This report was generated on 01/17/2022 05:19:04 on DESKTOP-EHK98K4 with TAPHtmlReport version 1.8.
| Hostname | DESKTOP-EHK98K4 |
|---|---|
| Build Number | 22000 |
| Free disk space(GB) | 105.2 |
| Free physical memory (GB) | 0.804 |
| Operating System | Microsoft Windows 11 Pro |
| Installation Language | English (United States) |
Summary
A total of 347 tests have been executed.
- True 40 test(s) ≙ 11.53%
- False 307 test(s) ≙ 88.47%
- Warning 0 test(s) ≙ 0.00%
- None 0 test(s) ≙ 0.00%
- Error 0 test(s) ≙ 0.00%
Microsoft Benchmarks
A total of 347 tests have been executed in section Microsoft Benchmarks.
- True 40 test(s) ≙ 11.53%
- False 307 test(s) ≙ 88.47%
- Warning 0 test(s) ≙ 0.00%
- None 0 test(s) ≙ 0.00%
- Error 0 test(s) ≙ 0.00%
Table of Contents
Click the link(s) below for quick access to a report section.
Microsoft Benchmarks-↑
This section contains all benchmarks from Microsoft
Registry Settings/Group Policies-↑
| Id | Task | Message | Status |
|---|---|---|---|
| Registry-009 | Set registry value 'UseEnhancedPin' to 1. | Registry key not found. | False |
| Registry-010 | Set registry value 'RDVDenyCrossOrg' to 0. | Registry key not found. | False |
| Registry-011 | Set registry value 'DisableExternalDMAUnderLock' to 1. | Registry key not found. | False |
| Registry-012 | Set registry value 'DCSettingIndex' to 0. | Registry key not found. | False |
| Registry-013 | Set registry value 'ACSettingIndex' to 0. | Registry key not found. | False |
| Registry-014 | Set registry value 'DenyDeviceClasses' to 1. | Registry key not found. | False |
| Registry-015 | Set registry value 'DenyDeviceClassesRetroactive' to 1. | Registry key not found. | False |
| Registry-016 | Set registry value '1' to 'Prevent installation of drivers matching these device setup classes'. | Registry key not found. | False |
| Registry-017 | Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'. | Registry key not found. | False |
| Registry-018 | Set registry value 'PUAProtection' to 1. | Registry value not found. | False |
| Registry-019 | Set registry value 'MpCloudBlockLevel' to 2. | Registry key not found. | False |
| Registry-020 | Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'. | Registry key not found. | False |
| Registry-021 | Ensure 'Turn off real-time protection' is set to 'Disabled'. | Registry key not found. | False |
| Registry-022 | Set registry value 'DisableScriptScanning' to 0. | Registry key not found. | False |
| Registry-023 | Ensure 'Scan removable drives' is set to 'Enabled'. | Registry key not found. | False |
| Registry-024 | Ensure 'Send file samples when further analysis is required' is set to 'Send safe samples'. | Registry key not found. | False |
| Registry-025 | Ensure 'Join Microsoft MAPS' is set to 'Advanced MAPS'. | Registry key not found. | False |
| Registry-026 | Ensure 'Configure the 'Block at First Sight' feature' is set to 'Enabled'. | Registry key not found. | False |
| Registry-027 | Set registry value 'ExploitGuard_ASR_Rules' to 1. | Registry key not found. | False |
| Registry-028 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-029 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-030 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-031 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-032 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-033 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-034 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-035 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-036 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-037 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-038 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-039 | Use advanced protection against ransomware | Registry key not found. | False |
| Registry-040 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured | Registry key not found. | False |
| Registry-041 | Set registry value 'EnableNetworkProtection' to 1. | Registry key not found. | False |
| Registry-042 | Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'. | Registry key not found. | False |
| Registry-043 | Ensure 'Turn On Virtualization Based Security' is set to 'Secure Boot'. | Registry key not found. | False |
| Registry-044 | Ensure 'Turn On Virtualization Based Security' is set to 'Enabled with UEFI lock'. | Registry key not found. | False |
| Registry-045 | Set registry value 'HVCIMATRequired' to 1. | Registry key not found. | False |
| Registry-046 | Ensure 'Turn On Virtualization Based Security' is set to 'Enabled with UEFI lock'. | Registry key not found. | False |
| Registry-047 | Set registry value 'ConfigureSystemGuardLaunch' to 1. | Registry key not found. | False |
| Registry-048 | Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'. | Registry value not found. | False |
