18.5.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'
18.5.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' (MS only) - Enabled
18.8.22.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' - Enabled
18.8.22.1.11 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'
18.8.22.1.12 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'
18.8.22.1.13 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'
18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'
18.8.22.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'
18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'
18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'
18.8.22.1.8 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'
18.8.22.1.9 Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' - Enabled
18.8.34.6.2 Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'
18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)
18.9.12.1 Ensure 'Allow Use of Camera' is set to 'Disabled'
18.9.59.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'
18.9.59.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'
18.9.77.3.2 Ensure 'Join Microsoft MAPS' is set to 'Disabled'
18.9.85.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'
18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'
19.7.7.3 Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled'
19.7.7.4 Ensure 'Turn off all Windows spotlight features' is set to 'Enabled'
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'
Miscellaneous
Metadata updated.
Platform check updated.
References updated.
Added
18.4.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'
18.4.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'
18.9.16.2 Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage'
18.9.39.1 Ensure 'Turn off location' is set to 'Enabled'
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)
CIS_MS_SERVER_2016_Level_2_v1.2.0.audit from CIS Microsoft Windows Server 2016 MS L2 v1.2.0
Removed
18.4.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'
18.4.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses' is set to 'Disabled'
18.9.16.2 Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set
18.9.39.2 Ensure 'Turn off location' is set to 'Enabled'
2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer'