ' ' | tr -s ' ' | grep -v '^#' | grep -i '^enable_startTLS=1$'|wc -l | |
coreadm | tr '\011' ' ' | tr -s ' ' | egrep -i 'global core dumps' | cut -d ':' -f2|cut -d ' ' -f2 | |
coreadm | tr '\011' ' ' | tr -s ' ' | egrep -i 'global core file pattern' | cut -d ':' -f2|cut -d ' ' -f2 | |
crashconf -v | tr -s ' ' | awk -F ' ' -v field=3 '{print $field}' | egrep 'yes,' | |
cut -d ' ' -f5 test.txt | grep P | |
dirname ??VAR_CORE_DUMP_FILE_PATTERN_VALUE?? | |
egrep 'ro=.+' /etc/dfs/sharetab | grep -v '^#' | wc -l | sed 's/ //g' | |
egrep 'rw=.+' /etc/dfs/sharetab | grep -v '^#' | wc -l | sed 's/ //g' | |
grep -v '^$' /etc/dfs/sharetab | egrep '^ *#' | wc -l | sed 's/ //g' | |
grep -v '^$' /etc/dfs/sharetab | wc -l | sed 's/ //g' | |
ioscan -fn | grep ^usb | |
kctune | grep -iw 'executable_stack' | tr -s ' ' | cut -d ' ' -f2 | |
lastb -R | wc -l | |
last -R | wc -l | |
last root |grep -v reboot|grep -v console| wc -l | |
last root|grep -v reboot| wc -l | |
logins -o -x|awk -F : '{if(($11==0)||($11==-1)||($11>60)) print $1}'| wc -l | |
logins -o -x|awk -F : '{if($10<1) print $1}'|wc -l | |
niscat cred.org_dir | awk -F':' '{print $2}' | |
ps -ef|grep sshd$|wc -l | |
rpcinfo -p | grep yp | |
rpcinfo -p | grep yp | grep udp | |
swlist | grep LDAP | |
what /usr/sbin/sendmail | grep version | tr '\t' ' ' | tr -s ' ' | sed 's/^ //g' | cut -d' ' -f3 | cut -d '.' -f1 | |
what /usr/sbin/sendmail | grep version | tr '\t' ' '| tr -s ' ' | sed 's/^ //g' | cut -d' ' -f3 | cut -d '.' -f2 | |
what /usr/sbin/sendmail | grep version | tr '\t' ' ' | tr -s ' ' | sed 's/^ //g' | cut -d' ' -f3 | cut -d '.' -f3 | |
which ioscan | |
which niscat | |
which rpcinfo | |
/etc/default/security | Configuration File |
/etc/dfs/sharetab | |
/etc/fstab | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inetd.conf | |
/etc/ldap.conf | |
/etc/nsswitch.conf | |
/etc/opt/ldapux/ldapux_client.conf | |
/etc/opt/samba/smb.conf | |
/etc/passwd | |
/etc/rc.config.d/auditing | |
/etc/rc.config.d/ipfconf | |
/etc/rc.config.d/namesvrs | |
/etc/rc.config.d/netconf | |
/etc/rc.config.d/netconf-ipv6 | |
/etc/rc.config.d/nfsconf | |
/etc/rc.config.d/syslogd | |
/etc/securetty | |
/etc/shadow | |
/etc/shells | |
/etc/syslog.conf | |
/opt/ssh/etc/ssh_config | |
/opt/ssh/etc/sshd_config | |
??NIS_YP_DIRECTORY?? | Directory |
??VAR_CORE_DUMP_CHECK_VALUE?? | |
??VAR_CORE_DUMP_DIR_PATH_VALUE?? | |
??VAR_DIRECTORY_PATH_VALUE?? | |
??VAR_FILE_PATH_VALUE?? | |
??VAR_NIS_DIR_PATH_VALUE?? | |
??VAR_NIS_DOMAIN_VALUE?? | |
??VAR_PRINT_LASTLOG_PARAM?? | |
/ | |
/bin | |
/etc | |
/etc/opt/ldapux | |
/etc/rc.config.d | |
/etc/skel | |
/lib | |
/sbin | |
/sbin/init.d | |
/sbin/rc.d | |
/tcb | |
/tcb/files | |
/tcb/files/auth | |
/usr/lbin | |
/usr/lib | |
/usr/sbin | |
/var/adm | |
/var/adm/crash | |
/var/news | |
/var/spool/at | |
/var/spool/atjobs | |
/var/spool/cron/atjobs | |
/var/spool/cron/crontabs | |
/var/yp/??VAR_NIS_DOMAIN_VALUE?? | |
Running Processes | Extended Object |
V-1048 | |
V-1049 | |
V-1061 | |
V-11946 | |
V-11985 | |
V-11986 All local initialization files executable search paths must contain only absolute paths | |
V-11988 | |
V-11989 The rhosts file must not be supported in PAM | |
V-11990 | |
V-11995 | |
V-12001-1 | |
V-12002-1 | |
V-12003 | |
V-12004 | |
V-12005 | |
V-12005-2 | |
V-12023-1 | |
V-12049 | |
V-22290 The system clock must be synchronized continuously or at least daily | |
V-22291 The system must use at least two time sources for clock synchronization | |
V-22292 The system must use time sources are local to the enclave | |
V-22310-1 | |
V-22310-2 | |
V-22311 | |
V-22312 | |
V-22314 | |
V-22315 | |
V-22316 | |
V-22317 | |
V-22350 | |
V-22351 | |
V-22354-1 Run control scripts library search paths must contain only absolute paths | |
V-22354-2 Run control scripts library search paths must contain only absolute paths | |
V-22355 Run control scripts lists of preloaded libraries must contain only absolute paths | |
V-22359 | |
V-22360 | |
V-22361 | |
V-22362 | |
V-22363 | |
V-22364 | |
V-22367 | |
V-22368 | |
V-22369 | |
V-22372 | |
V-22375 | |
V-22409-1 | |
V-22410-1 | |
V-22411-1 | |
V-22412-1 | |
V-22417-1 | |
V-22422 | |
V-22423 | |
V-22425 | |
V-22426 | |
V-22440 | |
V-22441 | |
V-22447 The SNMP service must use only SNMPv3 or its successors | |
V-22450 | |
V-22455 | |
V-22458 The SSH daemon must be configured to only use FIPS 140-2 approved ciphers | |
V-22459 The SSH daemon must be configured to not use Cipher-Block Chaining (CBC) ciphers | |
V-22460 The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms | |
V-22461 The SSH client must be configured to only use FIPS 140-2 approved ciphers | |
V-22462 The SSH client must be configured to not use Cipher-Block Chaining (CBC) based ciphers | |
V-22463 The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms | |
V-22489-Check banner configuration | |
V-22491-1 | |
V-22511 | |
V-22551-1 | |
V-22553-1 | |
V-22702 | |
V-23736 | |
V-23738 | |
V-23739 | |
V-23741-1 | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-4083 Graphical desktop environments provided by the system must automatically lock | |
V-4087 | |
V-4290 | |
V-4304 | |
V-4366 At jobs must not set the umask to a value less restrictive than 077 | |
V-4385 | |
V-4387 | |
V-4395 | |
V-4428-1 | |
V-4428-2 | |
V-4690 | |
V-4691-1 | |
V-4691-2 | |
V-4692-goaway | |
V-4692-noexpn | |
V-4693-goaway | |
V-4693-novrfy | |
V-4694 The sendmail service must not have the wizard backdoor active | |
V-4702-1 | |
V-4702-2 | |
V-760 | |
V-761 | |
V-762 | |
V-770 | |
V-776 | |
V-777 | |
V-780 | |
V-781 | |
V-784 | |
V-785 | |
V-787 | |
V-788 | |
V-792 | |
V-793 | |
V-794 | |
V-795 | |
V-796 | |
V-801 | |
V-802 | |
V-805 | |
V-806 | |
V-807 | |
V-808-1 | |
V-808-2 | |
V-811 | |
V-812 | |
V-813-1 | |
V-813-2 | |
V-821 | |
V-822 | |
V-827.1.1 | |
V-827.1.2 | |
V-827.1.3 | |
V-827.2.1 | |
V-827.2.2 | |
V-833 Files executed through a mail aliases file must be owned by root | |
V-834 | |
V-835 | |
V-836 | |
V-841 | |
V-846 | |
V-901 | |
V-902 | |
V-903 | |
V-904 | |
V-905 | |
V-906 | |
V-907 Run control scripts executable search paths must contain only absolute paths | |
V-910 | |
V-913 | |
V-914 | |
V-915 | |
V-917 | |
V-918 Accounts must be locked upon 35 days of inactivity | |
V-922 | |
V-924 | |
V-925 | |
V-936 | |
V-982 | |
V-986 | |
V-995 | |
??ETC_FTPD_FTPUSERS_CONF_FILE?? | File |
??ETC_NEWS_HOSTS_NNTP_CONF_FILE?? | |
??ETC_NEWS_HOSTS_NNTP_NOLIMIT_CONF_FILE?? | |
??ETC_NEWS_NNRP_ACCESS_CONF_FILE?? | |
??ETC_NEWS_PASSWD_NNTP_CONF_FILE?? | |
??HOSTS_NNTP_NOLIMIT_PATH?? | |
??HOSTS_NNTP_PATH?? | |
??INETD_CONF_PATH?? | |
??LDAP_PATH??/key3.db | |
??NNRP_ACCESS_PATH?? | |
??PASSWD_NNTP_PATH?? | |
??RPCBIND_PATH?? | |
??SMB_CONF_FILE_PATH?? | |
??SMBPASSWD_FILE_PATH?? | |
??XINETD_CONF_PATH?? | |
/etc/.login | |
/etc/bashrc | |
/etc/csh.cshrc | |
/etc/csh.login | |
/etc/dfs/dfstab | |
/etc/dfs/sharetab | |
/etc/environment | |
/etc/ftpd/ftpaccess | |
/etc/ftpd/ftpusers | |
/etc/group | |
/etc/hosts | |
/etc/hosts.equiv | |
/etc/inetd.conf | |
/etc/issue | |
/etc/mail/aliases | |
/etc/nsswitch.conf | |
/etc/ntp.conf | |
/etc/opt/ldapux/acred | |
/etc/opt/ldapux/cert8.db | |
/etc/opt/ldapux/key3.db | |
/etc/opt/ldapux/ldapclientd.conf | |
/etc/opt/ldapux/ldapug.conf | |
/etc/opt/ldapux/ldapux_client.conf | |
/etc/opt/ldapux/pcred | |
/etc/opt/samba/smb.conf | |
/etc/passwd | |
/etc/profile | |
/etc/rc.config.d/* | |
/etc/resolv.conf | |
/etc/securetty | |
/etc/security/environ | |
/etc/services | |
/etc/shadow | |
/etc/shells | |
/etc/SnmpAgent.d/snmpd.conf | |
/etc/syslog.conf | |
/opt/ssh/etc/ssh_host_dsa_key | |
/opt/ssh/etc/ssh_host_dsa_key.pub | |
/opt/ssh/etc/ssh_host_rsa_key | |
/opt/ssh/etc/ssh_host_rsa_key.pub | |
/usr/ccs/bin/ldd | |
/usr/contrib/bin/traceroute | |
/usr/lbin/rlogind | |
/usr/lbin/tftpd | |
/usr/lib/cron/at.allow | |
/usr/lib/cron/at.deny | |
/usr/sbin/audevent | |
/usr/sbin/audfilter | |
/usr/sbin/audfilterd | |
/usr/sbin/audisp | |
/usr/sbin/auditdp | |
/usr/sbin/audomon | |
/usr/sbin/audsys | |
/usr/sbin/audusr | |
/var/adm/cron/at.allow | |
/var/adm/cron/at.deny | |
/var/adm/cron/cron.allow | |
/var/adm/cron/cron.deny | |
/var/adm/cron/log | |
/var/adm/inetd.sec | |
/var/opt/samba/private/smbpasswd | |
/var/spool/lp/.rhosts | |
??LDAP_BUNDLE?? | HP Bundle |
CIFS-CLIENT | |
CIFS-SERVER | |
LDAPUX |
HP-UX 11.23
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 60% |
EO based | 40% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for HP-UX 11.23.