| Registry-049 | Set registry value 'NoToastApplicationNotificationOnLockScreen' to 1. | Registry key not found. | False |
| Registry-050 | Set registry value 'AutoConnectAllowedOEM' to 0. | Registry value not found. | False |
| Registry-051 | Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'. | Registry key not found. | False |
| Registry-052 | Ensure 'Turn off Autoplay' is set to 'All drives'. | Registry value not found. | False |
| Registry-053 | Set registry value 'NoWebServices' to 1. | Registry value not found. | False |
| Registry-054 | Ensure 'Set the default behavior for AutoRun' is set to 'Do not execute any autorun commands'. | Registry value not found. | False |
| Registry-055 | Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'. | Registry value not found. | False |
| Registry-056 | Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. | Registry value not found. | False |
| Registry-057 | Set registry value 'LocalAccountTokenFilterPolicy' to 0. | Registry value not found. | False |
| Registry-058 | Set registry value 'AllowEncryptionOracle' to 0. | Registry key not found. | False |
| Registry-059 | Set registry value 'EnhancedAntiSpoofing' to 1. | Registry key not found. | False |
| Registry-060 | Ensure 'Prevent downloading of enclosures' is set to 'Enabled'. | Registry key not found. | False |
| Registry-061 | Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'. | Registry key not found. | False |
| Registry-062 | Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'. | Registry key not found. | False |
| Registry-063 | Set registry value 'LetAppsActivateWithVoiceAboveLock' to 2. | Registry key not found. | False |
| Registry-064 | Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'. | Registry key not found. | False |
| Registry-065 | Set registry value 'AllowProtectedCreds' to 1. | Registry key not found. | False |
| Registry-066 | Ensure 'Specify the maximum log file size (KB)' is set to '32768'. | Registry key not found. | False |
| Registry-067 | Ensure 'Specify the maximum log file size (KB)' is set to '196608'. | Registry key not found. | False |
| Registry-068 | Ensure 'Specify the maximum log file size (KB)' is set to '32768'. | Registry key not found. | False |
| Registry-069 | Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'. | Registry key not found. | False |
| Registry-070 | Set registry value 'AllowGameDVR' to 0. | Registry key not found. | False |
| Registry-071 | Ensure 'Configure registry policy processing' is set to '0'. | Registry key not found. | False |
| Registry-072 | Ensure 'Configure registry policy processing' is set to '0'. | Registry key not found. | False |
| Registry-073 | Set registry value 'AlwaysInstallElevated' to 0. | Registry key not found. | False |
| Registry-074 | Ensure 'Allow user control over installs' is set to 'Disabled'. | Registry key not found. | False |
| Registry-075 | Set registry value 'DeviceEnumerationPolicy' to 0. | Registry key not found. | False |
| Registry-076 | Ensure 'Enable insecure guest logons' is set to 'Disabled'. | Registry key not found. | False |
| Registry-077 | Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'. | Registry value not found. | False |
| Registry-078 | Set registry value '\\*\SYSVOL' to RequireMutualAuthentication=1,RequireIntegrity=1. | Registry value is ''. Expected: RequireMutualAuthentication=1,RequireIntegrity=1 | False |
| Registry-079 | Set registry value '\\*\NETLOGON' to RequireMutualAuthentication=1,RequireIntegrity=1. | Registry value is ''. Expected: RequireMutualAuthentication=1,RequireIntegrity=1 | False |
| Registry-080 | Set registry value 'NoLockScreenCamera' to 1. | Registry key not found. | False |
| Registry-081 | Set registry value 'NoLockScreenSlideshow' to 1. | Registry key not found. | False |
| Registry-082 | Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'. | Registry key not found. | False |
| Registry-083 | Ensure 'Turn on PowerShell Script Block Logging' is not set. | Compliant. Registry key not found. | True |
| Registry-084 | Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'. | Registry value not found. | False |
| Registry-085 | Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'. | Registry value not found. | False |
| Registry-086 | Ensure 'Configure Windows SmartScreen' is set to 'Enabled'. | Registry value not found. | False |
| Registry-087 | Set registry value 'ShellSmartScreenLevel' to Block. | Registry value not found. | False |
| Registry-088 | Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'. | Registry value not found. | False |
| Registry-089 | Set registry value 'AllowIndexingEncryptedStoresOrItems' to 0. | Registry key not found. | False |
| Registry-090 | Ensure 'Disallow Digest authentication' is set to 'Enabled'. | Registry key not found. | False |
| Registry-091 | Ensure 'Allow unencrypted traffic' is set to 'Disabled'. | Registry key not found. | False |
