emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
atap/Samples/Microsoft Windows 10 All_RiskScore.html
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

35 lines
696 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html><html lang="en"><head ><meta charset="UTF-8"></meta><meta content="width=device-width, initial-scale=1.0" name="viewport"></meta><meta content="ie=edge" http-equiv="X-UA-Compatible"></meta><title >Windows 10 Report [12/07/2022 10:37:11]</title><style >body { font-family: Cambria, Georgia, serif; margin: 0; color: default; background-color: default;}.content { padding: 30px 40px;}a { color: default;}a:visited { color: default;}.header { background-color: #c6c9cc;}.header svg { margin-left: 3px; opacity: 0.8;}.header svg g path:nth-child(1), /*F*/.header svg g path:nth-child(2), /*B*/.header svg g path:nth-child(6), /*G*/.header svg g path:nth-child(7), /*m*/.header svg g path:nth-child(8), /*b*/.header svg g path:nth-child(9) /*H*/{ fill: black;}.header h1 { margin: 0;}h1, h2, h3, h4, h5, h6 { font-family: 'Calibri', 'Segoe UI', sans-serif;}li a { /*display: block;*/ font-family: Arial, sans-serif;}li a:hover { background-color: #f2f2f2;}.gauge { height: 25px; background: #a7a7a7; border-radius: 8px; overflow: hidden;}.gauge .gauge-meter { height: 100%; float: left;}.gauge-info { margin: 0; padding: 20px 0;}.gauge-info .gauge-info-item { display: table-cell; width: 1%; text-align: center; line-height: 30px;}.gauge-info .gauge-info-item span.auditstatus { display: inline;}section.collapsed > :not(:first-child) { display: none;}table { border-collapse: collapse; font-family: Arial, sans-serif;}th, td { padding: 5px 10px; text-align: left; vertical-align: top;}/* audit-info table */table.audit-info { margin-left: 8%; margin-right: 8%; width: 90%;}table.audit-info th, table.audit-info td { border: 1px solid #d2d2d2;}table.audit-info th { border-bottom-width: 2px; background-color: lightgray;}table.audit-info tr:nth-child(even) { background-color: #efefef;}/* First column in an audit-info table */table.audit-info th:nth-child(1), table.audit-info td:nth-child(1) { text-align: left; white-space: nowrap; width: 40px;}/* First column in an audit-info table */table.audit-info th:nth-child(2), table.audit-info td:nth-child(2) { text-align: left; width: 50%;}/* Last column in an audit-info table */table.audit-info th:last-child, table.audit-info td:last-child { text-align: center; width: 70px;}.passed, .green, .failed, .red { color: #fff;}.warning, .orange { color: #000;}.passed, .green { background-color: #33cca6;}.failed, .red { background-color: #cc0000;}.warning, .orange { background-color: #ff9933;}h1 span.passed, h1 span.failed, h1 span.warning,h2 span.passed, h2 span.failed, h2 span.warning,h3 span.passed, h3 span.failed, h3 span.warning { padding: 5px 10px; border-radius: 8px;}span.auditstatus { display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto;}.sectionAction { display: inline-block; text-align: center; text-decoration: none; margin: 0 0 0 15px; padding: 0 8px; color: #161616; background-color: #dfdfdf; border-radius: 8px; font-weight: bold; cursor: pointer;}.sectionAction:hover { background-color: #dddddd;; color: blue;}#host-information { float: left;}/* Overall compliance donut chart */.card { float: right; margin: 0 100px 0 0; width: 250px;}.donut-chart { position: relative; border-radius: 50%; overflow: hidden;}.donut-chart.chart { width: 200px; height: 200px; background: #c6c9cc;}.donut-chart .slice { position: absolute; top: 0; left: 0; width: 100%; height: 100%;}.donut-chart .chart-center { position: absolute; border-radius: 50%; top: 25px; left: 25px; width: 150px; height: 150px; background: white;}.donut-chart .chart-center span { display: block; text-align: center; font-size: 40px; line-height: 150px; color: black;}#navigationButtons{ margin-top: 15px; display: grid; grid-template-rows: 50px; grid-template-columns: repeat(5,160px);}button{ margin-left: 10px; border-radius: 8px; font-weight: bold;}#riskScore{ font-family: Arial, sans-serif; text-align: center;}#riskMatrixContainer{ display: grid; position: relative; grid-template-columns: 100px repeat(5,60px); grid-template-rows: repeat(6,60px); left: 10%; float: left; margin-top: 50px; text-align: center;}#riskMatrixContainer div{ border: 1px solid black;}#severity{ grid-column-start: 1; grid-column-end: 2; grid-row-start: 1; grid-row-end: 6; position: relative;}#quantity{ grid-column-start: 2; grid-column-end: 7; grid-row-start: 6; grid-row-end: 7; position: relative;}#severityArea{ text-align: center; position: absolute; margin: 0; top:50%; left: 20%;}#quantityArea{ text-align: center; position: absolute; margin: 0; top: 35%; left: 40%;}#severityCritical{ grid-column-start: 2; grid-column-end: 3; grid-row-start: 1; grid-row-end: 2; padding-top: 20px;}#severityHigh{ grid-column-start: 2; grid-column-end: 3; grid-row-start: 2; grid-row-end: 3; padding-top: 20px;}#severityMedium{ grid-column-start: 2; grid-column-end: 3; grid-row-start: 3; grid-row-end: 4; padding-top: 20px;}#severityLow{ grid-column-start: 2; grid-column-end: 3; grid-row-start: 4; grid-row-end: 5; padding-top: 20px;}#quantityCritical{ grid-column-start: 6; grid-column-end: 7; grid-row-start: 5; grid-row-end: 6; text-align: center; padding-top: 20px;}#quantityHigh{ grid-column-start: 5; grid-column-end: 6; grid-row-start: 5; grid-row-end: 6; text-align: center; padding-top: 20px;}#quantityMedium{ grid-column-start: 4; grid-column-end: 5; grid-row-start: 5; grid-row-end: 6; text-align: center; padding-top: 20px;}#quantityLow{ grid-column-start: 3; grid-column-end: 4; grid-row-start: 5; grid-row-end: 6; text-align: center; padding-top: 20px;}#riskMatrixContainer:nth-child(10){ position: relative;}#riskMatrixSummary:nth-child(10){ position: relative;}/* Color for each Risk */#medium_medium, #medium_low, #low_medium{ background-color: #ffc000;}#high_low, #high_medium, #high_high, #medium_high, #low_high{ background-color: red;}#critical_low, #critical_medium, #critical_high, #critical_critical, #high_critical, #medium_critical, #low_critical{ background-color: purple;}/* Low Risk */#low_low{ background-color: #548dd6; grid-column-start: 3; grid-column-end: 4; grid-row-start: 4; grid-row-end: 5;}/* Medium Risk */#medium_low{ grid-column-start: 3; grid-column-end: 4; grid-row-start: 3; grid-row-end: 4;}#medium_medium{ grid-column-start: 4; grid-column-end: 5; grid-row-start: 3; grid-row-end: 4;}#low_medium{ grid-column-start: 4; grid-column-end: 5; grid-row-start: 4; grid-row-end: 5;}/* High Risk*/#high_low{ grid-column-start: 3; grid-column-end: 4; grid-row-start: 2; grid-row-end: 3;}#high_medium{ grid-column-start: 4; grid-column-end: 5; grid-row-start: 2; grid-row-end: 3;}#high_high{ grid-column-start: 5; grid-column-end: 6; grid-row-start: 2; grid-row-end: 3;}#medium_high{ grid-column-start: 5; grid-column-end: 6; grid-row-start: 3; grid-row-end: 4;}#low_high{ grid-column-start: 5; grid-column-end: 6; grid-row-start: 4; grid-row-end: 5;}/* Critical Risk */#critical_low{ grid-column-start: 3; grid-column-end: 4; grid-row-start: 1; grid-row-end: 2;}#critical_medium{ grid-column-start: 4; grid-column-end: 5; grid-row-start: 1; grid-row-end: 2;}#critical_high{ grid-column-start: 5; grid-column-end: 6; grid-row-start: 1; grid-row-end: 2;}#critical_critical{ grid-column-start: 6; grid-column-end: 7; grid-row-start: 1; grid-row-end: 2;}#high_critical{ grid-column-start: 6; grid-column-end: 7; grid-row-start: 2; grid-row-end: 3;}#medium_critical{ grid-column-start: 6; grid-column-end: 7; grid-row-start: 3; grid-row-end: 4;}#low_critical{ grid-column-start: 6; grid-column-end: 7; grid-row-start: 4; grid-row-end: 5;}#severityDetails{ margin-left: 8%; margin-top: 30px; border: 1px solid #d2d2d2; margin-right: 8%; float: right; margin-bottom: 40px;}#severityDetails td{ border: 1px solid #d2d2d2;}#calculationTables{ float: right; position: relative;}.calculationTablesText{ text-align: left; font-family: Arial, sans-serif;}#riskScore th{ background-color: lightgray;}#riskScore tr:nth-child(2n) td{ background-color: #efefef;}#riskMatrixSummary{ font-family: Arial, sans-serif; display: grid; position: relative; grid-template-columns: 100px repeat(5,60px); grid-template-rows: repeat(6,60px); right: 10%; float:right;}#riskMatrixSummary div{ border: 1px solid black;}#riskMatrixSummaryArea{ float: right; text-align: center; margin-right: 10%;}#systemData{ float:right; margin-right: 30%; text-align: left;}#dotRiskScoreTab { height: 15px; width: 15px; background-color: black; border-radius: 50%; border-style: dotted; display: inline-block; position: absolute; left: 22px; border-width: 2px; top: 22px;}#dotSummaryTab { height: 15px; width: 15px; background-color: black; border-radius: 50%; border-style: dotted; display: inline-block; position: absolute; left: 22px; border-width: 2px; top: 22px;}#quantityTable{ margin-top: 30px; border: 1px solid black; margin-right: auto;}#severityTable{ margin-top: 30px; border: 1px solid black; margin-right: auto;}.severityResultFalse{ display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto; color: #fff; background-color: #cc0000; }.severityResultTrue{ display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto; color: #fff; background-color: #33cca6;}.severityResultNone, .severityResultError{ display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto;}.severityResultWarning{ display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto; background-color: #ff9933; color: #000;}.tabContent#riskScore{ text-align: left;}#severityCompliance{ margin-top: 25%; clear: both;}#complianceStatusFalse{ padding: 5px 10px; border-radius: 8px; background-color: #cc0000; color: #fff; margin-left: 6%; font-weight: bold; display: inline;}#complianceStatusTrue{ padding: 5px 10px; border-radius: 8px; background-color: #33cca6; color: #fff; margin-left: 6%; font-weight: bold; display: inline;}#referencesContainer{ display: grid; grid-template-rows: 280px; grid-template-columns: repeat(2, 500px);}#referencesContainer div{ text-align: center; margin-left: auto; margin-right: auto;}#settingsOverview section{ margin-left: 5%; margin-right: 5%;}#invalidOS{ display: inline; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto; background-color: #777777;}#references p, #summary p, #settingsOverview p{ font-family: Arial, sans-serif;} #foundationData p{ font-family: Arial, sans-serif;}#foundationData section{ margin-left: 5%; margin-right: 5%;}#contactUsButton{ background-color: #A81A1B; border-radius: 4px; padding: 20px; color: #fff; box-shadow: 2px 2px rgba(0,0,0,0.5); display: inline-block; margin-top: 20px; text-transform: uppercase; border-style: none; cursor: pointer;}.donut-chart.chart .slice.one {clip: rect(0 200px 100px 0); -webkit-transform: rotate(90deg); transform: rotate(90deg);}.donut-chart.chart .slice.two {clip: rect(0 100px 200px 0); -webkit-transform: rotate(289.548deg); transform: rotate(289.548deg);}.donut-chart.chart .chart-center span:after {content: "80.43 %";}</style><script >"use strict";let AmountOfNonCompliantRules;let AmountOfCompliantRules;let TotalAmountOfRules;let QuantityCompliance;let TotalAmountOfSeverityRules;let AmountOfFailedSeverityRules;let SeverityCompliance;function startConditions(){ /* Default-Value: Display summary always at the beginning */ document.getElementById("summary").style.display = "block"; /* Default-Value: Disable all other tabs at the beginning */ document.getElementById("foundationData").style.display = "none"; document.getElementById("riskScore").style.display = "none"; document.getElementById("references").style.display = "none"; document.getElementById("settingsOverview").style.display = "none"; document.getElementById("summaryBtn").style.backgroundColor= '#ff9933'; document.getElementById("foundationDataBtn").style.backgroundColor = 'transparent'; document.getElementById("riskScoreBtn").style.backgroundColor= 'transparent'; document.getElementById("referenceBtn").style.backgroundColor= 'transparent'; document.getElementById("settingsOverviewBtn").style.backgroundColor= 'transparent'; /* Initialize necessary variables */ AmountOfNonCompliantRules = document.getElementById("AmountOfNonCompliantRules").textContent; document.getElementById("AmountOfNonCompliantRules").hidden = true; AmountOfCompliantRules = document.getElementById("AmountOfCompliantRules").textContent; document.getElementById("AmountOfCompliantRules").hidden = true; TotalAmountOfRules = document.getElementById("TotalAmountOfRules").textContent; document.getElementById("TotalAmountOfRules").hidden = true; QuantityCompliance = document.getElementById("QuantityCompliance").textContent; document.getElementById("QuantityCompliance").hidden = true; TotalAmountOfSeverityRules = document.getElementById("TotalAmountOfSeverityRules").textContent; document.getElementById("TotalAmountOfSeverityRules").hidden = true; AmountOfFailedSeverityRules = document.getElementById("AmountOfFailedSeverityRules").textContent; document.getElementById("AmountOfFailedSeverityRules").hidden = true; calcDotPosition(); let severityComplianceCollapseBtn = document.getElementById("severityComplianceCollapse"); severityComplianceCollapseBtn.addEventListener("click", ()=>{ if(document.getElementById("severityDetails").style.display == "none"){ document.getElementById("severityDetails").style.display = "block"; } else{ document.getElementById("severityDetails").style.display = "none"; } })}let buttonNumber;function clickButton(value){ buttonNumber = parseInt(value); /* Disable all content */ let tabContents = document.getElementsByClassName('tabContent'); for(let i = 0; i < tabContents.length; i++){ tabContents.item(i).style.display = "none"; } /* Disable all buttons */ let buttons = document.getElementsByClassName('navButton'); for(let i = 0; i < buttons.length; i++){ buttons.item(i).style.backgroundColor= 'transparent'; } /* Re-Enable fitting content / button */ switch(buttonNumber){ case 1: document.getElementById("summary").style.display = "block"; document.getElementById("summaryBtn").style.backgroundColor= '#ff9933'; break; case 2: document.getElementById("riskScore").style.display = "block"; document.getElementById("riskScoreBtn").style.backgroundColor= '#ff9933'; calcDotPosition(); break; case 3: document.getElementById("references").style.display = "block"; document.getElementById("referenceBtn").style.backgroundColor= '#ff9933'; break; case 4: document.getElementById("settingsOverview").style.display = "block"; document.getElementById("settingsOverviewBtn").style.backgroundColor= '#ff9933'; break; case 5: document.getElementById("foundationData").style.display = "block"; document.getElementById("foundationDataBtn").style.backgroundColor= '#ff9933'; break; }}/* Calculate the position of the dot inside the risk matrix; Will be calleed, after the user has clicked on Risk Score Button*/function calcDotPosition(){ let dotRiskScoreTab = document.getElementById("dotRiskScoreTab"); let dotSummaryTab = document.getElementById("dotSummaryTab"); QuantityCompliance = parseFloat(QuantityCompliance); let complianceValueQuantity = 0; let complianceValueSeverity = 0; /*low quantity compliance*/ if(80 < QuantityCompliance){ dotRiskScoreTab.style.gridColumnStart = 3; dotSummaryTab.style.gridColumnStart = 3; complianceValueQuantity = 1; } /*medium quantity compliance*/ else if(65 < QuantityCompliance && QuantityCompliance < 80){ dotRiskScoreTab.style.gridColumnStart = 4; dotSummaryTab.style.gridColumnStart = 4; complianceValueQuantity = 2; } /*high quantity compliance*/ else if(50 < QuantityCompliance && QuantityCompliance < 65){ dotRiskScoreTab.style.gridColumnStart = 5; dotSummaryTab.style.gridColumnStart = 5; complianceValueQuantity = 3; } /*critical quantity compliance*/ else{ dotRiskScoreTab.style.gridColumnStart = 6; dotSummaryTab.style.gridColumnStart = 6; complianceValueQuantity = 4; } SeverityCompliance = parseInt(AmountOfFailedSeverityRules); /*low severity compliance*/ if(SeverityCompliance == 0){ dotRiskScoreTab.style.gridRowStart = 4; dotSummaryTab.style.gridRowStart = 4; complianceValueSeverity = 1; document.getElementById("complianceStatus").style.padding = "5px 10px"; document.getElementById("complianceStatus").style.borderRadius = "8px"; document.getElementById("complianceStatus").style.backgroundColor = "#33cca6"; document.getElementById("complianceStatus").style.color = "#fff"; document.getElementById("complianceStatus").style.marginLeft = "6%"; document.getElementById("complianceStatus").style.fontWeight = "bold"; document.getElementById("complianceStatus").style.display = "inline"; } /*critical severity compliance*/ else{ dotRiskScoreTab.style.gridRowStart = 1; dotSummaryTab.style.gridRowStart = 1; complianceValueSeverity = 4; document.getElementById("complianceStatus").style.padding = "5px 10px"; document.getElementById("complianceStatus").style.borderRadius = "8px"; document.getElementById("complianceStatus").style.backgroundColor = "#cc0000"; document.getElementById("complianceStatus").style.color = "#fff"; document.getElementById("complianceStatus").style.marginLeft = "6%"; document.getElementById("complianceStatus").style.fontWeight = "bold"; document.getElementById("complianceStatus").style.display = "inline"; } let totalComplianceValue = Math.max(complianceValueQuantity, complianceValueSeverity); let summary = "Current Risk Score on tested System: "; let riskResult = document.createElement("p"); riskResult.style.display = "contents"; if(totalComplianceValue == 1){ riskResult.innerText = "Low"; riskResult.style.backgroundColor = "#548dd6"; } else if(totalComplianceValue == 2){ riskResult.innerText = "Medium"; riskResult.style.backgroundColor = "#ffc000"; } else if(totalComplianceValue == 3){ riskResult.innerText = "High"; riskResult.style.color = "white"; riskResult.style.backgroundColor = "#cc0000"; } else{ riskResult.innerText = "Critical"; riskResult.style.color = "white"; riskResult.style.backgroundColor = "purple"; } riskResult.style.display = "inline"; riskResult.style.padding = "5px 10px"; riskResult.style.borderRadius = "8px"; riskResult.style.fontWeight = "bold"; riskResult.style.margin = "auto"; let copyRiskResult = riskResult.cloneNode(); copyRiskResult.innerText = riskResult.innerText; document.getElementById("CurrentRiskScore").textContent = summary; document.getElementById("CurrentRiskScore").appendChild(riskResult); document.getElementById("CurrentRiskScoreRS").textContent = summary; document.getElementById("CurrentRiskScoreRS").appendChild(copyRiskResult);}</script></head><body onload="startConditions()"><div class="header content"><svg width="169" height="23" viewBox="0 0 169 23" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:1.41421;"><rect id="Artboard1" x="-8.32" y="-4.677" width="186.148" height="32.667" style="fill:none;"/><g><path d="M12.652,1.882c0,0.349 -0.014,0.642 -0.043,0.88c-0.03,0.238 -0.076,0.427 -0.14,0.567c-0.064,0.139 -0.136,0.244 -0.218,0.313c-0.081,0.07 -0.174,0.105 -0.279,0.105l-7.371,0l0,6.064l6.918,0c0.105,0 0.198,0.03 0.279,0.088c0.082,0.058 0.154,0.156 0.218,0.296c0.064,0.139 0.11,0.325 0.139,0.558c0.029,0.232 0.044,0.522 0.044,0.871c0,0.348 -0.015,0.639 -0.044,0.871c-0.029,0.233 -0.075,0.424 -0.139,0.575c-0.064,0.151 -0.136,0.259 -0.218,0.323c-0.081,0.064 -0.174,0.096 -0.279,0.096l-6.918,0l0,8.399c0,0.128 -0.035,0.239 -0.105,0.332c-0.07,0.093 -0.194,0.171 -0.374,0.235c-0.181,0.064 -0.416,0.113 -0.706,0.148c-0.291,0.035 -0.663,0.052 -1.116,0.052c-0.441,0 -0.81,-0.017 -1.106,-0.052c-0.297,-0.035 -0.532,-0.084 -0.706,-0.148c-0.174,-0.064 -0.299,-0.142 -0.375,-0.235c-0.075,-0.093 -0.113,-0.204 -0.113,-0.332l0,-20.442c0,-0.511 0.131,-0.88 0.392,-1.106c0.262,-0.227 0.584,-0.34 0.967,-0.34l10.613,0c0.105,0 0.198,0.032 0.279,0.096c0.082,0.064 0.154,0.168 0.218,0.314c0.064,0.145 0.11,0.339 0.14,0.583c0.029,0.244 0.043,0.541 0.043,0.889Z" style="fill-rule:nonzero;"/><path d="M32.711,15.789c0,0.802 -0.111,1.528 -0.331,2.178c-0.221,0.651 -0.526,1.226 -0.915,1.726c-0.39,0.499 -0.854,0.929 -1.394,1.289c-0.541,0.36 -1.136,0.657 -1.787,0.889c-0.65,0.232 -1.345,0.404 -2.082,0.514c-0.738,0.111 -1.56,0.166 -2.466,0.166l-5.995,0c-0.384,0 -0.706,-0.114 -0.967,-0.34c-0.262,-0.227 -0.392,-0.596 -0.392,-1.107l0,-19.658c0,-0.511 0.13,-0.88 0.392,-1.106c0.261,-0.227 0.583,-0.34 0.967,-0.34l5.664,0c1.382,0 2.553,0.116 3.511,0.349c0.959,0.232 1.766,0.583 2.423,1.054c0.656,0.47 1.158,1.066 1.507,1.786c0.349,0.72 0.523,1.569 0.523,2.545c0,0.546 -0.07,1.06 -0.209,1.542c-0.14,0.482 -0.343,0.921 -0.61,1.316c-0.267,0.395 -0.596,0.743 -0.985,1.045c-0.389,0.302 -0.833,0.546 -1.333,0.732c0.639,0.116 1.229,0.32 1.769,0.61c0.54,0.291 1.011,0.665 1.411,1.124c0.401,0.459 0.718,0.996 0.95,1.612c0.233,0.616 0.349,1.307 0.349,2.074Zm-5.925,-9.498c0,-0.453 -0.07,-0.86 -0.21,-1.22c-0.139,-0.36 -0.348,-0.659 -0.627,-0.897c-0.279,-0.238 -0.63,-0.421 -1.054,-0.549c-0.424,-0.128 -0.991,-0.192 -1.699,-0.192l-2.318,0l0,5.856l2.562,0c0.662,0 1.19,-0.079 1.585,-0.236c0.395,-0.156 0.724,-0.371 0.985,-0.644c0.261,-0.273 0.456,-0.593 0.584,-0.959c0.128,-0.366 0.192,-0.752 0.192,-1.159Zm1.167,9.655c0,-0.523 -0.087,-0.991 -0.261,-1.403c-0.175,-0.412 -0.43,-0.758 -0.767,-1.037c-0.337,-0.279 -0.767,-0.494 -1.29,-0.645c-0.522,-0.151 -1.202,-0.226 -2.039,-0.226l-2.718,0l0,6.413l3.311,0c0.639,0 1.176,-0.067 1.612,-0.201c0.436,-0.133 0.813,-0.331 1.133,-0.592c0.319,-0.261 0.569,-0.587 0.749,-0.976c0.18,-0.389 0.27,-0.834 0.27,-1.333Z" style="fill-rule:nonzero;"/><path d="M59.897,6.849c0,1.266 -0.197,2.387 -0.592,3.363c-0.395,0.976 -0.971,1.798 -1.726,2.466c-0.755,0.668 -1.681,1.177 -2.779,1.525c-1.098,0.349 -2.391,0.523 -3.878,0.523l-1.882,0l0,7.197c0,0.117 -0.038,0.221 -0.113,0.314c-0.076,0.093 -0.201,0.168 -0.375,0.227c-0.174,0.058 -0.407,0.104 -0.697,0.139c-0.291,0.035 -0.662,0.052 -1.115,0.052c-0.442,0 -0.811,-0.017 -1.107,-0.052c-0.296,-0.035 -0.532,-0.081 -0.706,-0.139c-0.174,-0.059 -0.296,-0.134 -0.366,-0.227c-0.07,-0.093 -0.104,-0.197 -0.104,-0.314l0,-20.285c0,-0.546 0.142,-0.955 0.427,-1.228c0.284,-0.273 0.659,-0.41 1.124,-0.41l5.315,0c0.534,0 1.043,0.02 1.525,0.061c0.482,0.041 1.06,0.128 1.734,0.261c0.674,0.134 1.356,0.381 2.047,0.741c0.692,0.36 1.281,0.816 1.769,1.368c0.488,0.552 0.86,1.197 1.116,1.934c0.255,0.738 0.383,1.566 0.383,2.484Zm-4.792,0.331c0,-0.79 -0.14,-1.441 -0.419,-1.952c-0.278,-0.511 -0.621,-0.889 -1.028,-1.133c-0.406,-0.244 -0.833,-0.398 -1.281,-0.461c-0.447,-0.064 -0.909,-0.096 -1.385,-0.096l-1.952,0l0,7.65l2.056,0c0.732,0 1.345,-0.099 1.839,-0.296c0.494,-0.198 0.897,-0.473 1.211,-0.828c0.314,-0.354 0.552,-0.778 0.715,-1.272c0.162,-0.494 0.244,-1.031 0.244,-1.612Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M73.177,7.86c0,0.418 -0.012,0.761 -0.035,1.028c-0.024,0.267 -0.058,0.476 -0.105,0.627c-0.046,0.151 -0.107,0.256 -0.183,0.314c-0.075,0.058 -0.171,0.087 -0.287,0.087c-0.093,0 -0.198,-0.02 -0.314,-0.061c-0.116,-0.041 -0.247,-0.084 -0.392,-0.131c-0.145,-0.046 -0.305,-0.09 -0.479,-0.13c-0.175,-0.041 -0.366,-0.061 -0.576,-0.061c-0.244,0 -0.487,0.049 -0.731,0.148c-0.244,0.099 -0.497,0.252 -0.759,0.462c-0.261,0.209 -0.534,0.488 -0.819,0.836c-0.284,0.349 -0.589,0.779 -0.915,1.29l0,9.689c0,0.116 -0.034,0.218 -0.104,0.305c-0.07,0.087 -0.189,0.16 -0.357,0.218c-0.169,0.058 -0.392,0.102 -0.671,0.131c-0.279,0.029 -0.633,0.043 -1.063,0.043c-0.43,0 -0.785,-0.014 -1.063,-0.043c-0.279,-0.029 -0.503,-0.073 -0.671,-0.131c-0.169,-0.058 -0.288,-0.131 -0.358,-0.218c-0.069,-0.087 -0.104,-0.189 -0.104,-0.305l0,-15.545c0,-0.116 0.029,-0.218 0.087,-0.305c0.058,-0.087 0.163,-0.16 0.314,-0.218c0.151,-0.058 0.345,-0.101 0.583,-0.13c0.239,-0.029 0.538,-0.044 0.898,-0.044c0.372,0 0.68,0.015 0.924,0.044c0.244,0.029 0.432,0.072 0.566,0.13c0.134,0.058 0.229,0.131 0.288,0.218c0.058,0.087 0.087,0.189 0.087,0.305l0,1.935c0.406,-0.581 0.79,-1.061 1.15,-1.438c0.36,-0.378 0.703,-0.677 1.028,-0.898c0.325,-0.22 0.651,-0.374 0.976,-0.461c0.325,-0.088 0.651,-0.131 0.976,-0.131c0.151,0 0.314,0.009 0.488,0.026c0.174,0.017 0.354,0.046 0.54,0.087c0.186,0.041 0.349,0.087 0.488,0.14c0.139,0.052 0.241,0.107 0.305,0.165c0.064,0.058 0.11,0.122 0.139,0.192c0.029,0.069 0.056,0.165 0.079,0.287c0.023,0.122 0.041,0.305 0.052,0.549c0.012,0.244 0.018,0.575 0.018,0.994Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M91.161,14.029c0,1.324 -0.174,2.533 -0.522,3.625c-0.349,1.092 -0.878,2.033 -1.586,2.823c-0.709,0.79 -1.598,1.4 -2.667,1.83c-1.069,0.43 -2.317,0.645 -3.747,0.645c-1.382,0 -2.585,-0.192 -3.607,-0.576c-1.022,-0.383 -1.87,-0.941 -2.544,-1.673c-0.674,-0.731 -1.174,-1.632 -1.499,-2.701c-0.325,-1.069 -0.488,-2.289 -0.488,-3.659c0,-1.325 0.177,-2.536 0.532,-3.634c0.354,-1.098 0.885,-2.039 1.594,-2.823c0.709,-0.784 1.595,-1.391 2.658,-1.821c1.063,-0.43 2.309,-0.645 3.738,-0.645c1.394,0 2.602,0.189 3.625,0.566c1.022,0.378 1.867,0.933 2.535,1.665c0.668,0.731 1.165,1.632 1.49,2.701c0.326,1.069 0.488,2.294 0.488,3.677Zm-4.513,0.174c0,-0.767 -0.061,-1.472 -0.183,-2.117c-0.122,-0.645 -0.328,-1.206 -0.619,-1.682c-0.29,-0.476 -0.677,-0.848 -1.159,-1.115c-0.482,-0.268 -1.089,-0.401 -1.821,-0.401c-0.651,0 -1.22,0.119 -1.708,0.357c-0.488,0.238 -0.889,0.587 -1.202,1.046c-0.314,0.459 -0.549,1.011 -0.706,1.655c-0.157,0.645 -0.235,1.38 -0.235,2.205c0,0.767 0.064,1.472 0.191,2.117c0.128,0.645 0.334,1.206 0.619,1.682c0.285,0.476 0.671,0.845 1.159,1.107c0.488,0.261 1.092,0.392 1.812,0.392c0.663,0 1.238,-0.119 1.726,-0.358c0.488,-0.238 0.888,-0.583 1.202,-1.036c0.314,-0.454 0.546,-1.003 0.697,-1.647c0.151,-0.645 0.227,-1.38 0.227,-2.205Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M114.685,7.232c0,0.173 -0.009,0.326 -0.027,0.459c-0.019,0.132 -0.046,0.242 -0.083,0.329c-0.036,0.086 -0.082,0.148 -0.137,0.185c-0.055,0.036 -0.114,0.054 -0.178,0.054c-0.109,0 -0.292,-0.086 -0.548,-0.26c-0.256,-0.173 -0.598,-0.365 -1.028,-0.575c-0.429,-0.21 -0.943,-0.402 -1.541,-0.576c-0.598,-0.173 -1.309,-0.26 -2.131,-0.26c-0.977,0 -1.854,0.178 -2.631,0.534c-0.776,0.356 -1.434,0.85 -1.973,1.48c-0.539,0.63 -0.952,1.379 -1.24,2.247c-0.287,0.868 -0.431,1.809 -0.431,2.823c0,1.132 0.157,2.137 0.472,3.014c0.316,0.877 0.752,1.617 1.309,2.22c0.557,0.603 1.222,1.06 1.994,1.37c0.771,0.311 1.619,0.466 2.541,0.466c0.548,0 1.103,-0.066 1.665,-0.199c0.562,-0.132 1.085,-0.331 1.569,-0.596l0,-5.165l-4.111,0c-0.155,0 -0.271,-0.078 -0.349,-0.233c-0.078,-0.156 -0.116,-0.398 -0.116,-0.727c0,-0.173 0.009,-0.322 0.027,-0.445c0.018,-0.123 0.048,-0.224 0.089,-0.301c0.041,-0.078 0.089,-0.135 0.144,-0.172c0.055,-0.036 0.123,-0.054 0.205,-0.054l5.632,0c0.1,0 0.201,0.018 0.301,0.054c0.101,0.037 0.192,0.092 0.274,0.165c0.083,0.073 0.147,0.173 0.192,0.301c0.046,0.128 0.069,0.274 0.069,0.439l0,6.755c0,0.237 -0.041,0.443 -0.124,0.617c-0.082,0.173 -0.255,0.326 -0.52,0.459c-0.265,0.132 -0.608,0.276 -1.028,0.431c-0.42,0.155 -0.854,0.288 -1.302,0.398c-0.447,0.109 -0.899,0.191 -1.356,0.246c-0.457,0.055 -0.909,0.082 -1.357,0.082c-1.37,0 -2.594,-0.212 -3.672,-0.637c-1.078,-0.425 -1.989,-1.03 -2.733,-1.815c-0.745,-0.786 -1.313,-1.727 -1.706,-2.823c-0.393,-1.096 -0.589,-2.32 -0.589,-3.672c0,-1.407 0.212,-2.681 0.637,-3.823c0.425,-1.142 1.023,-2.115 1.795,-2.919c0.772,-0.803 1.699,-1.427 2.781,-1.87c1.083,-0.443 2.282,-0.664 3.597,-0.664c0.676,0 1.311,0.059 1.905,0.178c0.593,0.118 1.121,0.258 1.582,0.418c0.462,0.159 0.85,0.333 1.165,0.52c0.315,0.188 0.532,0.341 0.651,0.459c0.119,0.119 0.201,0.256 0.246,0.411c0.046,0.156 0.069,0.379 0.069,0.672Z" style="fill-rule:nonzero;"/><path d="M137.102,22.208c0,0.073 -0.019,0.135 -0.055,0.185c-0.037,0.05 -0.096,0.094 -0.178,0.13c-0.083,0.037 -0.197,0.064 -0.343,0.083c-0.146,0.018 -0.329,0.027 -0.548,0.027c-0.228,0 -0.416,-0.009 -0.562,-0.027c-0.146,-0.019 -0.262,-0.046 -0.349,-0.083c-0.087,-0.036 -0.149,-0.08 -0.185,-0.13c-0.037,-0.05 -0.055,-0.112 -0.055,-0.185l0,-7.495c0,-0.521 -0.046,-0.996 -0.137,-1.425c-0.091,-0.429 -0.238,-0.799 -0.439,-1.11c-0.2,-0.31 -0.456,-0.548 -0.767,-0.712c-0.31,-0.165 -0.676,-0.247 -1.096,-0.247c-0.521,0 -1.044,0.201 -1.569,0.603c-0.525,0.402 -1.103,0.991 -1.733,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.037,0.05 -0.098,0.094 -0.185,0.13c-0.087,0.037 -0.203,0.064 -0.349,0.083c-0.147,0.018 -0.329,0.027 -0.548,0.027c-0.211,0 -0.391,-0.009 -0.542,-0.027c-0.15,-0.019 -0.269,-0.046 -0.356,-0.083c-0.087,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-7.495c0,-0.521 -0.05,-0.996 -0.151,-1.425c-0.1,-0.429 -0.251,-0.799 -0.452,-1.11c-0.201,-0.31 -0.454,-0.548 -0.76,-0.712c-0.306,-0.165 -0.67,-0.247 -1.09,-0.247c-0.52,0 -1.046,0.201 -1.575,0.603c-0.53,0.402 -1.106,0.991 -1.727,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.036,0.05 -0.096,0.094 -0.178,0.13c-0.082,0.037 -0.196,0.064 -0.342,0.083c-0.147,0.018 -0.334,0.027 -0.562,0.027c-0.219,0 -0.402,-0.009 -0.548,-0.027c-0.146,-0.019 -0.263,-0.046 -0.35,-0.083c-0.086,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-12.332c0,-0.073 0.014,-0.134 0.041,-0.185c0.028,-0.05 0.083,-0.096 0.165,-0.137c0.082,-0.041 0.187,-0.068 0.315,-0.082c0.128,-0.014 0.297,-0.02 0.507,-0.02c0.201,0 0.368,0.006 0.5,0.02c0.132,0.014 0.235,0.041 0.308,0.082c0.073,0.041 0.126,0.087 0.158,0.137c0.032,0.051 0.048,0.112 0.048,0.185l0,1.631c0.694,-0.777 1.368,-1.345 2.021,-1.706c0.653,-0.361 1.313,-0.541 1.98,-0.541c0.511,0 0.97,0.059 1.377,0.178c0.406,0.119 0.765,0.285 1.076,0.5c0.31,0.215 0.575,0.47 0.794,0.767c0.219,0.297 0.402,0.628 0.548,0.994c0.411,-0.448 0.802,-0.827 1.172,-1.138c0.37,-0.31 0.726,-0.561 1.069,-0.753c0.342,-0.192 0.676,-0.331 1,-0.418c0.324,-0.087 0.651,-0.13 0.98,-0.13c0.794,0 1.461,0.139 2,0.418c0.539,0.278 0.975,0.65 1.309,1.116c0.333,0.466 0.571,1.012 0.712,1.638c0.142,0.625 0.213,1.285 0.213,1.98l0,7.796Z" style="fill-rule:nonzero;"/><path d="M152.571,15.878c0,1.069 -0.116,2.03 -0.349,2.884c-0.233,0.854 -0.576,1.583 -1.028,2.186c-0.452,0.602 -1.007,1.064 -1.665,1.383c-0.657,0.32 -1.411,0.48 -2.261,0.48c-0.392,0 -0.755,-0.039 -1.089,-0.116c-0.333,-0.078 -0.66,-0.204 -0.98,-0.377c-0.319,-0.174 -0.639,-0.393 -0.959,-0.658c-0.319,-0.265 -0.657,-0.585 -1.014,-0.959l0,1.507c0,0.073 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.096,0.098 -0.179,0.13c-0.082,0.032 -0.185,0.057 -0.308,0.076c-0.123,0.018 -0.281,0.027 -0.473,0.027c-0.182,0 -0.338,-0.009 -0.465,-0.027c-0.128,-0.019 -0.233,-0.044 -0.316,-0.076c-0.082,-0.032 -0.137,-0.075 -0.164,-0.13c-0.027,-0.055 -0.041,-0.119 -0.041,-0.192l0,-18.306c0,-0.073 0.016,-0.137 0.048,-0.192c0.032,-0.054 0.091,-0.1 0.178,-0.137c0.087,-0.036 0.203,-0.064 0.349,-0.082c0.147,-0.018 0.329,-0.027 0.548,-0.027c0.229,0 0.416,0.009 0.562,0.027c0.146,0.018 0.261,0.046 0.343,0.082c0.082,0.037 0.141,0.083 0.178,0.137c0.036,0.055 0.055,0.119 0.055,0.192l0,7.386c0.365,-0.375 0.719,-0.69 1.062,-0.946c0.342,-0.256 0.678,-0.463 1.007,-0.623c0.329,-0.16 0.657,-0.277 0.986,-0.35c0.329,-0.073 0.676,-0.109 1.042,-0.109c0.895,0 1.66,0.178 2.295,0.534c0.635,0.356 1.151,0.834 1.548,1.432c0.397,0.598 0.687,1.299 0.87,2.103c0.183,0.804 0.274,1.654 0.274,2.549Zm-2.343,0.26c0,-0.63 -0.048,-1.242 -0.145,-1.836c-0.096,-0.594 -0.264,-1.119 -0.503,-1.576c-0.239,-0.456 -0.556,-0.824 -0.951,-1.103c-0.395,-0.278 -0.887,-0.418 -1.475,-0.418c-0.294,0 -0.584,0.041 -0.869,0.124c-0.285,0.082 -0.574,0.219 -0.868,0.411c-0.294,0.192 -0.6,0.438 -0.917,0.74c-0.317,0.301 -0.655,0.68 -1.013,1.137l0,4.919c0.625,0.758 1.222,1.336 1.792,1.733c0.57,0.398 1.163,0.596 1.778,0.596c0.57,0 1.057,-0.137 1.462,-0.411c0.404,-0.274 0.733,-0.637 0.985,-1.089c0.253,-0.452 0.437,-0.959 0.552,-1.521c0.115,-0.562 0.172,-1.13 0.172,-1.706Z" style="fill-rule:nonzero;"/><path d="M169,22.194c0,0.074 -0.018,0.137 -0.055,0.192c-0.036,0.055 -0.1,0.098 -0.192,0.13c-0.091,0.032 -0.212,0.06 -0.363,0.083c-0.15,0.023 -0.335,0.034 -0.555,0.034c-0.237,0 -0.429,-0.011 -0.575,-0.034c-0.146,-0.023 -0.265,-0.051 -0.356,-0.083c-0.092,-0.032 -0.156,-0.075 -0.192,-0.13c-0.037,-0.055 -0.055,-0.118 -0.055,-0.192l0,-7.865l-8.071,0l0,7.865c0,0.074 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.101,0.098 -0.192,0.13c-0.092,0.032 -0.213,0.06 -0.363,0.083c-0.151,0.023 -0.341,0.034 -0.569,0.034c-0.219,0 -0.406,-0.011 -0.562,-0.034c-0.155,-0.023 -0.278,-0.051 -0.37,-0.083c-0.091,-0.032 -0.155,-0.075 -0.192,-0.13c-0.036,-0.055 -0.054,-0.118 -0.054,-0.192l0,-17.018c0,-0.073 0.018,-0.137 0.054,-0.191c0.037,-0.055 0.101,-0.099 0.192,-0.131c0.092,-0.032 0.215,-0.059 0.37,-0.082c0.156,-0.023 0.343,-0.034 0.562,-0.034c0.228,0 0.418,0.011 0.569,0.034c0.15,0.023 0.271,0.05 0.363,0.082c0.091,0.032 0.155,0.076 0.192,0.131c0.036,0.054 0.054,0.118 0.054,0.191l0,7.098l8.071,0l0,-7.098c0,-0.073 0.018,-0.137 0.055,-0.191c0.036,-0.055 0.1,-0.099 0.192,-0.131c0.091,-0.032 0.21,-0.059 0.356,-0.082c0.146,-0.023 0.338,-0.034 0.575,-0.034c0.22,0 0.405,0.011 0.555,0.034c0.151,0.023 0.272,0.05 0.363,0.082c0.092,0.032 0.156,0.076 0.192,0.131c0.037,0.054 0.055,0.118 0.055,0.191l0,17.018Z" style="fill-rule:nonzero;"/></g></svg><h1 >Windows 10 Report</h1></div><div class="main content"><div class="host-information"><div id="AmountOfNonCompliantRules">521</div><div id="AmountOfCompliantRules">2157</div><div id="TotalAmountOfRules">2682</div><div id="QuantityCompliance">80.43</div><div id="TotalAmountOfSeverityRules">31</div><div id="AmountOfFailedSeverityRules">0</div><div id="navigationButtons"><button onclick="clickButton('1')" class="navButton" type="button" id="summaryBtn">Benchmark Compliance</button><button onclick="clickButton('5')" class="navButton" type="button" id="foundationDataBtn">Security Base Data</button><button onclick="clickButton('2')" class="navButton" type="button" id="riskScoreBtn">Risk Score</button><button onclick="clickButton('4')" class="navButton" type="button" id="settingsOverviewBtn">Hardening Settings</button><button onclick="clickButton('3')" class="navButton" type="button" id="referenceBtn">About Us</button></div><div class="tabContent" id="settingsOverview"><h1 id="toc">Hardening Settings</h1><h2 >Table Of Contents</h2><p >Click the link(s) below for quick access to a report section.</p><ul ><li ><a href="#CIS-Benchmarks">CIS Benchmarks</a><ul ><li ><a href="#CIS-BenchmarksRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#CIS-BenchmarksUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#CIS-BenchmarksAccount-Policies">Account Policies</a></li><li ><a href="#CIS-BenchmarksAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li><li ><a href="#DISA-Recommendations">DISA Recommendations</a><ul ><li ><a href="#DISA-RecommendationsRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#DISA-RecommendationsUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#DISA-RecommendationsAccount-Policies">Account Policies</a></li><li ><a href="#DISA-RecommendationsWindows-Features">Windows Features</a></li><li ><a href="#DISA-RecommendationsFile-System-Permissions">File System Permissions</a></li><li ><a href="#DISA-RecommendationsRegistry-Permissions">Registry Permissions</a></li></ul></li><li ><a href="#CyberGovAu-Benchmarks">CyberGovAu Benchmarks</a><ul ><li ><a href="#CyberGovAu-BenchmarksRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#CyberGovAu-BenchmarksUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#CyberGovAu-BenchmarksAccount-Policies">Account Policies</a></li><li ><a href="#CyberGovAu-BenchmarksAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li><li ><a href="#Microsoft-Benchmarks">Microsoft Benchmarks</a><ul ><li ><a href="#Microsoft-BenchmarksRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#Microsoft-BenchmarksUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#Microsoft-BenchmarksAccount-Policies">Account Policies</a></li><li ><a href="#Microsoft-BenchmarksAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-Logging">BSI Benchmarks SiSyPHuS Logging</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-LoggingRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-LoggingAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HD">BSI Benchmarks SiSyPHuS HD</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDAccount-Policies">Account Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDSecurity-Options">Security Options</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-ND">BSI Benchmarks SiSyPHuS ND</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDAccount-Policies">Account Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDSecurity-Options">Security Options</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NE">BSI Benchmarks SiSyPHuS NE</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-NERegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NEUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NEAccount-Policies">Account Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NESecurity-Options">Security Options</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI">BSI Benchmarks SiSyPHus-BSI</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHus--BSIRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI-Bundespolizei">BSI Benchmarks SiSyPHus-BSI Bundespolizei</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiAccount-Policies">Account Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li></ul><h2 >Benchmark Details</h2><section ><h1 id="CIS-Benchmarks"><span class="failed">CIS Benchmarks</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the CIS Benchmark results.</p><section ><h1 id="CIS-BenchmarksRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1.1.6</td><td >(L1) Ensure 'Relax minimum password length limits' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.1.2</td><td >(L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.1.4</td><td >(L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.2.1</td><td >(L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.2.2</td><td >(L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.4.1</td><td >(L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.4.2</td><td >(L2) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.1</td><td >(L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.2</td><td >(L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.3</td><td >(L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.4</td><td >(L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.5</td><td >(L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.6.6</td><td >(L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.1</td><td >(L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.2</td><td >(L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.3</td><td >(BL) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.4</td><td >(L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.5</td><td >(L1) Configure 'Interactive logon: Message text for users attempting to log on'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.6</td><td >(L1) Configure 'Interactive logon: Message title for users attempting to log on'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.7</td><td >(L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.8</td><td >(L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.7.9</td><td >(L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.8.1</td><td >(L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.8.2</td><td >(L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.8.3</td><td >(L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.9.1</td><td >(L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.9.2</td><td >(L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.9.3</td><td >(L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.9.4</td><td >(L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.9.5</td><td >(L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.1</td><td >(L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.3.10.2</td><td >(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.3</td><td >(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.4</td><td >(L1) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.5</td><td >(L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.6</td><td >(L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.7</td><td >(L1) Ensure 'Network access: Remotely accessible registry paths' is configured</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.8</td><td >(L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.9</td><td >(L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.10</td><td >(L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.11</td><td >(L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.10.12</td><td >(L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.1</td><td >(L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.2</td><td >(L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.3</td><td >(L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.4</td><td >(L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.5</td><td >(L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.7</td><td >(L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM&NTLM'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.8</td><td >(L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.9</td><td >(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.11.10</td><td >(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.14.1</td><td >(L2) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.15.1</td><td >(L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.15.2</td><td >(L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.1</td><td >(L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.2</td><td >(L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.3</td><td >(L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'</td><td >Registry value is '3'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.3.17.4</td><td >(L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.5</td><td >(L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.6</td><td >(L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.7</td><td >(L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.3.17.8</td><td >(L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1</td><td >(L2) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled'</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >5.2</td><td >(L2) Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled'</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >5.3</td><td >(L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.4</td><td >(L2) Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.5</td><td >(L2) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.6</td><td >(L1) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.7</td><td >(L1) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.8</td><td >(L1) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.9</td><td >(L2) Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.10</td><td >(L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.11</td><td >(L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.12</td><td >(L2) Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.13</td><td >(L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.14</td><td >(L2) Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.15</td><td >(L2) Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.16</td><td >(L2) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.17</td><td >(L2) Ensure 'PNRP Machine Name Publication Service (PNRPAutoReg)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.18</td><td >(L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled'</td><td >Registry value is '2'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >5.19</td><td >(L2) Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.20</td><td >(L2) Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.21</td><td >(L2) Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.22</td><td >(L2) Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.23</td><td >(L2) Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.24</td><td >(L1) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.25</td><td >(L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.26</td><td >(L1) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.27</td><td >(L2) Ensure 'Server (LanmanServer)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.28</td><td >(L1) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.29</td><td >(L2) Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.30</td><td >(L1) Ensure 'Special Administration Console Helper (sacsvr)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.31</td><td >(L1) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.32</td><td >(L1) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.33</td><td >(L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.34</td><td >(L2) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.35</td><td >(L2) Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.36</td><td >(L1) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.37</td><td >(L1) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.38</td><td >(L2) Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.39</td><td >(L2) Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.40</td><td >(L2) Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'</td><td >Registry value is '2'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >5.41</td><td >(L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.42</td><td >(L1) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.43</td><td >(L1) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.44</td><td >(L1) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.45</td><td >(L1) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.1.1</td><td >(L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.1.2</td><td >(L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.1.3</td><td >(L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.1.4</td><td >(L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.1.5</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.1.6</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.1.7</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.1.8</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.2.1</td><td >(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.2.2</td><td >(L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.2.3</td><td >(L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.2.4</td><td >(L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.2.5</td><td >(L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.2.6</td><td >(L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.2.7</td><td >(L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.2.8</td><td >(L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.3.1</td><td >(L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.2</td><td >(L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.3</td><td >(L1) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >9.3.4</td><td >(L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.5</td><td >(L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.6</td><td >(L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.7</td><td >(L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.8</td><td >(L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.9</td><td >(L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9.3.10</td><td >(L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.1.1.1</td><td >(L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.1.1.2</td><td >(L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.1.2.2</td><td >(L1) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.1.3</td><td >(L2) Ensure 'Allow Online Tips' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.2.2</td><td >(L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.2.3</td><td >(L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.2.4</td><td >(L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.2.5</td><td >(L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.2.6</td><td >(L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.1</td><td >(L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.2</td><td >(L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.3</td><td >(L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.4</td><td >(L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.5</td><td >(L1) Ensure 'Limits print driver installation to Administrators' is set to 'Enabled' (Automated)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.6</td><td >(L1) Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)')</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.3.7</td><td >(L1) Ensure 