Asset/Part Used
Part name | Part type |
|---|---|
/usr/lbin/getprdef -m dlylntr | cut -d= -f2 | Command |
/usr/lbin/getprdef -m umaxlntr | cut -d= -f2 | |
/usr/lbin/getprdef -r 2> /dev/null >/dev/null ; echo $? | |
/usr/lbin/getprpw -m bootpw root | cut -d '=' -f2 | |
cat ??SENDMAIL-CONF-FILE?? | grep SmtpGreetingMessage | grep -v ^#" | |
cat /etc/ftpd/ftpaccess | grep banner | |
cat /etc/inetd.conf | grep ^ftp | |
crashconf -v | tr -s ' ' | awk -F ' ' -v field=3 '{print $field}' | egrep 'yes,' | |
cut -d ' ' -f5 test.txt | grep P | |
exportfs -v | egrep 'anon=' | wc -l | |
exportfs -v | egrep 'anon=(-1|6(0001|553(4|5)))[^0-9]' | wc -l | |
exportfs -v | grep 'root=' | |
ioscan -fn | grep ^usb | |
kctune | grep -iw 'executable_stack' | tr -s ' ' | cut -d ' ' -f2 | |
lastb -R | wc -l | |
last -R | wc -l | |
last root |grep -v reboot|grep -v console| wc -l | |
last root|grep -v reboot| wc -l | |
logins -o -x|awk -F : '{if(($11==0)||($11==-1)||($11>60)) print $1}'| wc -l | |
logins -o -x|awk -F : '{if($10<1) print $1}'|wc -l | |
niscat cred.org_dir | awk -F':' '{print $2}' | |
ps -ef|grep sshd$|wc -l | |
rpcinfo -p | grep yp | |
rpcinfo -p | grep yp | grep udp | |
what /usr/sbin/sendmail | grep version | tr '\t' ' ' | tr -s ' ' | sed 's/^ //g' | cut -d' ' -f2 | cut -d '.' -f1 | |
what /usr/sbin/sendmail | grep version | tr '\t' ' '| tr -s ' ' | sed 's/^ //g' | cut -d' ' -f2 | cut -d '.' -f2 | |
what /usr/sbin/sendmail | grep version | tr '\t' ' ' | tr -s ' ' | sed 's/^ //g' | cut -d' ' -f2 | cut -d '.' -f3 | |
which exportfs | |
which ioscan | |
which niscat | |
which rpcinfo | |
/etc/default/security | Configuration File |
/etc/exports | |
/etc/fstab | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inetd.conf | |
/etc/ldap.conf | |
/etc/nsswitch.conf | |
/etc/opt/ldapux/ldapux_client.conf | |
/etc/opt/samba/smb.conf | |
/etc/passwd | |
/etc/rc.config.d/auditing | |
/etc/rc.config.d/ipfconf | |
/etc/rc.config.d/namesvrs | |
/etc/rc.config.d/netconf | |
/etc/rc.config.d/netconf-ipv6 | |
/etc/rc.config.d/nfsconf | |
/etc/rc.config.d/syslogd | |
/etc/securetty | |
/etc/shadow | |
/etc/shells | |
/etc/syslog.conf | |
/opt/ssh/etc/ssh_config | |
/opt/ssh/etc/sshd_config | |
??CENTRALIZED_PROCESS_CORE_DUMP_DATA_DIRECTORY?? | Directory |
??NIS_YP_DIRECTORY?? | |
??VAR_DIRECTORY_PATH_VALUE?? | |
??VAR_FILE_PATH_VALUE?? | |
??VAR_NIS_DOMAIN_VALUE?? | |
??VAR_PRINT_LASTLOG_PARAM?? | |
/ | |
/bin | |
/etc | |
/etc/opt/ldapux | |
/etc/rc.config.d | |
/etc/skel | |
/lib | |
/sbin | |
/sbin/init.d | |
/sbin/rc.d | |
/tcb | |
/tcb/files | |
/tcb/files/auth | |
/usr/lbin | |
/usr/lib | |
/usr/sbin | |
/var/adm | |
/var/adm/crash | |
/var/news | |
/var/spool/at | |
/var/spool/atjobs | |
/var/spool/cron/atjobs | |
/var/spool/cron/crontabs | |
/var/yp/??VAR_NIS_DOMAIN_VALUE?? | |
Running Processes | Extended Object |
V-1048 | |
V-1049 | |
V-1061 | |
V-11946 | |
V-11985 | |
V-11986 All local initialization files executable search paths must contain only absolute paths | |
V-11988 | |
V-11989 The rhosts file must not be supported in PAM | |
V-11990 | |
V-11995 | |
V-12001-1 | |
V-12002-1 | |
V-12003 | |
V-12004 | |
V-12005 | |
V-12005-2 | |
V-12023-1 | |
V-12049 | |
V-22290 The system clock must be synchronized continuously or at least daily | |
V-22291 The system must use at least two time sources for clock synchronization | |
V-22292 The system must use time sources are local to the enclave | |
V-22310-1 | |
V-22310-2 | |
V-22311 | |
V-22312 | |
V-22314 | |
V-22315 | |
V-22316 | |
V-22317 | |
V-22350 | |
V-22351 | |
V-22354-1 Run control scripts library search paths must contain only absolute paths | |
V-22354-2 Run control scripts library search paths must contain only absolute paths | |
V-22355 Run control scripts lists of preloaded libraries must contain only absolute paths | |
V-22359 | |
V-22360 | |
V-22361 | |
V-22362 | |
V-22363 | |
V-22364 | |
V-22367 | |
V-22368 | |
V-22369 | |
V-22372 | |
V-22375 | |
V-22409-1 | |
V-22410-1 | |
V-22411-1 | |
V-22412-1 | |
V-22417-1 | |
V-22422 | |
V-22423 | |
V-22425 | |
V-22426 | |
V-22440 | |
V-22441 | |
V-22447 The SNMP service must use only SNMPv3 or its successors | |
V-22450 | |
V-22455 | |
V-22458 The SSH daemon must be configured to only use FIPS 140-2 approved ciphers | |
V-22459 The SSH daemon must be configured to not use Cipher-Block Chaining (CBC) ciphers | |
V-22460 The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms | |
V-22461 The SSH client must be configured to only use FIPS 140-2 approved ciphers | |
V-22462 The SSH client must be configured to not use Cipher-Block Chaining (CBC) based ciphers | |
V-22463 The SSH client must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms | |
V-22489-Check banner configuration | |
V-22491-1 | |
V-22511 | |
V-22551-1 | |
V-22553-1 | |
V-22702 | |
V-23736 | |
V-23738 | |
V-23739 | |
V-23741-1 | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-4083 Graphical desktop environments provided by the system must automatically lock | |
V-4087 | |
V-4290 | |
V-4304 | |
V-4366 At jobs must not set the umask to a value less restrictive than 077 | |
V-4385 | |
V-4387 | |
V-4395 | |
V-4428-1 | |
V-4428-2 | |
V-4690 | |
V-4691-1 | |
V-4691-2 | |
V-4692-goaway | |
V-4692-noexpn | |
V-4693-goaway | |
V-4693-novrfy | |
V-4694 The sendmail service must not have the wizard backdoor active | |
V-4702-1 | |
V-4702-2 | |
V-760 | |
V-761 | |
V-762 | |
V-770 | |
V-776 | |
V-777 | |
V-780 | |
V-781 | |
V-784 | |
V-785 | |
V-787 | |
V-788 | |
V-792 | |
V-793 | |
V-794 | |
V-795 | |
V-796 | |
V-801 | |
V-802 | |
V-805 | |
V-806 | |
V-807 | |
V-808-1 | |
V-808-2 | |
V-811 | |
V-812 | |
V-813-1 | |
V-813-2 | |
V-821 | |
V-822 | |
V-827.1.1 | |
V-827.1.2 | |
V-827.1.3 | |
V-827.2.1 | |
V-827.2.2 | |
V-833 Files executed through a mail aliases file must be owned by root | |
V-834 | |
V-835 | |
V-836 | |
V-841 | |
V-846 | |
V-901 | |
V-902 | |
V-903 | |
V-904 | |
V-905 | |
V-906 | |
V-907 Run control scripts executable search paths must contain only absolute paths | |
V-910 | |
V-913 | |
V-914 | |
V-915 | |
V-917 | |
V-918 Accounts must be locked upon 35 days of inactivity | |
V-922 | |
V-924 | |
V-925 | |
V-936 | |
V-982 | |
V-986 | |
V-995 | |
??ETC_FTPD_FTPUSERS_CONF_FILE?? | File |
??ETC_NEWS_HOSTS_NNTP_CONF_FILE?? | |
??ETC_NEWS_HOSTS_NNTP_NOLIMIT_CONF_FILE?? | |
??ETC_NEWS_NNRP_ACCESS_CONF_FILE?? | |
??ETC_NEWS_PASSWD_NNTP_CONF_FILE?? | |
??HOSTS_NNTP_NOLIMIT_PATH?? | |
??HOSTS_NNTP_PATH?? | |
??INETD_CONF_PATH?? | |
??LDAP_PATH??/key3.db | |
??NNRP_ACCESS_PATH?? | |
??PASSWD_NNTP_PATH?? | |
??RPCBIND_PATH?? | |
??SMB_CONF_FILE_PATH?? | |
??SMBPASSWD_FILE_PATH?? | |
??XINETD_CONF_PATH?? | |
/etc/.login | |
/etc/bashrc | |
/etc/csh.cshrc | |
/etc/csh.login | |
/etc/dfs/dfstab | |
/etc/environment | |
/etc/exports | |
/etc/ftpd/ftpaccess | |
/etc/ftpd/ftpusers | |
/etc/group | |
/etc/hosts | |
/etc/hosts.equiv | |
/etc/inetd.conf | |
/etc/issue | |
/etc/mail/aliases | |
/etc/nsswitch.conf | |
/etc/ntp.conf | |
/etc/opt/ldapux/acred | |
/etc/opt/ldapux/cert8.db | |
/etc/opt/ldapux/key3.db | |
/etc/opt/ldapux/ldapclientd.conf | |
/etc/opt/ldapux/ldapug.conf | |
/etc/opt/ldapux/ldapux_client.conf | |
/etc/opt/ldapux/pcred | |
/etc/opt/samba/smb.conf | |
/etc/passwd | |
/etc/profile | |
/etc/rc.config.d/* | |
/etc/resolv.conf | |
/etc/securetty | |
/etc/security/environ | |
/etc/services | |
/etc/shadow | |
/etc/shells | |
/etc/SnmpAgent.d/snmpd.conf | |
/etc/syslog.conf | |
/opt/ssh/etc/ssh_host_dsa_key | |
/opt/ssh/etc/ssh_host_dsa_key.pub | |
/opt/ssh/etc/ssh_host_rsa_key | |
/opt/ssh/etc/ssh_host_rsa_key.pub | |
/usr/ccs/bin/ldd | |
/usr/contrib/bin/traceroute | |
/usr/lbin/rlogind | |
/usr/lbin/tftpd | |
/usr/lib/cron/at.allow | |
/usr/lib/cron/at.deny | |
/usr/sbin/audevent | |
/usr/sbin/audfilter | |
/usr/sbin/audfilterd | |
/usr/sbin/audisp | |
/usr/sbin/auditdp | |
/usr/sbin/audomon | |
/usr/sbin/audsys | |
/usr/sbin/audusr | |
/var/adm/cron/at.allow | |
/var/adm/cron/at.deny | |
/var/adm/cron/cron.allow | |
/var/adm/cron/cron.deny | |
/var/adm/cron/log | |
/var/adm/inetd.sec | |
/var/opt/samba/private/smbpasswd | |
/var/spool/lp/.rhosts | |
??LDAP_BUNDLE?? | HP Bundle |
CIFS-CLIENT | |
CIFS-SERVER | |
LDAPUX |
IBM® AIX® 6.1
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for AIX 6.1 .