| Registry-092 | Ensure 'Allow Basic authentication' is set to 'Disabled'. | Registry key not found. | False |
| Registry-093 | Ensure 'Allow unencrypted traffic' is set to 'Disabled'. | Registry key not found. | False |
| Registry-094 | Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'. | Registry key not found. | False |
| Registry-095 | Ensure 'Allow Basic authentication' is set to 'Disabled'. | Registry key not found. | False |
| Registry-096 | Ensure 'Turn off multicast name resolution' is set to 'Enabled'. | Registry key not found. | False |
| Registry-097 | Set registry value 'DisableWebPnPDownload' to 1. | Registry key not found. | False |
| Registry-098 | Set registry value 'RestrictDriverInstallationToAdministrators' to 1. | Registry key not found. | False |
| Registry-099 | Ensure 'Restrict Unauthenticated RPC clients' is set to 'Authenticated'. | Registry key not found. | False |
| Registry-100 | Set registry value 'fUseMailto' to . | Compliant. Registry value not found. | True |
| Registry-101 | Set registry value 'fAllowToGetHelp' to 0. | Registry value not found. | False |
| Registry-102 | Set registry value 'fAllowFullControl' to . | Compliant. Registry value not found. | True |
| Registry-103 | Set registry value 'MaxTicketExpiry' to . | Compliant. Registry value not found. | True |
| Registry-104 | Set registry value 'MaxTicketExpiryUnits' to . | Compliant. Registry value not found. | True |
| Registry-105 | Set registry value 'MinEncryptionLevel' to 3. | Registry value not found. | False |
| Registry-106 | Set registry value 'fPromptForPassword' to 1. | Registry value not found. | False |
| Registry-107 | Set registry value 'fDisableCdm' to 1. | Registry value not found. | False |
| Registry-108 | Set registry value 'DisablePasswordSaving' to 1. | Registry value not found. | False |
| Registry-109 | Set registry value 'fEncryptRPCTraffic' to 1. | Registry value not found. | False |
| Registry-110 | Set registry value 'PolicyVersion' to 538. | Registry key not found. | False |
| Registry-111 | Set registry value 'DefaultOutboundAction' to 0. | Registry key not found. | False |
| Registry-112 | Set registry value 'DisableNotifications' to 1. | Registry key not found. | False |
| Registry-113 | Set registry value 'EnableFirewall' to 1. | Registry key not found. | False |
| Registry-114 | Set registry value 'DefaultInboundAction' to 1. | Registry key not found. | False |
| Registry-115 | Set registry value 'LogDroppedPackets' to 1. | Registry key not found. | False |
| Registry-116 | Set registry value 'LogFileSize' to 16384. | Registry key not found. | False |
| Registry-117 | Set registry value 'LogSuccessfulConnections' to 1. | Registry key not found. | False |
| Registry-118 | Set registry value 'EnableFirewall' to 1. | Registry key not found. | False |
| Registry-119 | Set registry value 'DisableNotifications' to 1. | Registry key not found. | False |
| Registry-120 | Set registry value 'DefaultInboundAction' to 1. | Registry key not found. | False |
| Registry-121 | Set registry value 'DefaultOutboundAction' to 0. | Registry key not found. | False |
| Registry-122 | Set registry value 'LogSuccessfulConnections' to 1. | Registry key not found. | False |
| Registry-123 | Set registry value 'LogDroppedPackets' to 1. | Registry key not found. | False |
| Registry-124 | Set registry value 'LogFileSize' to 16384. | Registry key not found. | False |
| Registry-125 | Set registry value 'DefaultOutboundAction' to 0. | Registry key not found. | False |
| Registry-126 | Set registry value 'EnableFirewall' to 1. | Registry key not found. | False |
| Registry-127 | Set registry value 'DisableNotifications' to 1. | Registry key not found. | False |
| Registry-128 | Set registry value 'AllowLocalIPsecPolicyMerge' to 0. | Registry key not found. | False |
| Registry-129 | Set registry value 'AllowLocalPolicyMerge' to 0. | Registry key not found. | False |
| Registry-130 | Set registry value 'DefaultInboundAction' to 1. | Registry key not found. | False |
| Registry-131 | Set registry value 'LogFileSize' to 16384. | Registry key not found. | False |
| Registry-132 | Set registry value 'LogDroppedPackets' to 1. | Registry key not found. | False |
| Registry-133 | Set registry value 'LogSuccessfulConnections' to 1. | Registry key not found. | False |
| Registry-134 | Ensure 'Allow Windows Ink Workspace' is set to 'On, but disallow access above lock'. | Registry key not found. | False |
| Registry-135 | Set registry value 'AdmPwdEnabled' to 1. | Registry key not found. | False |
| Registry-136 | Ensure 'WDigest Authentication (disabling may require KB2871997)' is set to 'Disabled'. | Registry value not found. | False |
| Registry-137 | Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'. | Registry value not found. | False |