'WDigest Authentication' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.1</td><td >(L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.2</td><td >(L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.3</td><td >(L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.4</td><td >(L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.5</td><td >(L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.6</td><td >(L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.7</td><td >(L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.8</td><td >(L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.9</td><td >(L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.10</td><td >(L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.11</td><td >(L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.12</td><td >(L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.4.13</td><td >(L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.4.1</td><td >(L1) Ensure 'Configure DNS over HTTPS (DoH) name resolution' is set to 'Enabled: Allow DoH' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.4.2</td><td >(L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.5.1</td><td >(L2) Ensure 'Enable Font Providers' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.8.1</td><td >(L1) Ensure 'Enable insecure guest logons' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.1 A</td><td >(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' (Domain)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.1 B</td><td >(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' (Public)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.1 C</td><td >(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' (EnableLLTDIO),</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.1 D</td><td >(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' (Private)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.2 A</td><td >(L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' (AllowRspndrOnDomain)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.2 B</td><td >(L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' (AllowRspndrOnPublicNet)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.2 C</td><td >(L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' (EnableRspndr)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.9.2 D</td><td >(L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' (ProhibitRspndrOnPrivateNet)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.10.2</td><td >(L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.11.2</td><td >(L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.11.3</td><td >(L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.11.4</td><td >(L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.14.1 A</td><td >(L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.14.1 B</td><td >(L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.19.2.1</td><td >(L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.20.1</td><td >(L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.20.2</td><td >(L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.21.1</td><td >(L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.5.21.2</td><td >(L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.5.23.2.1</td><td >(L1) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.6.1</td><td >(L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.6.2</td><td >(L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.6.3</td><td >(L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.7.1.1</td><td >(L2) Ensure 'Turn off notifications network usage' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.3.1</td><td >(L1) Ensure 'Include command line in process creation events' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.4.1</td><td >(L1) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.4.2</td><td >(L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.1</td><td >(NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.2</td><td >(NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot and DMA Protection'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.3</td><td >(NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.4</td><td >(NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.5</td><td >(NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.5.6</td><td >(NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.7.1.1</td><td >(BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.8.7.1.2</td><td >(BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.7.1.3</td><td >(BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.8.7.1.4</td><td >(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.7.1.5</td><td >(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.7.1.6</td><td >(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.7.2</td><td >(L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled' (Automated)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.14.1</td><td >(L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.21.2</td><td >(L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.21.3</td><td >(L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.21.4</td><td >(L1) Ensure 'Continue experiences on this device' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.21.5</td><td >(L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.1</td><td >(L2) Ensure 'Turn off access to the Store' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.2</td><td >(L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.3</td><td >(L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.4</td><td >(L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.5</td><td >(L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.6</td><td >(L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.7</td><td >(L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.8</td><td >(L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.9</td><td >(L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.10</td><td >(L2) Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.11</td><td >(L2) Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.12</td><td >(L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.13</td><td >(L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.14 A</td><td >(L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.22.1.14 B</td><td >(L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'</td><td >Registry value is '0'. Expected: x == 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.8.25.1 A</td><td >(L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' (DevicePKInitBehavior)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.25.1 B</td><td >(L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' (DevicePKInitEnabled)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.26.1</td><td >(BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.27.1</td><td >(L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.1</td><td >(L1) Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.2</td><td >(L1) Ensure 'Do not display network selection UI' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.3</td><td >(L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.4</td><td >(L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.5</td><td >(L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.6</td><td >(L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.28.7</td><td >(L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.31.1</td><td >(L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.31.2</td><td >(L2) Ensure 'Allow upload of User Activities' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.1</td><td >(L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.2</td><td >(L1) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.3</td><td >(BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.4</td><td >(BL) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.5</td><td >(L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.34.6.6</td><td >(L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.36.1</td><td >(L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.36.2</td><td >(L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.37.1</td><td >(L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.37.2</td><td >(L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.48.5.1</td><td >(L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.48.11.1</td><td >(L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.50.1</td><td >(L2) Ensure 'Turn off the advertising ID' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.53.1.1</td><td >(L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.8.53.1.2</td><td >(L2) Ensure 'Enable Windows NTP Server' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.4.1</td><td >(L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.4.2</td><td >(L1) Ensure 'Prevent non-admin users from installing packaged Windows apps' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.5.1</td><td >(L1) Ensure 'Let Windows apps activate with voice while the system is locked' is set to 'Enabled: Force Deny'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.6.1</td><td >(L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.6.2</td><td >(L2) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.8.1</td><td >(L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.8.2</td><td >(L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.8.3</td><td >(L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.10.1.1</td><td >(L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.1</td><td >(BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.2</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.3</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.4</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.5</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.6</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.7</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.8</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.9</td><td >(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.10</td><td >(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.11</td><td >(BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.12</td><td >(BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.1.13</td><td >(BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.1</td><td >(BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.2</td><td >(BL) Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.3</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.4</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.5</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.6</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.7</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.8</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.9</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.10</td><td >(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.11</td><td >(BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.12</td><td >(BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.13</td><td >(BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.2.14</td><td >(BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.1</td><td >(BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.2</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.11.3.3</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.4</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.11.3.5</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.6</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.7</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.8</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.9</td><td >(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.10</td><td >(BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.11</td><td >(BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.11.3.12</td><td >(BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.13</td><td >(BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.14</td><td >(BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.3.15</td><td >(BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.11.4</td><td >(BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.12.1</td><td >(L2) Ensure 'Allow Use of Camera' is set to 'Disabled'</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.14.1</td><td >(L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.14.2</td><td >(L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.14.3</td><td >(L1) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.15.1</td><td >(L1) Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.16.1</td><td >(L1) Ensure 'Do not display the password reveal button' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.16.2</td><td >(L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.16.3</td><td >(L1) Ensure 'Prevent the use of security questions for local accounts' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.1</td><td >(L1) Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.2</td><td >(L2) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.3</td><td >(L1) Ensure 'Disable OneSettings Downloads' is enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.4</td><td >(L1) Ensure 'Do not show feedback notifications' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.5</td><td >(L1) Ensure 'Enable OneSettings Auditing' is set to 'Enabled</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.6</td><td >(L1) Ensure 'Limit Diagnostic Log Collection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.7</td><td >(L1) Ensure 'Limit Dump Collection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.17.8</td><td >(L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.18.1</td><td >(L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.1.1</td><td >(L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.1.2</td><td >(L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.2.1</td><td >(L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.2.2</td><td >(L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.3.1</td><td >(L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.3.2</td><td >(L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.4.1</td><td >(L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.27.4.2</td><td >(L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.31.2</td><td >(L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.31.3</td><td >(L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.31.4</td><td >(L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.36.1</td><td >(L1) Ensure 'Prevent the computer from joining a homegroup' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.41.1</td><td >(L2) Ensure 'Turn off location' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.45.1</td><td >(L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.46.1</td><td >(L1) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.4.1</td><td >(L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.4.2</td><td >(L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.1</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 A</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 B</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 C</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 D</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 E</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 F</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 G</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 H</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 I</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 J</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 K</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.1.2 L</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block persistence through WMI event subscription)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.5.3.1</td><td >(L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.6.1</td><td >(L2) Ensure 'Enable file hash computation feature' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.9.1</td><td >(L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.9.2</td><td >(L1) Ensure 'Turn off real-time protection' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.9.3</td><td >(L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.9.4</td><td >(L1) Ensure 'Turn on script scanning' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.11.1</td><td >(L2) Ensure 'Configure Watson events' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.12.1</td><td >(L1) Ensure 'Scan removable drives' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.12.2</td><td >(L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.15</td><td >(L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.47.16</td><td >(L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.1</td><td >(NG) Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.2</td><td >(NG) Ensure 'Allow camera and microphone access in Windows Defender Application Guard' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.3</td><td >(NG) Ensure 'Allow data persistence for Windows Defender Application Guard' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.4</td><td >(NG) Ensure 'Allow files to download and save to the host operating system from Windows Defender Application Guard' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.5</td><td >(NG) Ensure 'Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.48.6</td><td >(NG) Ensure 'Turn on Windows Defender Application Guard in Enterprise Mode' is set to 'Enabled: 1'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.57.1</td><td >(L2) Ensure 'Enable news and interests on the taskbar' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.58.1</td><td >(L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.64.1</td><td >(L2) Ensure 'Turn off Push To Install service' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.2.2</td><td >(L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.2.1</td><td >(L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.1</td><td >(L2) Ensure 'Allow UI Automation redirection' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.2</td><td >(L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.3</td><td >(L1) Ensure 'Do not allow drive redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.4</td><td >(L2) Ensure 'Do not allow location redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.5</td><td >(L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.3.6</td><td >(L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.9.1</td><td >(L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.9.2</td><td >(L1) Ensure 'Require secure RPC communication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.9.3</td><td >(L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.9.4</td><td >(L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.9.5</td><td >(L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.10.1</td><td >(L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.10.2</td><td >(L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.65.3.11.1</td><td >(L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.66.1</td><td >(L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.67.2</td><td >(L2) Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.67.3</td><td >(L1) Ensure 'Allow Cortana' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.67.4</td><td >(L1) Ensure 'Allow Cortana above lock screen' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.67.5</td><td >(L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.67.6</td><td >(L1) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.72.1</td><td >(L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.75.1</td><td >(L2) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.75.2</td><td >(L1) Ensure 'Only display the private store within the Microsoft Store' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.75.3</td><td >(L1) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.75.4</td><td >(L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.75.5</td><td >(L2) Ensure 'Turn off the Store application' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.81.1</td><td >(L1) Ensure 'Allow widgets' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.85.1.1 A</td><td >(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.85.1.1 B</td><td >(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' (ShellSmartScreenLevel)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.85.2.1</td><td >(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.85.2.2</td><td >(L1) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled' (PreventOverride).</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.87.1</td><td >(L1) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.89.1</td><td >(L2) Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.89.2</td><td >(L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.90.1</td><td >(L1) Ensure 'Allow user control over installs' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.90.2</td><td >(L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' (LocalMachine)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.90.3</td><td >(L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.91.1</td><td >(L1) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.100.1</td><td >(L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.100.2</td><td >(L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.1.1</td><td >(L1) Ensure 'Allow Basic authentication' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.1.2</td><td >(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.1.3</td><td >(L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.2.1</td><td >(L1) Ensure 'Allow Basic authentication' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.2.2</td><td >(L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.102.2.3</td><td >(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.102.2.4</td><td >(L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.103.1</td><td >(L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.104.1</td><td >(L1) Ensure 'Allow clipboard sharing with Windows Sandbox' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.104.2</td><td >(L1) Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.105.2.1</td><td >(L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.1.1</td><td >(L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.2.1</td><td >(L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.2.2</td><td >(L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.2.3</td><td >(L1) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.4.1</td><td >(L1) Ensure 'Manage preview builds' is set to 'Disabled' (Automated)</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >18.9.108.4.2 A</td><td >(L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.4.2 B</td><td >(L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days' (DeferFeatureUpdatesPeriodInDays)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.4.3 A</td><td >(L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days'. (DeferQualityUpdates)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18.9.108.4.3 B</td><td >(L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' (DeferQualityUpdatesPeriodInDays)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >19.7.8.5</td><td >(L1) Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="CIS-BenchmarksUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >2.2.1</td><td >(L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.2</td><td >(L1) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.2.3</td><td >(L1) Ensure 'Act as part of the operating system' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.4</td><td >(L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.5</td><td >(L1) Ensure 'Allow log on locally' is set to 'Administrators, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.6</td><td >(L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.7</td><td >(L1) Ensure 'Back up files and directories' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.8</td><td >(L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.9</td><td >(L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.10</td><td >(L1) Ensure 'Create a pagefile' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.11</td><td >(L1) Ensure 'Create a token object' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.12</td><td >(L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.13</td><td >(L1) Ensure 'Create permanent shared objects' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.14 A</td><td >(L1) Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' [Hyper-V-Feature installed]</td><td >The user 'SeCreateSymbolicLinkPrivilege' setting does not contain the following users: NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.2.14 B</td><td >(L1) Configure 'Create symbolic links' (when Hyper-V feature is NOT installed)</td><td >Hyper-V installed. Please refer to the corresponding benchmark when Hyper-V is installed.</td><td ><span class="auditstatus ">None</span></td></tr><tr ><td >2.2.15</td><td >(L1) Ensure 'Debug programs' is set to 'Administrators'</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.2.16</td><td >(L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.17</td><td >(L1) Ensure 'Deny log on as a batch job' to include 'Guests'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.18</td><td >(L1) Ensure 'Deny log on as a service' to include 'Guests'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.19</td><td >(L1) Ensure 'Deny log on locally' to include 'Guests'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.20</td><td >(L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.21</td><td >(L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.22</td><td >(L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.23</td><td >(L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' [ADFS-ROLE NOT installed]</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.24</td><td >(L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' [IIS Role NOT installed]</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.25</td><td >(L1) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.26</td><td >(L1) Ensure 'Load and unload device drivers' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.27</td><td >(L1) Ensure 'Lock pages in memory' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.28</td><td >(L2) Ensure 'Log on as a batch job' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.29</td><td >(L2) Configure 'Log on as a service' [Hyper-V-Feature NOT installed]</td><td >The user right 'SeServiceLogonRight' contains following unexpected users: DESKTOP-UTMU75K\SQLServer2005SQLBrowserUser$DESKTOP-UTMU75K, NT SERVICE\ALL SERVICES, NT SERVICE\SQLTELEMETRY, NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER, NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >2.2.30</td><td >(L1) Ensure 'Manage auditing and security log' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.31</td><td >(L1) Ensure 'Modify an object label' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.32</td><td >(L1) Ensure 'Modify firmware environment values' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.33</td><td >(L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.34</td><td >(L1) Ensure 'Profile single process' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.35</td><td >(L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.36</td><td >(L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.37</td><td >(L1) Ensure 'Restore files and directories' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.38</td><td >(L1) Ensure 'Shut down the system' is set to 'Administrators, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2.2.39</td><td >(L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="CIS-BenchmarksAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1.1.1</td><td >(L1) Ensure 'Enforce password history' is set to '24 or more password(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.1.2</td><td >(L1) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.1.3</td><td >(L1) Ensure 'Minimum password age' is set to '1 or more day(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.1.4</td><td >(L1) Ensure 'Minimum password length' is set to '14 or more character(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.1.5</td><td >(L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.1.7</td><td >(L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.2.1</td><td >(L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.2.2</td><td >(L1) Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1.2.3</td><td >(L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="CIS-BenchmarksAdvanced-Audit-Policy-Configuration"><span class="passed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >17.1.1</td><td >(L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.2.1</td><td >(L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.2.2</td><td >(L1) Ensure 'Audit Security Group Management' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.2.3</td><td >(L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.3.1</td><td >(L1) Ensure 'Audit PNP Activity' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.3.2</td><td >(L1) Ensure 'Audit Process Creation' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.1</td><td >(L1) Ensure 'Audit Account Lockout' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.2</td><td >(L1) Ensure 'Audit Group Membership' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.3</td><td >(L1) Ensure 'Audit Logoff' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.4</td><td >(L1) Ensure 'Audit Logon' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.5</td><td >(L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.5.6</td><td >(L1) Ensure 'Audit Special Logon' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.6.1</td><td >(L1) Ensure 'Audit Detailed File Share' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.6.2</td><td >(L1) Ensure 'Audit File Share' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.6.3</td><td >(L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.6.4</td><td >(L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.7.1</td><td >(L1) Ensure 'Audit Audit Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.7.2</td><td >(L1) Ensure 'Audit Authentication Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.7.3</td><td >(L1) Ensure 'Audit Authorization Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.7.4</td><td >(L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.7.5</td><td >(L1) Ensure 'Audit Other Policy Change Events' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.8.1</td><td >(L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.9.1</td><td >(L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.9.2</td><td >(L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.9.3</td><td >(L1) Ensure 'Audit Security State Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.9.4</td><td >(L1) Ensure 'Audit Security System Extension' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17.9.5</td><td >(L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="DISA-Recommendations"><span class="failed">DISA Recommendations</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the DISA STIG results.</p><section ><h1 id="DISA-RecommendationsRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-CC-000310</td><td >Users must be prevented from changing installation options.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000315</td><td >The Windows Installer Always install with elevated privileges must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000320</td><td >Users must be notified if a web-based program attempts to install software.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000325</td><td >Automatically signing in the last interactive user after a system-initiated restart must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000330</td><td >The Windows Remote Management (WinRM) client must not use Basic authentication.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000335</td><td >The Windows Remote Management (WinRM) client must not allow unencrypted traffic.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000340</td><td >The Windows Remote Management (WinRM) client must not use Digest authentication.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000345</td><td >The Windows Remote Management (WinRM) service must not use Basic authentication.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000350</td><td >The Windows Remote Management (WinRM) service must not allow unencrypted traffic.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000355</td><td >The Windows Remote Management (WinRM) service must not store RunAs credentials.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AU-000500</td><td >The Application event log size must be configured to 32768 KB or greater.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AU-000505</td><td >The Security event log size must be configured to 1024000 KB or greater.</td><td >Registry value is '196608'. Expected: 1024000</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-AU-000510</td><td >The System event log size must be configured to 32768 KB or greater.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000005</td><td >Camera access from the lock screen must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000010</td><td >The display of slide shows on the lock screen must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000020</td><td >IPv6 source routing must be configured to highest protection.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000025</td><td >The system must be configured to prevent IP source routing.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000030</td><td >The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF) generated routes.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000035</td><td >The system must be configured to ignore NetBIOS name release requests except from WINS servers.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000040</td><td >Insecure logons to an SMB server must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000055</td><td >Simultaneous connections to the Internet or a Windows domain must be limited.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-CC-000060</td><td >Connections to non-domain networks when connected to a domain authenticated network must be blocked.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000065</td><td >Wi-Fi Sense must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000037</td><td >Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000085</td><td >Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad.</td><td >Registry value is '3'. Expected: 8</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-CC-000090</td><td >Group Policy objects must be reprocessed even if they have not changed.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000100</td><td >Downloading print driver packages over HTTP must be prevented.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000015</td><td >Local accounts with blank passwords must be restricted to prevent access from the network.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000105</td><td >Web publishing and online ordering wizards must be prevented from downloading a list of providers.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000110</td><td >Printing over HTTP must be prevented.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000115</td><td >Systems must at least attempt device authentication using certificates.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000120</td><td >The network selection user interface (UI) must not be displayed on the logon screen.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000130</td><td >Local users on domain-joined computers must not be enumerated.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000030</td><td >Audit policy using subcategories must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000035</td><td >Outgoing secure channel traffic must be encrypted or signed.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000040</td><td >Outgoing secure channel traffic must be encrypted when possible.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000145</td><td >Users must be prompted for a password on resume from sleep (on battery).</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000045</td><td >Outgoing secure channel traffic must be signed when possible.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000150</td><td >The user must be prompted for a password on resume from sleep (plugged in).</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000155</td><td >Solicited Remote Assistance must not be allowed.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000050</td><td >The computer account password must not be prevented from being reset.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000165</td><td >Unauthenticated RPC clients must be restricted from connecting to the RPC server.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000170</td><td >The setting to allow Microsoft accounts to be optional for modern style apps must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000175</td><td >The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-SO-000060</td><td >The system must be configured to require a strong session key.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000180</td><td >Autoplay must be turned off for non-volume devices.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000070</td><td >The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000185</td><td >The default autorun behavior must be configured to prevent autorun commands.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000190</td><td >Autoplay must be disabled for all drives.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000195</td><td >Enhanced anti-spoofing for facial recognition must be enabled on Window 10.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000200</td><td >Administrator accounts must not be enumerated during elevation.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000215</td><td >Explorer Data Execution Prevention must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000220</td><td >Turning off File Explorer heap termination on corruption must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000225</td><td >File Explorer shell protocol must run in protected mode.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000095</td><td >The Smart Card removal option must be configured to Force Logoff or Lock Workstation.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000230</td><td >Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious websites in Microsoft Edge.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000235</td><td >Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified files in Microsoft Edge.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000100</td><td >The Windows SMB client must be configured to always perform SMB packet signing.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000240</td><td >InPrivate browsing in Microsoft Edge must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000105</td><td >The Windows SMB client must be enabled to perform SMB packet signing when possible.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000110</td><td >Unencrypted passwords must not be sent to third-party SMB Servers.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000250</td><td >The Windows Defender SmartScreen filter for Microsoft Edge must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000255</td><td >The use of a hardware security device with Windows Hello for Business must be enabled.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-SO-000120</td><td >The Windows SMB server must be configured to always perform SMB packet signing.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000260</td><td >Windows 10 must be configured to require a minimum pin length of six characters or greater.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-SO-000125</td><td >The Windows SMB server must perform SMB packet signing when possible.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000270</td><td >Passwords must not be saved in the Remote Desktop Client.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000275</td><td >Local drives must be prevented from sharing with Remote Desktop Session Hosts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000280</td><td >Remote Desktop Services must always prompt a client for passwords upon connection.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000285</td><td >The Remote Desktop Session Host must require secure RPC communications.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000290</td><td >Remote Desktop Services must be configured with the client connection encryption set to the required level.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000295</td><td >Attachments must be prevented from being downloaded from RSS feeds.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000145</td><td >Anonymous enumeration of SAM accounts must not be allowed.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000300</td><td >Basic authentication for RSS feeds over HTTP must not be used.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000150</td><td >Anonymous enumeration of shares must be restricted.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000305</td><td >Indexing of encrypted files must be turned off.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000160</td><td >The system must be configured to prevent anonymous users from having the same rights as the Everyone group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000165</td><td >Anonymous access to Named Pipes and Shares must be restricted.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000175</td><td >Services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity vs. authenticating anonymously.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000180</td><td >NTLM must be prevented from falling back to a Null session.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000185</td><td >PKU2U authentication using online identities must be prevented.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000190</td><td >Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000195</td><td >The system must be configured to prevent the storage of the LAN Manager hash of passwords.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000205</td><td >The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000210</td><td >The system must be configured to the required LDAP client signing level.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000215</td><td >The system must be configured to meet the minimum session security requirement for NTLM SSP based clients.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000220</td><td >The system must be configured to meet the minimum session security requirement for NTLM SSP based servers.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000230</td><td >The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-SO-000240</td><td >The default permissions of global system objects must be increased.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000245</td><td >User Account Control approval mode for the built-in Administrator must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000250</td><td >User Account Control must, at minimum, prompt administrators for consent on the secure desktop.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000255</td><td >User Account Control must automatically deny elevation requests for standard users.</td><td >Registry value is '3'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-SO-000260</td><td >User Account Control must be configured to detect application installations and prompt for elevation.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000265</td><td >User Account Control must only elevate UIAccess applications that are installed in secure locations.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000270</td><td >User Account Control must run all administrators in Admin Approval Mode, enabling UAC.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-SO-000275</td><td >User Account Control must virtualize file and registry write failures to per-user locations.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UC-000015</td><td >Toast notifications to the lock screen must be turned off.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UC-000020</td><td >Zone information must be preserved when saving attachments.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-CC-000066</td><td >Command line data must be included in process creation events.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000326</td><td >PowerShell script block logging must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-00-000150</td><td >Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000038</td><td >WDigest Authentication must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000044</td><td >Internet connection sharing must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000197</td><td >Microsoft consumer experiences must be turned off.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000228</td><td >Windows 10 must be configured to prevent Microsoft Edge browser data from being cleared on exit.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-CC-000252</td><td >Windows 10 must be configured to disable Windows Game Recording and Broadcasting.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000068</td><td >Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-00-000165</td><td >The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UC-000005</td><td >The use of personal accounts for OneDrive synchronization must be disabled.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-CC-000238</td><td >Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-CC-000204</td><td >If Enhanced diagnostic data is enabled it must be limited to the minimum required to support Windows Analytics.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="DISA-RecommendationsUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-UR-000005</td><td >The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000010</td><td >The Access this computer from the network user right must only be assigned to the Administrators and Remote Desktop Users groups.</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000015</td><td >The Act as part of the operating system user right must not be assigned to any groups or accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000025</td><td >The Allow log on locally user right must only be assigned to the Administrators and Users groups.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000030</td><td >The Back up files and directories user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000035</td><td >The Change the system time user right must only be assigned to Administrators and Local Service.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000040</td><td >The Create a pagefile user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000045</td><td >The Create a token object user right must not be assigned to any groups or accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000050</td><td >The Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000055</td><td >The Create permanent shared objects user right must not be assigned to any groups or accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000065</td><td >The Debug programs user right must only be assigned to the Administrators group.</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000070 MW</td><td >The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: FB-PRO\Enterprise Admins, FB-PRO\Domain Admins</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000070 SW</td><td >The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td><td >Not applicable. This audit applies only to StandaloneWorkstation.