Asset/Part Used
Part name | Part type |
|---|---|
bos.net.sctp | AIX Package |
netsec.options.tcpwrapper.base | |
??SENDMAIL_EXEC_PATH?? -d0 -bt < /dev/null | grep '^Version ' | tr '\t' ' ' | tr -s ' ' | sed 's%^ %%g' | cut -d/ -f2 | Command |
/bin/tcbck 2>&1 >/dev/null | head -1 | grep '^3001-101 ' | |
/usr/sbin/lsdev -C | egrep -i audio | cut -d' ' -f1 | tr -s ' ' | |
/usr/sbin/lsdev -C | grep -i audio | cut -d' ' -f1 | tr -s ' ' | |
audit query|head -1|cut -d ' ' -f2 | |
cat /etc/filesystems | grep -v '^ *#' | egrep -n '^/' | cut -d':' -f2 | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/automount +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/dhcpcd +' | |
cat /etc/rc.tcpip | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/portmap +' | |
cat /etc/rc.tcpip 2>/dev/null | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/inetd +.* +'-d'' | |
cat /etc/rc.tcpip 2>/dev/null | tr '\t' ' ' |tr -s ' ' | egrep '^ *start +/usr/sbin/xinetd +.* +'-d'' | |
cat '??NTP_CONF_FILE_PATH??' | egrep -v '^ *#' | egrep '^server' | egrep -v '??NTP_ENCLAVE??' | wc -l | |
cat '??NTP_CONF_FILE_PATH??' | egrep -v '^ *#' | egrep '^server' | egrep -v '127.127.1.1|127.127.1.0' | egrep '??NTP_ENCLAVE??' | wc -l | |
cat '??SENDMAIL_CONF_FILE??'|grep LogLevel |grep -v '^ *#'|cut -d '=' -f2 | |
cat '??SENDMAIL_CONF_FILE??'|grep LogLevel |grep -v '^ *#'|wc -l | |
crontab -l | egrep -v '^ *#' | grep ntpdate | egrep -v '??NTP_ENCLAVE??' | wc -l | |
crontab -l | grep ??SYSTEM_PACKAGE_MANAGEMENT_TOOL_EXEC?? | |
crontab -l | grep ntpdate | grep -v '^ *#' | cut -d ' ' -f 3-5 | tr '\t' ' ' | tr -s ' ' | egrep '\* \* \*' | wc -l | |
date +%s | |
df -k ??FILE_SYSTEM_HOME_PARTITION?? | awk -F' ' '{print $7}' | grep -v 'Mounted'| wc -l | |
df -k ??FILE_SYSTEM_HOME_PARTITION?? | egrep -v 'Mounted on' | awk '{print $1}'|tail -1 | |
df -k ??SEPARATED_FILE_SYSTEM?? | awk -F' ' '{print $7}' | grep -v 'Mounted'| wc -l | |
df -k ??SEPARATED_FILE_SYSTEM?? | egrep -v 'Mounted on' | awk '{print $1}'|tail -1 | |
df -k /var | awk -F' ' '{print $7}' | grep -v 'Mounted'| wc -l | |
df -k /var | egrep -v 'Mounted on' | awk '{print $1}'|tail -1 | |
df -k | grep -w '^??VAR_FILE_SYSTEM??' | wc -l | |
df -k | grep -w '^??VAR_FILE_SYSTEM??' | wc -l | |
dirname ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | |
echo ??ALLOW_GROUPS_LIST?? | tr ' ' '\n' | |
echo ??AUDIT_EVENTS_ACL?? | tr ',' '\n' | |
echo ??AUDIT_EVENTS?? | tr ',' '\n' | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR??|egrep 'ro($|,| )' | wc -l | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR??| egrep 'ro=.+' | wc -l | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR??|egrep 'rw($|,| )' | wc -l | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR??| egrep 'rw=.+' | wc -l | |
echo ??SENDMAIL_VERSION_STRING?? | sed 's/\.//g' | |
echo ??VAR_CMD_OUTPUT?? | cut -d '.' -f1 | |
echo ??VAR_CMD_OUTPUT?? | cut -d '.' -f2 | |
echo ??VAR_SECTION_NAME?? |tr ' ' '\n' | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f2 | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d, -f4 | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d ',' -f2 | |
echo ??VAR_TUNABLE_PARAMETER?? | cut -d ',' -f4 | |
echo '??AUDIT_TOOLS??' | tr '\t' ' '|tr ' ' '\n' | sed -e 's%^ *%%' -e 's% *$%%' | |
echo '??DEFAULT_APPROVED_SHELLS??' | tr '|' '\n' | |
echo '??GLOBAL_INITIALIZATION_FILES??' | tr '\t' ' '|tr ' ' '\n' | sed -e 's%^ *%%' -e 's% *$%%' | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR?? | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??'| cut -d: -f1 | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??'| cut -d: -f2 | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??'| cut -d' ' -f1 | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??'| cut -d= -f2 | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??'|sed 's/ */ /g'|sed 's/^ //g'|cut -d ' ' -f4 | |
echo '??VAR_DIFF_TIME??/86400' | bc | |
echo \$Z | sendmail -d0 | egrep 'Version' | cut -d'/' -f2 | sed 's/\.//g' | |
egrep '^ *bindpwd:' /etc/security/ldap/ldap.cfg | grep -v '^ *#' |egrep -v 'bindpwd:{??ENCRYPTED_PASWD??'| wc -l | |
egrep ' */usr/sbin/auditstream *\| *auditpr *-v *\| */usr/bin/logger *-p *local7' /etc/security/audit/streamcmds | grep -v '^ *#' | wc -l | |
egrep '\-root$' /var/adm/sulog |wc -l | |
egrep 'multicastclient' /etc/ntp.conf |egrep -v ' *#' |cut -d ' ' -f2- | |
egrep 'server|peer' /etc/ntp.conf|egrep -v ' *#'| awk '{print $2}' | |
egrep 'xntpd' /etc/rc.tcpip |tr '\t' ' ' |egrep -v '^ *#'|wc -l | |
egrep -i '^ *Opnovrfy *$' '??SENDMAIL_CONF_FILE??' | wc -l | |
egrep -i 'allowgroups' /etc/ssh/sshd_config | egrep -v ' *#' | cut -d' ' -f2- | tr ' ' '\n' | sort | uniq | egrep -v '^ *$' | |
egrep -p '/:' /etc/filesystems | egrep -i log | egrep -v -i 'nolog' | cut -d'=' -f2 | sed 's/ //g' | |
egrep -p '/:' /etc/filesystems | egrep vfs | cut -d'=' -f2 | sed 's/ //g' | |
egrep -v '^$|^ *#' ??HOST_LPD_FILE_PATH?? |tr '\t' ' ' | sed 's/ //g' | egrep '^\+$'|wc -l | |
egrep -v '^ *\*' /etc/security/audit/events | tr '\t' ' ' |egrep ' *??LOOP_ATTR_FOR_COMPLIANCE_STR?? *=' | |
egrep -v '^ *#' /etc/rc.tcpip | egrep -w 'ntpd|xntpd' | |
egrep -v '^\*' /etc/security/audit/events | grep -w '??LOOP_ATTR_FOR_COMPLIANCE_STR??'|wc -l | |
egrep -v '^\*' /etc/security/audit/events | grep -w 'FILE_Open'|wc -l | |
egrep -v '^\*' /etc/security/audit/events | grep -w 'FILE_Unlink'|wc -l | |
egrep -v '^\*' /etc/security/audit/events | grep -w 'FS_Rmdir'|wc -l | |
egrep -v '^\*' /etc/security/login.cfg | egrep 'shells' | cut -d'=' -f2| sed 's/ //g' | tr ',' '\n' | |
exportfs | |
exportfs | cut -d' ' -f1 | |
exportfs | cut -d' ' -f1 | tr '\n' ' ' | |
exportfs -v |egrep 'anon=(-1|6(000(1|2)|553(4|5)))(\[^0-9\]| *$)' | wc -l | |
exportfs -v|egrep -v '^exportfs' | |
exportfs -v | egrep -v '^exportfs' |cut -d ' ' -f1 | |
exportfs -v|egrep -v '^exportfs'|cut -d ' ' -f2- | |
exportfs -v | grep 'root=' | |
exportfs -v | wc -l | |
expr ??VAR_CURRENT_SYSTEM_TIME?? - ??VAR_USER_LAST_LOGIN_TIME?? | |
find /etc -type f \( -name hosts.lpd -o -name Systems \) | |
genkex | grep rds | |
grep ^updateDNS /etc/dhcpc.opt /etc/dhcpcd.ini | wc -l | |
grep '^ *ldapsslkeypwd' /etc/security/ldap/ldap.cfg | grep -v '^ *#' |egrep -v 'ldapsslkeypwd:{??ENCRYPTED_PASWD??' | wc -l | |
grep '^ *O HelpFile *=' ??SENDMAIL_CONF_FILE?? | cut -d= -f2 | |
grep 'rhosts_auth' /etc/pam.conf | grep -v '^ *#'| wc -l | |
grep allow /etc/tftpaccess.ctl | egrep -v '^ *#' | |
grep ftpd /etc/inetd.conf | egrep -v '^ *#' |sed 's/\(.*\)\(-u.*\)/\2/g' | cut -d ' ' -f2 | |
grep herald /etc/ftpaccess.ctl|tr -d ' '|cut -d ':' -f1 | |
grep herald /etc/ftpaccess.ctl|tr -d ' '|cut -d ':' -f2 | |
grep -i '^ldapsslkeyf' /etc/security/ldap/ldap.cfg | cut -d':' -f2 | |
grep -p ??LOOP_ATTR_FOR_COMPLIANCE_STR??: /etc/filesystems | egrep options | egrep nodev | wc -l | |
grep -p ??LOOP_ATTR_FOR_COMPLIANCE_STR??: /etc/filesystems |egrep -v '??APPROVED_DEVICE_FILES??'| egrep vfs | egrep nfs | wc -l | |
grep -p ^??LOOP_ATTR_FOR_COMPLIANCE_STR??: /etc/security/passwd | grep 'password = ' | awk -F ' = ' '{print $2}' | |
grep -p bin: /etc/security/audit/config |egrep 'bin1 =|bin2 =' | cut -d '=' -f2 | |
grep -p bin: /etc/security/audit/config |egrep -w 'bin1|bin2' | cut -d '=' -f2 | |
grep -p bin: /etc/security/audit/config | egrep -w 'bin1|bin2' | cut -d '=' -f2 | |
grep -p classes: /etc/security/audit/config | grep ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | cut -d '=' -f1 | tr '\t' ' '| sed 's/ //g' | |
grep -p classes: /etc/security/audit/config | grep ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | cut -d '=' -f1 | tr '\t' ' ' | sed 's/ //g' | |
grep -p classes /etc/security/audit/config | grep -w '??LOOP_ATTR_FOR_COMPLIANCE_STR??'| tail -1 | cut -d'=' -f1 | sed 's/ //g' | |
grep -p classes /etc/security/audit/config | grep -w FILE_Open| tail -1 | cut -d'=' -f1 | sed 's/ //g' | |
grep -p classes /etc/security/audit/config | grep -w FILE_Unlink| tail -1 | cut -d'=' -f1 | sed 's/ //g' | |
grep -p classes /etc/security/audit/config | grep -w FS_Rmdir| tail -1 | cut -d'=' -f1 | sed 's/ //g' | |
grep -p start: /etc/security/audit/config | grep -v '^ *#' | egrep 'streammode( *)=( *)on'| wc -l | |
grep -p users /etc/security/audit/config | egrep -v ':' | cut -d'=' -f1 | grep -w default|wc -l | |
grep -p users /etc/security/audit/config | egrep -v ':|^#' | cut -d'=' -f2| egrep -v '^$' | |
grep USM_USER /etc/snmpdv3.conf|grep -v '#' | |
grep -v '^ *#' /etc/inetd.conf | grep -w '^bootps' | wc -l | |
grep -v '^ *#' /etc/inetd.conf | grep -w '^telnet' | wc -l | |