| Registry-138 | Set registry value 'DriverLoadPolicy' to 3. | Registry key not found. | False |
| Registry-139 | Ensure 'Configure SMB v1 server' is set to 'Disabled'. | Registry value not found. | False |
| Registry-140 | Ensure 'Configure SMB v1 client driver' is set to 'Disable driver (recommended)'. | Registry key not found. | False |
| Registry-141 | Set registry value 'NoNameReleaseOnDemand' to 1. | Registry value not found. | False |
| Registry-142 | Set registry value 'NodeType' to 2. | Registry value not found. | False |
| Registry-143 | Set registry value 'EnableICMPRedirect' to 0. | Registry value not found. | False |
| Registry-144 | Set registry value 'DisableIPSourceRouting' to 2. | Registry value not found. | False |
| Registry-145 | Set registry value 'DisableIPSourceRouting' to 2. | Registry value not found. | False |
| Registry-146 | Set registry value 'ScRemoveOption' to 1. | Registry value is '0'. Expected: 1 | False |
| Registry-147 | Set registry value 'InactivityTimeoutSecs' to 900. | Registry value not found. | False |
| Registry-148 | Set registry value 'NoLMHash' to 1. | Compliant | True |
| Registry-149 | Set registry value 'EnablePlainTextPassword' to 0. | Compliant | True |
| Registry-150 | Set registry value 'LimitBlankPasswordUse' to 1. | Compliant | True |
| Registry-151 | Set registry value 'RestrictAnonymousSAM' to 1. | Compliant | True |
| Registry-152 | Set registry value 'RestrictAnonymous' to 1. | Registry value is '0'. Expected: 1 | False |
| Registry-153 | Set registry value 'RestrictNullSessAccess' to 1. | Compliant | True |
| Registry-154 | Set registry value 'SCENoApplyLegacyAuditPolicy' to 1. | Registry value not found. | False |
| Registry-155 | Set registry value 'NTLMMinClientSec' to 537395200. | Registry value is '536870912'. Expected: 537395200 | False |
| Registry-156 | Set registry value 'LmCompatibilityLevel' to 5. | Registry value not found. | False |
| Registry-157 | Set registry value 'allownullsessionfallback' to 0. | Registry value not found. | False |
| Registry-158 | Set registry value 'NTLMMinServerSec' to 537395200. | Registry value is '536870912'. Expected: 537395200 | False |
| Registry-159 | Set registry value 'requirestrongkey' to 1. | Compliant | True |
| Registry-160 | Set registry value 'RequireSecuritySignature' to 1. | Registry value is '0'. Expected: 1 | False |
| Registry-161 | Set registry value 'sealsecurechannel' to 1. | Compliant | True |
| Registry-162 | Set registry value 'requiresignorseal' to 1. | Compliant | True |
| Registry-163 | Set registry value 'signsecurechannel' to 1. | Compliant | True |
| Registry-164 | Set registry value 'requiresecuritysignature' to 1. | Registry value is '0'. Expected: 1 | False |
| Registry-165 | Set registry value 'ProtectionMode' to 1. | Compliant | True |
| Registry-166 | Set registry value 'ConsentPromptBehaviorAdmin' to 2. | Registry value is '5'. Expected: 2 | False |
| Registry-167 | Set registry value 'EnableSecureUIAPaths' to 1. | Compliant | True |
| Registry-168 | Set registry value 'EnableLUA' to 1. | Compliant | True |
| Registry-169 | Set registry value 'ConsentPromptBehaviorUser' to 0. | Registry value is '3'. Expected: 0 | False |
| Registry-170 | Set registry value 'EnableInstallerDetection' to 1. | Compliant | True |
| Registry-171 | Set registry value 'FilterAdministratorToken' to 1. | Registry value not found. | False |
| Registry-172 | Set registry value 'EnableVirtualization' to 1. | Compliant | True |
| Registry-173 | Set registry value 'LDAPClientIntegrity' to 1. | Compliant | True |
| Registry-174 | Remote calls to the Security Account Manager (SAM) must be restricted to Administrators. | Registry value not found. | False |
| Registry-222 | Set registry value 'FormSuggest Passwords' to 1. | Registry key not found. | False |
| Registry-223 | Ensure 'Turn on the auto-complete feature for user names and passwords on forms' is set to 'no'. | Registry key not found. | False |
| Registry-224 | Set registry value 'FormSuggest Passwords' to no. | Registry key not found. | False |
| Registry-225 | Ensure 'Remove "Run this time" button for outdated ActiveX controls in Internet Explorer ' is set to 'Enabled'. | Registry value not found. | False |
| Registry-226 | Ensure 'Turn off blocking of outdated ActiveX controls for Internet Explorer' is set to 'Disabled'. | Registry value not found. | False |
| Registry-227 | Ensure 'Allow software to run or install even if the signature is invalid' is set to 'Disabled'. | Registry key not found. | False |
| Registry-228 | Set registry value 'CheckExeSignatures' to yes. | Registry key not found. | False |
| Registry-229 | Ensure 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' is set to 'Enabled'. | Registry key not found. | False |
| Registry-230 | Ensure 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' is set to 'Enabled'. | Registry key not found. | False |