</td><td ><span class="auditstatus ">None</span></td></tr><tr ><td >WN10-UR-000075 MW</td><td >The Deny log on as a batch job user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: FB-PRO\Enterprise Admins, FB-PRO\Domain Admins</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000080 MW</td><td >The Deny log on as a service user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: FB-PRO\Enterprise Admins, FB-PRO\Domain Admins</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000085 MW</td><td >The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: FB-PRO\Enterprise Admins, FB-PRO\Domain Admins</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000085 SW</td><td >The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.</td><td >Not applicable. This audit applies only to StandaloneWorkstation.</td><td ><span class="auditstatus ">None</span></td></tr><tr ><td >WN10-UR-000090 MW</td><td >The Deny log on through Remote Desktop Services user right on workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td><td >The user 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: FB-PRO\Enterprise Admins, FB-PRO\Domain Admins</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000090 SW</td><td >The Deny log on through Remote Desktop Services user right on workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td><td >Not applicable. This audit applies only to StandaloneWorkstation.</td><td ><span class="auditstatus ">None</span></td></tr><tr ><td >WN10-UR-000100</td><td >The Force shutdown from a remote system user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000105</td><td >The Generate security audits user right must only be assigned to Local Service and Network Service.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000110</td><td >The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000115</td><td >The Increase scheduling priority user right must only be assigned to the Administrators group.</td><td >The user right 'SeIncreaseBasePriorityPrivilege' contains following unexpected users: Window Manager\Window Manager Group</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-UR-000120</td><td >The Load and unload device drivers user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000125</td><td >The Lock pages in memory user right must not be assigned to any groups or accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000130</td><td >The Manage auditing and security log user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000140</td><td >The Modify firmware environment values user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000145</td><td >The Perform volume maintenance tasks user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000150</td><td >The Profile single process user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000160</td><td >The Restore files and directories user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-UR-000165</td><td >The Take ownership of files or other objects user right must only be assigned to the Administrators group.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="DISA-RecommendationsAccount-Policies"><span class="failed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-AC-000005</td><td >Windows 10 account lockout duration must be configured to 15 minutes or greater.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000010</td><td >The number of allowed bad logon attempts must be configured to 3 or less.</td><td >'LockoutBadCount' currently set to: 5. Expected: x <= 3 and x != 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-AC-000015</td><td >The period of time before the bad logon counter is reset must be configured to 15 minutes.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000020</td><td >The password history must be configured to 24 passwords remembered.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000025</td><td >The maximum password age must be configured to 60 days or less.</td><td >'MaximumPasswordAge' currently set to: 120. Expected: x <= 60</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-AC-000030</td><td >The minimum password age must be configured to at least 1 day.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000035</td><td >Passwords must, at a minimum, be 14 characters.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000040</td><td >The built-in Microsoft password complexity filter must be enabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AC-000045</td><td >Reversible password encryption must be disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="DISA-RecommendationsWindows-Features"><span class="passed">Windows Features</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-00-000100</td><td >Internet Information System (IIS) or its subcomponents must not be installed on a workstation.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-00-000110</td><td >Simple TCP/IP Services must not be installed on the system.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-00-000115</td><td >The Telnet Client must not be installed on the system.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-00-000120</td><td >The TFTP Client must not be installed on the system.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="DISA-RecommendationsFile-System-Permissions"><span class="passed">File System Permissions</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-AU-000515</td><td >Permissions for the Application event log must prevent access by non-privileged accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AU-000520</td><td >Permissions for the Security event log must prevent access by non-privileged accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-AU-000525</td><td >Permissions for the System event log must prevent access by non-privileged accounts.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="DISA-RecommendationsRegistry-Permissions"><span class="failed">Registry Permissions</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >WN10-RG-000005 A</td><td >Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >WN10-RG-000005 B</td><td >Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td><td >Unexpected 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681' with access 'ReadKey'</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >WN10-RG-000005 C</td><td >Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td><td >Unexpected 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681' with access 'ReadKey'</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section></section><section ><h1 id="CyberGovAu-Benchmarks"><span class="failed">CyberGovAu Benchmarks</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the CyberGovAu Benchmark results.</p><section ><h1 id="CyberGovAu-BenchmarksRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1909.01</td><td >Ensure 'Deploy Windows Defender Application Control' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.02.1</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.02.2</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.1</td><td >Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.2</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.3</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.4</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.5</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.6</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.7</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.8</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.9</td><td >Ensure 'Configure Attack Surface Reduction rules' is configured (Block executable files from running unless they meet a prevalence, age, or trusted list criterion).</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.03.10</td><td >Ensure 'Configure Attack Surface Reduction rules' is configured (Use advanced protection against ransomware).</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.03.11</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.12</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block process creations originating from PSExec and WMI commands)</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.03.13</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.14</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.15</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.03.16</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block persistence through WMI event subscription)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.04</td><td >Ensure 'WDigest Authentication' is set to 'Disabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.05.1</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.05.2</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.05.3</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.06.1</td><td >Ensure 'Configure allowed applications' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.06.2</td><td >Ensure 'Configure allowed applications' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.07.1</td><td >Ensure 'Configure Controlled folder access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.07.2</td><td >Ensure 'Configure Controlled folder access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.08.1</td><td >Ensure 'Configure protected folders' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.08.2</td><td >Ensure 'Configure protected folders' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.09</td><td >Ensure 'Do not display network selection UI' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.10</td><td >Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.11</td><td >Ensure 'Do not display the password reveal button' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.12</td><td >Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.13</td><td >Ensure 'Require trusted path for credential entry' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.14</td><td >Ensure 'Prevent the use of security questions for local accounts' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.15</td><td >Ensure 'Disable or enable software Secure Attention Sequence' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.16</td><td >Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.17</td><td >Ensure 'Require Ctrl-Alt-Del' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.18.1</td><td >Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled'</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.19.1</td><td >Ensure 'Use a common set of exploit protection settings' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.20</td><td >Ensure 'Prevent users from modifying settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.21</td><td >Ensure 'Turn off Data Execution Prevention' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.22</td><td >Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.23</td><td >Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.24</td><td >Ensure 'Allow Adobe Flash' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.25</td><td >Ensure 'Allow Developer Tools' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.27</td><td >Ensure 'Configure Password Manager' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.28</td><td >Ensure 'Configure Pop-up Blocker' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.30</td><td >Ensure 'Prevent access to the about:flags page in Microsoft Edge' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.31</td><td >Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for files' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.34</td><td >Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.36</td><td >Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.37</td><td >Ensure 'Allow Automatic Updates immediate installation' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.38.1</td><td >Ensure 'Configure Automatic Updates' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.38.2</td><td >Ensure 'Configure Automatic Updates' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.38.3</td><td >Ensure 'Configure Automatic Updates' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.38.4</td><td >Ensure 'Configure Automatic Updates' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.39</td><td >Ensure 'Do not include drivers with Windows Updates' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.40</td><td >Ensure 'Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.41</td><td >Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.42</td><td >Ensure 'Remove access to use all Windows Update features' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.43</td><td >Ensure 'Turn on recommended updates via Automatic Updates' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.44.1</td><td >Ensure 'Specify intranet Microsoft update service location' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.44.2</td><td >Ensure 'Specify intranet Microsoft update service location' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.45</td><td >Ensure 'Turn off picture password sign-in' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.46</td><td >Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.47</td><td >Ensure 'Maximum configurable password age' is set to '365 days'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.48</td><td >Ensure 'Minimum password length' is set to '14 characters'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.49</td><td >Ensure 'Password must meet complexity requirements' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.50</td><td >Ensure 'Standard User Lockout Duration' is set to '0'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.51</td><td >Ensure 'Standard User Individual Lockout Threshold' is set to '5'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.52</td><td >Ensure 'Enable insecure guest logons' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.53</td><td >Ensure 'Turn off Microsoft Defender Antivirus' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.54</td><td >Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.55</td><td >Ensure 'Configure the 'Block at First Sight' feature' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.56.2</td><td >Ensure 'Join Microsoft MAPS' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.57</td><td >Ensure 'Send file samples when further analysis is required' is set to 'Enabled'</td><td >Registry value is '2'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.58</td><td >Ensure 'Configure extended cloud check' is set to 'Enabled' and set to '50'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.59</td><td >Ensure 'Select cloud protection level' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.60</td><td >Ensure 'Configure removal of items from Quarantine folder' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.61</td><td >Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.63</td><td >Ensure 'Turn on behavior monitoring' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.64</td><td >Ensure 'Turn on process scanning whenever real-time protection is enabled' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.65</td><td >Ensure 'Allow users to pause scan' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.66</td><td >Ensure 'Check for the latest virus and spyware definitions before running a scheduled scan' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.67</td><td >Ensure 'Scan archive files' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.68</td><td >Ensure 'Scan packed executables' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.69</td><td >Ensure 'Scan removable drives' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.70</td><td >Ensure 'Turn on e-mail scanning' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.71</td><td >Ensure 'Turn on heuristics' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.72</td><td >Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.73</td><td >Ensure 'Hide mechanisms to remove zone information' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.74</td><td >Ensure 'Include command line in process creation events' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.75</td><td >Ensure 'Specify the maximum log file size (KB)' is set to '65536'</td><td >Registry value is '32768'. Expected: 65536</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.76</td><td >Ensure 'Specify the maximum log file size (KB)' is set to '2097152'</td><td >Registry value is '196608'. Expected: 2097152</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.77</td><td >Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.78</td><td >Ensure 'Set the default behavior for AutoRun' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.79</td><td >Ensure 'Turn off Autoplay' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.80</td><td >Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.81</td><td >Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.82</td><td >Ensure 'Route all traffic through the internal network' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.83</td><td >Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.84</td><td >Ensure 'Remove CD Burning features' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.85</td><td >Ensure 'Prevent access to the command prompt' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.86.1</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.86.2</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.86.3</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.86.4</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.87.1</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.87.2</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.87.3</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.88</td><td >Ensure 'All Removable Storage classes: Deny all access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.89</td><td >Ensure 'CD and DVD: Deny execute access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.90</td><td >Ensure 'CD and DVD: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.91</td><td >Ensure 'Custom Classes: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.92</td><td >Ensure 'Custom Classes: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.93</td><td >Ensure 'Floppy Drives: Deny execute access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.94</td><td >Ensure 'Floppy Drives: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.95</td><td >Ensure 'Floppy Drives: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.96</td><td >Ensure 'Removable Disks: Deny execute access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.97</td><td >Ensure 'Removable Disks: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.98</td><td >Ensure 'Removable Disks: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.99</td><td >Ensure 'Tape Drives: Deny execute access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.100</td><td >Ensure 'Tape Drives: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.101</td><td >Ensure 'Tape Drives: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.102</td><td >Ensure 'WPD Devices: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.103</td><td >Ensure 'WPD Devices: Deny write access' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.104</td><td >Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.105</td><td >Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.106.1</td><td >Ensure 'Hardened UNC Paths' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.106.2</td><td >Ensure 'Hardened UNC Paths' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.107</td><td >Ensure 'Configure registry policy processing' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.108</td><td >Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.109</td><td >Ensure 'Turn off Local Group Policy Objects processing' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.110.1</td><td >Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.110.2</td><td >Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.110.3</td><td >Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.111</td><td >Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.112.1</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.112.2</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.112.3</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.112.4</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.112.5</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.112.6</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.113.1</td><td >Ensure 'Configure use of passwords for fixed data drives' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.113.2</td><td >Ensure 'Configure use of passwords for fixed data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.113.3</td><td >Ensure 'Configure use of passwords for fixed data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.113.4</td><td >Ensure 'Configure use of passwords for fixed data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.114</td><td >Ensure 'Deny write access to fixed drives not protected by BitLocker' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.115</td><td >Ensure 'Enforce drive encryption type on fixed data drives' is set to 'Enabled' and 'Full encryption'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.116</td><td >Ensure 'Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.117</td><td >Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.118</td><td >Ensure 'Allow network unlock at startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.119</td><td >Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.120.1</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.120.2</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.120.3</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.120.4</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.120.5</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.120.6</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.121</td><td >Ensure 'Configure minimum PIN length for startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.122.1</td><td >Ensure 'Configure use of passwords for operating system drives' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.122.2</td><td >Ensure 'Configure use of passwords for operating system drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.122.3</td><td >Ensure 'Configure use of passwords for operating system drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.123</td><td >Ensure 'Disallow standard users from changing the PIN or password' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.124</td><td >Ensure 'Enforce drive encryption type on operating system drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.125.1</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.125.2</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.125.3</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.125.4</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.125.5</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.125.6</td><td >Ensure 'Require additional authentication at startup' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.126</td><td >Ensure 'Reset platform validation data after BitLocker recovery' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.127.1</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.127.2</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.127.3</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.127.4</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.127.5</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.127.6</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.127.7</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.127.8</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.128.1</td><td >Ensure 'Configure use of passwords for removable data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.128.2</td><td >Ensure 'Configure use of passwords for removable data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.128.3</td><td >Ensure 'Configure use of passwords for removable data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.128.4</td><td >Ensure 'Configure use of passwords for removable data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.129.1</td><td >Ensure 'Control use of BitLocker on removable drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.129.2</td><td >Ensure 'Control use of BitLocker on removable drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.130</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.131</td><td >Ensure 'Enforce drive encryption type on removable data drives' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.132.1</td><td >Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.132.2</td><td >Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.133</td><td >Ensure 'Allow user control over installs' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.135</td><td >Ensure 'Always install with elevated privileges' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.136</td><td >Ensure 'Do not process the legacy run list' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.137</td><td >Ensure 'Do not process the run once list' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.138</td><td >Ensure 'Run these programs at user logon' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.139</td><td >Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.140</td><td >Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.141</td><td >Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.142</td><td >Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.143</td><td >Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.144</td><td >Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.145</td><td >Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.145</td><td >Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.146</td><td >Ensure 'Require a Password When a Computer Wakes (On Battery)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.147</td><td >Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.148</td><td >Ensure 'Specify the system hibernate timeout (on battery)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.149</td><td >Ensure 'Specify the system hibernate timeout (plugged in)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.150</td><td >Ensure 'Specify the system sleep timeout (on battery)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.151</td><td >Ensure 'Specify the system sleep timeout (plugged in)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.152</td><td >Ensure 'Specify the unattended sleep timeout (plugged in)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.153</td><td >Ensure 'Specify the unattended sleep timeout (plugged in)' is set to 'Enabled' and '0 seconds'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.154</td><td >Ensure 'Turn off hybrid sleep (on battery)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.155</td><td >Ensure 'Turn off hybrid sleep (plugged in)' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.156</td><td >Ensure 'Show hibernate in the power options menu' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.157</td><td >Ensure 'Show sleep in the power options menu' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.158</td><td >Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.159.1</td><td >Ensure 'Turn on Script Execution' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.159.2</td><td >Ensure 'Turn on Script Execution' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.160</td><td >Ensure 'Prevent access to registry editing tools' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.161</td><td >Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.162</td><td >Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.163</td><td >Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.164</td><td >Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.165</td><td >Ensure 'Configure server authentication for client' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.166</td><td >Ensure 'Do not allow passwords to be saved' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.168</td><td >Ensure 'Deny logoff of an administrator logged in to the console session' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.169</td><td >Ensure 'Do not allow Clipboard redirection' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.170</td><td >Ensure 'Do not allow drive redirection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.171</td><td >Ensure 'Always prompt for password upon connection' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.172</td><td >Ensure 'Do not allow local administrators to customize permissions' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.173</td><td >Ensure 'Require secure RPC communication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.174</td><td >Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.175</td><td >Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.176</td><td >Ensure 'Set client connection encryption level' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.177</td><td >Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.178</td><td >Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.179</td><td >Ensure 'Turn off Inventory Collector' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.180</td><td >Ensure 'Turn off Steps Recorder' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.181</td><td >Ensure 'Allow Telemetry' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.182.1</td><td >Ensure 'Configure Corporate Windows Error Reporting' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.182.2</td><td >Ensure 'Configure Corporate Windows Error Reporting' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.182.3</td><td >Ensure 'Configure Corporate Windows Error Reporting' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.183</td><td >Ensure 'Turn off multicast name resolution' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.184</td><td >Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.185</td><td >Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.186</td><td >Ensure 'Turn off heap termination on corruption' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.187</td><td >Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.188</td><td >Ensure 'Prevent downloading of enclosures' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.189</td><td >Ensure 'Allow indexing of encrypted files' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.190</td><td >Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.191</td><td >Ensure 'Configure SMB v1 client driver' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.192</td><td >Ensure 'Configure SMB v1 server' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.193</td><td >Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.194</td><td >Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.195</td><td >Ensure 'Allow users to select when a password is required when resuming from connected standby' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.196</td><td >Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.197</td><td >Ensure 'Show lock in the user tile menu' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.198</td><td >Ensure 'Allow Windows Ink Workspace' is set to 'Enabled'</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.199</td><td >Ensure 'Enable screen saver' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.199</td><td >Ensure 'Password protect the screen saver' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.200</td><td >Ensure 'Screen saver timeout' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.201</td><td >Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.202</td><td >Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.203</td><td >Ensure 'Do not allow Sound Recorder to run' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.204</td><td >Ensure 'Allow Basic authentication' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.205</td><td >Ensure 'Disallow Digest authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.206</td><td >Ensure 'Allow Basic authentication' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.207</td><td >Ensure 'Allow unencrypted traffic' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.208</td><td >Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.209</td><td >Ensure 'Allow Remote Shell Access' is set to 'Disabled'</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.210</td><td >Ensure 'Allow Cortana' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.211</td><td >Ensure 'Don't search the web or display web results in Search' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.212</td><td >Ensure 'Windows To Go Default Startup Options' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.213</td><td >Ensure 'Remove Security tab' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.214</td><td >Ensure 'Turn off location scripting' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.215</td><td >Ensure 'Turn off location' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.216</td><td >Ensure 'Turn off Windows Location Provider' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.217</td><td >Ensure 'Turn off access to the Store' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.218</td><td >Ensure 'Turn off the Store application' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.219</td><td >Ensure 'Determine if interactive users can generate Resultant Set of Policy data' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.220</td><td >Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.222</td><td >Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.223</td><td >Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.224</td><td >(L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.225</td><td >(L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'</td><td >Registry value is '3'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.226</td><td >(L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.227</td><td >Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.228</td><td >Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.229</td><td >Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.230</td><td >Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.231</td><td >Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.233</td><td >Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.234</td><td >Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.235</td><td >Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.236</td><td >Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.237</td><td >Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.238</td><td >Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.239</td><td >Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.240</td><td >Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.243</td><td >Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 65536 or less'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.260</td><td >Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.262</td><td >Ensure 'CD and DVD: Deny read access' is set to 'Disabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.263</td><td >Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.264</td><td >Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.265</td><td >Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.266</td><td >Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.267</td><td >Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM&NTLM'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.268</td><td >Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.269</td><td >Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.270</td><td >Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.275</td><td >Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.276</td><td >Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.277</td><td >Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.278</td><td >Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.279</td><td >Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.280</td><td >Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.281</td><td >Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.282</td><td >Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.283</td><td >Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.284</td><td >Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.285</td><td >Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.288</td><td >Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.289</td><td >Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.290</td><td >Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.291</td><td >Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.292</td><td >Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.293</td><td >Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.296</td><td >Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.314</td><td >Ensure 'Allow download restrictions' is set to 'Enabled'</td><td >Registry value is '1'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.315</td><td >Ensure 'Configure Do Not Track' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.316</td><td >Ensure 'Control the mode of DNS-over-HTTPS' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.317</td><td >Ensure 'Control where Developer Tools can be used' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.318</td><td >Ensure 'DNS interception checks enabled' is set to 'Disabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.319</td><td >Ensure 'Default pop-up window setting' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.320</td><td >Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.321</td><td >Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.322</td><td >Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.323</td><td >Ensure 'Use the Enterprise Mode IE website list' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.324</td><td >Ensure 'Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.' is set to 'Enabled'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="CyberGovAu-BenchmarksUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1909.241</td><td >Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.242</td><td >Ensure 'Deny access to this computer from the network' to include 'Guests, Local account'</td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.244</td><td >Ensure 'Manage auditing and security log' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.271</td><td >Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.273</td><td >(L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Remote Desktop Users'</td><td >The user right 'SeRemoteInteractiveLogonRight' contains following unexpected users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.274</td><td >Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.294</td><td >Ensure 'Back up files and directories' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.295</td><td >Ensure 'Restore files and directories' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.297</td><td >Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.298</td><td >Ensure 'Act as part of the operating system' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.299</td><td >Ensure 'Allow log on locally' is set to 'Administrators, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.300</td><td >Ensure 'Create a pagefile' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.301</td><td >Ensure 'Create a token object' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.302</td><td >Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.303</td><td >Ensure 'Create permanent shared objects' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.304</td><td >Ensure 'Debug programs' is set to 'Administrators'</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.305</td><td >Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.306</td><td >Ensure 'Force shutdown from a remote system' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.307</td><td >Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.308</td><td >Ensure 'Load and unload device drivers' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.309</td><td >Ensure 'Lock pages in memory' is set to 'No One'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.310</td><td >Ensure 'Modify firmware environment values' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.311</td><td >Ensure 'Perform volume maintenance tasks' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.312</td><td >Ensure 'Profile single process' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.313</td><td >Ensure 'Take ownership of files or other objects' is set to 'Administrators'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="CyberGovAu-BenchmarksAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1909.232</td><td >Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="CyberGovAu-BenchmarksAdvanced-Audit-Policy-Configuration"><span class="failed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1909.245</td><td >Ensure 'Audit Computer Account Management' is set to 'Success and Failure'</td><td >Set to: No Auditing</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.246</td><td >Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</td><td >Set to: No Auditing</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.247</td><td >Ensure 'Audit Security Group Management' is set to 'Success and Failure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.248</td><td >Ensure 'Audit User Account Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.249</td><td >Ensure 'Audit Process Creation' is set to 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.250</td><td >Ensure 'Audit Account Lockout' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.251</td><td >Ensure 'Audit Group Membership' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.252</td><td >Ensure 'Audit Logoff' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.253</td><td >Ensure 'Audit Logon' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.254</td><td >Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.255</td><td >Ensure 'Audit Special Logon' is set to include 'Success and Failure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >1909.256</td><td >Ensure 'Audit File Share' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.257</td><td >Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.258</td><td >Ensure 'Audit Audit Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >1909.259</td><td >Ensure 'Audit Other Policy Change Events' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="Microsoft-Benchmarks"><span class="failed">Microsoft Benchmarks</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the Microsoft Benchmark results.</p><section ><h1 id="Microsoft-BenchmarksRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >Registry-001</td><td >Set registry value 'PUAProtection' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-002</td><td >Set registry value 'MpCloudBlockLevel' to 2.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-003</td><td >Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-004</td><td >Ensure 'Turn off real-time protection' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-005</td><td >Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-006</td><td >Ensure 'Send file samples when further analysis is required' is set to 'Send safe samples'.</td><td >Registry value is '2'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-007</td><td >Ensure 'Join Microsoft MAPS' is set to 'Advanced MAPS'.</td><td >Registry value is '0'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-008</td><td >Ensure 'Configure the 'Block at First Sight' feature' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-009</td><td >Set registry value 'ExploitGuard_ASR_Rules' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-010</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-011</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-012</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-013</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-014</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-015</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-016</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-017</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-018</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-019</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-020</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-021</td><td >Ensure 'Configure Attack Surface Reduction rules' is configured (Use advanced protection against ransomware)</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-022</td><td >Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block persistence through WMI event subscription)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-023</td><td >Set registry value 'EnableNetworkProtection' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-024</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-025</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Secure Boot'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-026</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled with UEFI lock'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-027</td><td >Set registry value 'HVCIMATRequired' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-028</td><td >Ensure 'Turn On Virtualization Based Security' is set to 'Enabled with UEFI lock'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-029</td><td >Set registry value 'ConfigureSystemGuardLaunch' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-031</td><td >Set registry value 'UseEnhancedPin' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-032</td><td >Set registry value 'RDVDenyCrossOrg' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-033</td><td >Set registry value 'DisableExternalDMAUnderLock' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-034</td><td >Set registry value 'DCSettingIndex' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-035</td><td >Set registry value 'ACSettingIndex' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-036</td><td >Set registry value 'DenyDeviceClasses' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-037</td><td >Set registry value 'DenyDeviceClassesRetroactive' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-038</td><td >Set registry value '1' to {d48179be-ec20-11d1-b6b8-00c04fa372a7}.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-039</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-040</td><td >Set registry value 'AutoConnectAllowedOEM' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-041</td><td >Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-042</td><td >Ensure 'Turn off Autoplay' is set to 'All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-043</td><td >Set registry value 'NoWebServices' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-044</td><td >Ensure 'Set the default behavior for AutoRun' is set to 'Do not execute any autorun commands'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-045</td><td >Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-046</td><td >Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-047</td><td >Set registry value 'LocalAccountTokenFilterPolicy' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-048</td><td >Set registry value 'AllowEncryptionOracle' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-049</td><td >Set registry value 'EnhancedAntiSpoofing' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-050</td><td >Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-051</td><td >Set registry value 'PreventCertErrorOverrides' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-052</td><td >Set registry value 'FormSuggest Passwords' to no.