grep -v '^ *#' /etc/inittab | egrep '??UNNECESSARY_X_SERVER_LOGIN_MANAGERS_LIST??'| wc -l | |
grep -v '^ *#' '??SENDMAIL_CONF_FILE??' | grep -i wiz | |
grep -w sshd /etc/hosts.allow | grep -v '^ *#' | cut -d':' -f2 | |
grep -w sshd /etc/hosts.deny | grep -v '^ *#' | cut -d':' -f2 | |
grep -w tftp /etc/inetd.conf | egrep -v '^ *#' | |
ifconfig -a | grep -e gre -e gif -e cti -e sit | |
ifconfig -a | grep inet6 | grep -v ' ::' | |
ifconfig -a | grep inet6 | grep -v '::1/' | |
ifconfig -a | grep inet6 | grep -vw '::1' | |
last | grep '^root' | egrep -v 'reboot|console' | wc -l | |
last root|grep -v reboot| wc -l | |
lsattr -El sys0 -a sed_config | awk -F' ' '{print $2}' | |
lsdev -C | grep usb | wc -l | |
lsfs | grep ' ??LOOP_ATTR_FOR_COMPLIANCE_STR?? ' | awk '{print $6}' | |
lsfs -v nfs | |
lsfs -v nfs | sed 1d | awk {'print $6'} | egrep '(^nosuid(,|$))|(,nosuid *(,|$))' | |
lslpp -l | egrep 'devices.usbif.010100|devices.usbif.08025|devices.usbif.080400' | wc -l | |
lslpp -l | grep usb | wc -l | |
lssec -c -f /etc/security/lastlog -s ??VAR_USER_VALUE?? -a time_last_login | grep -v ' *#' | cut -d: -f2 | |
lssec -c -f /etc/security/login.cfg -s /dev/console -a synonym | egrep -v '^#' | cut -d: -f2 | tr ',' '\n' | |
lssec -f /etc/security/limits -s default -a core | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s /dev/console -a herald | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a herald | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s default -a logindelay | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a maxlogins | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a shells|awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/login.cfg -s usw -a shells|awk -F '=' '{print $2}' | tr -s ' ' | tr ',' '\n' | |
lssec -f /etc/security/user -s default -a dictionlist | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a histsize | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a loginretries | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a maxrepeats | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minage | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a mindiff | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minlen | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a minother | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s default -a SYSTEM | |
lssec -f /etc/security/user -s default -a SYSTEM | awk -F '=' '{print $2}' | tr -s ' ' | |
lssec -f /etc/security/user -s root -a rlogin | awk -F '=' '{print $2}' | tr -s ' ' | |
lssrc -a | egrep -i smbd | |
lssrc -s syslogd | grep syslogd | grep active | |
lstun -a | |
lsuser -a account_locked ??DEFAULT_SYSTEM_ACCOUNTS?? | egrep 'account_locked=false' | |
lsuser -a ALL | |
lsuser -a dictionlist ALL| grep -v '#' | |
lsuser -a rlogin ??LOOP_ATTR_FOR_COMPLIANCE_STR?? |cut -d'=' -f2 | |
lsuser -a sugroups root | awk -F'=' '{print $2}' | |
lsuser -a umask ftp | |
lsuser -a umask ftp | cut -d'=' -f2 | |
lsuser -c -a account_locked ??VAR_USER_VALUE?? | grep -v ' *#' | cut -d: -f2 | |
lsuser -c -a core ALL | grep -v '#' | |
lsuser -c -a histsize ALL | grep -v '#' | |
lsuser -c -a loginretries ALL | grep -v '#' | |
lsuser -c -a maxage ALL | grep -v '#' | |
lsuser -c -a maxrepeats ALL | grep -v '#' | |
lsuser -c -a minage ALL | grep -v '#' | |
lsuser -c -a mindiff ALL | grep -v '#' | |
lsuser -c -a minlen ALL | grep -v '#' | |
lsuser -c -a minother ALL | grep -v '#' | |
lsuser -c -a SYSTEM ALL| grep -v '#' | |
mount | egrep '/ ' | awk '{print $3}' | |
mount | egrep '/ ' | awk '{print $NF}' | egrep -i 'log' | egrep -v -i 'nolog' | awk -F' *log *=' '{print $2}' | sed 's/ //g' | cut -d',' -f1 | |
mount | grep ' ??LOOP_ATTR_FOR_COMPLIANCE_STR?? ' | awk '{print $NF}' | |
mount | sed 1,2d | awk '{print $8}' | egrep '(^nosuid(,|$))|(,nosuid *(,|$))' | |
ndp -a | egrep -v '??NDP_LOCAL_PUBLISHED_ENTRIES??|(^$)' | |
netstat -r | grep default | |
niscat cred.org_dir |cut -d ':' -f2 |egrep -vi local | |
no -x bcastping | |
no -x clean_partial_conns | |
no -x directed_broadcast | |
no -x ip_nfrag | |
no -x ip6forwarding | |
no -x ip6srcrouteforward | |
no -x ipforwarding | |
no -x ipignoreredirects | |
no -x ipsendredirects | |
no -x ipsrcrouteforward | |
no -x ipsrcrouterecv | |
no -x ipsrcroutesend | |
no -x nonlocsrcroute | |
no -x tcp_icmpsecure | |
no -x tcp_tcpsecure | |
ps -ef | egrep 'innd|nntpd' | egrep -v 'egrep' | wc -l | |
rpcinfo -p | grep yp | grep udp | |
sedmgr | head -1 | cut -d: -f2 | |
sysdumpdev -l | grep -i 'copy directory' | tr '\t' ' ' | tr -s ' ' | cut -d ' ' -f3 | |
sysdumpdev -l | grep -i primary | tr '\t' ' ' | tr -s ' ' | cut -d ' ' -f2 | |
sysdumpdev -l | grep -i secondary | tr '\t' ' ' | tr -s ' ' | cut -d ' ' -f2 | |
which exportfs | |
which portmap | |
which snmpd | |
/ | Configuration File |
/etc/filesystems | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inetd.conf | |
/etc/pam.conf | |
/etc/passwd | |
/etc/resolv.conf | |
/etc/security/audit/config | |
/etc/security/ldap/ldap.cfg | |
/etc/security/login.cfg | |
/etc/security/passwd | |
/etc/shells | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/etc/syslog.conf | |
/usr/lib/smb.conf | |
??AT_SPOOL_DIR?? | Directory |
??LDAP_SSL_KEY_DIR?? | |
??LOOP_ATTR_FOR_COMPLIANCE_STR?? | |
??VAR_DIRECTORY_PATH_VALUE?? | |
??VAR_FILESYSTEM_DIR?? | |
??VAR_KERNEL_CORE_DUMP_DATA_DIR?? | |
??VAR_LDAP_PATH?? | |
/etc | |
/etc/news | |
/etc/security/ldap/ldap.cfg | |
/etc/xinetd.d | |
/usr/lib/netsvc/yp | |
/usr/lib/nis | |
/var/nis | |
/var/spool/cron/atjobs | |
/var/spool/cron/crontabs | |
/var/yp | |
All network services daemon files must have mode 0755 or less permissive | Extended Object |
Running Processes | |
The etc shells (or equivalent) file must exist | |
Unix Services | |
V-1010_1 | |
V-1010_2 | |
V-11985 | |
V-11986 | |
V-11988 | |
V-11990 | |
V-11995 | |
V-12004 | |
V-12049 | |
V-22310-1 | |
V-22310-2 | |
V-22311 | |
V-22312 | |
V-22314 | |
V-22315 | |
V-22316 | |
V-22317 | |
V-22351 | |
V-22353 | |
V-22354 | |
V-22355 | |
V-22359_1 | |
V-22359_2 | |
V-22360 | |
V-22361 | |
V-22362 | |
V-22363_1 | |
V-22363_2 | |
V-22364 | |
V-22440 | |
V-22441 | |
V-22442 | |
V-22450 | |
V-22458 | |
V-22459 | |
V-22702 | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-24357 | |
V-4087 | |
V-4366 | |
V-4384 | |
V-4385 | |
V-4387 | |
V-4395 | |
V-4428_1 | |
V-4428_2 | |
V-4690 | |
V-4691-1 | |
V-4691-2 | |
V-4692 | |
V-4693 | |
V-761 | |
V-762 | |
V-765 | |
V-776 | |
V-777 | |
V-780 | |
V-781 | |
V-784 | |
V-785 | |
V-787 | |
V-792 | |
V-793 | |
V-794 | |
V-795 | |
V-796 | |
V-801 | |
V-802 | |
V-806 | |
V-807 | |
V-808-1 | |
V-808-2 | |
V-833 | |
V-834 | |
V-836 | |
V-837 | |
V-838 | |
V-841 | |
V-845 | |
V-846 | |
V-901 | |
V-902 | |
V-903 | |
V-904 | |
V-905 | |
V-906 | |
V-907 | |
V-910 | |
V-913 | |
V-914 | |
V-915 | |
V-924 | |
V-925 | |
V-941_1 | |
V-941_2 | |
V-982 | |
V-986 | |
V-995 | |
??BANNER_FILE_FTP?? | File |
??HOST_LPD_FILE_PATH?? | |
??HOSTS_NNTP_FILE?? | |
??HOSTS_NNTP_NOLIMIT_FILE?? | |
??LDAP_PATH??/ldap.cfg | |
??LOOP_ATTR_FOR_COMPLIANCE_STR?? | |
??MAIL_ALIAS_CONF_FILE?? | |
??NNRP_ACCESS_FILE?? | |
??PASSWD_NNTP_FILE?? | |
??SAMBA_CONF_FILE?? | |
??SENDMAIL_CONF_FILE?? | |
??SNMPD_CONF_FILE?? | |
??SNMPDV3_CONF_FILE?? | |
??TRACEROUTE_FILE_PATH?? | |
??VAR_FILE_PATH_VALUE?? | |
??VAR_LDAP_PATH?? | |
??VAR_USER_HOME_DIR??/.Xauthority | |
??VAR_USER_HOME_DIR??.Xauthority | |
/.Xauthority | |
/dev/??LOOP_ATTR_FOR_COMPLIANCE_STR?? | |
/etc/.login | |
/etc/bashrc | |
/etc/csh.cshrc | |
/etc/csh.login | |
/etc/environment | |
/etc/exports | |
/etc/filesystems | |
/etc/ftpaccess.ctl | |
/etc/ftpusers | |
/etc/group | |
/etc/hosts | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inetd.conf | |
/etc/netsvc.conf | |
/etc/nsswitch.conf | |
/etc/ntp.conf | |
/etc/passwd | |
/etc/profile | |
/etc/resolv.conf | |
/etc/securetcpip | |
/etc/security/.profile | |
/etc/security/audit/config | |
/etc/security/audit/streamcmds | |
/etc/security/environ | |
/etc/security/ldap/ldap.cfg | |
/etc/security/login.cfg | |
/etc/security/mkuser.sys | |
/etc/security/passwd | |
/etc/security/user | |
/etc/services | |
/etc/syslog.conf | |
/etc/tftpaccess.ctl | |
/etc/xinetd.conf | |
/usr/bin/traceroute | |
/usr/lib/smb.conf | |
/usr/sbin/snmpd | |
/usr/sbin/traceroute | |
/var/adm/cron/at.allow | |
/var/adm/cron/at.deny | |
/var/adm/cron/cron.allow | |
/var/adm/cron/cron.deny | |
/var/adm/cron/log | |
/var/adm/sulog | |
/var/private/smbpasswd | |
File:??BANNER_FILE?? |
Oracle™ Solaris™ 11 x86
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Solaris 11 x86 .
Asset/Part Used
Part name | Part type |
|---|---|
/usr/lib/sendmail -bv audit_warn | Command |
\[ -d ??VAR_COREADM_GLOB_PATTERN?? \] && echo 'Directory' || echo 'Not a Directory' | |
auditconfig -getplugin audit_binfile | egrep p_dir | tr ';' '\n' | egrep 'p_dir' | cut -d'=' -f2 | |
awk -F: '$4 >= 1 {print $1}' /etc/shadow | |
cat /etc/passwd | egrep -v '^$|^ *#' | awk -F: '$3 <= 99 {print $1}' | |
cat /etc/system | tr '\t' ' ' | grep -v '^ *#' | egrep '^set noexec_user_stack=1$' | wc -l |sed 's/ //g' | |
Command:dirname ??VAR_KERNEL_CORE_DUMP_DATA_DIR_LINK?? | |
Command:dumpadm | grep directory | awk -F':' '{print $2}' | |
Command:ls -ld ??VAR_KERNEL_CORE_DUMP_DATA_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
coreadm | egrep 'global core file pattern' |awk -F':' '{print $2}'|tr -s ' ' | |
coreadm | grep enabled|wc -l | |
cryptoadm list fips-140| egrep 'is disabled'|wc -l | |
df ??VAR_AUDIT_DIR_VALUE?? | cut -d '(' -f2 | cut -d')' -f1 | tr -d ' ' | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dirname ??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK?? | |
dumpadm | grep 'Savecore enabled' | cut -d':' -f2 | sed 's/ //g' | |
dumpadm | grep directory | awk -F':' '{print $2}' | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | cut -d':' -f2 | |
egrep '^ *auth|^ *account' /etc/pam.d/gdm-autologin | |
egrep maxpoll ??NTP_CONF_FILE?? |tr -s ' ' | sed 's/\(.*\)\(maxpoll\)\(.*\)/\2\3/g' | cut -d ' ' -f2 | |
egrep -v '^$|^ *#' ??DICT_WORD_LIST?? | wc -l | |
egrep -v '^ *#' ??NTP_CONF_FILE?? | grep server | egrep -v '??AUTHORIZED_SERVERS_LIST??|(^$)' | wc -l | |
expr ??VAR_LINE2_NUM?? - ??VAR_LINE1_NUM?? | |
getent group |grep -v '^ *#' | awk -F: '{print $1}' |sort| uniq -d| wc -l | |
getent group|grep -v '^ *#' |cut -f3 -d':'|sort -n|uniq -c| awk -F' ' '$1 > 1 {print}'| wc -l | |
getent passwd |grep -v '^ *#' | awk -F: '{print $1}' |sort| uniq -d| wc -l | |
grep ^mesg /etc/.login | cut -d' ' -f2 | |
grep ^mesg /etc/profile | cut -d' ' -f2 | |
grep 'DisplayConnect' /etc/proftpd.conf | tr '\t' ' ' | grep '^ *DisplayConnect */etc/issue *$' | wc -l | |
grep 'pam_rhosts_auth.so.1' ??VAR_FILE_PATH_VALUE?? | grep -v '^ *#' | |
grep 'pam_rhosts_auth.so.1' /etc/pam.conf | grep -v '^ *#' | |
grep 'roles=root' /etc/user_attr | wc -l | |
grep audit.notice /etc/rsyslog.conf | egrep -v '@??AUTHORIZED_REMOTE_SYSTEM??' | wc -l | |
grep audit.notice /etc/syslog.conf | egrep -v '@??AUTHORIZED_REMOTE_SYSTEM??' | wc -l | |
grep -i '^*lock:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lock:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -n '^ */usr/bin/zenity *--text-info *--width=800 *--height=300 ' /etc/gdm/Init/Default | cut -d':' -f1 | |
grep -n '^ *\-\-title=' /etc/gdm/Init/Default | grep 'Security Message' | grep ' \-\-filename=/etc/issue *$' | cut -d':' -f1 | |
grep -w password_pbkdf2 ??GRUB_MENU_CONFIG_FILE?? | grep -v '^ *#' | |
grep -w superusers ??GRUB_MENU_CONFIG_FILE?? | grep -v '^ *#' | |
inetadm | awk '{print $3}' | grep -v FMRI | cut -d ':' -f2 | |
inetadm -l ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | grep -c tcp_wrappers=TRUE | |
inetadm -p | grep tcp_wrappers | cut -d '=' -f2 | |
inetadm -p | grep tcp_wrappers | cut -d= -f2 | |
ipadm show-prop -p _conn_req_max_q0 -co current tcp | |
ipadm show-prop -p _forward_directed_broadcasts -co current ip | |
ipadm show-prop -p _ignore_redirect -co current ipv4 | |
ipadm show-prop -p _ignore_redirect -co current ipv6 | |
ipadm show-prop -p _respond_to_address_mask_broadcast -co current ip | |
ipadm show-prop -p _respond_to_echo_broadcast -co current ip | |
ipadm show-prop -p _respond_to_echo_multicast -co current ipv4 | |
ipadm show-prop -p _respond_to_echo_multicast -co current ipv6 | |
ipadm show-prop -p _respond_to_timestamp_broadcast -co current ip | |
ipadm show-prop -p _respond_to_timestamp -co current ip | |
ipadm show-prop -p _rev_src_routes -co current tcp | |
ipadm show-prop -p _send_redirects -co current ipv4 | |
ipadm show-prop -p _send_redirects -co current ipv6 | |
ipadm show-prop -p _strict_dst_multihoming -co current ipv4 | |
ipadm show-prop -p _strict_dst_multihoming -co current ipv6 | |
logins -d | |
logins -ox | egrep :PS: | cut -d ':' -f6 | |
logins -po | |
logins -xo | cut -d':' -f1,3 | |
ls -l ??DICT_DATABASE_DIR?? | egrep -v total | wc -l | |
ls -ld ??VAR_AUDIT_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
ls -ld ??VAR_LOCAL_AUDIT_TRAIL_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
ntpq -p | awk '($6 > 86400) {print $1 $6}' | grep -v remotepoll | |
pfexec auditconfig -getcond | |
pfexec auditconfig -getcond | cut -d= -f2 | cut -d ' ' -f2 | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep as | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fa | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fd | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fm | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep lo | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep ps | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep as | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fa | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fd | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fm | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep lo | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep ps | wc -l | |
pfexec auditconfig -getplugin | egrep ';p_fsize=4M($|B|;)' | |
pfexec auditconfig -getplugin | grep audit_syslog | grep inactive | wc -l | |
pfexec auditconfig -getplugin audit_binfile | grep Attributes | egrep 'p_minfree=2(;|$)' | wc -l | |
pfexec auditconfig -getpolicy | egrep -c '(all|ahlt)' | |
pfexec auditconfig -getpolicy | grep active | grep argv | wc -l | |
pfexec auditconfig -getpolicy | grep active | grep perzone | |
pfexec auditconfig -getpolicy | grep active | grep zonename | |
pkg list | grep uucp | wc -l | |
pkg list communication/im/pidgin | |
pkg list service/network/finger | |
pkg list service/network/ftp | |
pkg list service/network/ftp 2>/dev/null | grep -v NAME | |
pkg list service/network/legacy-remote-utilities | |
pkg list service/network/nis | |
pkg list x11/server/xvnc | |
pkg property | grep signature-policy | |
pkg verify system/zones | wc -l | |
profiles -l ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | grep '^RestrictOutbound$' | |
profiles -p RestrictOutbound info | grep 'limitpriv' | cut -d '=' -f2 | tr -s ',' '\n' | |
routeadm -p | egrep 'routing |forwarding' | egrep 'persistent=enabled |current=enabled' | |
svcprop -p config/local_only network/rpc/bind | |
svcprop -p options/tcp_listen svc:/application/x11/x11-server | |
svcs -Ho state ntp | |
svcs -Ho state svc:/network/ipsec/policy:default | |
svcs -Ho state svc:/network/rpc/gss | |
svcs -Ho state svc:/system/console-login:terma | |
svcs -Ho state svc:/system/console-login:termb | |
sxadm info -p | grep enabled|wc -l | |
userattr audit_flags ??USERNAME?? | |
userattr lock_after_retries ??VAR_PASSWD_USER_LIST?? | |
userattr type root | |
zfs get compression ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep off | wc -l | |
zfs get quota ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep none | wc -l | |
zfs get reservation ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep none | wc -l | |
zoneadm list -vi | grep -v global | grep -v ID | awk '{print $2}' | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info |grep dev | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info |grep limitpriv | |
zonename | |
/etc/default/keyserv | Configuration File |
/etc/default/login | |
/etc/default/passwd | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/passwd | |
/etc/proftpd.conf | |
/etc/security/policy.conf | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/system | |
/etc/vfstab | |
??DICT_DATABASE_DIR?? | Directory |
??VAR_COREADM_GLOB_PATTERN?? | |
??VAR_DIRECTORY_PATH_VALUE?? | |
??VAR_HOME_DIR_STRING_LIST?? | |
??VAR_KERNEL_CORE_DUMP_DATA_DIR_LINK?? | |
??VAR_KERNEL_CORE_DUMP_DATA_DIR?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR?? | |
??VAR_NON_GLOBAL_ZONES_LIST?? | |
/etc/pam.d | |
/var/adm | |
Temporary accounts must be provisioned with an expiration date | Extended Object |
V-47995 | |
V-48037 | |
V-48039-1 | |
V-48039-2 | |
V-48063 | |
V-48097 All interactive users home directories must be owned by their respective users | |
V-48123 | |
V-48129 | |
V-48133 | |
V-48137 | |
V-841 | |
??DICT_WORD_LIST?? | File |
??NTP_CONF_FILE?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK??//** | |
/etc/.login | |
/etc/cron.d/at.allow | |
/etc/cron.d/at.deny | |
/etc/cron.d/cron.allow | |
/etc/cron.d/cron.deny | |
/etc/default/login | |
/etc/default/passwd | |
/etc/gdm/Init/Default | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/issue | |
/etc/motd | |
/etc/pam.conf | |
/etc/passwd | |
/etc/profile | |
/etc/proftpd.conf | |
/etc/rsyslog.conf | |
/etc/security/policy.conf | |
/etc/ssh/sshd_config | |
/etc/syslog.conf | |
/etc/system | |
/var/adm/messages | |
SUNWtftp | Solaris Package |
SUNWtnetd | |
SUNWtnetr |
Oracle™ Solaris™ 11 SPARC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Solaris 11 SPARC .
Asset/Part Used
Part name | Part type |
|---|---|
/usr/lib/sendmail -bv audit_warn | Command |
\[ -d ??VAR_COREADM_GLOB_PATTERN?? \] && echo 'Directory' || echo 'Not a Directory' | |
auditconfig -getplugin audit_binfile | egrep p_dir | sed 's/\(.*\)p_dir=\(.*\)\;.*/\2/g' | cut -d';' -f1 | |
auditconfig -getplugin audit_binfile | egrep p_dir | tr ';' '\n' | egrep 'p_dir' | cut -d'=' -f2 | |
awk -F: '$4 >= 1 {print $1}' /etc/shadow | |
cat /etc/passwd | egrep -v '^$|^ *#' | awk -F: '$3 <= 99 {print $1}' | |
cat /etc/system | tr '\t' ' ' | grep -v '^ *#' | egrep '^set noexec_user_stack=1$' | wc -l |sed 's/ //g' | |