| Registry-231 | Set registry value 'Isolation' to PMEM. | Registry key not found. | False |
| Registry-232 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-234 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-235 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-237 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-238 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-240 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-241 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-242 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-244 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-246 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-247 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-249 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-251 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-252 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-253 | Set registry value '(Reserved)' to 1. | Registry key not found. | False |
| Registry-254 | Set registry value 'explorer.exe' to 1. | Registry key not found. | False |
| Registry-255 | Set registry value 'iexplore.exe' to 1. | Registry key not found. | False |
| Registry-256 | Set registry value 'PreventOverrideAppRepUnknown' to 1. | Registry key not found. | False |
| Registry-257 | Set registry value 'PreventOverride' to 1. | Registry key not found. | False |
| Registry-258 | Ensure 'Prevent managing SmartScreen Filter' is set to 'On'. | Registry key not found. | False |
| Registry-259 | Set registry value 'NoCrashDetection' to 1. | Registry key not found. | False |
| Registry-260 | Ensure 'Turn off the Security Settings Check feature' is set to 'Disabled'. | Registry key not found. | False |
| Registry-261 | Ensure 'Prevent per-user installation of ActiveX controls' is set to 'Enabled'. | Registry key not found. | False |
| Registry-262 | Ensure 'Specify use of ActiveX Installer Service for installation of ActiveX controls' is set to 'Enabled'. | Registry key not found. | False |
| Registry-263 | Set registry value 'Security_zones_map_edit' to 1. | Registry value not found. | False |
| Registry-264 | Set registry value 'Security_options_edit' to 1. | Registry value not found. | False |
| Registry-265 | Set registry value 'Security_HKLM_only' to 1. | Registry value not found. | False |
| Registry-266 | Ensure 'Check for server certificate revocation' is set to 'Enabled'. | Registry value not found. | False |
| Registry-267 | Ensure 'Prevent ignoring certificate errors' is set to 'Enabled'. | Registry value not found. | False |
| Registry-268 | Set registry value 'WarnOnBadCertRecving' to 1. | Registry value not found. | False |
| Registry-269 | Ensure 'Allow fallback to SSL 3.0 (Internet Explorer)' is set to 'No Sites'. | Registry value not found. | False |
| Registry-270 | Ensure 'Turn off encryption support' is set to 'Use TLS 1.1 and TLS 1.2'. | Registry value not found. | False |
| Registry-271 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-272 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-273 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-274 | Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'. | Registry key not found. | False |
| Registry-275 | Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'. | Registry key not found. | False |
| Registry-276 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-277 | Ensure 'Intranet Sites: Include all network paths (UNCs)' is set to 'Disabled'. | Registry key not found. | False |
| Registry-278 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-279 | Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-280 | Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-281 | Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'. | Registry key not found. | False |
| Registry-282 | Ensure 'Java permissions' is set to 'High safety'. | Registry key not found. | False |
| Registry-283 | Ensure 'Java permissions' is set to 'High safety'. | Registry key not found. | False |
| Registry-284 | Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-285 | Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'. | Registry key not found. | False |
| Registry-286 | Ensure 'Run .NET Framework-reliant components signed with Authenticode' is set to 'Disable'. | Registry key not found. | False |
| Registry-287 | Ensure 'Allow script-initiated windows without size or position constraints' is set to 'Disable'. | Registry key not found. | False |
| Registry-288 | Ensure 'Allow drag and drop or copy and paste files' is set to 'Disable'. | Registry key not found. | False |
| Registry-289 | Ensure 'Include local path when user is uploading files to a server' is set to 'Disable'. | Registry key not found. | False |
| Registry-290 | Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'. | Registry key not found. | False |
