CIS Windows 2003 DC v3.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Windows 2003 DC v3.1.0

Updated: 4/2/2021

Authority: CIS

Plugin: Windows

Revision: 1.25

Estimated Item Count: 237

Audit Items

Description	Categories
1.1.1.1.1.1 Configure 'Maximum lifetime for service ticket'	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.1.2 Configure 'Enforce user logon restrictions'	ACCESS CONTROL
1.1.1.1.1.3 Configure 'Maximum lifetime for user ticket'	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.1.4 Configure 'Maximum tolerance for computer clock synchronization'	AUDIT AND ACCOUNTABILITY
1.1.1.1.1.5 Configure 'Maximum lifetime for user ticket renewal'	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.2.1 Set 'Reset account lockout counter after' to '15' or more	ACCESS CONTROL
1.1.1.1.2.2 Set 'Account lockout duration' to '15' or greater	ACCESS CONTROL
1.1.1.1.2.3 Set 'Account lockout threshold' is set to '6' or fewer	ACCESS CONTROL
1.1.1.1.3.1 Set 'Maximum password age' to '60' or less	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.3.2 Set 'Enforce password history' to '24' or more	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.3.3 Set 'Store passwords using reversible encryption' to 'Disabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.3.4 Set 'Minimum password age' to '1' or more	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.3.5 Set 'Password must meet complexity requirements' to 'Enabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.1.3.6 Set 'Minimum password length' to '14' or more	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.1 Set 'Domain controller: Allow server operators to schedule tasks' to 'Disabled'	ACCESS CONTROL
1.1.1.2.1.2 Set 'Accounts: Guest account status' to 'Disabled'	ACCESS CONTROL
1.1.1.2.1.3 Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.4 Set 'Domain controller: Refuse machine account password changes' to 'Disabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.6 Set 'System objects: Default owner for objects created by members of the Administrators group' to 'Object creator'	ACCESS CONTROL
1.1.1.2.1.7 Set 'Network access: Shares that can be accessed anonymously' to 'None'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.8 Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation'	ACCESS CONTROL
1.1.1.2.1.9 Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients'	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.1.2.1.10 Set 'Devices: Prevent users from installing printer drivers' to 'Enabled'	ACCESS CONTROL
1.1.1.2.1.11 Set 'Devices: Unsigned driver installation behavior' to 'Warn but allow installation'	CONFIGURATION MANAGEMENT
1.1.1.2.1.12 Set 'Recovery console: Allow floppy copy and access to all drives and all folders' to 'Disabled'	CONFIGURATION MANAGEMENT
1.1.1.2.1.13 Set 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)' to 'Enabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.14 Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled'	ACCESS CONTROL
1.1.1.2.1.15 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90'	AUDIT AND ACCOUNTABILITY
1.1.1.2.1.16 Set 'MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)'	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.1.2.1.17 Set 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' to 'Enabled'	SYSTEM AND INFORMATION INTEGRITY
1.1.1.2.1.18 Set 'MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)' to 'Enabled'	CONFIGURATION MANAGEMENT
1.1.1.2.1.19 Set 'Shutdown: Clear virtual memory pagefile' to 'Disabled'	CONFIGURATION MANAGEMENT
1.1.1.2.1.20 Set 'Domain member: Disable machine account password changes' to 'Disabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.21 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15'	ACCESS CONTROL
1.1.1.2.1.22 'MSS(NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' to 'Enabled'	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.1.2.1.23 Configure 'Devices: Restrict CD-ROM access to locally logged-on user only'	MEDIA PROTECTION
1.1.1.2.1.24 Set 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' to '300000 or 5 minutes (recommended)'	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.1.2.1.25 Set 'Shutdown: Allow system to be shut down without having to log on' to 'Disabled'	ACCESS CONTROL
1.1.1.2.1.26 Set 'Interactive logon: Do not display last user name' to 'Enabled'	CONFIGURATION MANAGEMENT
1.1.1.2.1.27 Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.28 Configure 'DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax'	ACCESS CONTROL
1.1.1.2.1.29 Configure 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)'	ACCESS CONTROL
1.1.1.2.1.30 Set 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled'	ACCESS CONTROL
1.1.1.2.1.31 Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers'	SYSTEM AND COMMUNICATIONS PROTECTION
1.1.1.2.1.32 Set 'System objects: Require case insensitivity for non-Windows subsystems' to 'Enabled'	CONFIGURATION MANAGEMENT
1.1.1.2.1.33 Configure 'DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax'	ACCESS CONTROL
1.1.1.2.1.34 Set 'System settings: Optional subsystems' to ''	CONFIGURATION MANAGEMENT
1.1.1.2.1.35 Set 'Devices: Allowed to format and eject removable media' to 'Administrators'	MEDIA PROTECTION
1.1.1.2.1.36 Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled'	IDENTIFICATION AND AUTHENTICATION
1.1.1.2.1.37 Set 'Interactive logon: Prompt user to change password before expiration' to '14'	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

CIS Windows 2003 DC v3.1.0

Warning! Audit Deprecated

Audit Details

Audit Items