Command:dirname ??VAR_KERNEL_CORE_DUMP_DATA_DIR_LINK?? | |
Command:dumpadm | grep directory | awk -F':' '{print $2}' | |
Command:ls -ld ??VAR_KERNEL_CORE_DUMP_DATA_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
coreadm | egrep 'global core file pattern' |awk -F':' '{print $2}'|tr -s ' ' | |
coreadm | grep enabled|wc -l | |
cryptoadm list fips-140| egrep 'is disabled'|wc -l | |
df ??VAR_AUDIT_DIR_VALUE?? | cut -d '(' -f2 | cut -d')' -f1 | tr -d ' ' | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dirname ??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK?? | |
dumpadm | grep 'Savecore enabled' | cut -d':' -f2 | sed 's/ //g' | |
dumpadm | grep directory | awk -F':' '{print $2}' | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | cut -d':' -f2 | |
eeprom | grep security-mode | |
egrep '^ *auth|^ *account' /etc/pam.d/gdm-autologin | |
egrep maxpoll ??NTP_CONF_FILE?? |tr -s ' ' | sed 's/\(.*\)\(maxpoll\)\(.*\)/\2\3/g' | cut -d ' ' -f2 | |
egrep -v '^$|^ *#' ??DICT_WORD_LIST?? | wc -l | |
egrep -v '^ *#' ??NTP_CONF_FILE?? | grep server | egrep -v '??AUTHORIZED_SERVERS_LIST??|(^$)' | wc -l | |
expr ??VAR_LINE2_NUM?? - ??VAR_LINE1_NUM?? | |
getent group |grep -v '^ *#' | awk -F: '{print $1}' |sort| uniq -d| wc -l | |
getent group|grep -v '^ *#' |cut -f3 -d':'|sort -n|uniq -c| awk -F' ' '$1 > 1 {print}'| wc -l | |
getent passwd |grep -v '^ *#' | awk -F: '{print $1}' |sort| uniq -d| wc -l | |
grep ^mesg /etc/.login | cut -d' ' -f2 | |
grep ^mesg /etc/profile | cut -d' ' -f2 | |
grep 'DisplayConnect' /etc/proftpd.conf | tr '\t' ' ' | grep '^ *DisplayConnect */etc/issue *$' | wc -l | |
grep 'pam_rhosts_auth.so.1' ??VAR_FILE_PATH_VALUE?? | grep -v '^ *#' | |
grep 'pam_rhosts_auth.so.1' /etc/pam.conf | grep -v '^ *#' | |
grep 'roles=root' /etc/user_attr | wc -l | |
grep audit.notice /etc/rsyslog.conf | egrep -v '@??AUTHORIZED_REMOTE_SYSTEM??' | wc -l | |
grep audit.notice /etc/syslog.conf | egrep -v '@??AUTHORIZED_REMOTE_SYSTEM??' | wc -l | |
grep -i '^*lock:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lock:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*lockTimeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f3 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^*timeout:' /usr/share/X11/app-defaults/XScreenSaver | cut -d: -f4 | tr '\t' ' ' | sed 's/ //g' | |
grep -n '^ */usr/bin/zenity *--text-info *--width=800 *--height=300 ' /etc/gdm/Init/Default | cut -d':' -f1 | |
grep -n '^ *\-\-title=' /etc/gdm/Init/Default | grep 'Security Message' | grep ' \-\-filename=/etc/issue *$' | cut -d':' -f1 | |
grep -w password_pbkdf2 ??GRUB_MENU_CONFIG_FILE?? | grep -v '^ *#' | |
grep -w superusers ??GRUB_MENU_CONFIG_FILE?? | grep -v '^ *#' | |
inetadm | awk '{print $3}' | grep -v FMRI | cut -d ':' -f2 | |
inetadm -l ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | grep -c tcp_wrappers=TRUE | |
inetadm -p | grep tcp_wrappers | cut -d '=' -f2 | |
inetadm -p | grep tcp_wrappers | cut -d= -f2 | |
ipadm show-prop -p _conn_req_max_q0 -co current tcp | |
ipadm show-prop -p _forward_directed_broadcasts -co current ip | |
ipadm show-prop -p _ignore_redirect -co current ipv4 | |
ipadm show-prop -p _ignore_redirect -co current ipv6 | |
ipadm show-prop -p _respond_to_address_mask_broadcast -co current ip | |
ipadm show-prop -p _respond_to_echo_broadcast -co current ip | |
ipadm show-prop -p _respond_to_echo_multicast -co current ipv4 | |
ipadm show-prop -p _respond_to_echo_multicast -co current ipv6 | |
ipadm show-prop -p _respond_to_timestamp_broadcast -co current ip | |
ipadm show-prop -p _respond_to_timestamp -co current ip | |
ipadm show-prop -p _rev_src_routes -co current tcp | |
ipadm show-prop -p _send_redirects -co current ipv4 | |
ipadm show-prop -p _send_redirects -co current ipv6 | |
ipadm show-prop -p _strict_dst_multihoming -co current ipv4 | |
ipadm show-prop -p _strict_dst_multihoming -co current ipv6 | |
ipadm show-prop -p send_redirects -co current ipv4 | |
ipadm show-prop -p send_redirects -co current ipv6 | |
logins -d | |
logins -ox | egrep :PS: | cut -d ':' -f6 | |
logins -po | |
logins -xo | cut -d':' -f1,3 | |
ls -l ??DICT_DATABASE_DIR?? | egrep -v total | wc -l | |
ls -ld ??VAR_AUDIT_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
ls -ld ??VAR_LOCAL_AUDIT_TRAIL_DIR?? | awk -F'>' '{print $2}' | tr -d '.' | |
ntpq -p | awk '($6 > 86400) {print $1 $6}' | grep -v remotepoll | |
pfexec auditconfig -getcond | |
pfexec auditconfig -getcond | cut -d= -f2 | cut -d ' ' -f2 | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep as | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fa | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fd | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep fm | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep lo | wc -l | |
pfexec auditconfig -getflags | grep active | sed 's/active user default audit flags =//' | cut -d' ' -f2 | grep ps | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep as | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fa | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fd | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep fm | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep lo | wc -l | |
pfexec auditconfig -getnaflags | grep active | sed 's/active non-attributable audit flags =//' | cut -d' ' -f2 | grep ps | wc -l | |
pfexec auditconfig -getplugin | egrep ';p_fsize=4M($|B|;)' | |
pfexec auditconfig -getplugin | grep audit_syslog | grep inactive | wc -l | |
pfexec auditconfig -getplugin audit_binfile | grep Attributes | egrep 'p_minfree=2(;|$)' | wc -l | |
pfexec auditconfig -getpolicy | egrep -c '(all|ahlt)' | |
pfexec auditconfig -getpolicy | grep active | grep argv | wc -l | |
pfexec auditconfig -getpolicy | grep active | grep perzone | |
pfexec auditconfig -getpolicy | grep active | grep zonename | |
pkg list | grep uucp | wc -l | |
pkg list communication/im/pidgin | |
pkg list service/network/finger | |
pkg list service/network/ftp | |
pkg list service/network/ftp 2>/dev/null | grep -v NAME | |
pkg list service/network/legacy-remote-utilities | |
pkg list service/network/nis | |
pkg list x11/server/xvnc | |
pkg property | grep signature-policy | |
pkg verify system/zones | wc -l | |
profiles -l ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | grep '^RestrictOutbound$' | |
profiles -p RestrictOutbound info | grep 'limitpriv' | cut -d '=' -f2 | tr -s ',' '\n' | |
routeadm -p | egrep 'routing |forwarding' | egrep 'persistent=enabled |current=enabled' | |
svcprop -p config/local_only network/rpc/bind | |
svcprop -p options/tcp_listen svc:/application/x11/x11-server | |
svcs -Ho state ntp | |
svcs -Ho state svc:/network/ipsec/policy:default | |
svcs -Ho state svc:/network/rpc/gss | |
svcs -Ho state svc:/system/console-login:terma | |
svcs -Ho state svc:/system/console-login:termb | |
sxadm info -p | grep enabled|wc -l | |
userattr audit_flags ??USERNAME?? | |
userattr lock_after_retries ??VAR_PASSWD_USER_LIST?? | |
userattr type root | |
zfs get compression ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep off | wc -l | |
zfs get quota ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep none | wc -l | |
zfs get reservation ??VAR_AUDIT_DIR_VALUE?? |awk '{print $3}' |egrep -vi 'value' | grep none | wc -l | |
zoneadm list -vi | grep -v global | grep -v ID | awk '{print $2}' | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info |grep dev | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info |grep limitpriv | |
zonename | |
/etc/default/keyserv | Configuration File |
/etc/default/login | |
/etc/default/passwd | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/passwd | |
/etc/proftpd.conf | |
/etc/security/policy.conf | |
/etc/shadow | |
/etc/ssh/sshd_config | |
/etc/system | |
/etc/vfstab | |
??DICT_DATABASE_DIR?? | Directory |
??VAR_COREADM_GLOB_PATTERN?? | |
??VAR_DIRECTORY_PATH_VALUE?? | |
??VAR_HOME_DIR_STRING_LIST?? | |
??VAR_KERNEL_CORE_DUMP_DATA_DIR_LINK?? | |
??VAR_KERNEL_CORE_DUMP_DATA_DIR?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR?? | |
??VAR_NON_GLOBAL_ZONES_LIST?? | |
/etc/pam.d | |
/var/adm | |
Temporary accounts must be provisioned with an expiration date | Extended Object |
V-47995 | |
V-48037 | |
V-48039-1 | |
V-48039-2 | |
V-48063 | |
V-48097 All interactive users home directories must be owned by their respective users | |
V-48123 | |
V-48129 | |
V-48133 | |
V-48137 | |
V-841 | |
??DICT_WORD_LIST?? | File |
??NTP_CONF_FILE?? | |
??VAR_LOCAL_AUDIT_TRAIL_DIR_LINK??//** | |
/etc/.login | |
/etc/cron.d/at.allow | |
/etc/cron.d/at.deny | |
/etc/cron.d/cron.allow | |
/etc/cron.d/cron.deny | |
/etc/default/login | |
/etc/default/passwd | |
/etc/gdm/Init/Default | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/issue | |
/etc/motd | |
/etc/pam.conf | |
/etc/passwd | |
/etc/profile | |
/etc/proftpd.conf | |
/etc/rsyslog.conf | |
/etc/security/policy.conf | |
/etc/ssh/sshd_config | |
/etc/syslog.conf | |
/etc/system | |
/var/adm/messages | |
SUNWtftp | Solaris Package |
SUNWtnetd | |
SUNWtnetr |
Oracle™ Solaris™ 10 x86
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Solari 10 x86 .
Asset/Part Used
Part name | Part type |
|---|---|
Command:zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info| grep device | Command |
\[ -d ??VAR_COREADM_GLOB_PATTERN?? \] && echo 'Directory' || echo 'Not a Directory' | |
arp -a |awk -n '$4 ~/P/ {print $4}' | |
cat ??NTP_CONF?? | grep -v '^ *#' | grep '^server' | egrep -v '127.127.1.1|127.127.1.0' | egrep '??VAR_NTP_ENCLAVE_VALUES??' | wc -l | |
cat /etc/passwd | grep -v '^$' | cut -d: -f1 | uniq -c | tr -s ' ' | awk '$1 > 1 {print $2}' | wc -l | |
cat /etc/syslog.conf | egrep -v '^ *#' | egrep '@' | cut -d'@' -f2 | cut -d')' -f1 | egrep -v 'loghost' | |