| Registry-291 | Ensure 'Access data sources across domains' is set to 'Disable'. | Registry key not found. | False |
| Registry-292 | Ensure 'Launching applications and files in an IFRAME' is set to 'Disable'. | Registry key not found. | False |
| Registry-293 | Ensure 'Automatic prompting for file downloads' is set to 'Disable'. | Registry key not found. | False |
| Registry-294 | Ensure 'Allow scriptlets' is set to 'Disable'. | Registry key not found. | False |
| Registry-295 | Ensure 'Allow scripting of Internet Explorer WebBrowser controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-296 | Ensure 'Use Pop-up Blocker' is set to 'Enable'. | Registry key not found. | False |
| Registry-297 | Ensure 'Turn on Protected Mode' is set to 'Enable'. | Registry key not found. | False |
| Registry-298 | Ensure 'Allow updates to status bar via script' is set to 'Disable'. | Registry key not found. | False |
| Registry-299 | Ensure 'Userdata persistence' is set to 'Disable'. | Registry key not found. | False |
| Registry-300 | Ensure 'Allow loading of XAML files' is set to 'Disable'. | Registry key not found. | False |
| Registry-301 | Ensure 'Run .NET Framework-reliant components not signed with Authenticode' is set to 'Disable'. | Registry key not found. | False |
| Registry-302 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-303 | Ensure 'Download signed ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-304 | Ensure 'Logon options' is set to 'Prompt for user name and password'. | Registry key not found. | False |
| Registry-305 | Ensure 'Enable dragging of content from different domains within a window' is set to 'Disable'. | Registry key not found. | False |
| Registry-306 | Ensure 'Download unsigned ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-307 | Ensure 'Allow only approved domains to use ActiveX controls without prompt' is set to 'Enable'. | Registry key not found. | False |
| Registry-308 | Ensure 'Allow cut, copy or paste operations from the clipboard via script' is set to 'Disable'. | Registry key not found. | False |
| Registry-309 | Ensure 'Turn on Cross-Site Scripting Filter' is set to 'Enable'. | Registry key not found. | False |
| Registry-310 | Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-311 | Ensure 'Navigate windows and frames across different domains' is set to 'Disable'. | Registry key not found. | False |
| Registry-312 | Ensure 'Enable dragging of content from different domains across windows' is set to 'Disable'. | Registry key not found. | False |
| Registry-313 | Ensure 'Web sites in less privileged Web content zones can navigate into this zone' is set to 'Disable'. | Registry key not found. | False |
| Registry-314 | Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'. | Registry key not found. | False |
| Registry-315 | Ensure 'Show security warning for potentially unsafe files' is set to 'Prompt'. | Registry key not found. | False |
| Registry-316 | Ensure 'Allow only approved domains to use the TDC ActiveX control' is set to 'Enable'. | Registry key not found. | False |
| Registry-317 | Set registry value '140C' to 3. | Registry key not found. | False |
| Registry-318 | Ensure 'Allow META REFRESH' is set to 'Disable'. | Registry key not found. | False |
| Registry-319 | Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'. | Registry key not found. | False |
| Registry-320 | Ensure 'Download signed ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-321 | Ensure 'Navigate windows and frames across different domains' is set to 'Disable'. | Registry key not found. | False |
| Registry-322 | Ensure 'Allow only approved domains to use ActiveX controls without prompt' is set to 'Enable'. | Registry key not found. | False |
| Registry-323 | Ensure 'Use Pop-up Blocker' is set to 'Enable'. | Registry key not found. | False |
| Registry-324 | Ensure 'Download unsigned ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-325 | Ensure 'Userdata persistence' is set to 'Disable'. | Registry key not found. | False |
| Registry-326 | Ensure 'Allow cut, copy or paste operations from the clipboard via script' is set to 'Disable'. | Registry key not found. | False |
| Registry-327 | Ensure 'Include local path when user is uploading files to a server' is set to 'Disable'. | Registry key not found. | False |
| Registry-328 | Ensure 'Access data sources across domains' is set to 'Disable'. | Registry key not found. | False |
| Registry-329 | Ensure 'Allow script-initiated windows without size or position constraints' is set to 'Disable'. | Registry key not found. | False |
| Registry-330 | Ensure 'Run .NET Framework-reliant components not signed with Authenticode' is set to 'Disable'. | Registry key not found. | False |
| Registry-331 | Ensure 'Automatic prompting for file downloads' is set to 'Disable'. | Registry key not found. | False |
| Registry-332 | Ensure 'Allow binary and script behaviors' is set to 'Disable'. | Registry key not found. | False |
| Registry-333 | Ensure 'Scripting of Java applets' is set to 'Disable'. | Registry key not found. | False |
| Registry-334 | Ensure 'Allow file downloads' is set to 'Disable'. | Registry key not found. | False |
| Registry-335 | Ensure 'Allow loading of XAML files' is set to 'Disable'. | Registry key not found. | False |
| Registry-336 | Ensure 'Allow active scripting' is set to 'Disable'. | Registry key not found. | False |
| Registry-337 | Ensure 'Logon options' is set to 'Anonymous logon'. | Registry key not found. | False |
| Registry-338 | Ensure 'Run .NET Framework-reliant components signed with Authenticode' is set to 'Disable'. | Registry key not found. | False |
| Registry-339 | Ensure 'Turn on Protected Mode' is set to 'Enable'. | Registry key not found. | False |
| Registry-340 | Ensure 'Turn on Cross-Site Scripting Filter' is set to 'Enable'. | Registry key not found. | False |
| Registry-341 | Ensure 'Java permissions' is set to 'Disable Java'. | Registry key not found. | False |
| Registry-342 | Ensure 'Allow scriptlets' is set to 'Disable'. | Registry key not found. | False |
| Registry-343 | Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-344 | Ensure 'Allow scripting of Internet Explorer WebBrowser controls' is set to 'Disable'. | Registry key not found. | False |
| Registry-345 | Ensure 'Enable dragging of content from different domains within a window' is set to 'Disable'. | Registry key not found. | False |
| Registry-346 | Ensure 'Allow drag and drop or copy and paste files' is set to 'Disable'. | Registry key not found. | False |
| Registry-347 | Ensure 'Allow updates to status bar via script' is set to 'Disable'. | Registry key not found. | False |
| Registry-348 | Ensure 'Enable dragging of content from different domains across windows' is set to 'Disable'. | Registry key not found. | False |
| Registry-349 | Ensure 'Script ActiveX controls marked safe for scripting' is set to 'Disable'. | Registry key not found. | False |
| Registry-350 | Ensure 'Web sites in less privileged Web content zones can navigate into this zone' is set to 'Disable'. | Registry key not found. | False |
| Registry-351 | Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'. | Registry key not found. | False |
| Registry-352 | Ensure 'Run ActiveX controls and plugins' is set to 'Disable'. | Registry key not found. | False |
| Registry-353 | Ensure 'Launching applications and files in an IFRAME' is set to 'Disable'. | Registry key not found. | False |
| Registry-354 | Ensure 'Show security warning for potentially unsafe files' is set to 'Disable'. | Registry key not found. | False |
| Registry-355 | Ensure 'Allow only approved domains to use the TDC ActiveX control' is set to 'Enable'. | Registry key not found. | False |
| Registry-356 | Set registry value '140C' to 3. | Registry key not found. | False |
User Rights Assignment-↑
| Id | Task | Message | Status |
|---|---|---|---|
| UserRight-176 | Ensure 'SeSecurityPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-177 | Ensure 'SeRestorePrivilege' is set to 'administrator' | The user right 'SeRestorePrivilege' contains following unexpected users: BUILTIN\Backup Operators | False |
| UserRight-178 | Ensure 'SeTakeOwnershipPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-179 | Ensure 'SeBackupPrivilege' is set to 'administrator' | The user right 'SeBackupPrivilege' contains following unexpected users: BUILTIN\Backup Operators | False |
| UserRight-180 | Ensure 'SeDenyRemoteInteractiveLogonRight' is set to 'Local account' | The user 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\Local account | False |
| UserRight-181 | Ensure 'SeCreatePermanentPrivilege' is set to 'none' | The user 'SeCreatePermanentPrivilege' setting does not contain the following users: NULL SID | False |
| UserRight-182 | Ensure 'SeManageVolumePrivilege' is set to 'administrator' | Compliant | True |
| UserRight-183 | Ensure 'SeLoadDriverPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-184 | Ensure 'SeLockMemoryPrivilege' is set to 'none' | Compliant | True |
| UserRight-185 | Ensure 'SeDenyNetworkLogonRight' is set to 'Local account' | The user right 'SeDenyNetworkLogonRight' contains following unexpected users: DESKTOP-EHK98K4\Guest The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\Local account | False |
| UserRight-186 | Ensure 'SeNetworkLogonRight' is set to 'administrator, Remote Desktop Users' | The user right 'SeNetworkLogonRight' contains following unexpected users: Everyone, BUILTIN\Users, BUILTIN\Backup Operators The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users | False |