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-053</td><td >Set registry value 'EnabledV9' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-054</td><td >Set registry value 'PreventOverride' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-055</td><td >Set registry value 'PreventOverrideAppRepUnknown' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-056</td><td >Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-057</td><td >Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-058</td><td >Set registry value 'LetAppsActivateWithVoiceAboveLock' to 2.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-059</td><td >Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-060</td><td >Set registry value 'AllowProtectedCreds' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-061</td><td >Ensure 'Specify the maximum log file size (KB)' is set to '32768'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-062</td><td >Ensure 'Specify the maximum log file size (KB)' is set to '196608'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-063</td><td >Ensure 'Specify the maximum log file size (KB)' is set to '32768'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-064</td><td >Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-065</td><td >Set registry value 'AllowGameDVR' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-066</td><td >Ensure 'Configure registry policy processing' is set to '0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-067</td><td >Ensure 'Configure registry policy processing' is set to '0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-068</td><td >Set registry value 'AlwaysInstallElevated' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-069</td><td >Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-070</td><td >Set registry value 'DeviceEnumerationPolicy' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-071</td><td >Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-072</td><td >Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-073</td><td >Set registry value '\\*\SYSVOL' to RequireMutualAuthentication=1, RequireIntegrity=1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-074</td><td >Set registry value '\\*\NETLOGON' to RequireMutualAuthentication=1, RequireIntegrity=1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-075</td><td >Set registry value 'NoLockScreenCamera' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-076</td><td >Set registry value 'NoLockScreenSlideshow' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-077</td><td >Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled'. (EnableScriptBlockLogging)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-078</td><td >Ensure 'Turn on PowerShell Script Block Logging' is not set. (EnableScriptBlockInvocationLogging)</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-079</td><td >Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-080</td><td >Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-081</td><td >Ensure 'Configure Windows SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-082</td><td >Set registry value 'ShellSmartScreenLevel' to Block.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-083</td><td >Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-084</td><td >Set registry value 'AllowIndexingEncryptedStoresOrItems' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-085</td><td >Ensure 'Disallow Digest authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-086</td><td >Ensure 'Allow unencrypted traffic' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-087</td><td >Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-088</td><td >Ensure 'Allow unencrypted traffic' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-089</td><td >Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-090</td><td >Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-091</td><td >Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-092</td><td >Set registry value 'DisableWebPnPDownload' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-093</td><td >Ensure 'Restrict Unauthenticated RPC clients' is set to 'Authenticated'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-094</td><td >Solicited Remote Assistance - Set method for sending email invitations to 'Simple MAPI'</td><td >Compliant. Registry value not found.</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-095</td><td >Configure Solicited Remote Assistance to disabled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-096</td><td >Configure Solicited Remote Assistance - Allow helpers to only view the computer.</td><td >Compliant. Registry value not found.</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-097</td><td >Set registry value 'MaxTicketExpiry' to .</td><td >Compliant. Registry value not found.</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-098</td><td >Set registry value 'MaxTicketExpiryUnits' to .</td><td >Compliant. Registry value not found.</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-099</td><td >Set registry value 'MinEncryptionLevel' to 3.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-100</td><td >Set registry value 'fPromptForPassword' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-101</td><td >Set registry value 'fDisableCdm' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-102</td><td >Set registry value 'DisablePasswordSaving' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-103</td><td >Set registry value 'fEncryptRPCTraffic' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-104</td><td >Set registry value 'PolicyVersion' to 538.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-105</td><td >Domain: Set registry value 'DefaultOutboundAction' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-106</td><td >Domain: Set registry value 'DisableNotifications' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-107</td><td >Domain: Set registry value 'EnableFirewall' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-108</td><td >Domain: Set registry value 'DefaultInboundAction' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-109</td><td >Domain: Set registry value 'LogDroppedPackets' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-110</td><td >Domain: Set registry value 'LogFileSize' to 16384.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-111</td><td >Domain: Set registry value 'LogSuccessfulConnections' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-112</td><td >Private: Set registry value 'EnableFirewall' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-113</td><td >Private: Set registry value 'DisableNotifications' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-114</td><td >Private: Set registry value 'DefaultInboundAction' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-115</td><td >Private: Set registry value 'DefaultOutboundAction' to 0.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-116</td><td >Private: Set registry value 'LogSuccessfulConnections' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-117</td><td >Private: Set registry value 'LogDroppedPackets' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-118</td><td >Private: Set registry value 'LogFileSize' to 16384.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-119</td><td >Public: Set registry value 'DefaultOutboundAction' to 0.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-120</td><td >Public: Set registry value 'EnableFirewall' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-121</td><td >Public: Set registry value 'DisableNotifications' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-122</td><td >Public: Set registry value 'AllowLocalIPsecPolicyMerge' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-123</td><td >Public: Set registry value 'AllowLocalPolicyMerge' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-124</td><td >Public: Set registry value 'DefaultInboundAction' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-125</td><td >Public: Set registry value 'LogFileSize' to 16384.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-126</td><td >Public: Set registry value 'LogDroppedPackets' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-127</td><td >Public: Set registry value 'LogSuccessfulConnections' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-128</td><td >Ensure 'Allow Windows Ink Workspace' is set to 'On, but disallow access above lock'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-129</td><td >Set registry value 'AdmPwdEnabled' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-130</td><td >Ensure 'WDigest Authentication (disabling may require KB2871997)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-131</td><td >Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-132</td><td >Set registry value 'DriverLoadPolicy' to 3.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-133</td><td >Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-134</td><td >Ensure 'Configure SMB v1 client driver' is set to 'Disable driver (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-135</td><td >Set registry value 'NoNameReleaseOnDemand' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-136</td><td >Set registry value 'NodeType' to 2.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-137</td><td >Set registry value 'EnableICMPRedirect' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-138</td><td >Set registry value 'DisableIPSourceRouting' to 2.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-139</td><td >Set registry value 'DisableIPSourceRouting' to 2.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-140</td><td >Set registry value 'ScRemoveOption' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-141</td><td >Set registry value 'InactivityTimeoutSecs' to 900.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-142</td><td >Set registry value 'NoLMHash' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-143</td><td >Set registry value 'EnablePlainTextPassword' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-144</td><td >Set registry value 'LimitBlankPasswordUse' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-145</td><td >Set registry value 'RestrictAnonymousSAM' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-146</td><td >Set registry value 'RestrictAnonymous' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-147</td><td >Set registry value 'RestrictNullSessAccess' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-148</td><td >Set registry value 'SCENoApplyLegacyAuditPolicy' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-149</td><td >Set registry value 'NTLMMinClientSec' to 537395200.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-150</td><td >Set registry value 'LmCompatibilityLevel' to 5.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-151</td><td >Set registry value 'allownullsessionfallback' to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-152</td><td >Set registry value 'NTLMMinServerSec' to 537395200.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-153</td><td >Set registry value 'requirestrongkey' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-154</td><td >Set registry value 'RequireSecuritySignature' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-155</td><td >Set registry value 'sealsecurechannel' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-156</td><td >Set registry value 'requiresignorseal' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-157</td><td >Set registry value 'signsecurechannel' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-158</td><td >Set registry value 'requiresecuritysignature' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-159</td><td >Set registry value 'ProtectionMode' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-160</td><td >Set registry value 'ConsentPromptBehaviorAdmin' to 2.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-161</td><td >Set registry value 'EnableSecureUIAPaths' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-162</td><td >Set registry value 'EnableLUA' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-163</td><td >Set registry value 'ConsentPromptBehaviorUser' to 0.</td><td >Registry value is '3'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-164</td><td >Set registry value 'EnableInstallerDetection' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-165</td><td >Set registry value 'FilterAdministratorToken' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-166</td><td >Set registry value 'EnableVirtualization' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-167</td><td >Set registry value 'LDAPClientIntegrity' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-168</td><td >Set registry value 'RestrictRemoteSAM' to O:BAG:BAD:(A;;RC;;;BA).</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-223</td><td >Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-224</td><td >Set registry value 'NoToastApplicationNotificationOnLockScreen' to 1.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-225</td><td >Set registry value 'FormSuggest Passwords' to 1.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-226</td><td >Ensure 'Turn on the auto-complete feature for user names and passwords on forms' is set to 'no'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-227</td><td >Set registry value 'FormSuggest Passwords' to no.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-228</td><td >Ensure 'Remove "Run this time" button for outdated ActiveX controls in Internet Explorer ' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-229</td><td >Ensure 'Turn off blocking of outdated ActiveX controls for Internet Explorer' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-230</td><td >Ensure 'Allow software to run or install even if the signature is invalid' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-231</td><td >Set registry value 'CheckExeSignatures' to yes.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-232</td><td >Ensure 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-233</td><td >Ensure 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-234</td><td >Set registry value 'Isolation' to PMEM.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-235</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-236</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-237</td><td >Set registry value 'explorer.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-238</td><td >Set registry value 'explorer.exe' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-239</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-240</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-241</td><td >Set registry value 'explorer.exe' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-242</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-243</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-244</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-245</td><td >Set registry value 'explorer.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-246</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-247</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-248</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-249</td><td >Set registry value 'explorer.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-250</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-251</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-252</td><td >Set registry value 'explorer.exe' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-253</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-254</td><td >Set registry value '(Reserved)' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-255</td><td >Set registry value 'explorer.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-256</td><td >Set registry value '(Reserved)' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-257</td><td >Set registry value 'explorer.exe' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-258</td><td >Set registry value 'iexplore.exe' to 1.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-259</td><td >Set registry value 'PreventOverrideAppRepUnknown' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-260</td><td >Set registry value 'PreventOverride' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-261</td><td >Ensure 'Prevent managing SmartScreen Filter' is set to 'On'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-262</td><td >Set registry value 'NoCrashDetection' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-263</td><td >Ensure 'Turn off the Security Settings Check feature' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-264</td><td >Ensure 'Prevent per-user installation of ActiveX controls' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-265</td><td >Ensure 'Specify use of ActiveX Installer Service for installation of ActiveX controls' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-266</td><td >Set registry value 'Security_zones_map_edit' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-267</td><td >Set registry value 'Security_options_edit' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-268</td><td >Set registry value 'Security_HKLM_only' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-269</td><td >Ensure 'Check for server certificate revocation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-270</td><td >Ensure 'Prevent ignoring certificate errors' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-271</td><td >Set registry value 'WarnOnBadCertRecving' to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-272</td><td >Ensure 'Allow fallback to SSL 3.0 (Internet Explorer)' is set to 'No Sites'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-273</td><td >Ensure 'Turn off encryption support' is set to 'Use TLS 1.1 and TLS 1.2'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-274</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-275</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-276</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-277</td><td >Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-278</td><td >Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-279</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-280</td><td >Ensure 'Intranet Sites: Include all network paths (UNCs)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-281</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-282</td><td >Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-283</td><td >Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-284</td><td >Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-285</td><td >Ensure 'Java permissions' is set to 'High safety'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-286</td><td >Ensure 'Java permissions' is set to 'High safety'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-287</td><td >Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-288</td><td >Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-289</td><td >Ensure 'Run .NET Framework-reliant components signed with Authenticode' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-290</td><td >Ensure 'Allow script-initiated windows without size or position constraints' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-291</td><td >Ensure 'Allow drag and drop or copy and paste files' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-292</td><td >Ensure 'Include local path when user is uploading files to a server' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-293</td><td >Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-294</td><td >Ensure 'Access data sources across domains' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-295</td><td >Ensure 'Launching applications and files in an IFRAME' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-296</td><td >Ensure 'Automatic prompting for file downloads' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-297</td><td >Ensure 'Allow scriptlets' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-298</td><td >Ensure 'Allow scripting of Internet Explorer WebBrowser controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-299</td><td >Ensure 'Use Pop-up Blocker' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-300</td><td >Ensure 'Turn on Protected Mode' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-301</td><td >Ensure 'Allow updates to status bar via script' is set to 'Disable'.</td><td >Registry value is '0'. Expected: 3</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-302</td><td >Ensure 'Userdata persistence' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-303</td><td >Ensure 'Allow loading of XAML files' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-304</td><td >Ensure 'Run .NET Framework-reliant components not signed with Authenticode' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-305</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-306</td><td >Ensure 'Download signed ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-307</td><td >Ensure 'Logon options' is set to 'Prompt for user name and password'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-308</td><td >Ensure 'Enable dragging of content from different domains within a window' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-309</td><td >Ensure 'Download unsigned ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-310</td><td >Ensure 'Allow only approved domains to use ActiveX controls without prompt' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-311</td><td >Ensure 'Allow cut, copy or paste operations from the clipboard via script' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-312</td><td >Ensure 'Turn on Cross-Site Scripting Filter' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-313</td><td >Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-314</td><td >Ensure 'Navigate windows and frames across different domains' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-315</td><td >Ensure 'Enable dragging of content from different domains across windows' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-316</td><td >Ensure 'Web sites in less privileged Web content zones can navigate into this zone' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-317</td><td >Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-318</td><td >Ensure 'Show security warning for potentially unsafe files' is set to 'Prompt'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-319</td><td >Ensure 'Allow only approved domains to use the TDC ActiveX control' is set to 'Enable'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-320</td><td >Set registry value '140C' to 3. (Zones\3)</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-321</td><td >Ensure 'Allow META REFRESH' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-322</td><td >Ensure 'Initialize and script ActiveX controls not marked as safe' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-323</td><td >Ensure 'Download signed ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-324</td><td >Ensure 'Navigate windows and frames across different domains' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-325</td><td >Ensure 'Allow only approved domains to use ActiveX controls without prompt' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-326</td><td >Ensure 'Use Pop-up Blocker' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-327</td><td >Ensure 'Download unsigned ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-328</td><td >Ensure 'Userdata persistence' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-329</td><td >Ensure 'Allow cut, copy or paste operations from the clipboard via script' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-330</td><td >Ensure 'Include local path when user is uploading files to a server' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-331</td><td >Ensure 'Access data sources across domains' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-332</td><td >Ensure 'Allow script-initiated windows without size or position constraints' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-333</td><td >Ensure 'Run .NET Framework-reliant components not signed with Authenticode' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-334</td><td >Ensure 'Automatic prompting for file downloads' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-335</td><td >Ensure 'Allow binary and script behaviors' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-336</td><td >Ensure 'Scripting of Java applets' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-337</td><td >Ensure 'Allow file downloads' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-338</td><td >Ensure 'Allow loading of XAML files' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-339</td><td >Ensure 'Allow active scripting' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-340</td><td >Ensure 'Logon options' is set to 'Anonymous logon'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-341</td><td >Ensure 'Run .NET Framework-reliant components signed with Authenticode' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-342</td><td >Ensure 'Turn on Protected Mode' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-343</td><td >Ensure 'Turn on Cross-Site Scripting Filter' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-344</td><td >Ensure 'Java permissions' is set to 'Disable Java'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-345</td><td >Ensure 'Allow scriptlets' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-346</td><td >Ensure 'Don't run antimalware programs against ActiveX controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-347</td><td >Ensure 'Allow scripting of Internet Explorer WebBrowser controls' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-348</td><td >Ensure 'Enable dragging of content from different domains within a window' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-349</td><td >Ensure 'Allow drag and drop or copy and paste files' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-350</td><td >Ensure 'Allow updates to status bar via script' is set to 'Disable'.</td><td >Registry value is '0'. Expected: 3</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-351</td><td >Ensure 'Enable dragging of content from different domains across windows' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-352</td><td >Ensure 'Script ActiveX controls marked safe for scripting' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-353</td><td >Ensure 'Web sites in less privileged Web content zones can navigate into this zone' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-354</td><td >Ensure 'Turn on SmartScreen Filter scan' is set to 'Enable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-355</td><td >Ensure 'Run ActiveX controls and plugins' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-356</td><td >Ensure 'Launching applications and files in an IFRAME' is set to 'Disable'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >Registry-357</td><td >Ensure 'Show security warning for potentially unsafe files' is set to 'Disable'.</td><td >Registry value is '1'. Expected: 3</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-358</td><td >Ensure 'Allow only approved domains to use the TDC ActiveX control' is set to 'Enable'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >Registry-359</td><td >Set registry value '140C' to 3. (Zones\4)</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="Microsoft-BenchmarksUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >UserRight-170</td><td >Ensure 'SeSecurityPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-171</td><td >Ensure 'SeRestorePrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-172</td><td >Ensure 'SeTakeOwnershipPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-173</td><td >Ensure 'SeBackupPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-174</td><td >Ensure 'SeDenyRemoteInteractiveLogonRight' is set to 'S-1-5-113'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-175</td><td >Ensure 'SeCreatePermanentPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-176</td><td >Ensure 'SeManageVolumePrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-177</td><td >Ensure 'SeLoadDriverPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-178</td><td >Ensure 'SeLockMemoryPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-179</td><td >Ensure 'SeDenyNetworkLogonRight' is set to 'S-1-5-113'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-180</td><td >Ensure 'SeNetworkLogonRight' is set to 'S-1-5-32-544, S-1-5-32-555'</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >UserRight-181</td><td >Ensure 'SeImpersonatePrivilege' is set to 'S-1-5-32-544, S-1-5-6, S-1-5-19, S-1-5-20'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-182</td><td >Ensure 'SeCreateTokenPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-183</td><td >Ensure 'SeCreateGlobalPrivilege' is set to 'S-1-5-32-544, S-1-5-6, S-1-5-19, S-1-5-20'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-184</td><td >Ensure 'SeSystemEnvironmentPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-185</td><td >Ensure 'SeCreatePagefilePrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-186</td><td >Ensure 'SeInteractiveLogonRight' is set to 'S-1-5-32-544, S-1-5-32-545'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-187</td><td >Ensure 'SeRemoteShutdownPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-188</td><td >Ensure 'SeDebugPrivilege' is set to 'S-1-5-32-544'</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >UserRight-189</td><td >Ensure 'SeTrustedCredManAccessPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-190</td><td >Ensure 'SeProfileSingleProcessPrivilege' is set to 'S-1-5-32-544'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-191</td><td >Ensure 'SeTcbPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >UserRight-192</td><td >Ensure 'SeEnableDelegationPrivilege' is set to ''</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Microsoft-BenchmarksAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >AccountPolicy-216</td><td >Ensure 'MinimumPasswordLength' is set to '14'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-217</td><td >Ensure 'PasswordComplexity' is set to '1'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-218</td><td >Ensure 'PasswordHistorySize' is set to '24'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-219</td><td >Ensure 'LockoutBadCount' is set to '10'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-220</td><td >Ensure 'ResetLockoutCount' is set to '15'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-221</td><td >Ensure 'LockoutDuration' is set to '15'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AccountPolicy-222</td><td >Ensure 'ClearTextPassword' is set to '0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Microsoft-BenchmarksAdvanced-Audit-Policy-Configuration"><span class="passed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >AuditPolicy-193</td><td >Ensure 'Credential Validation' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-194</td><td >Ensure 'Security Group Management' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-195</td><td >Ensure 'User Account Management' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-196</td><td >Ensure 'Plug and Play Events' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-197</td><td >Ensure 'Process Creation' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-198</td><td >Ensure 'Account Lockout' is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-199</td><td >Ensure 'Group Membership' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-200</td><td >Ensure 'Logon' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-201</td><td >Ensure 'Other Logon/Logoff Events' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-202</td><td >Ensure 'Special Logon' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-203</td><td >Ensure 'Detailed File Share' is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-204</td><td >Ensure 'File Share' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-205</td><td >Ensure 'Other Object Access Events' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-206</td><td >Ensure 'Removable Storage' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-207</td><td >Ensure 'Audit Policy Change' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-208</td><td >Ensure 'Authentication Policy Change' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-209</td><td >Ensure 'MPSSVC Rule-Level Policy Change' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-210</td><td >Ensure 'Other Policy Change Events' is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-211</td><td >Ensure 'Sensitive Privilege Use' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-212</td><td >Ensure 'Other System Events' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-213</td><td >Ensure 'Security State Change' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-214</td><td >Ensure 'Security System Extension' is set to 'Success'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >AuditPolicy-215</td><td >Ensure 'System Integrity' is set to 'Success' and is set to 'Failure'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-Logging"><span class="failed">BSI Benchmarks SiSyPHuS Logging</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-LoggingRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >4.1.1</td><td >Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.1.2</td><td >Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.1</td><td >Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.2</td><td >Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.3</td><td >Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >4.2.1.4</td><td >Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.1</td><td >Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.2</td><td >Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.3</td><td >Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.4</td><td >Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.1</td><td >Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.2</td><td >Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.3</td><td >Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.4</td><td >Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.1.1</td><td >Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.1.1</td><td >Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.1.2</td><td >Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.2.1</td><td >Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.2.2</td><td >Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.3.1</td><td >Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.3.2</td><td >Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.4.1</td><td >Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.4.2</td><td >Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.3.1</td><td >Ensure 'Include command line in process creation events' is set to 'Disabled'</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >4.3.4.2</td><td >Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >4.3.4.3</td><td >Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-LoggingAdvanced-Audit-Policy-Configuration"><span class="passed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >5.1.1.1</td><td >Ensure 'Audit Credential Validation' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.2</td><td >Ensure 'Audit User Account Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.3</td><td >Ensure 'Audit Account Lockout' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.4</td><td >Ensure 'Audit Group Membership' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.5</td><td >Ensure 'Audit Logoff' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.6</td><td >Ensure 'Audit Logon' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.7</td><td >Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.8</td><td >Ensure 'Audit Special Logon' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.1</td><td >Ensure 'Audit Other System Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.2</td><td >Ensure 'Audit Security State Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.3</td><td >Ensure 'Audit Security System Extension' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.4</td><td >Ensure 'Audit System Integrity' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.5</td><td >Ensure 'Audit File Share' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.6</td><td >Ensure 'Audit Detailed File Share' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.7</td><td >Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.8</td><td >Ensure 'Audit Removable Storage' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.9</td><td >Ensure 'Audit PNP Activity' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.1</td><td >Ensure 'Audit Security Group Management' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.2</td><td >Ensure 'Audit Audit Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.3</td><td >Ensure 'Audit Authentication Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.4</td><td >Ensure 'Audit Authorization Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.5</td><td >Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.6</td><td >Ensure 'Audit Other Policy Change Events' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.5.1.1</td><td >Ensure 'Audit Process Creation' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.5.1.2</td><td >Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HD"><span class="failed">BSI Benchmarks SiSyPHuS HD</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling OverwriteProtection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >11</td><td >(HD) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >13</td><td >(HD) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >15</td><td >(HD) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18</td><td >(HD) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >19</td><td >(HD) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >23</td><td >(HD) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >25</td><td >(ND) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >26</td><td >(ND) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >27</td><td >(ND) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >28</td><td >(HD) Ensure 'Enable Font Providers' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >29</td><td >(HD) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >30</td><td >(HD) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >31</td><td >(HD) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >32</td><td >(HD) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >36</td><td >(HD) Ensure 'Turn off notifications network usage' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >38</td><td >(HD) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >42</td><td >(ND) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >43</td><td >(ND) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >45</td><td >(ND) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >47</td><td >(HD) Ensure 'Turn off the advertising ID' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >48</td><td >(HD) Ensure 'Allow upload of User Activities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >49</td><td >(HD) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >51</td><td >(ND) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >58</td><td >(HD) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >62</td><td >(ND) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >63</td><td >(ND) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >64</td><td >(ND) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >65</td><td >(ND) Ensure 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >66</td><td >(HD) Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >67</td><td >(HD) Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >69</td><td >(HD) Ensure 'Turn off printing over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >70</td><td >(HD) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >71</td><td >(HD) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >72</td><td >(HD) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >73</td><td >(HD) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >75</td><td >(HD) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >76</td><td >(HD) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >77</td><td >(HD) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >78</td><td >(HD) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >79</td><td >(HD) Ensure 'Turn off access to the Store' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >80</td><td >(HD) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >82</td><td >(HD) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >83</td><td >(HD) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >91</td><td >(HD) Ensure 'Enable Windows NTP Client' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >92</td><td >(HD) Ensure 'Enable Windows NTP Server' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >93</td><td >(HD) Ensure 'Allow Online Tips' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitTextCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitInkCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >104</td><td >(HD) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >105</td><td >(ND) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >108</td><td >(HD) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >110</td><td >(HD) Ensure 'Turn off all Windows spotlight features' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >111</td><td >(HD) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >122</td><td >(HD) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >123</td><td >(HD) Ensure 'Allow Use of Camera' is set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >125</td><td >(HD) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >128</td><td >(HD) Ensure 'Turn off location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >129</td><td >(HD) Ensure 'Turn off Push To Install service' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >130</td><td >(HD) Ensure 'Do not allow COM port redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >132</td><td >(HD) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >133</td><td >(HD) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >140</td><td >(HD) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >141</td><td >(HD) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >144</td><td >(HD) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >150</td><td >(HD) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >151</td><td >(HD) Ensure 'Disable all apps from Microsoft Store' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >154</td><td >(HD) Ensure 'Only display the private store within the Microsoft Store' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >155</td><td >(HD) Ensure 'Turn off the Store application' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >156</td><td >(HD) Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '0'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >166</td><td >(HD) Ensure 'Join Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >176</td><td >(HD) Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >179</td><td >(HD) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on local_machine.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on current_user.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >182</td><td >(HD) Ensure 'Prevent Codec Download' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >184</td><td >(HD) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow only signed scripts'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >190</td><td >(HD) Ensure 'Allow Remote Shell Access' is set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >195</td><td >(HD) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >219</td><td >(ND) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >220</td><td >(ND) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >221</td><td >(ND) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >222</td><td >(ND) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >223</td><td >(ND) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >224</td><td >(ND) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >225</td><td >(HD) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >228</td><td >(HD) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >232</td><td >(ND) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >233</td><td >(ND) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >248</td><td >(ND) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >250</td><td >(HD) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Deny all'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >251</td><td >(HD) Ensure 'Network security: Restrict NTLM: Incoming NTLM traffic' is set to 'Deny all accounts'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >273</td><td >(HD) Ensure 'System settings: Optional subsystems' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >274</td><td >(HD) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >316</td><td >(HD) Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >318</td><td >(HD) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >319</td><td >(HD) Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >322</td><td >(HD) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >325</td><td >(HD) Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >327</td><td >(HD) Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >329</td><td >(HD) Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >330</td><td >(HD) Ensure 'Microsoft Store Install Service (InstallService)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >332</td><td >(HD) Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >333</td><td >(HD) Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >334</td><td >(HD) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >335</td><td >(HD) Ensure 'PNRP Machine Name Publication Service (PNRPAutoReg)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >336</td><td >(HD) Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >337</td><td >(HD) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >340</td><td >(HD) Ensure 'Server (LanmanServer)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >342</td><td >(HD) Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >344</td><td >(HD) Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >346</td><td >(HD) Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >347</td><td >(HD) Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >350</td><td >(HD) Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >352</td><td >(HD) Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >353</td><td >(HD) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >354</td><td >(HD) Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >355</td><td >(HD) Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'.</td><td >Registry value is '2'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >361</td><td >(ND) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >362</td><td >(ND) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >363</td><td >(ND) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >364</td><td >(ND) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.
</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >281</td><td >(HD) Configure 'Log on as a service'. [Hyper-V-Feature NOT installed]</td><td >The user right 'SeServiceLogonRight' contains following unexpected users: DESKTOP-UTMU75K\SQLServer2005SQLBrowserUser$DESKTOP-UTMU75K, NT SERVICE\ALL SERVICES, NT SERVICE\SQLTELEMETRY, NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER, NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >283</td><td >(HD) Ensure 'Log on as a batch job' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account (S-1-5-113)
The user right 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON (S-1-5-7), LOCAL (S-1-2-0)</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.
</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >293</td><td >(ND) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.
</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'.
</td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >206</td><td >(ND) Ensure 'Account lockout duration' is set to '15 or more minute(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >207</td><td >(ND) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >208</td><td >(ND) Ensure 'Reset account lockout counter after' is set to '15 or
more minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDSecurity-Options"><span class="passed">Security Options</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >235</td><td >(ND, NE) Configure 'Accounts: Rename administrator account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >236</td><td >(ND, NE) Ensure 'Accounts: Administrator account status' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >237</td><td >(ND, NE) Ensure 'Accounts: Guest account status' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >238</td><td >(ND, NE) Configure 'Accounts: Rename guest account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >249</td><td >(ND) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-ND"><span class="failed">BSI Benchmarks SiSyPHuS ND</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling OverwriteProtection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >6</td><td >(ND, NE) Ensure 'LSA Protection' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects tooverride OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >25</td><td >(ND) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >26</td><td >(ND) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >27</td><td >(ND) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >42</td><td >(ND) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >43</td><td >(ND) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >45</td><td >(ND) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >51</td><td >(ND) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >62</td><td >(ND) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >63</td><td >(ND) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >64</td><td >(ND) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >65</td><td >(ND) Ensure 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitTextCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitInkCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >105</td><td >(ND) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '0'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on current_user on local_machine.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on current_user.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >183</td><td >(ND, NE) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow local scripts and remote signed scripts'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >219</td><td >(ND) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >220</td><td >(ND) Ensure 'Domain member: Digitally sign secure channel data(when possible)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >221</td><td >(ND) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >222</td><td >(ND) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >223</td><td >(ND) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >224</td><td >(ND) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >232</td><td >(ND) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >233</td><td >(ND) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >248</td><td >(ND) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >361</td><td >(ND) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >362</td><td >(ND) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >363</td><td >(ND) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >364</td><td >(ND) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account (S-1-5-113)
The user right 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON (S-1-5-7), LOCAL (S-1-2-0)</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >293</td><td >(ND) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'. </td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >206</td><td >(ND) Ensure 'Account lockout duration' is set to '15 or more minute(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >207</td><td >(ND) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >208</td><td >(ND) Ensure 'Reset account lockout counter after' is set to '15 ormore minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDSecurity-Options"><span class="passed">Security Options</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >235</td><td >(ND, NE) Configure 'Accounts: Rename administrator account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >236</td><td >(ND, NE) Ensure 'Accounts: Administrator account status' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >237</td><td >(ND, NE) Ensure 'Accounts: Guest account status' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >238</td><td >(ND, NE) Configure 'Accounts: Rename guest account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >249</td><td >(ND) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NE"><span class="failed">BSI Benchmarks SiSyPHuS NE</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NERegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >6</td><td >(ND, NE) Ensure 'LSA Protection' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitTextCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled' for ImplicitInkCollection.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '0'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from injecting code into other processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on local_machine.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled' on current_user.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >183</td><td >(ND, NE) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow local scripts and remote signed scripts'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NEUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account (S-1-5-113)
The user right 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON (S-1-5-7), LOCAL (S-1-2-0)</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'. </td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NEAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NESecurity-Options"><span class="passed">Security Options</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >235</td><td >(ND, NE) Configure 'Accounts: Rename administrator account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >236</td><td >(ND, NE) Ensure 'Accounts: Administrator account status' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >237</td><td >(ND, NE) Ensure 'Accounts: Guest account status' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >238</td><td >(ND, NE) Configure 'Accounts: Rename guest account'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI"><span class="failed">BSI Benchmarks SiSyPHus-BSI</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSIRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >3.1.1 A</td><td >Configuration of the lowest possible telemetry-level (Enterprise Windows 10)</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3.1.1 B</td><td >Configuration of the lowest possible telemetry-level (Non-Enterprise Windows 10)</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >3.1.2.1</td><td >Deactivation of the telemetry service and ETW-sessions - disable service DiagTrack</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3.1.2.2</td><td >Deactivation of the telemetry service and ETW-sessions - disable service Autologger-Diatrack-Listener</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3.1.3.1.1</td><td >Deactivation of telemetry according to Microsoft - Disable Windows Update Service</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >3.1.3.1.2</td><td >Deactivation of telemetry according to Microsoft - Cloud-Based-Protection: disable MAPS</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3.1.3.1.3</td><td >Deactivation of telemetry according to Microsoft - Cloud-Based-Protection: never send sample files</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI-Bundespolizei"><span class="failed">BSI Benchmarks SiSyPHus-BSI Bundespolizei</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0003</td><td > Ensure 'Configure Automatic Updates' is set to 4</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0004</td><td > Ensure 'Configure Automatic Updates' is set to 'Every Day'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0005</td><td > Ensure 'Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0006</td><td > Ensure 'Specify the maximum log file size (KB)' is set to 'Enabled: 32768'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0032</td><td >Ensure 'Setup: Specify the maximum log file size (KB)' is set to 32768.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0037</td><td >Ensure 'Allow enhanced PINs for startup' is set 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0038</td><td >Ensure 'Allow Secure Boot for integrity validation' is set 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0039</td><td >Ensure 'Allow Secure Boot for integrity validation' is set 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0040</td><td >Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0041</td><td >Ensure 'Allow user control over installs' is set 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0043</td><td >Ensure 'Enable Windows NTP Client' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0065</td><td >Ensure 'Enumerate administrator accounts on elevation' is set 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0101</td><td > Ensure 'Restrict Unauthenticated RPC clients' is set 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0109</td><td >Ensure 'Allow Telemetry' is set to 0.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0110</td><td >Ensure 'Do not show feedback notifications' is set to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0111</td><td >Ensure 'Turn on MSDT interactive communication with support provider' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0112</td><td >Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0113</td><td >Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0114</td><td >Ensure 'Turn off location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0115</td><td >Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0116</td><td >Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0117</td><td >Ensure 'Turn off the Windows Customer Experience program' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0118</td><td >Ensure 'Turn off the Windows Error Reporting' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0119</td><td >Ensure 'Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0121</td><td >Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0122</td><td >Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0123</td><td >Ensure 'Prevent using Localhost IP address for WebRTC' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0131</td><td >Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0132</td><td >Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0133</td><td >Ensure 'Allow InPrivate browsing' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0135</td><td >Ensure 'Allow Standby States (S1-S3) When Sleeping (On Battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0136</td><td >Ensure 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0137</td><td >Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0138</td><td >Ensure 'Always install with elevated privileges ' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0139</td><td >Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0140</td><td >Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0141</td><td >Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0142</td><td >Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0143</td><td >Ensure 'Configure Password Manager' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0144</td><td >Ensure 'Configure Pop-up Blocker' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0145</td><td >Ensure 'Configure registry policy processing' is set to 'Do not apply during periodic background processing (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0146</td><td >Ensure 'Configure registry policy processing' is set to 'Process even if the Group Policy objects have not changed (False)'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0147</td><td >Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0148</td><td >Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0149</td><td >Ensure 'Disallow copying of user input methods to the system account for sign-in ' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0150</td><td >Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0151</td><td >Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0152</td><td >Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0153</td><td >Ensure 'Do not delete temp folders upon exit' set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0154</td><td >Ensure 'Do not display network selection UI' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0155</td><td >Ensure 'Do not enumerate connected users on domain-joined computers' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0156</td><td >Ensure 'Enable insecure guest logons' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0157</td><td >Ensure 'Enable local admin password management' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0158</td><td >Ensure 'Enable RPC Endpoint Mapper Client Authentication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0159</td><td >Ensure 'Enable screen saver' set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0160</td><td >Ensure 'Enable Windows NTP Server' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0161</td><td >Ensure 'Enable/Disable PerfTrack' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0163</td><td >Ensure 'Enumerate local users on domain-joined computers' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0164</td><td >Ensure 'Include command line in process creation events' set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0165</td><td >Ensure 'Let Windows apps access account information' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0166</td><td >Ensure 'Let Windows apps access call history' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0167</td><td >Ensure 'Let Windows apps access contacts' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0168</td><td >Ensure 'Let Windows apps access email' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0169</td><td >Ensure 'Let Windows apps access location' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0170</td><td >Ensure 'Let Windows apps access messaging' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0171</td><td >Ensure 'Let Windows apps access motion' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0172</td><td >Ensure 'Let Windows apps access notifications' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0173</td><td >Ensure 'Let Windows apps access the calendar' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0174</td><td >Ensure 'Let Windows apps access the camera' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0175</td><td >Ensure 'Let Windows apps access the microphone' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0176</td><td >Ensure 'Let Windows apps access trusted devices' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0177</td><td >Ensure 'Let Windows apps control radios' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0178</td><td >Ensure 'Let Windows apps make phone calls' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0179</td><td >Ensure 'Let Windows apps sync with devices' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0185</td><td >Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0209</td><td >Ensure 'Prevent downloading of enclosures' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0210</td><td >Ensure 'Prevent enabling lock screen camera' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0211</td><td >Ensure 'Prevent enabling lock screen slide show' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0212</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0213</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0214</td><td >Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0215</td><td >Ensure 'Prevent the computer from joining a homegroup' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0216</td><td >Ensure 'Prohibit access of the Windows Connect Now wizards' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0217</td><td >Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0218</td><td >Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' set to 'Enalbed'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0220</td><td >Ensure 'Require a password when a computer wakes (on battery)' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0221</td><td >Ensure 'Require a password when a computer wakes (plugged in)' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0222</td><td >Ensure 'Require additional authentication at startup' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0223</td><td >Ensure 'Require domain users to elevate when setting a network's location' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0224</td><td >Ensure 'Set the default behavior for AutoRun' set to 'Enalbed: Do not execute any autorun commands'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0225</td><td >Ensure 'Sign-in last interactive user automatically after a system-initiated restart' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0229</td><td >Ensure 'Turn off background refresh of Group Policy' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0230</td><td >Ensure 'Turn off Data Execution Prevention for Explorer' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0231</td><td >Ensure 'Turn off downloading of print drivers over HTTP' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0232</td><td >Ensure 'Turn off handwriting personalization data sharing' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0233</td><td >Ensure 'Turn off handwriting recognition error reporting' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0234</td><td >Ensure 'Turn off heap termination on corruption' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0235</td><td >Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0236</td><td >Ensure 'Turn off Internet download for Web publishing and online ordering wizards' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0237</td><td >Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0238</td><td >Ensure 'Turn off picture password sign-in' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0239</td><td >Ensure 'Turn off printing over HTTP' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0240</td><td >Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0241</td><td >Ensure 'Turn off Search Companion content file updates' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0242</td><td >Ensure 'Turn off shell protocol protected mode' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0243</td><td >Ensure 'Turn off the 'Order Prints' picture task' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0244</td><td >Ensure 'Turn off the 'Publish to Web' task for files and folders' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0245</td><td >Ensure 'Turn on convenience PIN sign-in' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0246</td><td >Ensure 'Turn on Mapper I/O (LLTDIO) driver' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0247</td><td >Ensure 'Turn on Responder (RSPNDR) driver' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0248</td><td >Ensure 'Turn On Virtualization Based Security' set to 'Enabled: Block untrusted fonts and log events'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0249</td><td >Ensure 'Untrusted Font Blocking' set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0250</td><td >Ensure 'Configure enhanced anti-spoofing' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0251</td><td >Ensure 'WDigest Authentication' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0253</td><td >Ensure 'Windows Firewall: Domain: Apply local firewall rules' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0254</td><td >Ensure 'Windows Firewall: Domain: Display a notification' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0279</td><td >Ensure 'Windows Firewall: Domain: Logging: Name' set to '%windir%\system32\logfiles\firewall\domainfirewall.log'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0280</td><td >Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' set to '16,384'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0281</td><td >Ensure 'Windows Firewall: Public: Outbound connections' set to 'Allow'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0282</td><td >Ensure 'Block launching Windows Store apps with Windows RuntimeAPIaccessfromhostedcontent' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0283</td><td >Ensure 'Turn off KMS Client Online AVS Validation' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0284</td><td >Ensure 'Do not display the password reveal button' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0285</td><td >Ensure 'Join Microsoft MAPS' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0286</td><td >Ensure 'Configure search suggestions in Address bar' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0287</td><td >Ensure 'Configure Windows SmartScreen' set to 'Enabled: Require approval from an administrator before running downloaded unknown software'.</td><td >Registry value is '1'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0288</td><td >Ensure 'Don't allow SmartScreen Filter warning overrides for unverified files' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0289</td><td >Ensure 'Don't allow SmartScreen Filter warning overrides' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0290</td><td >Ensure 'Prevent managing SmartScreen Filter' set to 'Enabled: On'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0291</td><td >Ensure 'Prevent managing SmartScreen Filter' set to 'Enabled: On'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0292</td><td >Ensure 'Turn on SmartScreen Filter scan' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0293</td><td >Ensure 'Allow Cortana' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0294</td><td >Ensure 'Allow search and Cortana to use location' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0295</td><td >Ensure 'Disable all apps from Microsoft Store' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0296</td><td >Ensure 'Disable pre-release features or settings' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0297</td><td >Ensure 'Turn off access to the Store' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0298</td><td >Ensure 'Turn off Automatic Download and Install of updates' set to 'Enabled'.</td><td >Registry value is '4'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0299</td><td >Ensure 'Turn off the offer to update to the latest version of Windows' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0300</td><td >Ensure 'Turn off the Store application' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0301</td><td >Ensure 'Allow Basic authentication' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0302</td><td >Ensure 'Allow unencrypted traffic' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0304</td><td >Ensure 'Allow Remote Shell Access' set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0306</td><td >Ensure 'Allow users to connect remotely by using Remote Desktop Services' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0307</td><td >Ensure 'Disallow Digest authentication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0308</td><td >Ensure 'Disallow WinRM from storing RunAs credentials' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0309</td><td >Ensure 'Do not allow COM port redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0310</td><td >Ensure 'Do not allow drive redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0311</td><td >Ensure 'Do not allow LPT port redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0312</td><td >Ensure 'Do not use temporary folders per session' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0313</td><td >Ensure 'Apply UAC restrictions to local accounts on network logons' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0323</td><td >Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' set to 'Disabled'.</td><td >Registry value is '<none>'. Expected: </td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0324</td><td >Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' set to 'Disabled'.</td><td >Registry value is '<none>'. Expected: </td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0325</td><td >Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' set to 'XTS-AES 256-bit'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0328</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0329</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0330</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0331</td><td >Ensure 'Configure minimum PIN length for startup' set to 'Enabled' and 'minimum characters' set to 10.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0332</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0333</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0334</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0335</td><td >Ensure 'Configure use of passwords for fixed data drives' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0336</td><td >Ensure 'Configure use of passwords for operating system drives' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0337</td><td >Ensure 'Configure use of passwords for removable data drives' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0338</td><td >Ensure 'Configure use of smart cards on fixed data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0339</td><td >Ensure 'Configure use of smart cards on removable data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0340</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0342</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Save BitLocker recovery information to AD DS for fixed data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0343</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Save BitLocker recovery information to AD DS for operating system drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0344</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Save BitLocker recovery information to AD DS for removable data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0345</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow startup key and PIN with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0346</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0347</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0348</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0349</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0350</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0351</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0352</td><td >Ensure 'Configure use of smart cards on fixed data drives' set to 'Require use of smart cards on fixed data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0353</td><td >Ensure 'Configure use of smart cards on removable data drives' set to 'Require use of smart cards on removable data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0354</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' set to 'Do not allow write access to devices configured in another organization'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0355</td><td >Ensure 'Password Settings' set to 'Large letters + small letters + numbers + specials'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0358</td><td >Ensure 'Require additional authentication at startup' set to 'Allow BitLocker without a compatible TPM'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0359</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0360</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard (Test)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0361</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard (True)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0362</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow startup key with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0363</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Allow 48-digit recovery password'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0364</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Require 48-digit recovery password '.</td><td >Registry value is '2'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0365</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not allow 48-digit recovery password'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0366</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0367</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0368</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0369</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Password Length' and set to greater or equal 15.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0370</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' set to 'Also apply to matching devices that are already installed. (True) '.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0371</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' set to 'Also apply to matching devices that are already installed. (True) '.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0372</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0373</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0374</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (Enabled)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0375</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Backup recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0376</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Store recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0377</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Backup recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0378</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Do not allow 256-bit recovery key'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0380</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not allow 256-bit recovery key'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0384</td><td >Ensure 'Password Age' set to less or equal 42.</td><td >Registry value is '10'. Expected: 42</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0385</td><td >Ensure 'Require additional authentication at startup' set to 'Require startup PIN with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0386</td><td >Ensure 'Turn on PowerShell Transcription' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0387</td><td >Ensure 'Turn on PowerShell Script Block Logging' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0388</td><td >Ensure 'Require secure RPC communication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0389</td><td >Ensure 'Set client connection encryption level' set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0390</td><td >Ensure 'Set time limit for active but idle Remote Desktop Services sessions' set to 'Enabled: 5 minutes'.</td><td >Registry value is '900000'. Expected: 300000</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0391</td><td >Ensure 'Set time limit for disconnected sessions' set to 'Enabled: 1 minute'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0044</td><td > Ensure 'SeTrustedCredManAccessPrivilege' is set to 'Enabled'</td><td >The user 'SeTrustedCredManAccessPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0045</td><td > Ensure 'SeNetworkLogonRight' is set to 'Administrator, Users'</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0046</td><td > Ensure 'SeTcbPrivilege' is set to 'None'</td><td >The user 'SeTcbPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0047</td><td > Ensure 'Adjust memory quotas for a process' set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0048</td><td > Ensure 'Allow log on locally' set to 'Administrators, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0049</td><td > Ensure 'SeBackupPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0050</td><td > Ensure 'SeSystemtimePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0051</td><td > Ensure 'SeTimeZonePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >The user right 'SeTimeZonePrivilege' contains following unexpected users: BUILTIN\Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0052</td><td > Ensure 'SeCreatePagefilePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >The user 'SeCreatePagefilePrivilege' setting does not contain the following users: NT AUTHORITY\LOCAL SERVICE</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0053</td><td > Ensure 'SeCreateTokenPrivilege' is set to 'None'</td><td >The user 'SeCreateTokenPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0054</td><td > Ensure 'SeCreateGlobalPrivilege' is set to 'Administrator, SERVICE, LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0055</td><td > Ensure 'SeCreatePermanentPrivilege' is set to 'None'</td><td >The user 'SeCreatePermanentPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0056</td><td > Ensure 'SeCreateSymbolicLinkPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0057</td><td > Ensure 'SeDebugPrivilege' is set to 'Administrator'</td><td >The user 'SeDebugPrivilege' setting does not contain the following users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0064</td><td > Ensure 'SeEnableDelegationPrivilege' is set to 'None'</td><td >The user 'SeEnableDelegationPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0066</td><td > Ensure 'SeRemoteShutdownPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0067</td><td > Ensure 'SeAuditPrivilege' is set to 'LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0068</td><td > Ensure 'SeImpersonatePrivilege' is set to 'Administrator, LOCAL SERVICE, NETWORK SERVICE'</td><td >The user right 'SeImpersonatePrivilege' contains following unexpected users: NT AUTHORITY\SERVICE</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0069</td><td > Ensure 'SeIncreaseBasePriorityPrivilege' is set to 'Administrator'</td><td >The user right 'SeIncreaseBasePriorityPrivilege' contains following unexpected users: Window Manager\Window Manager Group</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0085</td><td > Ensure 'SeRelabelPrivilege' is set to 'None'</td><td >The user 'SeRelabelPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0086</td><td > Ensure 'SeSystemEnvironmentPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0087</td><td > Ensure 'SeManageVolumePrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0088</td><td > Ensure 'SeProfileSingleProcessPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0089</td><td > Ensure 'SeSystemProfilePrivilege' is set to 'Administrator, NT SERVICE/WdiServiceHost'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0090</td><td > Ensure 'SeRestorePrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0091</td><td > Ensure 'SeShutdownPrivilege' is set to 'Administrator, Users'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0094</td><td > Ensure 'SeTakeOwnershipPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0104</td><td > Ensure 'SeDenyNetworkLogonRight' is set to 'Local account, Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0105</td><td > Ensure 'SeDenyBatchLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0106</td><td > Ensure 'SeDenyServiceLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0107</td><td > Ensure 'SeDenyInteractiveLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0108</td><td > Ensure 'SeDenyRemoteInteractiveLogonRight' is set to 'Local account, Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0180</td><td > Ensure 'Load and unload device drivers' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0181</td><td > Ensure 'Lock pages in memory' is set to 'No one'</td><td >The user 'SeLockMemoryPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0182</td><td > Ensure 'Log on as a batch job' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0183</td><td > Ensure 'Log on as a service' is set to 'No one'</td><td >The user right 'SeServiceLogonRight' contains following unexpected users: DESKTOP-UTMU75K\SQLServer2005SQLBrowserUser$DESKTOP-UTMU75K, NT SERVICE\ALL SERVICES, NT SERVICE\SQLTELEMETRY, NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER, NT VIRTUAL MACHINE\Virtual Machines
The user 'SeServiceLogonRight' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0184</td><td > Ensure 'Manage auditing and security log' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0219</td><td > Ensure 'Replace a process level token' is set to 'Local Service, Network Service'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0303</td><td > Ensure 'Allow log on through Remote Desktop Services' is set to 'Remote Desktop User'</td><td >The user right 'SeRemoteInteractiveLogonRight' contains following unexpected users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiAccount-Policies"><span class="failed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0001</td><td > Ensure 'Maximum password age' is set to between 1 and 42</td><td >'MaximumPasswordAge' currently set to: 120. Expected: x <= 42 and x >= 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0002</td><td > Ensure 'Password must meet complexity requirements' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0100</td><td > Ensure 'Reset account lockout counter after' is set greater or equal 15</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0102</td><td > Ensure 'Account lockout duration' is set to '15 or more minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0103</td><td >Ensure 'Account lockout threshold' is set greater or equal 1 and less or equal 10</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0162</td><td > Ensure 'Enforce password history' is set greater or equal 24</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0186</td><td > Ensure 'Minimum password age' is set to greater or equal 1</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0187</td><td > Ensure 'Minimum password length' is set to greater or equal 14</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHus--BSI-BundespolizeiAdvanced-Audit-Policy-Configuration"><span class="failed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0008</td><td > Ensure 'Audit Application Group Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0011</td><td > Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</td><td >Set to: No Auditing</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0012</td><td > Ensure 'Audit Security Group Management' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0013</td><td > Ensure 'Audit account management' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0014</td><td > Ensure 'Advanced security audit policy settings' is set to 'SuccessAndNotFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0015</td><td > Ensure 'Audit Process Creation' is set to 'SuccessAndNotFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0016</td><td > Ensure 'Audit Other Logon/Logoff Events' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0017</td><td > Ensure 'Audit Account Lockout' is set to 'SuccessAndNotFailure'</td><td >Set to: Failure</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0018</td><td > Ensure 'How to track users logon/logoff' is set to 'SuccessAndNotFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0019</td><td > Ensure 'Audit Policy: Logon-Logoff: Logon' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0020</td><td > Ensure 'Audit Policy: Logon-Logoff: Special Logon' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0021</td><td > Ensure 'Audit Policy: Object Access:Removable Storage' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0022</td><td > Ensure 'Audit Policy: Policy Change: Audit Policy Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0023</td><td > Ensure 'Audit Policy: Policy Change: Authentication Policy Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0025</td><td > Ensure 'Audit Policy: System: IPsecDriver' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0026</td><td > Ensure 'Audit Policy: System: OtherSystem Events' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0027</td><td > Ensure 'Audit Policy: System: Security State Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0028</td><td > Ensure 'Audit Policy: System: Security System Extension' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0029</td><td > Ensure 'Audit Policy: System: System Integrity' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section></div><div class="tabContent" id="summary"><h1 >Benchmark Compliance</h1><div style="float: left;"><p >Generated by the <i>ATAPAuditor</i> Module Version <i>5.2</i> by FB Pro GmbH. Get it in the <a href="https://github.com/fbprogmbh/Audit-Test-Automation">Audit Test Automation Package</a>.</p><p >Does your system show low benchmark compliance? Check out our <a href="https://www.fb-pro.com/enforce-suite">hardening solutions</a>.</p><p >Based on:<ul ><li >CIS Microsoft Windows 10 Enterprise Release 21H1 Benchmark, Version: 1.12.0, Date: 2022-02-15</li><li >DISA Windows 10 Security Technical Implementation Guide, Version: V1R16, Date: 2019-10-25</li><li >CYBERGOVAU Hardening Microsoft Windows 10 version 21H1 Workstations, Version: 10.2020, Date 2020-10-01</li><li >Microsoft Security baseline (FINAL) for Windows 10, Version: 21H1, Date: 2021-05-18</li><li >BSI SiM-08202 Client unter Windows 10, Version: 1, Date: 2017-09-13</li><li >Configuration Recommendations for Hardening of Windows 10 Using Built-in Functionalities: Version 1.3, Date: 2021-05-03</li></ul><p >This report was generated on 12/07/2022 10:37:18 on DESKTOP-UTMU75K.fb-pro.com with ATAPHtmlReport version 1.8.</p></p></div><div id="riskMatrixSummaryArea"><h2 id="CurrentRiskScore">Current Risk Score on tested System: </h2><h3 >For further information, please head to the tab "Risk Score".</h3><div id="riskMatrixSummary"><div id="dotSummaryTab"></div><div id="severity"><p id="severityArea">Severity</p></div><div id="quantity"><p id="quantityArea">Quantity</p></div><div id="severityCritical">Critical</div><div id="severityHigh">High</div><div id="severityMedium">Medium</div><div id="severityLow">Low</div><div id="quantityCritical">Critical</div><div id="quantityHigh">High</div><div id="quantityMedium">Medium</div><div id="quantityLow">Low</div><div id="critical_low"></div><div id="high_low"></div><div id="medium_low"></div><div id="low_low"></div><div id="critical_medium"></div><div id="high_medium"></div><div id="medium_medium"></div><div id="low_medium"></div><div id="critical_high"></div><div id="high_high"></div><div id="medium_high"></div><div id="low_high"></div><div id="critical_critical"></div><div id="high_critical"></div><div id="medium_critical"></div><div id="low_critical"></div></div></div><h1 style="clear:both;"></h1><p >A total of 2682 tests have been executed.</p><div class="gauge"><div title="True 2157 test(s), 80.43%" style="width: 80.43%" class="gauge-meter passed"></div><div title="False 521 test(s), 19.43%" style="width: 19.43%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 4 test(s), 0.15%" style="width: 0.15%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 2157 test(s) &#x2259; 80.43%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 521 test(s) &#x2259; 19.43%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 4 test(s) &#x2259; 0.15%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">CIS Benchmarks</h2><p >A total of 512 tests have been executed in section CIS Benchmarks.</p><div class="gauge"><div title="True 478 test(s), 93.36%" style="width: 93.36%" class="gauge-meter passed"></div><div title="False 33 test(s), 6.45%" style="width: 6.45%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 1 test(s), 0.20%" style="width: 0.20%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 478 test(s) &#x2259; 93.36%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 33 test(s) &#x2259; 6.45%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 1 test(s) &#x2259; 0.20%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">DISA Recommendations</h2><p >A total of 161 tests have been executed in section DISA Recommendations.</p><div class="gauge"><div title="True 133 test(s), 82.61%" style="width: 82.61%" class="gauge-meter passed"></div><div title="False 25 test(s), 15.53%" style="width: 15.53%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 3 test(s), 1.86%" style="width: 1.86%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 133 test(s) &#x2259; 82.61%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 25 test(s) &#x2259; 15.53%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 3 test(s) &#x2259; 1.86%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">CyberGovAu Benchmarks</h2><p >A total of 381 tests have been executed in section CyberGovAu Benchmarks.</p><div class="gauge"><div title="True 196 test(s), 51.44%" style="width: 51.44%" class="gauge-meter passed"></div><div title="False 185 test(s), 48.56%" style="width: 48.56%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 196 test(s) &#x2259; 51.44%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 185 test(s) &#x2259; 48.56%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">Microsoft Benchmarks</h2><p >A total of 357 tests have been executed in section Microsoft Benchmarks.</p><div class="gauge"><div title="True 306 test(s), 85.71%" style="width: 85.71%" class="gauge-meter passed"></div><div title="False 51 test(s), 14.29%" style="width: 14.29%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 306 test(s) &#x2259; 85.71%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 51 test(s) &#x2259; 14.29%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS Logging</h2><p >A total of 51 tests have been executed in section BSI Benchmarks SiSyPHuS Logging.</p><div class="gauge"><div title="True 48 test(s), 94.12%" style="width: 94.12%" class="gauge-meter passed"></div><div title="False 3 test(s), 5.88%" style="width: 5.88%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 48 test(s) &#x2259; 94.12%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 3 test(s) &#x2259; 5.88%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS HD</h2><p >A total of 384 tests have been executed in section BSI Benchmarks SiSyPHuS HD.</p><div class="gauge"><div title="True 327 test(s), 85.16%" style="width: 85.16%" class="gauge-meter passed"></div><div title="False 57 test(s), 14.84%" style="width: 14.84%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 327 test(s) &#x2259; 85.16%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 57 test(s) &#x2259; 14.84%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS ND</h2><p >A total of 292 tests have been executed in section BSI Benchmarks SiSyPHuS ND.</p><div class="gauge"><div title="True 252 test(s), 86.30%" style="width: 86.30%" class="gauge-meter passed"></div><div title="False 40 test(s), 13.70%" style="width: 13.70%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 252 test(s) &#x2259; 86.30%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 40 test(s) &#x2259; 13.70%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS NE</h2><p >A total of 262 tests have been executed in section BSI Benchmarks SiSyPHuS NE.</p><div class="gauge"><div title="True 223 test(s), 85.11%" style="width: 85.11%" class="gauge-meter passed"></div><div title="False 39 test(s), 14.89%" style="width: 14.89%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 223 test(s) &#x2259; 85.11%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 39 test(s) &#x2259; 14.89%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHus-BSI</h2><p >A total of 7 tests have been executed in section BSI Benchmarks SiSyPHus-BSI.</p><div class="gauge"><div title="True 5 test(s), 71.43%" style="width: 71.43%" class="gauge-meter passed"></div><div title="False 2 test(s), 28.57%" style="width: 28.57%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 5 test(s) &#x2259; 71.43%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 2 test(s) &#x2259; 28.57%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHus-BSI Bundespolizei</h2><p >A total of 275 tests have been executed in section BSI Benchmarks SiSyPHus-BSI Bundespolizei.</p><div class="gauge"><div title="True 189 test(s), 68.73%" style="width: 68.73%" class="gauge-meter passed"></div><div title="False 86 test(s), 31.27%" style="width: 31.27%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 189 test(s) &#x2259; 68.73%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 86 test(s) &#x2259; 31.27%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol></div><div class="tabContent" id="foundationData"><h1 >Security Base Data</h1><div id="systemData"><h2 style="margin-top: 0px;">System information</h2><table id="summaryTable"><tbody ><tr ><th scope="row">Hostname</th><td >DESKTOP-UTMU75K.fb-pro.com</td></tr><tr ><th scope="row">Domain role</th><td >Member Workstation</td></tr><tr ><th scope="row">Operating System</th><td >Microsoft Windows 10 Pro</td></tr><tr ><th scope="row">Build Number</th><td >Version 21H2 (Build 19044.2251)</td></tr><tr ><th scope="row">Installation Language</th><td >English (United States)</td></tr><tr ><th scope="row">System Uptime</th><td >0:02:03:14</td></tr><tr ><th scope="row">Free disk space</th><td >40.4 GB</td></tr><tr ><th scope="row">Free physical memory</th><td >24.8% (5.1 GB / 20.7 GB)</td></tr></tbody></table></div><h2 >Table Of Contents</h2><p >Click the link(s) below for quick access to a report section.</p><ul ><li ><a href="#Security-Base-Data">Security Base Data</a><ul ><li ><a href="#Security-Base-DataPlatform-Security">Platform Security</a></li><li ><a href="#Security-Base-DataWindows-Base-Security">Windows Base Security</a></li><li ><a href="#Security-Base-DataPowerShell-Security">PowerShell Security</a></li><li ><a href="#Security-Base-DataConnectivity-Security">Connectivity Security</a></li><li ><a href="#Security-Base-DataApplication-Control">Application Control</a></li></ul></li></ul><h2 >Security Base Data Details</h2><section ><h1 id="Security-Base-Data"><span class="failed">Security Base Data</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><section ><h1 id="Security-Base-DataPlatform-Security"><span class="passed">Platform Security</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >SBD-001</td><td >Ensure the system is booting in 'UEFI' mode.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-002</td><td >Ensure the system is using SecureBoot.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-003</td><td >Ensure the TPM Chip is 'present'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-004</td><td >Ensure the TPM Chip is 'ready'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-005</td><td >Ensure the TPM Chip is 'enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-006</td><td >Ensure the TPM Chip is 'activated'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-007</td><td >Ensure the TPM Chip is 'owned'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-008</td><td >Ensure the TPM Chip is implementing specification version 2.0 or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Security-Base-DataWindows-Base-Security"><span class="failed">Windows Base Security</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >SBD-009</td><td >Get amount of active local users on system.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-010</td><td >Get amount of users and groups in administrators group on system.</td><td >Amount of entries: 2;
</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-011</td><td >Ensure the status of the Bitlocker service is 'Running'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-012</td><td >Ensure that Bitlocker is activated on all volumes.</td><td >Bitlocker is not activated on all volumes.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-013</td><td >Ensure the status of the Windows Defender service is 'Running'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-014</td><td >Ensure Windows Defender Application Guard is enabled.</td><td >Windows Defender Application Guard is not enabled.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-015</td><td >Ensure the Windows Firewall is enabled on all profiles.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-016</td><td >Check if the last successful search for updates was in the past 24 hours.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-017</td><td >Check if the last successful installation of updates was in the past 5 days.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-018</td><td >Ensure Virtualization Based Security is enabled and running.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-019</td><td >Ensure Hypervisor-protected Code Integrity (HVCI) is running.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-020</td><td >Ensure Credential Guard is running.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-021</td><td >Ensure Attack Surface Reduction (ASR) rules are enabled.</td><td >Compliant (12 rules enabled). For more information on ASR rules, check corresponding benchmarks.</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Security-Base-DataPowerShell-Security"><span class="failed">PowerShell Security</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >SBD-022</td><td >Ensure PowerShell Version is set to version 5 or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-023</td><td >Ensure PowerShell Version 2 is uninstalled.</td><td >PowerShell Version 2 is supported.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-024</td><td >Ensure PowerShell is set to configured to use Constrained Language.</td><td >Language Mode is not set to 'Constrained Language'. Current configuration: FullLanguage</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-025</td><td >Ensure Execution policy is set to set to AllSigned / RemoteSigned.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-026</td><td >Ensure PowerShell Commandline Audting is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-027</td><td >Ensure PowerShell Module Logging is set to 'Enabled'.</td><td >PowerShell Module Logging is not set to 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-028</td><td >Ensure PowerShell ScriptBlockLogging is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-029</td><td >Ensure PowerShell ScriptBlockInvocationLogging is set to 'Enabled'.</td><td >PowerShell ScriptBlockInvocationLogging is not set to 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-030</td><td >Ensure PowerShell Transcripting is set to 'Enabled'.</td><td >PowerShell Transcripting is not set to 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-031</td><td >Ensure PowerShell InvocationHeader is set to 'Enabled'.</td><td >PowerShell InvocationHeader is not set to 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-032</td><td >Ensure PowerShell ProtectedEventLogging is set to set to 'Enabled'.</td><td >PowerShell ProtectedEventLogging is not set to 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-033</td><td >Ensure .NET Framework version supports PowerShell Version 2 is uninstalled.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Security-Base-DataConnectivity-Security"><span class="failed">Connectivity Security</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >SBD-034</td><td >Ensure system is configured to deny remote access via Terminal Services.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-035</td><td >Ensure system is configured to prevent RDP service.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-036</td><td >Ensure NTLM Session Server Security settings are configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-037</td><td >Ensure WinFW Service is running.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >SBD-038</td><td >Ensure NetBios is set to 'Disabled'.</td><td >NetBios is 'Enabled'.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >SBD-039</td><td >Ensure SMBv1 is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="Security-Base-DataApplication-Control"><span class="failed">Application Control</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >SBD-040</td><td >Ensure Windows Defender Application Control (WDAC) is available.</td><td >Only supported on Windows 10 Enterprise.</td><td ><span class="auditstatus ">None</span></td></tr><tr ><td >SBD-041</td><td >Ensure Windows Defender Application ID Service is running.</td><td >AppLocker is not running. Currently: Stopped</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section></section></div><div class="tabContent" id="riskScore"><h1 >Risk Score</h1><p >To get a quick overview of how risky the tested system is, the Risk Score is used. This is made up of the areas "Severity" and "Quantity". The higher risk is used as the overall risk.</p><h2 id="CurrentRiskScoreRS">Current Risk Score on tested System: </h2><div id="riskMatrixContainer"><div id="dotRiskScoreTab"></div><div id="severity"><p id="severityArea">Severity</p></div><div id="quantity"><p id="quantityArea">Quantity</p></div><div id="severityCritical">Critical</div><div id="severityHigh">High</div><div id="severityMedium">Medium</div><div id="severityLow">Low</div><div id="quantityCritical">Critical</div><div id="quantityHigh">High</div><div id="quantityMedium">Medium</div><div id="quantityLow">Low</div><div id="critical_low"></div><div id="high_low"></div><div id="medium_low"></div><div id="low_low"></div><div id="critical_medium"></div><div id="high_medium"></div><div id="medium_medium"></div><div id="low_medium"></div><div id="critical_high"></div><div id="high_high"></div><div id="medium_high"></div><div id="low_high"></div><div id="critical_critical"></div><div id="high_critical"></div><div id="medium_critical"></div><div id="low_critical"></div></div><div id="calculationTables"><h3 class="calculationTablesText">Risk Score Calculation</h3><p class="calculationTablesText">The calculation of the Risk Score is based on the set of compliant rules at the quantity level and also at the severity level.</p><table id="quantityTable"><tr ><th >Compliance to Benchmarks (Quantity)</th><th >Risk Assessment</th></tr><tr ><td >More than 80%</td><td >Low</td></tr><tr ><td >Between 65% and 80%</td><td >Medium</td></tr><tr ><td >Between 50% and 65%</td><td >High</td></tr><tr ><td >Less than 50%</td><td >Critical</td></tr></table><table id="severityTable"><tr ><th >Compliance to Benchmarks (Severity)</th><th >Risk Assessment</th></tr><tr ><td >All critical settings compliant</td><td >Low</td></tr><tr ><td >1 or more incompliant setting(s)</td><td >Critical</td></tr></table></div><div id="severityCompliance"><p id="complianceStatus">Table Of Severity Rules</p><span class="sectionAction collapseButton" id="severityComplianceCollapse">-</span><table id="severityDetails"><tr ><th >Id</th><th >Task</th><th >Status</th><th >Severity</th></tr><tr ><td >1.1.7</td><td >(L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >2.2.38</td><td >(L1) Ensure 'Manage auditing and security log' is set to 'Administrators' (MS only)</td><td ><span class="severityResultNone">None</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >2.3.5.2</td><td >(L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)</td><td ><span class="severityResultNone">None</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >2.3.11.4</td><td >(L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >2.3.11.5</td><td >(L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >7.9 A</td><td >(L1) Ensure RC4 Cipher Suites is Disabled (RC4 40/128)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >7.9 B</td><td >(L1) Ensure RC4 Cipher Suites is Disabled (RC4 56/128)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >7.9 C</td><td >(L1) Ensure RC4 Cipher Suites is Disabled (RC4 64/128)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >7.9 D</td><td >(L1) Ensure RC4 Cipher Suites is Disabled (RC4 128/128)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >9.1.7</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >9.1.8</td><td >(L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.3.3</td><td >(L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.3.3</td><td >(L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.3.6</td><td >(L1) Ensure 'WDigest Authentication' is set to 'Disabled'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.6.2</td><td >(L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.6.3</td><td >(L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.9.2</td><td >(L1) Ensure 'Turn off real-time protection' is set to 'Disabled'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 A</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office communication application from creating child processes)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 B</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating executable content)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 C</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block execution of potentially obfuscated scripts)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 D</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Block Office applications from injecting code into other processes' is configured</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 E</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Adobe Reader from creating child processes)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 F</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Win32 API calls from Office macro)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 G</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block credential stealing from the Windows local security authority subsystem (lsass.exe))</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 H</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block untrusted and unsigned processes that run from USB)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 I</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block executable content from email client and webmail)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 J</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block JavaScript or VBScript from launching downloaded executable content)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 K</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block Office applications from creating child processes)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.47.5.1.2 L</td><td >(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Block persistence through WMI event subscription)</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.58.3.10.1</td><td >(L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr><tr ><td >18.9.58.3.10.2</td><td >(L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'</td><td ><span class="severityResultTrue">True</span></td><td ><p style="margin: 5px auto;">Critical</p></td></tr></table></div></div><div class="tabContent" id="references"><h1 >About us</h1><h2 >What makes FB Pro GmbH different</h2><h3 >What do we want?</h3><p >Protect our customers' data and information - and thus implicitly contribute to the safe use of the Internet.</p><h3 >How do we achieve this? </h3><p >We implement in-depth IT security for our customers. And we always do so in a state-of-the-art, efficient and automated manner.</p><div id="referencesContainer"><div ><h2 >Check out our hardening solution</h2><a href="https://www.fb-pro.com/enforce-administrator-product/"><img width="125px" height="200px" src=" data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAARgAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABAMDAwMDBAMDBAYEAwQGBwUEBAUHCAYGBwYGCAoICQkJCQgKCgwMDAwMCgwMDQ0MDBERERERFBQUFBQUFBQUFAEEBQUIBwgPCgoPFA4ODhQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU/8AAEQgBygEsAwERAAIRAQMRAf/EANIAAAEEAwEBAAAAAAAAAAAAAAABAgUGAwQHCAkBAQACAwEBAQAAAAAAAAAAAAABAgMEBQYHCBAAAQMDAQQECQUJDAcHBAMAAQIDBAARBQYhMRIHQVETCGFxgZGxIjIzFKFCUnIjYoKSssJDgzQVwdGiRLRFdcUWhjdH4VNjc5OjNbMkdIQ2dhfwVCY4ZCVGEQEAAgECAwQGCAMECgIDAAAAAQIDEQQhMQVBgRIGUWFxMkITkaGxwdEighTw4TNScpJD8WKywiMkNBUlNaLSU4NE/9oADAMBAAIRAxEAPwD39QFBTuYXNPQXKzEnL64zTGMZUD8PHUeOVIUPmssoutZ8QsOm1B4h5id/PWuezDcLlfAa09gmXCfjsi2iXOkhNyOJu/ZtJNtwKleGg1cV34+csEp/aUTDZRI9rjjuxlHytOW+Sgu2K7/+TQQM7oZl0fOVBnKb8wdaV6aC7Ynv58tpJAzGnszjid5aTHlpHmdbPyUF2xXfD5C5O3a6gexqj82dBlN28akNrT8tBd8Tzz5O5ywxmuMM6tW5CpjTS/wXSk/JQXKFmsPkUBzH5CNLQr2VMPNug38KSaDeoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoNPLZXHYLFzc1l5CYmLxzDkubJcvwNMMpK1rNrmwSCaDwtzg7/EiUl/C8mYPYMm6DqnJt3WofSjRVbvAt78DpoPGOez+d1TlX87qbJScvmZBJenTXFPOm+2wKvZT1JTYUGDH/rbfl9BoJygKAoCgRSELFlpCh4Rf00DmFuRF9pEcXGcG0LYWplXnQRQWfFcy+ZGDKTiNYZmHweylue+Ui3gWpQ6KC7YrvR8+sQQWtYvS0j5s5iPKv4ytu9Bd8T34uckEj9oxsNlU9PaxnWFHysupHyUF2xXf+yqLDOaHYe+kuDPU15kusr/ABqC64vv6ct5Fhl9O5rHqO8tpjy0DypdSr+DQXTF98fkJkuEO59/GrVb1Z8KSza/WoIUn5aC8YnntyczhSnGa3w7ql+ylcttlW3wOlJ6aC5wM5hMoAcZkos0HcYz7b1/wFGg36AoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoKLzp/wg15/QGT/AJI5QfGNr3SPqj0UDqDZx/6235fQaCdoCgKAoCgKAoCgKAoCgKBqm21+0kK8YBoHsLcjKC4zi2FDcppamz/BIoLPieZfMbBEHDauzMK24Mz5AT5isjpoLtiu9Hz5xFgzrKRKSPmzmI0sHxlxoq/hUF2xffi5zQbCfHw2USN5diux1nysugfwaC6Yvv8A+YQEpzmhmHd3EuDPUjx2S80fxqC64vv7cupBSMvpvM48n2lNpYlJH4DiSfNQXbFd8jkLkilL2dkY0q/++hSGwPGUJWKC8YnnxyazhCcdrjDqUdyXpSI6vM8UHooLpj85hMskLxWSizkHcqM+28POhRoN+gKAoCgKAoCgKAoCgKAoKLzp/wAINef0Bk/5I5QfGNr3SPqj0UDqDax/6235fQaCcoCgKBpcbB4StIUOgkXoHDbu20BQFAUBQFAUBQFAUBQFAUBQFAUCFKTvAPkoHMrXHUFx1qZWNy2lFCvOmxoLNi+ZPMXB2/Y+rszCCdyGshI4PwVLKfkoLri+9Bz6xISGdZyJSE2sicxGk3t1lTYV0fSoLri+/Bzpg8IyDOGyiRv7SK5HUfK05b5KC7Yrv/ZpBAzmh4zyfnGDOW0fIHW1+mgu2K7+3LyQQMzprMY++9TPw8sD/mNn5KC7Yrvj8hsnYP5uTjFHonQZKQPGppDifloLviefXJjOEDG65w61q3Nuy246/wAF4oPT1UFzg5/BZRAcxuTiTG1blR323Qb+FCjQSNAUBQFBRedP+EGvP6Ayf8kcoPjG17tH1R6KB1BtY/8AW2/L6DQTlAUBQewcJntE8v8Auw6E1dn9B4rVkifLdx74mNNNvcK3ZC+PtuyWokcFgDQUo81O6zmP+t8m5GOWr2ncXKRs8QS4z6KDmXNOXyfmzMY9ygx+TxsMtO/teNllKWoPcQ7PsipbmzhvexoLjyd7vS+cGgtS6ixeVci6lw8lUXG40toVGlLEdL6ULWbKQVFXCCNlBxJ5l+M87GlNKYlMLU0+w4OFbbjZKVJUDuIIsaDGSEi53UFo1ty+1by7mQYOroKYUjJREZCCEOtvpcjOGyV3bJA2i1jtoInGYDP5tEh3CYmZk24nCZSoUdyR2XHfh4+zBtextQasqDPgKKZ8KTEUN4kMOtfjpFBrIcQu/AoKtvsQbUDqAoCgKAoCgKAoCgKAoCgKAoCgRSUqFlAKHURegVm8ZfaRlKjuDaFsqU0rzoINBZMZzE5hYQp/ZGrczDCfZS1PkFI8ilqFBdsX3nefOJUks60kyQn5s5piUD4+0bJoLpju/DzqxqSue3h8qlAJIfiLZJtfpYdR6KD3z/aWX/8AHf8AbHsW/jv2L+1vh/W7LtfhPiODffhvs33tQRnOn/CDXn9AZP8AkjlB8Y2/do+qPRQOoNnH/rbfl9BoJ2gKAoPTGuiE9y7lwVEAfthW07PnS6DzKFoO5QPiNA6g9U8hdQ5PSPdv5l6rwy+DJ4TLxJ8bbYLLKIxLavuVpuk+OggO8npHE6hhYjvB6Eb4tJawSgZthI9aHliOElwDdxlJQv8A2ib/ADqDzm57BoPSnfJ/9T6E/wDa0T8dVBvd03M5HT2i+cmcxL3YZPHYhmXDeKQsJeYbkKQopVcGxG40Ffid8jnClCU5VvCZhFvWEzHJBOzpLS0j5KDn/NPmtJ5qSsZNmaexeBlY5t1pw4hstJkdspKuJwEb08NhtO+gneTHIbK81G52oMpkW9NcvsRxftPUEkAgrQOJTbIWUpJSNq1qPCnwnZQXSU53KsE4cQGdTakW36jubjuOIbUobCpsAsgjqs3QamV7v2ktdYOXqnu8alVqRMFPa5DSWSAZy7KN/wBncI4zs2BSfW3BRNB56Whba1NuIU26hRQ42sFKkqSbFKgdoIOwig6Py15G695s4vJZXRiITzWKfRFksy5AjOFxxHaJ4LpIIt4aCTzHdh574Rpb0jR78plsEqVAeYlGw6kpWFHyCg5TJjSYch2HMZcjS2Flt+O8hTbra07ClaFAFJHURQYqBCpKfaIHjNAAg7QbigWgKAoCgKAoCgKAoMb/ALhz6p9FB9cf8jf7p/1bQZ+dP+EGvP6Ayf8AJHKD4xte7R9UeigdQbOP/W2/L6DQTtAUBQez8RzLyPKzum6Az+NxWPzK5U52C9DyrZdYLbjklZIA3KugbaDnyu8/o3Kn/wDKeS2m5t/bcipbZWevapknb46DgWfnQMnncnksXBTi8ZMlPSIeNQeJMZl1ZUhkHpCAeGg9C8rP/wBSecn/AItr/so1BF92nXeHcdy3I/Xh7XQuu0mPGUs2ETKLFkKST7PaWTY9DiU0HIeY+hsxy21dldF5wXm41wBuQAQiRGXtafRfoWnzG46KDt3fJ/8AU+hP/a0T/tFUGz3VsdOy+hOdOKxjC5WRm4VqPEjNi7jrzrUhKEJHWSbCg4nP5T80cQn/APs9GZqNwgXKoD6h50pIoKq/DmsSDBeYcYnlSWgw8hTbgccICQpKgCNpG+g9Pd6DKHl/pDQ/IXTqzFw0TGtZPPJbNlSn1KIQHCN4U4HHVDpNuqg8uUE9ozWWf5f6mgat0xIMfLY9wLSASEPNX9dl0fOQseqQfHQdi7zunsLOf0tzo0qwI+A5iRBJlx02s1k20hTl7bLrF+L7pJPTQbHKhxxruu853WVqbdRLx5StCilQP2O0EWIoOQ4XmZzG03Ibk4LVmWhOskKQEzHnG9hvZTbqloUOsFNB2Xno7G5l8oNDc9VxGomqpMhzAanVHQENyXWeNKHSB08Tdx1BXD0Cg53yR5Ryub2rF4xyScdpnFNfG6iyuwdhFBNkIKvVC12NidiQCo7qDp2W56cmuXshzT3KPlnis1j4pLTmos8n4hctSTYrR2iVrKT0KJTfoSBQa0PXPd/5xOjB680gzy51DLIbg6rwKgmEh5WxPxDVkgJJ3lSSPCnfQcH1jgU6S1PmNNt5GPl0YmUuInJQyTHfDZtxJv5jvAN9poPQ2rOQnIHSsuBiM9zMn6czk2BGyIYmxBJZ7OUi4IcbbAtxBWwqoKlmeRGg2sNkcxpfnHp/MmBGeloxziRHlP8AYoLnZoHa+2oCwHDvoOHA3APXQFAUBQFAUGN/3Dn1T6KD64/5G/3T/q2gz86f8INef0Bk/wCSOUHxja92j6o9FA6g2sf+uN+X0GgnKAoCg9O60YkP9zDlyI7Dr6kZdSlpZbW6Qnili5CASB4aDzAtaWjwvfZKG8OAoPmVagErQv2FBXiIPooPTHKz/wDUnnJ/4tr/ALKNQeagpaFhbaihxBCkLSbKSpJuCCNxB2ig9R6w7PvJcjm9eRkpVzY5cNfC6kZQPtZ2NA4+1AG03ALqfugtPSKCN746kq1LoJSSClWlYhBG4grVQbHdZnTcZoHnVksbIXFyETCNPxZLR4XG3W2pCkrSeggi4oOeY3vN8+cclPZa1lvgDdLaYkdH3bd6Cjap1pnNYarf1vqZ5ErNyHo8mY622llK/heACyECw9VA3UHcu+bHMnXumNWMHtMVqDT0ZyG8NqFFhaioA/VdQaDzfQFB6R1qm3cz5embf4j9vSDAvv7Euyr28FqCV7uukpuu+QnNbSONlRoc7KT4TTMmcstRkKQhtz11gEgEJtu30Fbf7mfOhCwYgw02OTYyGcikNgE7zxoSbW27AaDY565HTeh+WGkOQmn8sxnMth5TmX1TPhq446JjnGoNJULi/E4dm8JSL7TQZ9NSHNIdzjUmYx57HJaxz4xUiQjYsxU8KFIuNoBQhafvjQebt2wbqAoGLADZAFgLWFB3/vcf4hae/wDa2K9DlBwIpSfaAJG64oFoCgKAoCgKDG/7hz6p9FB9cf8AI3+6f9W0GfnT/hBrz+gMn/JHKD4xte6R9UeigdQbWP8A1tvy+g0E5QFAUHXtC95fmry809C0rgJUBeBx4WmLFmQUPFIcWVqBWChR9YneaC4o75GsZA4c9ozTGXQfa7SI40T51OD5KDn/ADV5tYbmXBxrMHQuK0lkIT7j0mbiuEGShxASELAabNgRxC5NBsaN5sYjTfJbXfK+XAlPZTVbqHoU9ot/DtcKGk2dCiFfmz7IO+g5RQdB5MczZXKnXMTUIQZGElJMDUEAbRIx7xsvZuKm/bR4RbpNB0Hvbar0dq3V2mJWh8rFy2Gh4VMQOQ1FSGiiQ4UtqBAKSEkbDQbndrkR2eXHO5l55tt17AgMtrWlKl8LMm/CCbm3goPOCfZHiFAtB6e5cyML3gOUrXJPNTmsfzI0oVStCz5SuFEqOAf+7FR2mwPZqSNvDwqF+E0HnnVGk9S6Jyz+D1bi38TlI5KVsyUFKVAfObX7K0noUkkUE5yy5Wau5sagj4LS8RaoylpGQy6kH4SGyT6zi12sVAeygeso0HT+9Fq3Twlab5PaLdD2l+X0f4Z55BCkuZEoDaxxDYS2keufpqV1UD+Vm3us86f/ABeP3bP9TQc35Qcyshyy5g4PU5kvrxEZ8M5aIXFqbXCkfZvXQSQSlJ4hs6KCZ7xPLyPy85mT2sUlP9l9QJGcwDrfuzGmHiWhJ/2ayR9UpoLvy+ZXrzura60VAHbZ7SOUb1GzETtcXEUAtZSOn1Uu+UUHnAEKAINwdoI6jQLQNc9g0HtHnrzF5Y6a1JgsLrjllF1dKXp/Gvpy6pHw8lDS0EBobAeFJST7XTQefeZOpuS2fw8VPLjRc/S2fTJC5jkmWZUZcXhUChILq7K4iD7I2UHMqAoCgKAoCgxv+4c+qr0UH1x/yN/un/VtBn50/wCEGvP6Ayf8kcoPjG37tH1R6KB1BtY79cb8voNBOUBQFAqQVEJSLqJsB4TUTOkarVrNrRWOMzwZHYshkcTrakJva53XrHTNS/Cs6t/c9N3W2r4suO1Y5azyYgCdg2nqrK58RMzpAII3i1CYmOcCiBQFgN1AWF79I3GgKAoHsPPRn2pMZ1bElhYcZfaUUOIWk3SpKkkEEHcRQd6033veaGJxzeK1JExesobICWnMzHvJCR9JxvYs+FSb0GprHvXc0NT4tzBYdMHR+GeBS8zgWiy8tKt47Ym6QengAPhoOG9Z3k7STtJJoOpaL5mYTTnJvmDy4mxpTmX1Y7Gex8poIMZv4ct3DpKgoX4DawNBy02NwdoO8UHdc7rPS3MTu9YjD5/KsROZfL+SWMOzIKg7kcQ5wp7NCrEFSUkCxP5vw0FF5Q80Mpyk1pF1TAa+MgrSYmZxhNky4LpHG3t2cQ9pBPT4CaDrmou73hOaS3db93bLwp+IyCi/N0jNeTEnY59z1ltpCr2Te9kqtb5qiKCGwndA5sSJRc1f8BpHTzHrzsvOlsuhtoe0UIaUQTb6akig5RzLxGjsFq/J4rQOZXn9LRy2mJlHU8JcXwDtQCAAtIXfhWAAejroOw97PFZWRrnT0yNAkvwxpjFIMhphxxoLAcunjSki+3deg87uXaPC6lTaupaSn0gUBQFAUBQFAUGN/wBw59U+ig+uP+Rv90/6toM/On/CDXn9AZP+SOUHxja90j6o9FA6g2sd+uN+X8U0E9QFqBLUG5i2e0lpUR6rY4z4+itPeX8OOY9PB6fy1tPn72szyx/mn7vrS0kJlR5DSdqkG33yQFVycUzjvW09r6L1Gtd9tc+KvvUnT9VYi38kJB/XGPriu1uP6dvY+WdE/wCuw/34TcqYzGUhLySrjvYgA7vHXFw4LZImazyfVOqdXwbK1a5azbxx2RE8va1pUOPLY+IigBdrgp2BVugjrrYw574r+C/JxOpdI2u/237jaxEW014cItpziY7LNPFsNSHnA6kKSE3APXetzeZLUrHhnTi8z5Z2OHdZ7xlr4qxX69Rk4qIziC0nhbWN3hFNpmnJWdecHmTpmPZ5azijw0vH1xz+5sMYtpyOhxwqDik8Rsdm3dWvk3lq3mI00drY+V8Oba1yZJtF7V14cvVw09DRhxhKeLRVwbCb2vurez5fl18WmryXSOnRvs/ypt4fyzOumvIrsQtyxECrkkALIt7VRTP4sfj0W3PS5xb6NrFtZmYjxaen1FlQXYgSpZCkqNrpvsPlqMG5rl4QydV6Jm2EVteYtW06axrz9epjcOQ6yX0JBbF7m4v6u/ZVrZ6Vt4Z5sGDo+5z4Jz0rE0jXtjs58DGmHnwSygrA328NZL5a096dGrtthuNzEzipN4jnoZY34betut03q+rS8M66dpVIWj20lI8IIqItE8pZL4r096s19sTBtWYdYFDUUSzRJkzHyUzMdKehTEezIjOrYdHiW2Umg3cpqPUmcbSzm81PybCfZamy3pDY+9cWR8lBFkAix2ig7Nie9Xz3w7DUVjUyH4zCEtNtSocZ0BCQABfgB2AUEurvc8x5bTjGbwmm8uhxCkKMnGgK9YWuClY3X2UHA6AoCgKAoCgxv+4c+qfRQfXH/I3+6f8AVtBn50/4Qa8/oDJ/yRyg+Mbfu0fVHooHUG1jv1xv778U0E9QFAUE1iGuBhTx3uHZ9VNcTfX1vFfQ+reUNp8vb2zTzyT9Vf56tiNGVHW6sucYdVxEWtY1rZs0XiI000dzpvTLbTJlvN/HGWfFy00n6UUlnscqlvo7QFPiO0V1pv49vM+p86xbX9t1muPsjJrHsnjDNmvbZ8SvSKw9P5WdPzl/Uxf3bfbDNhgoRlk+yV+r5ttYN/MeOPY63k+LRtbTPKb8Po4seIA7aSobr2HnNZN9P5atHylSJ3GeY5axH/ylsSWhOYSE70O2PiBsr5KwYr/Jvx7Y/wBDr9R28dU21fDzpl0n2Rbw2+ri20qSVqaHzAL+Xd6K1JidIt6XpMeWs5LYq/BFfr10+qELjE2nLT1BY+WuzvJ/4Udz5j5Yr4eo2j0Vv9sHSP8ArCPrI9FVxf8ATT7JZN//AO9r/fp9kJOQ2iQ2uOo7VC48B6D565eK045i8Pf9R21N5jvt55zGserjwn6WrDSpGNdQoWUntAR4RW1uJic8THqee6Pjtj6VkraNJr82J9sMeE9h3xp9FZOo8472l5K9zL7a/ZJuKbQX33CLrSbJv0XJuatvbTFKx2SweVcGO25zZJ42rPD1azOss7mSaC3GJLSk2vYK2hVv36w12lpiLUn+TrZ/MmGt8mHc4prprp4uMW9H+LslrRJ0VDKGXWrqudvCCPWNbOfbZLWm1ZcLpPW9niwVw5cettZ+GJjjPDnx4NyQnHscJfbSOLYCE33eKtLFOa/uzPD1vU9Rx9L2vhnPjrHi5fl/BqxY8OS/I4U3ZHD2dri1xtrazZcuOldZ48dXn+mdO2G+3Ofw11xx4fBprGmscfrZDjYTyVCOuyxsuFcQB8IrHG7y0mPFHBt28u9P3NbRt76Wj0W8URPrjmh1pUhSkKHrJJBHhFdmsxMaw+Z5cdsd5pbnWdJ7m+7i1NRy92l1JSFKRbz7a59N5Fr+HTtew3fli2HaTn8esxWLTXT6ePqYIsJyWFltSU8Fr8V+mtjNuK4tNY5uP0vo+XqEW+XaI8GnP16/gynEyxu4D4lVhjfY/W6V/Ke+jl4Z/U1Xo7sdYQ6LKIuADfZW1jy1yRrV5/e7HNtMny8saWmNfSf8HK4eLsV8Piqvz8eunihm/wC07zw+L5V9PZ/EsG7YdhG8VncyY04SN2+iJ4cxQFBjf9w59VXooPrj/kb/AHT/AKtoM/On/CDXn9AZP+SOUHxja92j6o9FA6g2sd+uN+X8U0E9QFAUEgrIp+E+FbbKTw8AVe/jrnxtJ+Z45nXjq9nk8xU/YftaY5rPh8Ouv0/S1okj4d9DhJ4BsUB1GtnPi8dJjtcPpW/nabmmSZnwxPGPVLaflxnZjElBICDZy46BurUx4clcVqT28not71XaZuoYdzSZiK+/rHo5T6225Ixki3aqSojdxBQrUpiz4/dj7Ho9x1Ho+70nLaLeHlrFoY5GRjtMlqJtVbhSQLJSKyYtpe1vFdo9R8x7bDg+VtOM6aRpGlax98m4UoQh0qUASoWubbhVuoRMzGjF5NvSlMk2tETNq859TDFyCIzj6XAVJW4VJ4ejbY1mzbWckVmOyHN6Z1+myyZq5Kzat7zaNNOHGdfp4NnGPGRIlOfSKVAdQ3Ctbd4/BSkeh3PLW8ndbncZJ+Kaz3cYj6mCCOHKPJ6uP01m3M64K9zl9Dp4er5Y9HzP9o2R/wBYR9ZHoq2L/pp9ksO//wDe1/vU+yGzPfMaXHc+bZQWPuSRetfbY/mY7Q7fXd/Oy3+DL2aWi392ZjX8W28lIjulO5SVKuOm431p0mfHGvZL0u6rSNtltXletrfTXn3tDCey740+it/qHOO95DyV7mX21+yWlHVJRJcXGSVKTxFSegpvW7lrSaRF3k+n5d1i3V77aPFavimY9NdeOv8AGvoSjTsfJtqbcbKVp3g70k9INcu9L7a0TE8H0Ha7na9cxWx5KTW1ef8Aq69tbfchCgtv9mdpQvhv4jXb8Xirr6YfKrYpxZ/lzzrfT6LJTNewz41eiuV0/nZ9B85+5i9tvsNwu977392rdQ+HvYvJnPN+n723HiNw1uyC4SFXKriwAvc1qZc9ssRXR39h0nF06+TcTk1i0Trw4RGus+1FNAS8gCB6q1lZH3I211rz8rD7IfO9rWOodTidPy3vNv0xxS4eS7Kdin2Q2D5Tv9NcfwTXHW/rfTI3dc+9y7WeXy4+vXxfVMIILejLWhtZQQeFVja9q73hrkiJmNXyGubPs8lqUvakxOk6TpySz0h5vGNvpX9qQm6jt3765FMVZzzWY4cX0ndb/Pi6RTNW0/MmKfm58+bFjiuY+qRIIUpoBKNltp6azbrTFSKV4eJzPL3j6jubbjcTFpxREV4ds9vcRzMKS8QhsFlJsST6xt00rsImvGeJuPOF6Z5ilInHE6f60+v8BlGW3GUTWvnW4j1g7jU7PJatpx2U8z7TFlwU3uL4tNfXE8p9vZLaektRY7K3UcaVBI2W2er4a08eK2S9oidP9L0m76jh2O1xXyU8cWisdn9n1tPKMNJS3JaATx7FAbAbi4Nq3tlltMzS3Y8r5o2GGlMe4xRFYvz04ROsaxOnp9KMrpvBsb/uHPqn0UH1x/yN/un/AFbQZ+dP+EGvP6Ayf8kcoPjG17pH1R6KB1BtY79cb8v4poJ6gKAoCgKAoCgKA2URpAokqVLQbtqKSeokVWaxPONWXHmyY51paa+ydCpdebWXELIcO9V9pvUWx1mNJjgzYt5mxZJyUvMXn4u0F94uh9SiXgQQo9Y3VEY6xXw6cFrb3NbNGeba5ImJ8U+rkc/JeklJeIUU3AsLb6rjw1x+6y77qWfezWc06zWNI4aMzeSfQx8PZKkcJSCb3saw22lLX8Xa6eDzFucW2/b6VtXSa6zrrpPf2dhIU4wwoBsLCiCbm26p3G3+bpx00V6N1uenRaIpF/Fp26chEnKjOLVwBSHDdQ3EeI0z7eMkRx4wdJ63bY5L28MWreeMdvdLeVmGQklttRcPQbAX8JFaUbG0zxng9Zl834K0mceOfHPp0iNfXMc0RxEucajclXEo+W5rraaRpD5t8ybZPHbn4tZ+nWW/k5TElLQZVxFJJIsRa/jrQ2eG+OZ8UPY+ZeqbbeUxxht4vDM68Jjs9ZcQ600Xe1WEcXDbiNr2qu+pa2mkasvlLd4cE5Pm3imvh01nTXmyY2QntXo7ihwKUpSLnZv2jzVTd4p8NbRzhseXOoUjNl2+SY8N5taNZ4c+Md8H4+KGJL6rgpTZLZuNytvorHus3jx1j08250DpcbbeZrTMeGnCs69luOv0Fayjbj6Wi1biVwhdx5OiovsprTXXkybTzRizbiuP5enit4YtrHd2fe0sq12csqtYOAK8u41u7K/ix6eh5XzRtfk76bacMkRbv5T9cNqT/wBHb8SK1cX/AFM970G//wDQ4/ZRjw7oS64yd6wCnwlPRWXf0maxb0NDyhuq0zXw2+OImPbHZ9DC/jpKXiltBWhRuhQ3WPX1Vmx7qk01mdJcvfeXt3j3E1x0m9bT+W0ctJ9Po07W3PAj45Ecm6vVSPvdprT20/MzzZ6fr1Y2fSqbeZ1t+WPo4y2VmMGY6ZKQpKuEIuLgKtWtWL+K007NXdz32kbfBXc1i0W8EV1jWPF4Y+hpZla+Jtq1mwOIHrO75K3thWNJt2vKecM2SL48WmlIjWPXPL/4/ei66j5+xv8AuHPqn0UH1x/yN/un/VtBn50/4Qa8/oDJ/wAkcoPjG17tH1R6KB1BtY79cb8v4poJ6gKAoCgKAoCgKAoCgKAoC1AlqBKAoCgKAoCgKAoDxUI4AEg3GwjcaJiZidYOW445btFlVt3Eb2qtaRXlGjNl3GXLp8y0205azqeqS+poMKWS0LWR0bN1UjFSLeKI4ti/UNxfDGC15nHGn5fZyYwSkhSTZQ2gjfeskxrGktKl7UtFqzpMcpb6MvJSmykpWfpG4PltWhbY45nhrD2GLzbvKV0tFbz6Z1ie/RqSJDslfG6q53ADYAPBW3ixVxxpV5zfb/NvMnjyzrPZ6I9kM0mb8Qw2zwcBbt6177hasGHb/LvNtddXW6n1r95t8eHweH5enHXXXSND5M5uVHQ2tBD6LHj2WJ3Hz1TDt7Y7zMT+WWx1LrWLfbSmO9ZjLTT83DSeyfXx+1o1vvJMb/uHPqq9FB9cf8jf7p/1bQZ+dP8AhBrz+gMn/JHKD4xte7R9UeigdQbOPUEzGuIgb9+z5poJ4EHcQaBaAoCgKAoCgKAoCgKAoCgKAoEtQFqBKAoCgKAoCgKAoCgKAoCgKAoCgxv+4c+qfRQfXH/I3+6f9W0G5zgiyZvKnW0OEyuTMkYPItMR2Ulbjji4zgSlKRtJJNgBQfMzSHdJ55aoaYddwCNPwlpSfiM2+mKbW39injdP4FB3PSncJxDXA9rnVz8tWwrh4ZgRm/F2z/Gs+RCaDt+me7TyO0o1wQdHxZr5HCuXlVLnvqB37XVWH3oFBJSeQnJWWT22hsUCelttbX4ixQQ8nuv8iZP/APkkMn/YSpLfocoIiT3Q+SD/ALvHZGN/uci9+VxUERJ7lvKd2/w2QzcY+CU04B+G0aCIk9yDRS7/AAmq8ux1do1FdA/gJoIiT3G4e34PXDw+iH8ehXnKHk0ERI7jufTf4PWkFfUHoL7f4ri6CIkdyfmI3f4bUGFfH3RlNellVBEye5xziZ9wrDyfqTij/tGk0ETJ7qHPGP7OCjSP9xkIqvStNBESe7dzyi3KtFzHAOlhbDvm4HDQQ0rkrzfhX+I0PmUhO8piqWP4N6CGlaB17CJ+L0rl2bb+ODI2eZFBFP4jMRjaTjJrJG/tIr6PSig0lns9jgUg/dpUn0gUDO3Y/wBaj8IUDwpKvZUD4jegW1AlqBLUBQFAUBQFAUBQFAUBQFAUGN/3Dn1T6KD64/5G/wB0/wCraC+SSRGdINiEKsR4qCqbTtO87zQFAtAWoDdQFAUBwqJIsbjotQBSRvBHjoEtQJY0BQJQFqBwUoblEeI0Dg+9u7Rf4R/foGrUV7F2Xf6QCvTQaj2NxsgfbwYrw/2jDSvSmgipOidFzP1vTWKf/wB5Bjq/IoIaVyd5TzL/ABOicKu+02hNJP8ABAoIeT3duSMq/aaJgIJ3lntmT/AcFBEye6vyOkXtp1yOT/qJ0tFvEC4RQREjuf8AJp6/YtZaNfd2c8qt/wARtVBEyO5Xy0d/Vs1m4/VdyM76WU0EPI7j2mFfqmsci3/vYcdz8VaaCIk9xtz+J65T+nxyh+I8aCIk9yDVyb/B6vxbvUHY8lv0BVBESe5ZzTav8LlsHJtuHbvNE/hN0ETJ7oHOti/ZRcXKA3dlkEC/iC0igiJPdb56xr//AIul8DbdibGX6VigiJPd952Rfe6HyKun7LsXfxXDQQ0nlLzTifrOis0jxQnV/iBVBESNIavh/rencqxbZ9pAkp2/8OgjHYc2OSJEV9kjeHWXG7ePiSKDXLjYNioA9RIBoMby0FhyygfVO4jqoPrl/kb/AHT/AKtoL5K/VnvqK9FBVRQLQA30DqBKBUo41BI2Em16DhOAzsyTzGf1h8LNRhNZvZLTcGc52YgOMwmuHF9iQ4V8a3GJA9ZtNy5v3UG5gXEZfTPJbFOynHmsiw+1kmmpDjbrrTOLWl3jU0tK/UcsCb3Srw0Gni4juKwcg47K5KI9mNaO6UfyLuQkyjDxZlkAMiS44htwhAYQ7biBX10GbXUvVekpGY0bo7MTVSp0XEzsKua8ZsuDLkZExXGO2fClqakJRdKXLketY23BL4fmPM1Br7DyY0oMaFdwz6pscpTZWTTEbyDqisjiHw7SkoKQbXUb7qDW0NrXUettPajSM/Hi5yJ2edx0qIxHlBnFT2nHo8VxsnhK2+Ds3FH1r0Gk1rnWMOJopWZ1VCinVGJfzD01zCrfS24gROCOluO4Tw3eWS4fAKCwytbatgM6p1GprHy9L6WybkGbAS261PVCYajuOyW3eIoK09sV9mpFilNr3oJzN6qyUPWeJ0njk49lufG+N+LyjjrXxQS92a48MNiynkI+0UFHcRs3mgi3uaHwhnRJOIWvL4QZSRqGFHc4jFhYtHG0+gket8VxtdiDb2lHcg0D52vtS4zT+P1DI0qxMi5B6My3+zsuy62BPcbbjFK1spCuJTllW2JtfbQb8LXMuVksnj3tNTI7WDSn9szfiYjjMd1UX4rs+ELC12TZPEhNrmgTH8y9L5LHaOyTCn0t64WGcKytsdolzsy4oPgKsjgtwqO31iB00ExK1PhoSM85JdW23pplqRl19mpQbafbU8gptfi9VJJAoMitQYZOdRplUtIzrkJWURDIVxGGhYbLl7cOxR3Xv02tQRMbmPoSXBfybGei/Axuy7d5ztGeESFltohLiEqUlxQKUKSCFHcaDec1jpJrFs5p7OwGsRIcLDE5yS0hhbyd7YWpQHGLbU7xQSTGRx8ltTsaYw802Gy4tt1CkpDyQpsqIOzjSQU33g7KDMlxpfsOJVa/sqB3Gx3HoItQP6toHF7O0bfF10CWoEtQFAUACeg0C8ax84+c0C9o59I+egxrQh3Y4hKwehaQofLQaEjA4KWD8XioT4V7XaxWV38fEg0EPM5bcvJwWJmksM/xiyuPHxrkeMIFB074CF+wv2Z8O3+zfhPhvhOEdl2HZ8HZ8O7h4fVt1UG1K/VnvqK9FBVaBaAG+gdQFAnXQaZiYhaWsd2EUogKaksQwlsCOpCipp1LY9ixBKFWG3dQaeN0vpXGZORncRioUXLTwrt58dCQ46HFca+Eg29c+srgtxHab0GSRpXT8rEzsJIxjLmHybzr86LYlt2Q+sOOOEg3CysBfEkggi4tQaUDl1pvGoBjY55bvxkbJrmyHn5MlyVAN46nHnVKWpLXzUE8I6qDQkcsNHSMacW1CciQePJOqTEeW0ePOAiYSoX94CQPojYKCUc0rh1ZU5hlsxZasa7hnERuFtpcR1QWOJIG1TZvwK6Lmgh3NArjI06dO5+bhZWmsa5hocltqPJLsR7seIOpfbUkquwg3Tag1n+Wzkx3LRZmoZTmmc7PGUy+Fbjx2jIdKWUraVICe0DKyykrQm19ovag39b6UyusGW8UnIRImAWpl2S25D7ec29HdDodiSO1SGnLJ4QooVw7xQbn7AlxdRal1Pj3I37QzcSDHjNPtqLaHMeh5I7ZSCFKQou7k7RQVaHy8yzWCyMFSsfAdyOdx2bRi8cHhjIbcF5lx5DAcTxcTxaU4qyEp4zu3khrZbQuZc1Tq3NxMNj5bufbKcbmXZ7seVEvA+FKFRw0pCxxbb8e4+Cg0oPK7N4zKxZTKmHcficjipGEjJcsY