cat /etc/syslog.conf | egrep -v '^ *#' | egrep '@' | cut -d'@' -f2 | cut -d')' -f1 | egrep -v 'loghost' | wc -l | |
cat /etc/system | grep -v '^ *\*' | grep -v '^ *#' | tr '\t' ' ' | grep 'coredumpsize' | cut -d= -f2 | sed 's/ //g' | |
cat /etc/system | tr '\t' ' ' | grep -v '^ *#' | grep 'noexec_user_stack' | cut -d= -f2 | sed 's/ //g' | |
cat /usr/aset/masters/uid_aliases | tr '\t' ' ' | egrep -v '^ *#' | egrep -v '^$' | wc -l | |
coreadm | grep 'global core file pattern' | cut -d':' -f2 | sed 's/ //g' | |
coreadm | grep enabled | |
crontab -l|egrep -v '^ *#'|grep aset | |
crontab -l | egrep -v ' *#' | grep 'aset' | wc -l | |
crontab -l | grep ntpdate | grep -v '^ *#' | cut -d ' ' -f 3-5 | egrep '\* \* \*' | wc -l | |
crontab -l | grep -v '^ *#' | grep ntpdate | egrep '??VAR_NTP_ENCLAVE_VALUES??' | wc -l | |
df ??VAR_ROOT_LOGIN_SHELL_VALUE??|cut -d' ' -f1 | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dumpadm | grep 'Savecore directory' | cut -d':' -f2 | sed 's/ //g' | |
dumpadm | grep 'Savecore enabled' | cut -d':' -f2 | sed 's/ //g' | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | xargs inetadm -l |grep 'tcp_trace' | cut -d'=' -f2 | |
echo ??VAR_TIMEOUT_VALUE?? | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??' | |
echo '??NON_APPROVED_DEVICE_FILESYSTEMS??' | tr ',' '\n' | |
echo '??NTP_ENCLAVE??' | sed -e 's%,%|%g' -e 's% %%g' | |
echo '??VAR_AUDIT_CONFIGURATION_VALUE??' | cut -d'^' -f2- | |
echo '??VAR_AUDIT_CONFIGURATION_VALUE??' | tr ',' '\n' | |
egrep '^root:' /etc/user_attr | grep 'type=role' | wc -l | |
egrep 'COREADM_.*_ENABLED' /etc/coreadm.conf | grep '=yes' | |
egrep -v '^ *#' /etc/pam.conf| tr '\t' ' ' | egrep 'rhosts_auth' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opgoaway' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opgoaway' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opnovrfy' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions' | cut -d'=' -f2 | tr ',' '\n'|egrep -vi 'noetrn' | egrep -vi 'noexpn' | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions' | cut -d'=' -f2 | tr ',' '\n'|egrep -vi 'noetrn' | egrep -vi 'novrfy' | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions'|wc -l | |
egrep -v '^ *#' '??SSH_CONFIG_FILE??' | egrep -i 'ciphers' | cut -d' ' -f2 |tr ',' '\n' | |
egrep -v '^ *#' '??SSH_CONFIG_FILE??' | egrep -i 'ciphers' |wc -l | |
egrep -v '^ *#' '??SSHD_CONFIG_FILE??' | egrep -i 'ciphers' | cut -d' ' -f2 |tr ',' '\n' | |
egrep -v '^ *#' '??SSHD_CONFIG_FILE??' | egrep -i 'ciphers' |wc -l | |
exportfs -v | egrep 'anon=' | wc -l | |
exportfs -v | egrep 'anon=(-1|6(000(1|2)|553(4|5)))\[^0-9\]' | wc -l | |
exportfs -v | grep 'root=' | |
exportfs -v | grep 'sec=??NFS_AUTH_MODE??' | |
expr ??VAR_EXPORTS_NON_PRIVILEGED_ANON_ENTRY_COUNT?? + 1 | |
grep '^ *TASKS' /usr/aset/asetenv | egrep -v '^ *#' | grep firewall | |
grep -i '^ *dtsession' ??VAR_FILE_PATH_VALUE??/sys.resources | egrep -i 'saverList' | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *dtsession' ??VAR_FILE_PATH_VALUE??/sys.resources | egrep -i 'saverTimeout' | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -v '^ *#' /etc/default/cron | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'CRONLOG=YES' | wc -l | |
grep -v '^ *#' /etc/system | grep -v '^ *\*' | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'exclude:rds' | wc -l | |
grep -v '^ *#' /etc/system | grep -v '^ *\*' | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'exclude:tipc' | wc -l | |
ifconfig -a | grep 'ip.*tun' | |
ifconfig -a6 | |
inetadm | grep enabled | awk '{print $NF}' | |
inetadm -l swat | grep tcp_wrappers |cut -d '=' -f2 | |
inetadm -p |grep tcp_trace |cut -d '=' -f2 | |
last root |grep -v reboot|grep -v console | |
logins -p| wc -l | |
ls /etc/dhcp.* | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS/ | |
mount -v | awk -F' ' '{print $3}' | grep '??FILE_SYSTEM_HOME_PARTITION??' | grep -v '??FILE_SYSTEM_HOME_PARTITION??/' | wc -l | |
mount -v | grep ' type nfs ' | grep -v nosetuid | |
ndd /dev/ip6 ip6_forward_src_routed | |
ndd /dev/ip6 ip6_forwarding | |
ndd /dev/ip6 ip6_ignore_redirect | |
ndd /dev/ip6 ip6_send_redirects | |
ndd /dev/ip ip_forward_src_routed | |
ndd /dev/ip ip_respond_to_echo_broadcast | |
ndd /dev/ip ip_respond_to_timestamp | |
ndd /dev/ip ip_send_redirects | |
ndd /dev/ip ip6_respond_to_echo_multicast | |
ndd /dev/tcp tcp_conn_req_max_q | |
ndd /dev/tcp tcp_conn_req_max_q0 | |
ndd /dev/tcp tcp_rev_src_routes | |
ndd -get /dev/ip ip_ignore_redirect | |
niscat cred.org_dir | awk -F':' '{print $2}' | |
pkginfo | grep SUNWrds | |
pkginfo | grep SUNWtipc | |
rpcinfo -p | grep yp | grep udp | |
share | grep log= | wc -l | |
share | wc -l | |
svcprop -p defaults inetd | grep tcp_wrappers | |
svcprop system-log | grep log_from_remote| grep false| wc -l | |
svcs | grep ssh | cut -d ' ' -f1 | |
svcs | grep svc:/network/ipv4-forwarding | cut -d' ' -f1 | |
svcs | grep svc:/network/ipv4-forwarding | wc -l | |
svcs -a | egrep tftp | cut -d' ' -f1 | |
svcs -a | egrep tftp | wc -l | |
svcs network/ipfilter | grep online | wc -l | |
svcs swat | grep -v '^STATE' | tail -1 | cut -d' ' -f1 | |
which exportfs | |
which mount | |
zfs get setuid | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info| grep limitpriv | |
/boot/grub/menu.lst | Configuration File |
/etc/coreadm.conf | |
/etc/default/inetinit | |
/etc/default/login | |
/etc/default/nfs | |
/etc/default/passwd | |
/etc/dfs/sharetab | |
/etc/dumpadm.conf | |
/etc/ftpd/ftpaccess | |
/etc/group | |
/etc/grub.conf | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inet/inetd.conf | |
/etc/inetd.conf | |
/etc/nfssec.conf | |
/etc/nsswitch.conf | |
/etc/pam.conf | |
/etc/passwd | |
/etc/rmmount.conf | |
/etc/security/audit_control | |
/etc/security/audit_user | |
/etc/security/crypt.conf | |
/etc/security/policy.conf | |
/etc/sfw/smb.conf | |
/etc/shadow | |
/etc/shells | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/etc/system | |
/etc/user_attr | |
/etc/vfstab | |
/usr/aset/asetenv | |
/usr/aset/masters/uid_aliases | |
/var/sadm/install/admin/default | |
/var/spool/cron/crontabs/root | |
/ | Directory |
/bin | |
/etc | |
/etc/dt/config | |
/etc/dt/config/ | |
/etc/news | |
/etc/skel | |
/etc/sma/snmp | |
/etc/snmp/conf | |
/etc/ssh | |
/etc/zones | |
/lib | |
/sbin | |
/usr/bin | |
/usr/lib | |
/usr/lib/netsvc/yp | |
/usr/sbin | |
/usr/sfw/lib | |
/usr/sfw/lib/sma_snmp | |
/usr/sfw/man | |
/usr/sfw/share/man | |
/usr/share/man | |
/var/adm/ | |
/var/ldap | |
/var/sma_snmp | |
/var/spool/cron/atjobs | |
/var/spool/cron/crontabs | |
/var/yp | |
Running Processes | Extended Object |
Unix Services | |
V-1010.1 | |
V-1010.2 | |
V-11990 | |
V-11995 | |
V-12004 | |
V-12032 | |
V-12049 | |
V-22310 | |
V-22311 | |
V-22312 | |
V-22314 | |
V-22350 | |
V-22351 | |
V-22353 | |
V-22354 | |
V-22355 | |
V-22361 | |
V-22362 | |
V-22369 | |
V-22374 | |
V-22440 | |
V-22441 | |
V-22447 | |
V-22458 | |
V-22460 | |
V-22489-Check banner configuration | |
V-22702 | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-4087 | |
V-4384 | |
V-4385 | |
V-4387 | |
V-4428 | |
V-4691 | |
V-4694 | |
V-4702-1 | |
V-4702-2 | |
V-760 | |
V-765 | |
V-776 | |
V-777 | |
V-784 | |
V-785 | |
V-787 | |
V-792 | |
V-793 | |
V-794 | |
V-795 | |
V-796 | |
V-801 | |
V-802 | |
V-806 | |
V-807 | |
V-812 | |
V-813-1 | |
V-813-2 | |
V-827 | |
V-835 | |
V-836-crit | |
V-836-mail | |
V-837 | |
V-838 | |
V-841 | |
V-846 | |
V-901 | |
V-902 All interactive users home directories must be owned by their respective users | |
V-903 | |
V-904 | |
V-905 | |
V-906 | |
V-907 | |
V-910 | |
V-913 | |
V-914 | |
V-915 | |
V-917 | |
V-924 | |
V-925 | |
V-941-auth | |
V-941-mail | |
V-986 | |
??BANNER_FILE_NAMES?? | File |
??BOOTLOADER_PATH?? | |
??HOSTS_FILE?? | |
??NSSWITCH_CONF?? | |
??NTP_CONF?? | |
??RESOLV_CONF?? | |
??VAR_ALIAS_FILE_PATH?? | |
??VAR_FTP_HOME_DIR??/** | |
/boot/grub/grub.conf | |
/dev/audio | |
/etc/.login | |
/etc/apache/httpd-standalone-ipp.conf | |
/etc/bashrc | |
/etc/cron.allow | |
/etc/cron.d/at.allow | |
/etc/cron.d/at.deny | |
/etc/cron.d/cron.allow | |
/etc/cron.d/cron.deny | |
/etc/csh.cshrc | |
/etc/csh.login | |
/etc/default/cron | |
/etc/dfs/dfstab | |
/etc/environment | |
/etc/ftpd/ftpusers | |
/etc/group | |
/etc/grub.conf | |
/etc/hosts | |
/etc/hosts.allow | |
/etc/inet/inetd.conf | |
/etc/issue | |
/etc/mail/aliases | |
/etc/mail/aliases.db | |
/etc/news/hosts.nntp | |
/etc/news/hosts.nntp.nolimit | |
/etc/news/nnrp.access | |
/etc/news/passwd.nntp | |
/etc/nsswitch.conf | |
/etc/passwd | |
/etc/printers.conf | |
/etc/profile | |
/etc/resolv.conf | |
/etc/security/audit_user | |
/etc/security/environ | |
/etc/services | |
/etc/sfw/private/smbpasswd | |
/etc/sfw/smb.conf | |
/etc/shadow | |
/etc/shells | |
/etc/sma/snmp/snmpd.conf | |
/etc/snmp/conf/snmpd.conf | |
/etc/syslog.conf | |
/etc/vsftpd/ftpusers | |
/etc/vsftpd.ftpusers | |
/usr/aset/userlist | |
/usr/openwin/lib/app-defaults/XScreenSaver | |
/usr/sbin/audit | |
/usr/sbin/auditconfig | |
/usr/sbin/auditd | |
/usr/sbin/auditreduce | |
/usr/sbin/bsmrecord | |
/usr/sbin/in.tftpd | |
/usr/sbin/praudit | |
/usr/sbin/rpcbind | |
/usr/sbin/traceroute | |
/usr/sfw/lib/sma_snmp/snmpd.conf | |
/var/cron/log | |
/var/ldap/cert8.db | |
/var/ldap/key3.db | |
/var/ldap/ldap_client_cred | |
/var/ldap/ldap_client_file | |
/var/ldap/secmod.db | |
/var/sma_snmp/snmpd.conf | |
/ | Solaris Package |
SUNWftpr | |
SUNWftpu | |
SUNWrcmdr | |
SUNWusb |
Oracle™ Solaris™ 10 SPARC
Click here to expand...
Rule Category
Following table categorizes the percentage of rules as Native and EO based:
Rule Category | % of rules |
|---|---|
Native based | 70% |
EO based | 30% |
Rule Details
To find details about all rules included in the template, see HTML Definitions for Solaris 10 SPARC .
