Detections
Analytics

MSCM V1.0 Windows 2008 R2 SSLF Member Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: MSCM V1.0 Windows 2008 R2 SSLF Member Server

Updated: 4/2/2021

Authority: MSCM

Plugin: Windows

Revision: 1.5

Estimated Item Count: 193

Audit Items

DescriptionCategories
CCE-9937-4:Create a pagefile
CCE-9946-5:Impersonate a client after authentication
CCE-9961-4:Increase scheduling priority
CCE-9984-6:Perform volume maintenance tasks
CCE-9992-9:Accounts: Limit local account use of blank passwords to console logon only
CCE-9999-4:Devices: Prevent users from installing printer drivers
CCE-10009-9:Domain member: Digitally sign secure channel data (when possible)
CCE-10018-0:MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.
CCE-10019-8:MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
CCE-10027-1:Network access: Do not allow anonymous enumeration of SAM accounts
CCE-10035-4:Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
CCE-10040-4:Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
CCE-10086-7:Access this computer from the network
CCE-10109-7:User Account Control: Switch to the secure desktop when prompting for elevation
CCE-10112-1:Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
CCE-10113-9:Windows Firewall: Domain: Outbound connections
CCE-10122-0:Change the system time
CCE-10123-8:Windows Firewall: Private: Outbound connections
CCE-10127-9:Windows Firewall: Private: Allow unicast response
CCE-10131-1:Windows Firewall: Private: Apply local firewall rules
CCE-10171-7:Windows Firewall: Public: Inbound connections
CCE-10188-1:Windows Firewall: Public: Apply local firewall rules
CCE-10192-3:Audit Policy: Account Logon: Credential Validation
CCE-10196-4:Audit Policy: Account Logon: Kerberos Service Ticket Operations
CCE-10201-2:Audit Policy: Account Management: Distribution Group Management
CCE-10202-0:Load and unload device drivers
CCE-10203-8:Audit Policy: Account Management: User Account Management
CCE-10206-1:Audit Policy: DS Access: Directory Service Replication
CCE-10216-0:Audit Policy: Object Access: Certification Services
CCE-10220-2:Audit Policy: Object Access: Kernel Object
CCE-10224-4:Audit Policy: Object Access: Registry
CCE-10226-9:Deny log on as a service
CCE-10232-7:Act as part of the operating system
CCE-10263-2:Audit Policy: Object Access: File System
CCE-10274-9:Generate security audits
CCE-10285-5:Audit Policy: Object Access: Filtering Platform Connection
CCE-10297-0:Network access: Let Everyone permissions apply to anonymous users
CCE-10362-2:Microsoft network server: Amount of idle time required before suspending session
CCE-10369-7:Bypass traverse checking
CCE-10370-5:Recovery console: Allow automatic administrative logon
CCE-10381-2:MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
CCE-10385-3:Audit Policy: Policy Change: Audit Policy Change
CCE-10390-3:Audit Policy: System: IPsec Driver
CCE-10419-0:Shutdown: Allow system to be shut down without having to log on
CCE-10439-8:Shut down the system
CCE-10445-5:Audit Policy: Account Logon: Other Account Logon Events
CCE-10458-8:Profile single process
CCE-10481-0:Windows Firewall: Public: Outbound connections
CCE-10482-8:Windows Firewall: Domain: Firewall state
CCE-10487-7:Audit: Audit the access of global system objects