| UserRight-187 | Ensure 'SeImpersonatePrivilege' is set to 'administrator, Service, Local Service, Network Service' | The user right 'SeImpersonatePrivilege' contains following unexpected users: BUILTIN\IIS_IUSRS | False |
| UserRight-188 | Ensure 'SeCreateTokenPrivilege' is set to 'none' | The user 'SeCreateTokenPrivilege' setting does not contain the following users: NULL SID | False |
| UserRight-189 | Ensure 'SeCreateGlobalPrivilege' is set to 'administrator, Service, Local Service, Network Service' | Compliant | True |
| UserRight-190 | Ensure 'SeSystemEnvironmentPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-191 | Ensure 'SeCreatePagefilePrivilege' is set to 'administrator' | Compliant | True |
| UserRight-192 | Ensure 'SeInteractiveLogonRight' is set to 'administrator, Users' | The user right 'SeInteractiveLogonRight' contains following unexpected users: DESKTOP-EHK98K4\Guest, BUILTIN\Backup Operators | False |
| UserRight-193 | Ensure 'SeRemoteShutdownPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-194 | Ensure 'SeDebugPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-195 | Ensure 'SeTrustedCredManAccessPrivilege' is set to 'none' | The user 'SeTrustedCredManAccessPrivilege' setting does not contain the following users: NULL SID | False |
| UserRight-196 | Ensure 'SeProfileSingleProcessPrivilege' is set to 'administrator' | Compliant | True |
| UserRight-197 | Ensure 'SeTcbPrivilege' is set to 'none' | The user 'SeTcbPrivilege' setting does not contain the following users: NULL SID | False |
| UserRight-198 | Ensure 'SeEnableDelegationPrivilege' is set to 'none' | The user 'SeEnableDelegationPrivilege' setting does not contain the following users: NULL SID | False |
Account Policies-↑
| Id | Task | Message | Status |
|---|---|---|---|
| AccountPolicy-001 | Ensure 'MinimumPasswordLength' is set to '14'. | 'MinimumPasswordLength' currently set to: 0. Expected: 14 | False |
| AccountPolicy-002 | Ensure 'PasswordComplexity' is set to '1'. | 'PasswordComplexity' currently set to: 0. Expected: 1 | False |
| AccountPolicy-003 | Ensure 'PasswordHistorySize' is set to '24'. | 'PasswordHistorySize' currently set to: 0. Expected: 24 | False |
| AccountPolicy-004 | Ensure 'LockoutBadCount' is set to '10'. | 'LockoutBadCount' currently set to: 0. Expected: 10 | False |
| AccountPolicy-005 | Ensure 'ResetLockoutCount' is set to '15'. | Currently not set. | False |
| AccountPolicy-006 | Ensure 'LockoutDuration' is set to '15'. | Currently not set. | False |
| AccountPolicy-007 | Ensure 'ClearTextPassword' is set to '0'. | Compliant | True |
Advanced Audit Policy Configuration-↑
| Id | Task | Message | Status |
|---|---|---|---|
| AuditPolicy-199 | Ensure 'Credential Validation' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-200 | Ensure 'Security Group Management' is set to 'Success'. | Compliant | True |
| AuditPolicy-201 | Ensure 'User Account Management' is set to 'Success' and is set to 'Failure'. | Set to: Success | False |
| AuditPolicy-202 | Ensure 'Plug and Play Events' is set to 'Success'. | Set to: No Auditing | False |
| AuditPolicy-203 | Ensure 'Process Creation' is set to 'Success'. | Set to: No Auditing | False |
| AuditPolicy-204 | Ensure 'Account Lockout' is set to 'Failure'. | Set to: Success | False |
| AuditPolicy-205 | Ensure 'Group Membership' is set to 'Success'. | Set to: No Auditing | False |
| AuditPolicy-206 | Ensure 'Logon' is set to 'Success' and is set to 'Failure'. | Compliant | True |
| AuditPolicy-207 | Ensure 'Other Logon/Logoff Events' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-208 | Ensure 'Special Logon' is set to 'Success'. | Compliant | True |
| AuditPolicy-209 | Ensure 'Detailed File Share' is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-210 | Ensure 'File Share' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-211 | Ensure 'Other Object Access Events' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-212 | Ensure 'Removable Storage' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-213 | Ensure 'Audit Policy Change' is set to 'Success'. | Compliant | True |
| AuditPolicy-214 | Ensure 'Authentication Policy Change' is set to 'Success'. | Compliant | True |
| AuditPolicy-215 | Ensure 'MPSSVC Rule-Level Policy Change' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-216 | Ensure 'Other Policy Change Events' is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-217 | Ensure 'Sensitive Privilege Use' is set to 'Success' and is set to 'Failure'. | Set to: No Auditing | False |
| AuditPolicy-218 | Ensure 'Other System Events' is set to 'Success' and is set to 'Failure'. | Compliant | True |
| AuditPolicy-219 | Ensure 'Security State Change' is set to 'Success'. | Compliant | True |
| AuditPolicy-220 | Ensure 'Security System Extension' is set to 'Success'. | Set to: No Auditing | False |
| AuditPolicy-221 | Ensure 'System Integrity' is set to 'Success' and is set to 'Failure'. | Compliant | True |