Detections
Analytics

Revision 1.5

Nov 3, 2023
Functional Update
  • 18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
  • 18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
  • 18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'
  • 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'
  • 18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'
  • 18.3.3 Ensure 'Configure SMB v1 server' is set to 'Disabled'
  • 18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
  • 18.3.5 Ensure 'WDigest Authentication' is set to 'Disabled'
  • 18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' - Disabled
  • 18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' - Enabled
  • 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
  • 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - set for all NETLOGON and SYSVOL shares
  • 18.5.21.1 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'
  • 18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' - Enabled
  • 18.8.22.1.4 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' - Enabled
  • 18.8.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled' - Enabled
  • 18.8.28.4 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' - Disabled
  • 18.8.28.5 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' - Enabled
  • 18.8.28.6 Ensure 'Turn off picture password sign-in' is set to 'Enabled' - Enabled
  • 18.8.28.7 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' - Disabled
  • 18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' - Enabled
  • 18.8.34.6.6 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' - Enabled
  • 18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'
  • 18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'
  • 18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'
  • 18.8.4.1 Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'
  • 18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Disabled
  • 18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Disabled
  • 18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' - Enabled
  • 18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Disabled
  • 18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Disabled
  • 18.9.102.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' - Enabled
  • 18.9.16.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' - Disabled
  • 18.9.31.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' - Disabled
  • 18.9.31.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled' - Disabled
  • 18.9.47.4.1.1 Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled' - Enabled
  • 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'
  • 18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' - Enabled
  • 18.9.66.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' - Enabled
  • 18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'
  • 18.9.91.1 Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' - Disabled
  • 19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'
  • 2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'
  • 2.2.10 Ensure 'Create permanent shared objects' is set to 'No One'
  • 2.2.11 Configure 'Create symbolic links' is set to 'Administrators'
  • 2.2.12 Ensure 'Debug programs' is set to 'Administrators'
  • 2.2.13 Ensure 'Deny access to this computer from the network' to include 'Guests, Local account'
  • 2.2.15 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'
  • 2.2.16 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'
  • 2.2.17 Ensure 'Force shutdown from a remote system' is set to 'Administrators'
  • 2.2.18 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'
  • 2.2.19 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
  • 2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'
  • 2.2.20 Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'
  • 2.2.21 Ensure 'Load and unload device drivers' is set to 'Administrators'
  • 2.2.22 Ensure 'Lock pages in memory' is set to 'No One'
  • 2.2.23 Ensure 'Manage auditing and security log' is set to 'Administrators'
  • 2.2.24 Ensure 'Modify an object label' is set to 'No One'
  • 2.2.25 Ensure 'Modify firmware environment values' is set to 'Administrators'
  • 2.2.26 Ensure 'Perform volume maintenance tasks' is set to 'Administrators'
  • 2.2.27 Ensure 'Profile single process' is set to 'Administrators'
  • 2.2.28 Ensure 'Restore files and directories' is set to 'Administrators'
  • 2.2.29 Ensure 'Take ownership of files or other objects' is set to 'Administrators'
  • 2.2.3 Ensure 'Act as part of the operating system' is set to 'No One'
  • 2.2.4 Ensure 'Allow log on locally' is set to 'Administrators, Users'
  • 2.2.5 Ensure 'Back up files and directories' is set to 'Administrators'
  • 2.2.6 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'
  • 2.2.7 Ensure 'Create a pagefile' is set to 'Administrators'
  • 2.2.8 Ensure 'Create a token object' is set to 'No One'
  • 2.2.9 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
  • 2.3.1.6 Configure 'Accounts: Rename guest account'
  • 2.3.10.4 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'
Miscellaneous
  • Variables updated.
Added
  • 18.9.108.2.2 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' - Every day'
Removed
  • 18.9.108.2.2 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'