Asset/Part Used
Part name | Part type |
|---|---|
Command:zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info| grep device | Command |
\[ -d ??VAR_COREADM_GLOB_PATTERN?? \] && echo 'Directory' || echo 'Not a Directory' | |
arp -a |awk -n '$4 ~/P/ {print $4}' | |
cat ??NTP_CONF?? | grep -v '^ *#' | grep '^server' | egrep -v '127.127.1.1|127.127.1.0' | egrep '??VAR_NTP_ENCLAVE_VALUES??' | wc -l | |
cat /etc/passwd | grep -v '^$' | cut -d: -f1 | uniq -c | tr -s ' ' | awk '$1 > 1 {print $2}' | wc -l | |
cat /etc/syslog.conf | egrep -v '^ *#' | egrep '@' | cut -d'@' -f2 | cut -d')' -f1 | egrep -v 'loghost' | |
cat /etc/syslog.conf | egrep -v '^ *#' | egrep '@' | cut -d'@' -f2 | cut -d')' -f1 | egrep -v 'loghost' | wc -l | |
cat /etc/system | grep -v '^ *\*' | grep -v '^ *#' | tr '\t' ' ' | grep 'coredumpsize' | cut -d= -f2 | sed 's/ //g' | |
cat /etc/system | tr '\t' ' ' | grep -v '^ *#' | grep 'noexec_user_stack' | cut -d= -f2 | sed 's/ //g' | |
cat /usr/aset/masters/uid_aliases | tr '\t' ' ' | egrep -v '^ *#' | egrep -v '^$' | wc -l | |
coreadm | grep 'global core file pattern' | cut -d':' -f2 | sed 's/ //g' | |
coreadm | grep enabled | |
crontab -l|egrep -v '^ *#'|grep aset | |
crontab -l | egrep -v ' *#' | grep 'aset' | wc -l | |
crontab -l | grep ntpdate | grep -v '^ *#' | cut -d ' ' -f 3-5 | egrep '\* \* \*' | wc -l | |
crontab -l | grep -v '^ *#' | grep ntpdate | egrep '??VAR_NTP_ENCLAVE_VALUES??' | wc -l | |
df ??VAR_ROOT_LOGIN_SHELL_VALUE??|cut -d' ' -f1 | |
dirname ??VAR_COREADM_GLOB_PATTERN?? | |
dumpadm | grep 'Savecore directory' | cut -d':' -f2 | sed 's/ //g' | |
dumpadm | grep 'Savecore enabled' | cut -d':' -f2 | sed 's/ //g' | |
echo ??LOOP_ATTR_FOR_COMPLIANCE_STR?? | xargs inetadm -l |grep 'tcp_trace' | cut -d'=' -f2 | |
echo ??VAR_TIMEOUT_VALUE?? | |
echo '??LOOP_ATTR_FOR_COMPLIANCE_STR??' | |
echo '??NON_APPROVED_DEVICE_FILESYSTEMS??' | tr ',' '\n' | |
echo '??NTP_ENCLAVE??' | sed -e 's%,%|%g' -e 's% %%g' | |
echo '??VAR_AUDIT_CONFIGURATION_VALUE??' | cut -d'^' -f2- | |
echo '??VAR_AUDIT_CONFIGURATION_VALUE??' | tr ',' '\n' | |
eeprom | grep security-mode | |
egrep '^root:' /etc/user_attr | grep 'type=role' | wc -l | |
egrep 'COREADM_.*_ENABLED' /etc/coreadm.conf | grep '=yes' | |
egrep -v '^ *#' /etc/pam.conf| tr '\t' ' ' | egrep 'rhosts_auth' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opgoaway' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opgoaway' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opnoexpn' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i '^Opnovrfy' | wc -l | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions' | cut -d'=' -f2 | tr ',' '\n'|egrep -vi 'noetrn' | egrep -vi 'noexpn' | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions' | cut -d'=' -f2 | tr ',' '\n'|egrep -vi 'noetrn' | egrep -vi 'novrfy' | |
egrep -v '^ *#' '??SENDMAIL_CONF_FILE??' | egrep -i 'O PrivacyOptions'|wc -l | |
egrep -v '^ *#' '??SSH_CONFIG_FILE??' | egrep -i 'ciphers' | cut -d' ' -f2 |tr ',' '\n' | |
egrep -v '^ *#' '??SSH_CONFIG_FILE??' | egrep -i 'ciphers' |wc -l | |
egrep -v '^ *#' '??SSHD_CONFIG_FILE??' | egrep -i 'ciphers' | cut -d' ' -f2 |tr ',' '\n' | |
egrep -v '^ *#' '??SSHD_CONFIG_FILE??' | egrep -i 'ciphers' |wc -l | |
exportfs -v | egrep 'anon=' | wc -l | |
exportfs -v | egrep 'anon=(-1|6(000(1|2)|553(4|5)))\[^0-9\]' | wc -l | |
exportfs -v | grep 'root=' | |
exportfs -v | grep 'sec=??NFS_AUTH_MODE??' | |
expr ??VAR_EXPORTS_NON_PRIVILEGED_ANON_ENTRY_COUNT?? + 1 | |
grep '^ *TASKS' /usr/aset/asetenv | egrep -v '^ *#' | grep firewall | |
grep -i '^ *\*lock *:' /usr/openwin/lib/app-defaults/XScreenSaver | cut -d: -f2- | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *\*timeout *:' /usr/openwin/lib/app-defaults/XScreenSaver | cut -d: -f2- | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *dtsession' ??VAR_FILE_PATH_VALUE??/sys.resources | egrep -i 'lockTimeout' | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *dtsession' ??VAR_FILE_PATH_VALUE??/sys.resources | egrep -i 'saverList' | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *dtsession' ??VAR_FILE_PATH_VALUE??/sys.resources | egrep -i 'saverTimeout' | cut -d: -f2 | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *lock *:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2- | tr '\t' ' ' | sed 's/ //g' | |
grep -i '^ *timeout *:' ??VAR_FILE_PATH_VALUE?? | cut -d: -f2- | tr '\t' ' ' | sed 's/ //g' | |
grep -v '^ *#' /etc/default/cron | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'CRONLOG=YES' | wc -l | |
grep -v '^ *#' /etc/system | grep -v '^ *\*' | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'exclude:rds' | wc -l | |
grep -v '^ *#' /etc/system | grep -v '^ *\*' | tr '\t' ' ' | sed 's/ //g' | grep -v '^$' | grep 'exclude:tipc' | wc -l | |
ifconfig -a | grep 'ip.*tun' | |
ifconfig -a6 | |
inetadm | grep enabled | awk '{print $NF}' | |
inetadm -l swat | grep tcp_wrappers |cut -d '=' -f2 | |
inetadm -p |grep tcp_trace |cut -d '=' -f2 | |
last root |grep -v reboot|grep -v console | |
logins -p| wc -l | |
ls /etc/dhcp.* | |
mkdir -p ??TARGET.RSCD_DIR??/tmp/preCIS/ | |
mount -v | awk -F' ' '{print $3}' | grep '??FILE_SYSTEM_HOME_PARTITION??' | grep -v '??FILE_SYSTEM_HOME_PARTITION??/' | wc -l | |
mount -v | grep ' type nfs ' | grep -v nosetuid | |
ndd /dev/ip6 ip6_forward_src_routed | |
ndd /dev/ip6 ip6_forwarding | |
ndd /dev/ip6 ip6_ignore_redirect | |
ndd /dev/ip6 ip6_send_redirects | |
ndd /dev/ip ip_forward_src_routed | |
ndd /dev/ip ip_respond_to_echo_broadcast | |
ndd /dev/ip ip_respond_to_timestamp | |
ndd /dev/ip ip_send_redirects | |
ndd /dev/ip ip6_respond_to_echo_multicast | |
ndd /dev/tcp tcp_conn_req_max_q | |
ndd /dev/tcp tcp_conn_req_max_q0 | |
ndd /dev/tcp tcp_rev_src_routes | |
ndd -get /dev/ip ip_ignore_redirect | |
niscat cred.org_dir | awk -F':' '{print $2}' | |
pkginfo | grep SUNWrds | |
pkginfo | grep SUNWtipc | |
rpcinfo -p | grep yp | grep udp | |
share | grep log= | wc -l | |
share | wc -l | |
svcprop -p defaults inetd | grep tcp_wrappers | |
svcprop system-log | grep log_from_remote| grep false| wc -l | |
svcs | grep ssh | cut -d ' ' -f1 | |
svcs | grep svc:/network/ipv4-forwarding | cut -d' ' -f1 | |
svcs | grep svc:/network/ipv4-forwarding | wc -l | |
svcs -a | egrep tftp | cut -d' ' -f1 | |
svcs -a | egrep tftp | wc -l | |
svcs network/ipfilter | grep online | wc -l | |
svcs swat | grep -v '^STATE' | tail -1 | cut -d' ' -f1 | |
which exportfs | |
which mount | |
zfs get setuid | |
zonecfg -z ??LOOP_ATTR_FOR_COMPLIANCE_STR?? info| grep limitpriv | |
/etc/coreadm.conf | Configuration File |
/etc/default/inetinit | |
/etc/default/login | |
/etc/default/nfs | |
/etc/default/passwd | |
/etc/dfs/sharetab | |
/etc/dumpadm.conf | |
/etc/ftpd/ftpaccess | |
/etc/group | |
/etc/hosts.allow | |
/etc/hosts.deny | |
/etc/inet/inetd.conf | |
/etc/inetd.conf | |
/etc/nfssec.conf | |
/etc/nsswitch.conf | |
/etc/pam.conf | |
/etc/passwd | |
/etc/rmmount.conf | |
/etc/security/audit_control | |
/etc/security/audit_user | |
/etc/security/crypt.conf | |
/etc/security/policy.conf | |
/etc/sfw/smb.conf | |
/etc/shadow | |
/etc/shells | |
/etc/ssh/ssh_config | |
/etc/ssh/sshd_config | |
/etc/system | |
/etc/user_attr | |
/etc/vfstab | |
/usr/aset/asetenv | |
/usr/aset/masters/uid_aliases | |
/var/sadm/install/admin/default | |
/var/spool/cron/crontabs/root | |
/ | Directory |
/bin | |
/etc | |
/etc/dt/config | |
/etc/dt/config/ | |
/etc/news | |
/etc/skel | |
/etc/sma/snmp | |
/etc/snmp/conf | |
/etc/ssh | |
/etc/zones | |
/lib | |
/sbin | |
/usr/bin | |
/usr/lib | |
/usr/lib/netsvc/yp | |
/usr/sbin | |
/usr/sfw/lib | |
/usr/sfw/lib/sma_snmp | |
/usr/sfw/man | |
/usr/sfw/share/man | |
/usr/share/man | |
/var/adm/ | |
/var/ldap | |
/var/sma_snmp | |
/var/spool/cron/atjobs | |
/var/spool/cron/crontabs | |
/var/yp | |
Running Processes | Extended Object |
Unix Services | |
V-1010.1 | |
V-1010.2 | |
V-11990 | |
V-11995 | |
V-12004 | |
V-12032 | |
V-12049 | |
V-22310 | |
V-22311 | |
V-22312 | |
V-22314 | |
V-22350 | |
V-22351 | |
V-22353 | |
V-22354 | |
V-22355 | |
V-22361 | |
V-22362 | |
V-22369 | |
V-22374 | |
V-22440 | |
V-22441 | |
V-22447 | |
V-22458 | |
V-22460 | |
V-22489-Check banner configuration | |
V-22702 | |
V-23952: Mail relaying must be restricted-Postfix | |
V-23952: Mail relaying must be restricted-sendmail | |
V-4087 | |
V-4384 | |
V-4385 | |
V-4387 | |
V-4428 | |
V-4691 | |
V-4694 | |
V-4702-1 | |
V-4702-2 | |
V-760 | |
V-765 | |
V-776 | |
V-777 | |
V-784 | |
V-785 | |
V-787 | |
V-792 | |
V-793 | |
V-794 | |
V-795 | |
V-796 | |
V-801 | |
V-802 | |
V-806 | |
V-807 | |
V-812 | |
V-813-1 | |
V-813-2 | |
V-827 | |
V-835 | |
V-836-crit | |
V-836-mail | |
V-837 | |
V-838 | |
V-841 | |
V-846 | |
V-901 | |
V-902 All interactive users home directories must be owned by their respective users | |
V-903 | |
V-904 | |
V-905 | |
V-906 | |
V-907 | |
V-910 | |
V-913 | |
V-914 | |
V-915 | |
V-917 | |
V-924 | |
V-925 | |
V-941-auth | |
V-941-mail | |
V-986 | |
??BANNER_FILE_NAMES?? | File |
??HOSTS_FILE?? | |
??NSSWITCH_CONF?? | |
??NTP_CONF?? | |
??RESOLV_CONF?? | |
??VAR_ALIAS_FILE_PATH?? | |
??VAR_FTP_HOME_DIR??/** | |
/dev/audio | |
/etc/.login | |
/etc/apache/httpd-standalone-ipp.conf | |
/etc/bashrc | |
/etc/cron.allow | |
/etc/cron.d/at.allow | |
/etc/cron.d/at.deny | |
/etc/cron.d/cron.allow | |
/etc/cron.d/cron.deny | |
/etc/csh.cshrc | |
/etc/csh.login | |
/etc/default/cron | |
/etc/dfs/dfstab | |
/etc/environment | |
/etc/ftpd/ftpusers | |
/etc/group | |
/etc/hosts | |
/etc/hosts.allow | |
/etc/inet/inetd.conf | |
/etc/issue | |
/etc/mail/aliases | |
/etc/mail/aliases.db | |
/etc/news/hosts.nntp | |
/etc/news/hosts.nntp.nolimit | |
/etc/news/nnrp.access | |
/etc/news/passwd.nntp | |
/etc/nsswitch.conf | |
/etc/passwd | |
/etc/printers.conf | |
/etc/profile | |
/etc/resolv.conf | |
/etc/security/audit_user | |
/etc/security/environ | |
/etc/services | |
/etc/sfw/private/smbpasswd | |
/etc/sfw/smb.conf | |
/etc/shadow | |
/etc/shells | |
/etc/sma/snmp/snmpd.conf | |
/etc/snmp/conf/snmpd.conf | |
/etc/syslog.conf | |
/etc/vsftpd/ftpusers | |
/etc/vsftpd.ftpusers | |
/usr/aset/userlist | |
/usr/sbin/audit | |
/usr/sbin/auditconfig | |
/usr/sbin/auditd | |
/usr/sbin/auditreduce | |
/usr/sbin/bsmrecord | |
/usr/sbin/in.tftpd | |
/usr/sbin/praudit | |
/usr/sbin/rpcbind | |
/usr/sbin/traceroute | |
/usr/sfw/lib/sma_snmp/snmpd.conf | |
/var/cron/log | |
/var/ldap/cert8.db | |
/var/ldap/key3.db | |
/var/ldap/ldap_client_cred | |
/var/ldap/ldap_client_file | |
/var/ldap/secmod.db | |
/var/sma_snmp/snmpd.conf | |
/ | Solaris Package |
SUNWftpr | |
SUNWftpu | |
SUNWrcmdr | |
SUNWusb |