Feb 22, 2022 Functional Update- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
Miscellaneous- Audit deprecated.
- Metadata updated.
- References updated.
|
Feb 17, 2022 Functional Update- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000390 - The Deny log on as a service user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
|
Jan 25, 2022 Functional Update- WN16-CC-000421 - The Windows Explorer Preview pane must be disabled for Windows Server 2016 - NoPreviewPane
- WN16-CC-000421 - The Windows Explorer Preview pane must be disabled for Windows Server 2016 - NoReadingPane
- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
|
Dec 17, 2021 Functional Update- WN16-00-000070 - Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.
- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
|
Nov 23, 2021 Functional Update- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
Added- WN16-00-000030 - Passwords for the built-in Administrator account must be changed at least every 60 days.
Removed- WN16-00-000030 - Passwords for the built-in Administrator account must be changed at least every 60 days.
|
Aug 11, 2021 Functional Update- WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016.
- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
Informational Update- WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016.
|
Jul 30, 2021 Functional Update- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
Miscellaneous- Metadata updated.
- References updated.
|
Jun 22, 2021 Functional Update- WN16-AU-000030 - Permissions for the Application event log must prevent access by non-privileged accounts.
- WN16-AU-000040 - Permissions for the Security event log must prevent access by non-privileged accounts.
- WN16-AU-000050 - Permissions for the System event log must prevent access by non-privileged accounts.
- WN16-DC-000080 - The Active Directory SYSVOL directory must have the proper access control permissions.
- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
|
Jun 17, 2021 Functional Update- WN16-MS-000370 - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.
- WN16-MS-000380 - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000400 - The Deny log on locally user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems and from unauthenticated access on all systems.
- WN16-MS-000410 - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and from unauthenticated access on all systems.
Miscellaneous- Metadata updated.
- References updated.
|
