| 1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.17 Set 'Modify firmware environment values' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.21 Set 'Deny log on locally' to 'Guests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.23 Set 'Restore files and directories' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.33 Configure 'Deny log on as a service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.36 Set 'Allow log on locally' to 'Administrators, Users' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.37 Set 'Lock pages in memory' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.40 Set 'Replace a process level token' to 'Local Service, Network Service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.3 Ensure 'Act as part of the operating system' is set to 'No One' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.16 Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.16 Ensure 'Deny access to this computer from the network' to include 'Guests, Local account' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.19 Ensure 'Deny log on locally' to include 'Guests' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.20 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.29 Configure 'Log on as a service' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.38 Ensure 'Shut down the system' is set to 'Administrators, Users' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.38 Ensure 'Shut down the system' is set to 'Administrators, Users' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Create a pagefile | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create a pagefile | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Create global objects | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Debug programs | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny access to this computer from the network | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Force shutdown from a remote system | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Lock pages in memory | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Restore files and directories | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Restore files and directories | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Take ownership of files or other objects | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Take ownership of files or other objects | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