8YrRIypN7C5dSOzA3pT4aDY1py5yGoHuYGQZXORJykCIxg48OcqMxKcYjOIUl9pKglQ4yE/abx4KBJOmNYnVi9ddihRRlkQ28QGQqWrCmJ8ApxL4dsEErMns+C/q770FXh6W1Xp+Dp+VmYuQyjkGJgVpW1GC3sczByfaS4YbjJu5YFt4KIK7JI6KDc1Oxklaga1kyzL09hchnWnWn38YZjyewxT8d2Y9B4VFIfUpDYK0hR4Ao22UGrncfk2MjqjU+LYelY/NZDC4vJoQwprtmS3DXFmoa4RYNOcbbgA9VC/uKDUejZSAiXqjHMvLewuGzXxsNCVgyMdLzGQRIQlPStA4H2+n1PDQbWOyeCxsJ7L6miR8tqXGHCDDwsjLXEdbwz0WIlh6Akghay+t1TgSLqUClShYCg7wzIjS2+3iPokRypaA80oKQVNqKFgEbNiklJ8IoMlAlAWoEtQFAlAtAUCHdQW7+IfofyaB0r9We+or0UFVFAtADeKB9AWoBKeJQTewO8ncB10HBMBPyzuvE8wnccpnBa6lZHTkbJqfbUl2L2YaxCSyDxo+1jOcKlbD23hoG4vJQpekuVGNgy0O5PG47JqyERpwF+MIeGejvdsgHiRwOkIPGB61AY9jCYPAaBd0g63H1BmMI4dQRIT5WJGOThXHXZUltKlALbkBrgdICuJXDfbQb+nNKYWfneXj8kSi5ktLOZSfwTZbaXpsVOPDTq0odAJHGrZaxub3oNnX+p5ULX8aWZsmDpTACKjN5ZLjjcSFLc4pnYrYbNnjMY4WQtwcDaiBfiUKCw67lZpyNgtQsjMRNGtsPS9RR8M4I2Vjdq224w84kestpgdp2zSDe+2ygLUGuvL6qf1k1pTFzy9issGdT4/Nq4FBvCIbSl6IDw/nJBaSlXDcNOk700EK1m9WjROpJUrUuSxvMLT8B3K5XFTYUFTTTjLLqkiMCzwrhOrTZDiVqV6u8KvQbI1FqmBq3C6YyOqXlMzMVEyipSME3LW89LklotOfDAJZQlIADhtvud1Bozeb+fh6Y1fLREivalxmVXG09GKVhh7HLW5wOuAKurs0R5HaKSRtR0UFywuq8nltaZDCPyIMGJDQ25FxDzTwyUyI7GadE5h0rDSmu0WptSEoUU8PrEE0EXN5qqgSeYEV7GpW/pEMnDNIcIVklPoQgI2j1VfELS16t9hBoJD/wCRW05LRmPVAKkapiMy5ktDl24BlpCYyVer64ee4mknZ7N6Ag8y4MyVkoCoDrU7G55vT62FLT9o1IdcZamJNvdlbTiSneFJIoM6OZOnhL1ZHlpeixtIcCpctSQtElChZRjpRdSil37EjeV7BQPk64nYzHJyWY0plYC5EqJCx0LiivSZL05RQ2kJbdshST7YWoWoN2DrjGPZw6ckIlYrUCMWM5IhzEhtTUMuqaUFrQpSeNJQVKSDsTtoNLHczdNZhWIGM/aE05uKmfCUxCecCIrj6o4W+R7oFxCh63joNtjXuk5eKj5uLkPiMdLclMxlMsOvOrdgcYkIDTaFL4kcCrp4eigdhc5pDW7KMlh1MZVqCsdjJeiLSWVqv7syGkkbUn2NxHXQS2Ox0PEwGMZjmQxBip4GGU3ISkkqO03JJJJJO80GxQLQFAUCUARQJY0BQIdxoLd/EP0P5NA6V+rPfUV6KCq0C0AneKB9AUBQNU00pKUKbSpCSFJSUggFO0EDoI6KDVaxOKjypU2PAjMzZwtNktsNodfHU6sJCl/fE0Gvj9N6exLchrFYiFAalpKJSIkZlgOoIsUr7NKeIbdxoM7OJxkd2I9HhstO4+OqFBWhASWIq+Diabt7KD2aPVH0RQRGb0Fo7Ukp2bncQ1NkSGksSuNbqG32m7lsPNoWlDvASSguJJQfZtQZc5o7B6ijRoeUEtUWM0qOlqPOlRg6wsAKaf7JxPaoUAL9pcnr2mg3RgsUMizlm2OzmxoC8THU0ooQ3CcWhZbSlNgLFtPCd4tQQjPL3CNxczGlS8jkns7BViJs7IyviJSYCgsBhpfAkISC4pV+Ekq2kmgyy9GJczkTUOMzeQw8+LBZxS0w/h1tPxIzhdQl0PtObbk3KSKCJVym00eBYdkiQ3jcpiUOlST9nmXHHHHSm1i40XnQ0egLV10G+NGzHc5hslkc2uZi9PKL2HxvwrTS23lRvhSXJCSVLRwlSuDhG07SbCg0JHLCBLzkfOyJ7inmMjPya2Q2kIdE5ptDbK9u1LDjSHkHpUKCIPJmM5i3WpGTU9n40bFxMDlB2zSIacKlKmSplDgQ5xO8biuIH2tlBvTuWsiRkcTmo09pnKY/PSsxLPArspUCXJcl/CqAN+JtxSVIV0G/XQQrvJib8BGRHzTgy0uFMYz0l9x1+MqZIkoyLT8dlWxKUTEXUi4uhR6aBmo9Fa71RMk5PKYqEgOu4h6VhmczKMaY/j5a3n3mllCfhuNspQkIHFs2npoFyvLrUWWmJyEKMzhVqbx2KVHMxcxbeHWmS1kmu2UOJaih1BbKt58VAYjSGocFqTFTXsXkH8fFjyIiFYfItRUNheYky2hIbU432rXYuoPDY22i16DLofRGo9M6k0hMUwG8TadLz7QWk/C5PsXo6HUgHamS0tHHw7loufaNBdOX+On4nR2Lx2TZVHmsB/tWFkFSeOS6seySNqVA0FkoC1AlqAoCgKAoEoCgQjZQW3+I/ovyaB8oXjPAbTwK9FBWkxpCrWbI8J2emgyJgPHeUp8t/RQZUY/6TnmFA/8AZ4/1h81A0wD0L+T/AE0CfAq+mPNQJ8C59NPy0CfBO/ST8v71AnwT3Wnz0CGG/wBQ89Ahhv8A0R5xQIYj4+Z8ooE+Gf8AoGgT4d4fmzQJ2L30FeagTs3PoK8xoG9mr6J8xoEKVDoPmoE29RoEoC9AXoCgLUCWNAUBQFAUCUBagS1AUBQFAh3Ggtn8R/Rfk0GZz3a/EaCNoCgUb6BaAoCgS1AlqAoCgKAoC1AlqBNooCgKAoCgThT1DzUDezT9EeagTs2/oDzCgQtNH5ifNQJ2DP0B5qBDGYPzBQJ8Kx9D5TQIYbH0flNA0w2eo+egT4Nnw+egQwmutXyfvUB8C39NXyUCGCnoWfNQNMEdC/k/00CfAf7T5KBDAV9MeY0DTBXbYsfLQWThPwnB09na/wB7QZHfdr8RoI2gKBRvoHWNAlAUBQFAUCWoEoCgKAoCgS1AWoEoCgKAoCgS1AljQFAUBQFAUCWoEoCgKAoCgQigl/zH3n7lA533a/EaCNoCgVO+gfQFAlqBLGgKAoCgKAsKBLUCUBQFAUBQJagS1AUBQFAUBagS1BiZfZkth5hYcaJICk7RcbDUzExwlGrJUJFAUBQFhQJagSgKAoJb8x95+5QOd92vxGgjaDTn5fEYpcNvK5CNBcyD6YmPRKeQyZElYJS00FkcayBsSNtAzBZzE6kxzWZwcpE3FvLeaZltbW3FR3VMuFJ6QFoUAem1BJ0BQFAUBQJagSgKAoCgKBLUBagSgKAoCgKBLUCWoCgKCC1bnI2Bw0iXIXwJDalLI3htI9a3hOxKfCai+SuKlsluVY1/CGfBgtnyVxU52nT+biOkOcs7Hy3G88gu459xS23GRdcdKjsRw7ONCRsHzh4a8fteu3raYzfmrM6+uv8AJ7/f+Wcd6ROCfDasaaTyt6/VLteH1fhc2yl7HympSVD8wsFY8barLHmr1eHcYc0a47xP2vCbjZZ9vOmSk1+z6Ut8Y10Jc/4aq2fBLS1hhTl4S5jcEOoEp25SyVp7QhIuSEAk7KxTekT4fFGvo14s3yr+HxeGfD6dODeqzGKAoCgS1AhBoJb8x95+5QOd92vxGgjaDyP33WNOS06Wb1LmXcOYmOzE3T62eP7TNNuREMpPAlR2IU4r5vjoO/8AJSNo2Fys0rD5ezF5DR0eH2WMnupW25ICHFh11SXAlQK3eM2t4tlBf6BLUCWoCgKAoCgLCgS1AlAUBQNccbZbLry0ttDe4shKR4ybCg1o2VxU1zsYc+NIeH5tl5txfmSomp0lDaKfIahJLUBQFAUBQFhQMcWhltTriuFtAKlqPQBUxGvBDztzQ1S5qXPp03FUfgoqg/k7bhw7W2fJfiV90fBXmurbj5uSNvX3acbeufR3PfdA2XyMM7m8fmvwp6o9Pf8AY5QVjtXLbuNWzymvHXjjL3teUNhpZSoLSeFQ3KGw+esJPoSSclkFJ4DLfKPol1dvNerfMty1n6WL5NOfhj6IXnk8C5rqMreUx5KlE7T7Fv3a7HQ4/wCaj+7Z53zJOmyn+9V6NtX0F8sFqBKAoCgKCU/MfefuUDnfdr8RoI2g4B3q5/JXT+msJqfnBpxzVDkeUuFgMYw6tlwrfAW+q4WhPClCASVeAdNB1nls1o5rQunv/j6OiJop6GiVhYzfFwojybvW9cqUDxKPECdhvQWygKAoC1AlqBKAoCgKAoC191BzjX3NWDpYu4zDpRkM6n1XL7Y8c/dke0r7keWs9MU24zyY7X0ecNUamz+pH1yc7kHpZJuGlKKWUeBLYskDyVt1rEcmKZ1R0DRepMiUS4EYxEA8TUtxXw5FtxSR6/mFJtCuju+gNba1wLbeK1s6zmsYkBLWSaUr45lPU4FJAeSOu4V461r0ieTLW09rtESZFnx0S4TyX4zguhxBuD4PAfBWvMaMzNUBLUCUBQFByrm7zFZ0zjPg4Cw5lZJLcJoesVOg2LhHShs+dVhWlv8AeftcXD+pb3fV6/wd3ovS53ub839OnG0/7v8AHY43i8a5jIN5aivJSldtMcUbqK1bbE+C+3w15nDh+XXj7083vM2eMt/y+7HCFNLn2zn11ek15+8cZeiryhNYHB5nUUlyHhIi5splpUhxpu3EG0WudpG25sB01bFt75p0pGs6atXc7rFt6xbJbwxM6MVnGnFNOpLbraihaFCykqSbEEHcQa1bRMTpLYiYmNY5OmclC0jVMmW8bIYhLFwL+s6tIG7xGvQdBj/jzPor9svKeZ5n9tWsdtvsiXeTmIQ6Vn72vb/Mh83+TYn7ag9ax97T5kHybHpy2PVvd4frAj9yp8dUTit6GdEmK77t5CvvhVomJUmsx2Mtjv6OupVJQSn5j7z9ygc77tfiNBG0HINeQ8Lkee/LSJqZmO/ik4fUj0JmYELZVNCYyV3S56twwXDu3XoN3u1Bgck9KJiG8BInpgG5I+DTkJIYtfbbs+G3goOs2oEoCgKAoCgS1AWoEoCg55zL10rAx1YXELtmX0XefT/F2ldX3ahu6htrPjprxljtbR54kocecCG0qcecVZKRdSlKUflJNbrCuentEMQSiZlG0yckSC0xbjQ0Tu2fOXWG1/QtEOhxtFZqcgOOdnFSraA8o8dvqpBtWObQnwyitR6Yn6eZaky3G3Izy+yS62TYLIuAoEC1+ikWiSayzaEzrmKzLcF1Z+AyCg04g7kunYhY6tuw1F66wms6S7CdhtWszCgKAtQUfmJr/E6Lw78qW8QR9mENkdo46RcNN/dH5x3JG01TNnpt6fMv3R6Zb+w2GXe5Yx4++eysel54wMXK6oybmvdSp4VPf9JibeBtpNwkpB3JSPZ+kfWry+Ol895z5ec8v4+x9Dz3xbXFG1wco96f47Z7foSmQX6xrJdhwuZKcAedJOzjV6TXlb85exrHCHoDR6Byy5VztXzEhGfzqUpx6Fe2EuAiOn5VOmvTbaP2e0tln3r8vu/F4Dfz/wBy6jXBX+nj97/e/wDq4wh1SyVuKK3FEqWs7SpR2knxmvIy95pEcnXeTcM/D5bIkbFLajoP1AVn0ivT9Dpwvb2Q8R5lyfmx09Uz9zpxFeleONqViGoDSKDKzKksG7Lqk+C+zzGpi0wrNInnCQZzzqNklsOJ6Vo9VXm3VkjLPaw2wR2Lf2ifhO228HZ8fhtw3rPrwamnHRld92vxGpQjaDh3eI5Y4TnSrTfLuRk5GD1On4vN4jMMNB5pEaMG48tpwcaD9ol5PDbqoOuaQ01jNG6bw+k8MkpxeFhswYvFbjKGEBPEq3zlG6leE0E7QFAlhQFqBKAoCgKAoInUebY09iJGTdAWtA4Y7R+e8rYkeLpPgq1a+KdETOjzXlpUibIfmS1lyS+suPOHeVKO2t+I0a6w6R04WgjJyGyudI2RGrbUJV0/WV8gql7di0Q65hMGzjgH3gHJyt694RfoT+/WGZWWBsE2A3mqStDl2U5j6M5gY/WukMJIddzOmm1uSQppQaUYzg+1adF0lIWCjaQd+y1amPcUyWmsc4dfddLz7bFTLkiPDk5en2THsUPGzluxo8y/2zagSfum1Db8ldGvGHDtGkvSqFdo2hz6aUq/CANajYLQFBz/AJkc0cLoLHy3JrixIYS39m2m7ri5AJbbavsurhN1K2JFUzZqYKfMvx9EemXQ6f0/Lvc3ysftmfRHpef8Lg9Q81cqjXGtEGLpton9kYn1glxu97Jvt4Cdq3DtcPgrg1w5N5f5uX3eyP47Pte7zbjB0vF+223HJ8VvX6/X6I7F8yRSlPAkBKEgJSlIsAALAADcBW7kcXDxVDIL2mubd3MKucutKOa21nGwxB+BS4qTkVj5sVlV1DxqNkDx1xNrtvn54r2a6z7Hc6nvo2m1nJ8WmlfbP4c14566tbympWdMQCE4zT6ezWhHsGUtICgAP9WmyB5a2+s7jx5Ixxyp9v8AJxvLWynHgnNb3sv+z/OeLmjTleemHrHo3ltjTjdHQeMWdmcctzr+1Pq/wQK9x0zF8vb19fH6Xy/rWb5u7tpyr+X6P5rUa6TimkUDSKJNIok2gRW41CXQf5r/APL/AJFbnY5vxd7ad92vxGrKI2g85947F83MvrnQkXktkm8XqxOOzC5Ml5xppJhByLxpu6hwX4uE7qDsPKuHrjH6CwULmVLRP10yy4M1LbWhxDjpdWUEKbSlJsgpGxNBc6AoCgKAoEtQFjQJQFByHmhmFTMmnFtKvGx49cDcX1j1j5Bs89beKukasV5UbD4oZXJJQ6LxWPtX/CAdifKay2nRSIdf09j0pHx7qfWN0sDqTuJ/crCusaRVJFB52a//APjvQE3IxXAjOZC8DEDpDzqTxO/okXV47Vzt9uPk49Y5zwh6HoXT/wB5uorPuV/Nb2ejvlR+UmhBoHkhmM3kWynUGqIpmy1Oe2hh0cEZo32+yvjPhVWHYYPBj1nnZu+ZOofudz4K+5j/ACx7e2fu7kHgUlcEoG9Tykp8thXax8nkL83qJpPZstoO9KEp8yQK1WYKWANp2UEVLywTdEfaelZ3eSsc39DLXH6Xm7n0fiJsEv8A2rbmWwwdC/WCkqUtJBB6DurR3/HFTX+29X5bnw7jNp/+KzqeX4UFSEJCUJ9VKUiyQkbAABuAFdTLDg7edVYYxMvP5RrFQuEPvcR4134EJSLlSrXNhXMtSbTpDsxlrip4pVLVmBzOnJHY5eKpgKJ7J72mXPqrGw+mufmx2pPF29luMeaNaTr9q28uYrPKzlbl+YWSbAzWXBchtr2K7MqKIjY+uo9ofBVdrWNrt7Zp963L7mp1O89R31NrWfyU5/7093J5+VLflPuypThdkyFqdfdO9TjhKlHyk15G0zM6zzl9CikViIrwiOCa07jXc5mYOHZvxzHktEj5qN61eRIJq+HFOXJWkdstbdZ4wYrZJ+GNfw+t6waabjtNsMp4WWkpbbSOhKBwgeYV9BiIiNI5Pj02m0zM85KaINNAlEmmiTSKBqhsNQl0D+a//L/kVudjm/F3tp33a/EasojaDkHPbmnoTkvFx+vNQx15DWQjy8bpbFsLWlySJBbW+FWulLYKEFbigSNydpoLfyhzWrdR8u9O6g11FRB1VlI65k6G0kIQ0l51a2UpSCqwDRRvN+vbQXqgS1AlqAoCgKAoCgwyX0RI70pexDCFOK8SBepiNR54yb7sl96U8buvLU4snrUb1vw11l0ri+CIyi1npqg4s9IR0eYbax2nWVodJZQltKUIFkJASkeAVWRsoBUQBvO6qJeYs4Dz256RMAgl7ROl+IyCPdrZjqHbK/TugNj7gV5e9v3e68Me7X+PrfTcEf8AaOlzknhly/bPL/DHH2u0c4ckiJppjFt2Que8PUTsAZjji3dV+EV6N82c+0NilTJ+IhcN+2fDzg+4SrjPyCs8cKsU8bPQb7qWwpxZ4UjaSdlazNHFXp2SU8ShKuFrqvtPjrDNtWxWuiJdkAXsRVWRxDn1xJw7mRTvhuY+bf8A8NKsT5OMVg3sf8vr/ZtEvQeXJ/57w/26Wq6hlHkvI7ZJuhwBaT1hYuPTXRyzq4uCNJ0R+nNVQtL5F6TNiqfbkJDanmz9q0kG54UnYQdl+mtGLxSdZdDLtrZqxETpo6nFnad1hjHER1sZXGuiz8dYC7X6Ftq2pPkrYia5I9MONamXb31nWtvT/N5x7yGskSs3B0NjlhMDCoS9Nbb2I+KcRZtFh/q2/NxV5frGfxWjHHKvP2vonlbZTXFbcW96/CPZ2/TP2OMsubq85MPaO48itOFa5mq5KPUbvDx5I3qNi6seIWT567/SNvxnJPsj73h/Mu70iuCs/wCtb7o+92uvSPDkIqEmEUDTRMENEmmgQ7jUJX/+a/8Ay/5FbnY5vxd7Zd92vxGrKI2g4T3mOVWtNeYjF6p5cTUNa20qzPbi419tpxudEybIakNJLoIS7wj7M+S4NjQX7knqCZqjlbpPM5DHLxE9cFMSVjXeLtGHYClRFJVxBKgSWr2IuL2oOhUBQFAUCWoEoCgKCB1m+WNNzSDYuhLX4agD8lXp7ytuTiTrRkPtsDe6tKPwjatxhdNwkdIkKKR6rKAhA6r7PQKxQuqeS5yY3C6ml4qXDU9h46gz8fHPE6HU7HCUHYpIOzYb15jJ12lNxbHNdaRw1j09vc9jh8sZM21rlrbS9uPhnlp2ceyTOZfNfCY/QEqdpjJNSsllAYUFbSvXZLiftVrSbKSUIvvG8itne9Rxxg8WO0TNuEMfSOiZb7yKZqTWtPzTr2+iI9OstbkBpY6R0f8AtN9gJzOoCmU+tz20RUizCD07iXD4VeCp6Xt/lYvFPO3Hu7E+Zeofud14Kz+XHw7/AIp+7uReuMs7qfUBCVcUZn/u0e3s8CTdSvKbmuvEavKTOiwaRihlx7IElDbCewZUNm0jbbybKvlnSNFccaylJ0p183UpXANyST5605nVuxXREvKtUJRcl9Sb2J89BUtVwzn8PPxF+Jc6K/FbufzjieJr/mJTS9PmYr09MfY3NhuP2+6xZeyto19k8JTehNQJ1Jy+wOTKryBFTElpPtJkRB2KwfD6oPlqMOT5mGs+r7HS6htv2+8yU7PFrHstxaeVX7VauRs4FTOVn4iaifjJLkSY2boeZUUKHjtvHgOytCZms6w7lcVclfDaNYcpn5GVksnNyM91T82W+49IeV7S3FqJJNq83kmbWmZ56vZ4cdaY61rGkRERCU09ip+octDwuMRxzZrgbb6kjepavAkXUapjxWyXitecsO5z02+O2S/KsfxHe9l4XDRcBiIeFg/qsJpLSFdKiPaWfCo3Ua9vjxxjrFY5Q+ObjPbPktktztOrdrIwCoWNNA2gaRRJtqJNO41CV/8A5s/QfkVudjm/F3tl33a/EasojaDz93muZXMvl67paTy4ZRIahpm6g1PGcCSJGLxpZaUyeIE8KlPj2PW6t1B1Dk+NZq5d6fkcwwUa2mNOzcy2qwLbst5x9DZA2J4G1oRw/NtagvlqBKAoCgKAoC1AlqCsa+B/s45boeaJ85rJj5q25OUYtAXmYoO0BRV+CCa2p5MUc19gSFMpeCAOJZAKj0DbWKFnNtU8pWp4clacf7CQbqMKQSW1E7fVc2lP31xXkt35frM+LDOn+rPLul7zp3mq1dK7iPFH9qvPvjt7nMtP8tM1k9cQ8Fncc9Ehtq+KyC3E+oqMyQSErF0q4zZIsemuVtOn5JzxTJWY7Z9kPU77rWGmztlxXi0zwr/en1erm9DaszCYMJWPhkIkvJ4FBOzsmrWsOokbB4K96+OufQoSyvtQm7rnqNJ6bH9+slY04sdp14LzHZEaK1FT7LY2+FZ2qPnrTvbxTq3qU8MGuouDVF0c+2dtWQhZrSrKoKzNDiDxJuCk3HjG2rVt4Z1UtGsaK1gsy1ojVcvFTFBnSmr3jNxcg7Go2WIHxEdR3JDhPGmtP+hkmvwX41/B7OP/ACO0rlrxzYI8N47Zr2WWvLqIKgdhHRUZGvt1HyTm01z7u/hcoL1nnSTsC1/jGvPXjjL2lY4Q9M8lNKjSsNWoMzHIzGSbCWEn240VW21j85ewq8GyvRbDafKr4re9P1Q+Zde6pG4yfKpP5KT9NvwjsdnaeafR2jKgpPg6PH1V03lziNtAlqJNNQk2gaahJpqUmncagX7+bP0H5FbnY53xd7Zd92vxGrKI2g88d5nlPq7mxkdL4vRGqYWn81GiZL4mFLefYdmwnFscYT2KF8TaFJRxhXTag63ymwerdNaAwGB15k/2zq+Cy43lMoHVyO3WXVqSrtHAlSrIKRtHRQXigKBLUCWNAUBQFAUFa1ZJYmYmVjWPtX1J4gR7KVIIUNvSdlXpOkomNYckxDzP7bjpC0lSVFC0gglJUk2BHRW3bkwwu0ZXC4pB+cNnjFYoWbyKSNWflhFaKGPXd6CfZT4fDVUqRKSuQ4p15RUVHiWo71GkVJlK4mCUWluixI+xT1A9NYst+yGbFTtlK1rtk0pBqBrOsXvUjQkQioH1aCCnYlSwfVN/FRCn57TEXK4+TicpGL+Ok2K0bUqStPsuNqt6q09B/cpatb18F+X2NnabvLtMsZcU6Wj6Jj0So616/wBJsCIpo6qwTQ4WHxdrINIG5Kwb8Vh07fHXOviz444f8Svpjm9ph3nT95Osz+3yTzifdn2T/oQEvW4fPAvETWXtxbWi23zVzrZp/sy7uPZViNfmUmPbC5co+WL+RkI1dqSOpnHocLmOx7ybKeWDcOOJO5CT7IPtHwVk2mzmZ8d49kfi5PXOtRWvyME6zp+a0fZH3y78bk3O8125fPz2X3Y6+0ZUUq+QjwioE7CyLcscCvUkfR6FeKoWbtQmCGoSYRQNIokw0DTuNQlfv5s/QfkVudjnfF3tl33a/EasojaDzr3jNd635da50LqHQOl1atzCsbmY8nGIbfdKIqlxVKdtHSpYAKQL2ttoOwcqtV5jXGhMFqzUGHVgM1k2nHJmGWHEqjrbdW3wkPJSsXCQr1k9NBdqAoCgKAoEtQIdm/d10FfyeXLxMaGSG9y3BvV4B4KJcd1bzf07i3ZuAwssP6kZV2BPCfh2l29Yhz2VKTu4R01krTVWbOMwcjl4mdjTcX2kjKrfSpLSbqU+tSrlJA38VZZnRjekmZSZLTcpm6CqyuE7FIWN6T4QdlNBsOZVRRZ1sFX0k7L+SpERLfLt7DhHnpEImTI0DjUHZAs2NqWzvPj8FYcmTThDNTHrxlJFwCtZtGF4XqEnpS+v2Glq8QNqgOMWYdvYK+T9+gYpiUkbWF26wL+ioGuVHo+Ws1cevNhvl05E4j84A1NsfoRXN6QS2oWKUkdRArDxhs8JhiEOFxcQjNcfX2ab+ireO3pR4K+hnqixtEkIoEuQQpJsobQR0Gqifxs/4pHZu/rCBt+6HX+/VZS36hY00DTUBpokxQ2GiV8/mz9B+RW52Od8Xe2Xfdr8Rqyjneqs3Nw+bZVFfCb41Skx3DdtTisjEaKuAkXUELUAei9BRtTa10zofPY3WWrJs5c/E43WS40ZltLqHIULIp4wpwkFCwENNMj2TfaaDqOhNX4nX+lsLrTBqWrE5yKiZGDws6kLBCkLAJHEhQKVWNrigs9qBKAoCgKAoIHN5I3VBYNrbH1D8X9+iXAOdPNhOl2HdJ6ddvqWSi0yUg/qTKxuH+1UN30Rt6qvWuqtpeZWb3uSSd5J3k773rYhiem+RODYVg/7W5FpRyTjjkaE86LAR0WBcb6yo3SVeDZWHJPHRkpDoGbzWLg8aUp7Wcrelv1dvWs//RrFGTRl+XqgmM3Inr7KND4l/OVx2Qnwk22Vf53qR8r1pVpHZ+s6Qt3wCyR4r1jtkmV644hsMpkSl8DKSo9J6B4zWNlSTOIbFlSVlaulKPVT599QN1EdlkfZNpT4bbfOaB5UrpqBieeQ0niWq3UOk+KkRqTMQipEt1+6QeBv6I3nx1sVpENa15lqFNZGJIQ8M9JAceuywd1/aUPAP3TTVOjdm4uEiE72TXC4hBUlzaVXTtqlo1hkpMxPBVEvmtVuMqX70SyBYPTRJaBDUSkrbi2XEutmy0m4NQLTHeRJZQ+jcobR1EbxVUnkVCTaBhqEmq3GiV7/AJs/QfkVudjnfF3tl33a/Easo5vrfQvLzmDlcRhNbYFvMzUMS5ONecLiDGbbUwl0hxpaFJ41Lbt4R4KDhvNXlrKzDXKyNyvxDrmjH3H9P56M+px92Hin8gxOfU4p1alC64q21KWo77dIqJlMRq67yBiZPE8r9O4/JwlYyXfIPrxziQlcdMmfJdQ0QN3ClQFV1X8PB1PtFddTqjQdoumpoTtldQpqeEnbH6NNTwkMgj5vy01PC1MhkzDirdCR2h9VsX+cf3qeI8LhPNzmyzoDHCJB4JGrMglRhsq9YMIOwyHR1A+wn5x8FXrGqLcHkVUmTNkvTJjy5EuQtTsh9w8S1uLN1KUekk1nYXSOWHL86ulryWWUY2lYCh8ZIPq9u5vDDZ8PzyNw8NVvfwx61q11d8n6kShlEDDtiJBZQGWeAcJDaRYJQB7It5a1G01oGDflWfmlTTKtoR+cV4TfdQWFplqM2GY6AhobgPSeuiW/Ax6pau0cJTHTvI3qPUKgTzbTbKA20kIQOgUQU0TBKSlqvy0t3S36y+k9Aq8V1Y7X05I5wqcVxLPEo9JrNHBgniViI/Kc7JhHGrp6AB1k7hUoTkPEx4lnHLPSPpEeok/cg7/GahLcUbm531KGF0+orxGonktXnCrZTHDhMqOLEbXUDq6xWo3ZQ17UDg4RRLOh4HfUJZrg0CGoSl8E+Qp2MTsI40eMbDUSmEyaqk0igaRRLGobDUJhev5t/QfkVudjnfF3tl33a/EasopM+XHga5wi5TiWkZDHz4UdayEpL7LkeVwXPSW0OK8SDQcM19jufOo9M6ZzvITLMQGXH8tMyMd9xlCZUebMceiKSH2nEqHASro31j9rNpOnB1/lSdcHRuDPMoIGu+ycGb7LsgjtQ4sII7H1NrfD7NO1M66cV+qyhtAhqAlJSQ1Ucp51cy8Zy6xKZUgJkZR1JRisdexffO9SrbQ2gbVq8g2mrVjVEzo8MZXNZPUeWlZzMyDJyc1faPunYPAlI6EpGxI6BWzDDKwaM0vL1TkxFbu1BZsudK6EN9Q+6VuSPLS1tCtdXo/GwFmLGw2JZDcCEjgYZTsabHSpR6VE7VE7Sa1ZnVsxGiz4/CxoNnV/byh+cUPVSfuR+7UJSRoHx2FSX0Mp2cR2nqHTQWdCENoS22OFCRZI8FFgaIJUDQkPqWShJsgbNnTWWtWG1tWsU1djb8PEOPAOyrssbwPzi/EDuHhNBMoQ2y2GmUBtofNHX1k9JoEJqUOSc9uakzlthse3gUtPaoykhPwrDyC6gRmiO0Kkgg+uSG07eknorQ3u6nDERX3peo8v9Irv8lpyaxjpHGY9M8vo5uhYx/JycLBk5qOiHmH4zbk6IyorbZfWgKUhKlbTwk221uxrNdZ56PPZa0rlmKTrWJ4TPbHpN6K1Wyq05gR5TjSfZB4k/VO0VKGvRJASKDO090GqpbIIUNlEtvGKKJ7JHSSk+UVEizVVY00DTuqEmK3GiV5/m39B+RW52Od8Xe2Hfdr8Rqyjj3Oedo1zGQNP6908c7pSW4qdmZRcDTOKiQyhJnOqCkOcKVupQQ0eLhKugEVWVocb7xbefyXLHT/NDSWq5PLTDadjPlvGq7eLImMyFJbhMoajqAC1obCm21pPClW21jUQvbk7TyI/terljpFzXzkh3V70Iv5NcwhUkqeWtbfa2A9YNlFxvHTtqO1PY6jarKm2oENQG0ALEji9m+3xVCXzI50at1bM5u6lja9ATPgzHIcVCAUtMwUKPw/ZpPzFNlKyrpJJrLWWKWPTOCn6lybGKxqeJ131lunahtob3FEdA+WsmuiIjV6y0joGHgcYzAbSWYiPXcvsffcI2rWei/V0CteZ1ZojSFzaYZjthmOgNtDclPpPXVVoKQaJIaCTwaAp55Z3pQAPvj/ooJmixCKBjoKWlq6h6dlTHNW3JHlINZWuk8XCQE/GOp4jezKVbRcb1HxdFBvqUSSSbnpJ31ZBhVUoMW4hCStxQQ2gFS1q2BKUi5JPUBROkzyeXdMoXzq55ydVSUFzSumuByK2sXQW2FFMVFutxwF5XgFedwT+63M3+Gv8R+L6XvP/ABPS4wx/Uy8+/wB76I/K9MuqJCiTcm5Jr0U8nzOOcNOtN0FezIHxuzoQm/y0RKNtROppoAEig2WXTuNQlJY71pzH1/QDVZStFr1CTSKhJpFAw7jULLx/Nv6D8itzsc74u9sOe7X4jVlHGebUPWrq239J6XRqmLKgSMdkYvxseG80FSY76FIRIHC6FBpSSniFVXcq7wukOcHM+Dy+1ToTTnYTcBIkZPIaVzrsQqamApTHLjKlqZeKeFRTZRFiOuohadZdy5UTta5LR+Cncx4iYGuHmnTmojaEtpQ8HFpTZKFKSLoCVbD01HamfdX+rKkNAhAqA0igbuqJS4Pzl5KaS5qPOOZZK4GoIt24ebihPbJbJ4g24lWxxvbuVtHQRU6kxq1eW/K/Bcs8I3jojhyOVIHxeWeQEOOlJ9UJQCrgSkbhc0mdSI0XJRub1VJpoQSixLUEhhlhEpTZNu0TYeNO2gneAk+OoSztxydpFSkmQaDcF5XgHpFTXmrbkrwXWVrrI1ZMdhI3BtHyjiPymrRCJIVVKDCRQcl5/wCtDprRi8PDc4crn+OMkpPrNxEj7dflBCB465HVNx8vF4Y53+ztet8sdP8A3G5+ZaPy4uP6vh/Fv8mNGDRWhojUhvgy+VIyOSuLKSp1I7Ns/URby3rY6fg+VijXnPGWl5g6h+73dpify0/LXu5z3yvxNzbr2V0J5PP15wY8gNBSlbEp2k+AVougqEp4yJDj30js8Q2CpRLAaEEIFEm2oBJKTeolKfwKO0ldp0NpJ8p2CqylZKhMENQk00DFDYahMLt/N36D8itzsc/4u9nd90v6p9FWUcu15iMxqyfitJYrUE7TLLjcnKTspilJbl/91U01HaC1pUOzLrwW6m3rpRw7jVF3MuZmn+fevdO6SznKnUrWntQY1qSzqSIXlRmZcpCwyqyS262QlxpZAWnZeo4LzEuq8p2dcR9H4JjmS4h3XTbLic0612ZQp0OL4COxCUbW+H2QKdpOunF0E1ZSCGiSUCGoDaSlVNRtdlM7Uey8kHyp2GoSrbhuaQGGoQbRJKLEoFQpSFpWg2Wkgg+EUFwxz7UxkODY4PeI6j+9RLfUtKRUCMyr4MJ5PWB6RVq81b8lbDhrM11mC/smf903+IKtCsqvrPW8bR7UNbscy3ZThBYSoIUGUD1lgm+29gL1yuodRrtIrrHim08vV6Xd6T0m+/m+k+GKxz9fZDNp/W+mtTovjJqUyEpKnYj9mn0AC5JSTtA603rPtd9h3Efknj6J4Swb3pW52k/8SvD0xxif49bhMZB5xc4/inklzTOHPaBJ9kxIqvs0nwvOesfBXBxz+93evw1+yPxl7vL/AOI6X4Y/q5P9q3P/AAw9HrXcknpr1z5axhQ409AuPTS3JNecNLNzQ+DGjm7Q9tY+ceoeCtF0dVaWnhNqDGaKwKLG1EgNQLXgo/YRrqFnHfWPgHQKhZL2qEjoqEmmgYrcahMLr/N36H8itzsc/wCLvZ3vdL+qfRVlHMdbamw+hcridX6lf+C0v2MnFZPJFC3G4q5CmX46nAgKIStbKm+K3tKSOmqrvNfePi8w/wCxGgdX4PK5PSun/i50jU86EuQ25j2szJMiM7KjsKStSGwuy+lJqITPJ6U5OYbLYDQmm8RnM6NTZRiKpb2oEOOPJmJfWt5t1K3SVKBQtIBNR2rT7ro5BqzGbRYlAlQGmghM/HMqKQgXdb9dHh6x5ahKlHbtoG0lJDUEENEwchl5z3baleIGiW2xiZrp2oCB92QPkF6CVYxb0Qh74oNKH0Rs8RvQZJGWiN2Sp9HFu2H96oEfPldowvhIKSN4Nxvq9eatuSJC6zsCzBV2GD/sm/xBVoVlQNe6Dl6ne/aUCaBMQ2GkRH9jXCnb6qhtSSTtvXnOqdItub/MpbjpppPLuet6J12mzp8q9PyzOvijn3x2uAamw2X09IUzlorsJ4X4FqFkqHWhY2EeI15DJt8mC2l4ms/x2vp213eHdV8WK0Xj+OcO6cmdLDTmk0z5DfBk82RLfuLKSwBZlHm9c+Ovc9J23ysOs878e7sfLfMu/wD3O6mkT+XH+WPb8U/d3OhKVXaeU1a77lm1eEWHlqt50haka2hGqGytJvo6QBxGizBaiptrUWNO+g3sbCMl3tFj7Bs3V90eqqi0RfaqFm9UBLVCxpFAxQ2Ggun83fofyK2+xofF3s7vul/VPoqyjm2q85KxOXQ2ytC2141TiYTwC23HTkIjPFwH2ilDirdVVWcG762qtVaew+ncLDk5GBoHNvymNaz8VHS9J+ERwBLXaOWSgLCleqpSQrp6qiF7O7cnsvprO6D0pktHLkOaWVj2o+KVMTwSSxESY47VI2cV2ze2w9GyojmmfddHqzEaRRaDSKJIaBitxqBHSj61QlVcvjy0tUpkfZK2uAfNJ6fEaCIokGoE3hoqOwL7iApTh9QqF7JTs+WiZYJWbWla22G08KSQFEk3t02FqJaP7WmrJ+14B1IATQasiStYu4tSz90SaCKkSAm+2hq1IkxapzTKFkIWSFJB2HYTuq1ealp4Jz1hWdgWdo3iR/8AdN/iirQrLCtZSavCrWmMQ8jHXDyEdqXEc2LYfQHEHyKvVL463jS0RMetkxZb4reKkzWfTHBnCkpSEpFkpASlI3ADYBVtFJkxbgAvfZSeHMiJnk03HC4fuRWpe/i9jcx08PtYVGwrEyo583WaLMJoiSUTDYhwVzF2HqtJ9tzq8A8NRIsLbKGW0tNCyEjYKgbkZO29RKzbNQCiYIahJitxoLn/ADf+h/Jrb7Gh8XezO+7X4j6Kso4pzmRykW3iU818JInQvtjAzLEGbJRAUCjj45MAdpH4/VIO48Pgqqyhcz+bjXLPl5o+Byixh5hN6iMn9nR5TknKh7EQEqdlOLWeJ1zhv2d1+x07rVGi+ukOycq5+m8to/TeX0hBaxum8nCTOgY+OhLbbCZQLi2wlNkjhcKwbdNR2pn3V/qzEQ0TBDRYlA1Q2GoEbLSQq9JS0VJBBChdJ2EHaCKgV/I4lTJL0YcTO9SN6k/viiUWhCnFJbTtUohI8ZqBZZS0wMeQjehAbR9Y7KCproswFfCaDC+6bUVQk6RYGiGhiJIcz0Ju/tOEfwTVq80TyX5TVZtWJOtH/urHgbQPMLVeFJa7prIq1FL4TVkTJQ4SNlYr3irJSk2Y1kk3Nac2m08W3WsVjgabVVZrPuACwqFmgu5N6JgyiZSELFuP2cfu2zvt85Xi6qIhNttoaQG20hKE7gKqk4C5tQb7CLJosykVVOhtrUCGoSarcaC5fzf+h/Jrb7Gh8XezO+7X4jVlHNtf5/IxG8fpHTUlMbWOq1uQ8bIUoD4OK2kGXOKSRxdghQ7NPznVIFVWca5ya4053dNUctMu5gZeQ0zjcZlcM23FID0cPKjKLy1ODhUtYSoq4lAqJJvUQtPB0DuySo8/k/pGbEBTDkpyD0VCrXQy5PkqbTYEgcKSBYbqjtW+F2mrMYoG0WJQIagacpFxQRqht21CTCBQaZx0YSUykp4XEm5A9knrt11Ajs8tf2TfCeyF1KVbZxbgPJRMINYvRLVdQd9EtVxKiKIlETmCpJohDY8t4/OwZ0j1Y7LoLqupKgUk+S9TCJdUQGnm0vMqS40vahxBCkkeAisurEkmwBGaHUkCsteTHLVdrIq1Sm5ud3VWC+Xshnph7ZJWu2TVKFqgazjwAIFQlpuLKtt6JZY8CTJ2oRwo+mrYP9NQQl4uLjx7KWO1d+krcPEKLNyoCVAzMtXN6DeAsKLFqqxtJDagNUNh8VBcf5v/AEP5NbfY0Pi72Z33a/Easo5fr3TnL7V0uNh9eYWNkGY8VybEyEjiQ5GJkMx7NOtFLiFLU4jalXRVVnP+Y/N7lxyF0HjMXNiT86xJVMx+EwskqnPyFY95bbwfkSyv1EL9UKXxK4bWBqumq+ukL5yQykzOcv8ATOZn4FjS8rIMOyjgIjRYYituuuKbShBsQFIKV3sL8V7C9O1PwuoEG9XYyVCCGi0GmiQaDE4niFQIx9vhUaiUtcigaagOSyHRwqAUk7wRcUS1JGn4TtygFlf3O7zGgiJOn5LVy1wvJ+52HzGiyHkwXm79oypPjBoIt6G4vYlF6I0RsjBSXr8LQ29ZAoaG4/GanxDpcxhSlpRuuO4sFpfjTfZ4xUxKJrqvMLJOORE/HMfDyU7C2lYdSfEofu1mrkjRinFOpjkgLN9w6qx2vNmWlIqxF0VjZGJT4OwbT1DbQCWJj/u2lW6yLD5aqnRlbwzyjd9wIHUn1j+9UpbzOOiMbQjjV9Je00GzULEoENQMjbRUagbyGgkDZRJxFEkqJTBp31CSVAarcaC4fxD9D+TW32ND4mZ33a/Easo5FzRw+v5T0PJaFx+Oy4RHXFyeNyEtcF9bfxUeUhUZ0IW3xXZKSHLDaNtQs5jzV5aa81zy/wAZrDTcd3T3NHAnOSY+nJSmJSH4uaee+JhLUgqbU4ppQLa0mxPUdoqtpwdb5J6ka1dy90jn2Yj0EP45uO5Dk++adgpMRxKvDxtK8PXSOa3wunHdUsRtqBCKJg00WJQIfDUDWeaChSUo51opNQMJG2oG6yjhRc0S13nDewoNcqJomDTt30S13IkZza40hXhKReoGsvFQT+a4fESP3aJYjiIXQFjxK/0VKSfsiGOlf4X+igUYuEN6VHxqP7lA9MCEncyk+O6vSagZUttt+whKfEAKqkpok1QoGEUCEUTBLE7qJZW2CqqjebaCBQPI2UWNNRIbUJIU9NEmkGoDTuNBb/4h+h/Jrb7Gh8TO77tfiNWUQ66iVoarm+9Y2WDsSy0zKQhltLSCXFlKEhKeJd1KNhbaSSSek1Mcy3JPVeWI2oQKJNosaRQIRUSGEX30GB1kKFQlpmOQrwUGRfqN26ahKPWbmgYaJghokhqAlBjtUrGkUCUDTUAqqYNNEkO6gbtNAqWyqiYbLcW+01EpbSWgkbKgLbooG0WMIqA2oC1CxtA0jYaC3fxD9D+TW32ND4mZ33a/Easoh11ErQ1nKxssMmO/XG/vvQamOZbknDWRiNNVQSgQ0Wg00SSgQ1AaRUSkwo20Gu82VC1QNFyOobbUSwKbIoGEGixtAlQGqG2iYNNSk2gQioCcJ6qiQcBNQk5LCj0USyoi7dooM6GUpG6gygAVVYlAlA0jbRJhFEmHfVQVC0GmgarcaC3fxH9F+TW32ND4u9md92vxGrKIhdRK0NVyqMkMmO/XW/Er0Gkc025JysjEadtVQSgQ0TBDRYlAhqA2khDUJNIB31AxqbBFEsKo4PRQYFRQaJYlRSN1EsZjGoDFRlWok34ZXVUpHwyqBRFNQHpigb6gZBHSOioScGkjdRJCgjcKA4Fnck+ahqwvPx4w4pLzbKekurSgfwiKrK9Ym3KEHO1zonHX+P1Lio1t4cnRwfMFk1jnJWOcw26bLcX93Haf0yrs3nlyhgX7fWOPWRvDBcfP/LQqqTnxx2t2nRN9flit36R9quze8/ybiX7PLSpih0RoLxv5V8FY53WP0t6nlnf2+GI9toV2b3veXLNxCxOYmEbiW2WAfwlmqTvKeiW7Tylup961I+mVem98mALjHaOfX1KkzW0ecIQqsc730Q3aeT7fFljuqr8zvharcuMfpjGxx0F5994+YBFY53lvRDdp5Rwx72S090Qr8zvV81ZN/h/2XCB3dlELhHldcV6KpO6v6m7Tytso5+Kf1fhCuZHvD84pbTh/tKuP6pNoseMzbZ0EN3+Wsc7jJ6W7j8v7Cs/09fbMz976AftGd/8AFX7W7df7S/s/8V8Vf1+3+C4+O/Xxba9DrPy9fV9z458uv7zwafl+Zpp6vEtzvu1+I1mcxFLqJTDVcqjLDJjv11v770Gkcy3JOVkYjTUSG1AKJNosSgSoCGgSoSaagNoA0STs1KGxJPiFSa6GLbKBxLsgdaiEj5ahMSjJmcwEAEz8tCigb+2lMt/jKqk2rHOWxTBkv7tbT3SrU/m3yrxtxN1liGynekS23Ds8DZUaxznxx8UN6nSd5f3cV/8ADKtTO8hyVhXvqhEkjoiRpL/mIat8tY53WKO1vU8u9Qt/l6e2ax96vTe9tyjjXEYZacRu7KGGwfK64n0Vjne4/W3aeVN7bn4K/q/CFdm983SDdxj9LZOQRuL78dgH8EOVSd9XsiW9Tydnn3slY9kTP4K9N76eQNxjNGR0dSpU1xfnDaE1infT2VbtPJtfiyz3VV2b3xeZL9/gsRhoY6CWnnyPw1isc72/ohu08o7SPetefoj7ldm96TnRLv2eXiQweiNBZFvKvirHO7yT2t6nljYV+GZ9tpV2bz05w5C/xGssgkHeGC2wP+WgVjnPkntlu06JsacsVe/WVcm651tkr/tDUuVk33hydII8wWBVJvaecy3abLb093HSP0whXn35J4pLzj6jvLq1OH+ETVG3FYryjRhCEDckDxCi2p1ECgKAoCgKBj3uXPqn0VErV5vqL/k1/dj+r69R/ld33Pz/AP8A9/8A+z/eafPjM5XT/KXU2YwktyBlIrLCo8thRQ4gqktJJSRuuCRUbi01xzMMnRMNM29x0vGtZ14fpl5d0R3wNTYxDMHXONbzkVACTkIpEWdb6S07WnD96g9aq52PfzytD3m+8n4762wW8M+ieMfTzj63ofR/OzlrrwNtYbNNx8k5a2LyNokriPzUhZ4FnwNrVW/TNS/KXh950fdbTjkpOnpjjH8e10PHgpnISQQRxXB2HcazV5uPbknT11kYoNNEmkHqqqGvJmwoQvMlMxwN5ecQ3+MRUTMQvWlrcomUBP5h6BxgJn6pxUe28LmsXFvAFk1jnLSOcw3cfT9zf3cd5/TKsz+8FyWx9/iNZ49ak/NYUt8/8tKqxzucUfE6FOgdQvyxW7+CtTe9lyUiX7LKy5pG4RoL6gfKtKRWOd7ijtb1PKvULc6xX22hXJvfQ5bsg/A4bMzD0EtsMJP4bt/krFO/p2RLep5O3c+9ekfTP3K5N77kIXGN0W8r6KpU9CPOG2l+msc7+Oyrep5Lt8WaO6v4yrc3vq6ycJGP0vi44O4vOyJBHmLYrFO+t2RDep5MwR72S0+yIj8Vcm97zm/KJMZWLgg7uxhcZH/FWuqTvcnqb1PKWxrz8Vv1fgrk7vJc7Z5PHqt2Ok9EWPHZ/FbvWOd1lntb1PLnT6f5evtmZ+9W53Nnmlkr/G6yzDoO9IluNjzI4axTmvPO0t6nStnT3cVP8Kuy85nJ5Jn5adKJ39tKfcv+Es1jm0z2t2mDHT3a1juhHKbbWeJaQs9avWPnN6hn1koSlPsgAeAWogtEaCiBQFAUBQFAUBQFAUDC60k2LiQeokVC2ktqLByE5QTBhSZajuEdh1299nzEmrREzyYrZK196Yj2zCx4/ljzJypAx2kMw/xbiIbqBt8KwmskYbzyrLRydT2mP3stI/VC0Y/u4c7MiR2ekno4PTLejsdF9vE5WWNplnsaGTzF0+n+bE+yJn7lpgdz7nDLI+KTi4CTvL0suW/4La6yxsck+hz8nm3Y15eK3d+MrRE7kGrXklGT1Xjo6VCxMaO/IIv1cZa6Kyx0+3bMNC/nTDHu4rT7ZiPxevP7OH+xn9kviNv7L/ZXxfB//H7DtOC/31uLy11vB+Xw+p81/cf8f5unxeLTv10UnvIf4J6t/wBxH/lbNYd1/Sl1vLv/ALDF7Z/2ZfNWvNvupaDo+iue/M/QaUM4fNLkwGxwtwMkPjGEC1gEBZ4kAdTakitqm5yV7XA3nQdnuZ1tTSfTXh/L6lim96znbM4gjNxoiT0RoMcW8RcDhq07zLPa1aeVun1+CZ9tp+7RWpvPnnJPJL+tMkgHojrRHH/JQisc7jJPxS3qdC2FOWKvfx+1Wp2utb5Qk5HUuVlX39rOkKHmK6xTktPOZb+PY7enu46x+mEG8/IkkqkvuvE7y44tf4xNUbcViOURDD2TV/YTfxCi2sngAbhYUQKAoCgKAoCgKAoCgKAoEKkjpFDQJIWeFB4ldSdp+ShMJeDpfVGTIGNwWRmE7vh4ch0edKCKtFLTyiWrk3OGnvXrHttCzwOSPN/JECJorKWPzn2Uxhvtt7ZSKyxt8k/DLQv1rY055q906/Ys+P7q/O6fbiwUeEk22y5rKbX6w2V1ljZ5Z7HPyeZ+n0+OZ9lZ/ktGP7l/M+TYz8rh4I6RxvvkbPuW0issbDJ2zDQyecdnX3a3t9EfetOP7js9RBy2s20DpESEVfK46Kyx06e2znZPOtfgxfTb+S04/uS6HZIOT1HlZgG9LQYjg7fqOHdWWOn07Zlz8nnPcz7tKR9M/fC0Y/uicmIRBfhT59uiVOdAPjDPZ1ljZYoc/J5r39uVq19lY+/VaYHd45K46xY0bAcUPnSQ5KO6355a6yxtcUfDDQv1/f355bd3D7Fqgcv9C4q37N01i4ltxZhMIPnCPBWWMdI5RDnZN9uL+9ktP6pTzUaMwLMMoaHUhIT6BV9GpNpnnLLUqigKAoCg53z1weW1Hyn1LhcHEXOysplkRojQBcWUSWlkJBIueFJNYNxSbY5iObtdEz0wb3HkvOlYmdZ7pfNDIY7IYmY7jsrEeg5COoofiyW1MvIUOhSFgEHxivNWrNZ0mNH3fFmplr4qTFontji1aqyiphElNQkUBQFAUBQFAeE7qBhdaGzjTfquKap0lsR4suWoJiRnpCjsAZaW4Tf6oNTEaqWtWvOYjvWLHct+YeXt+zNKZeUDuU3BftuvvKAN1ZIxXnlEtLJ1Ha4/ey0j9ULRj+7rzqyVux0hKZB6ZTkeMP8AmOJPyVkja5Z+Fz8nmHp9OeWJ9ms/ZC0wO6FzlmEfEsYzHpO8vzeMjb1MtuemssbHLPoc/J5t2FeU2t7K/jMLPA7ketXbHJ6oxkUbOIR2H5B86i0Kyx0+/bMOfk86bePdx2n2zEfitGP7juMFjldZynD0pixGmhu61qXWWOnx22aGTztf4MUd9p/ktGP7l/K2PYz5+XnH7qShlPmbbFZY2GPtmXPyecd5Pu1pXu1+9acd3WOSOPIKtOmYodMuVIc6b7g4kVljZ4o7HPyeZ+oX/wAzT2RH4LTjeS3KbEkGFo3EpUm1lORW3zs8LoVWWNvjj4Yc7J1ne5Pey3+nT7Fog6d0/jABjcTDhgbvh47TVtlvmJFZYpEcoc++4y3960z7ZlJ7t1WYBQFAUBQFAUBQFAUBQFAUBQFAUFZ1jy80Xr6J8Hq3DR8klKSlp9aeGQ0D/q3kcLifvVVS1ItGkxq3Nrvc+2t4sVprP8djy/zB7l8pkO5DltlfiUC6hhsoQhzrs1ISAknoAcSnwqrm5dhHOkvf9P8AOPKu5r+qv31/D6HmTU+jtU6LnnGapxMnFzLngRIbIS4AbXbWLpWPCgkVzL4rU96HvdrvsG6r4sVotH8c4asLT2oskQMdhshLJ3dhEfc8G8ItWOKzPKJZ77jFT3r1j22hZ8fya5tZQBULReWUk7luRyynb4XCmssYMk/DLQydY2VPey0+nX7Fox/dd53ZABX9nURE9cqZHbO0dQWT8lZY2eWexz8nmbp9P8zX2Vlacd3MuacqxnT8PAHSFvPPKHkbaI+WskbDJPoc/J5x2dfdre3dEfetOP7j2VWQctrKO0OlMSEtw7+guOo6PBWWOnz22c/J51p8GKe+38lox/cj0a1Y5TU+Ul23hhEeMD170OH5ayx0+vbMufk86Z593HWPbrP4LPA7n3JqJYyo+RyChv8AiJzqQdnU12YrLGxxR6XPyebt/blNa+ysffqtGP7uHJPG27LR8N5Q+dJLkg/8xaqyxtMUfC0MnmLqF+eWe7SPsWvHct+X2JAGO0vio9txRDYvvvvKCayxipHKIc7J1HdZPeyWn9UrDGgwoaeCHGajo3cLSEtjzJArJERDSte1uczLPUqCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKAoCgKCm6y/6vgP/AE7+sH/r365u/iP+066w35xy7/udPae5f+py+Dl+r1LXF9yPd/ofY8lZYc+3NnqVBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFB//2Q=="></img></a></div><div ><h2 >Check out our Audit Report Tool here</h2><a href="https://www.fb-pro.com/audit-tap-product-information/"><img width="125px" height="200px" src=" data:image/jpeg;base64,/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAUAAA/+4ADkFkb2JlAGTAAAAAAf/bAIQAAgICAgICAgICAgMCAgIDBAMCAgMEBQQEBAQEBQYFBQUFBQUGBgcHCAcHBgkJCgoJCQwMDAwMDAwMDAwMDAwMDAEDAwMFBAUJBgYJDQsJCw0PDg4ODg8PDAwMDAwPDwwMDAwMDA8MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM/8AAEQgBggD6AwERAAIRAQMRAf/EANAAAAEEAgMBAAAAAAAAAAAAAAACAwYHAQUECAkKAQEBAAMBAQEBAAAAAAAAAAAAAQIDBAUGBwgQAAEDAwEEBAcKCQoCBwkAAAECAwQABQYRITESB0FREwhhcbEiMhQJgZGhwUJygrIVdlJikiMzs3Q1ONGiQ1NzNLQltRbhJIOTRDYXN3fw8dJjVGSUJhgRAQABAwEEBgcFBQYGAwAAAAABEQIDBCExEgVBUXGBMgZhkaGxIhMHwdFCcoKSsjMUNOFSI0MVNfDxwtJzJFNEJf/aAAwDAQACEQMRAD8A9/KAoGJMmNDjvy5khuLFjNqdkyXlhDbaEDVSlrUQEgAakmg0VqzLEL72ZseV2e8h4ateozo8jiB2gp7JataCSUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQdBO8l7RXkP3fzNsEC4f+KPMWN5pw7HnkLajLOuyfcNFsMaabUDjdH9Xt1qVHgN3iu+rz47yzsmDmGRf7fwd1QLPLiwFyNa+FKuJBlEqLstY2bXVFOu1KE1Kiko6Esdk4wAw4kApcb8xQOnQU6EVBZ+N86OcWHFH+1ea+YY+lv0GoV7nNtj/AKPtSj4Kouawd+fvaY46lyJzsvNwCdPzN2YhXFB06/WY61fDSou+ye1O70NsbQi5NYbkhR6Tsy0vMOK8ZiS2U+8mlRdeN+18y5goTmHJO03FP9I7Zbu/DPuNyY8gfz6tRctg9rrynlupRkvKrLrG0dOJ+E9AuAHX5qnYyveFKi8LJ7TLulXdtCpeYXjHVq3s3Oxz+JPjVGakI95VKi68Z74Xdfy5SG7LzyxMuuaBDE+cm3OEno4JwYV8FUXRZs7wjIlBGP5lY76s7Qm3XGNKO3wNOKoJVQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFB5se1WyzKcR7rPrOKZHcsZlXfL7Ta7nLtclyI8/CfalKdjrcaUlXAsoTxAHbpodlSR8vyEpQnhQkJHQB4axB167PBQWSj0EfNHkoFUBQFAUBQFBggKGigCD0Ggw2hDKw4ykMup2pdb8xQ8RToaCxbHze5tYy2lrHeaeYWNlG1DMG+XBlA8SEPhI96rUXTjffi72OLKR6jztvdwbRpozeW4l0SQOgqmMOrP5VKi7bL7UnvS21TP2ivD8iQ3p2iZlncZU541RJLIB8QpUXhjvtfMxYATlvJOz3LZ5ztnu8iHt8CJEeT9arUXJjntduVkxaUZXynyuwAnRT1ukQbmgeHz3Iiv5tKi7LP7TjumXQtJlZPfbAXdOL7RsU3RHzlRkPj3iaVF4Y33xe67lZSmz888SDihqGZ89Ftc/InBhXwUqLlsPMHAsp0/2zm9gyLXd9mXKLL/UuLqiX0BQFAUBQFAUBQFAUBQFB5ce13/hTt33+sn6ibUkfM9u21iDTZu0oLJR6CPmjyUCqAoCgKAoCgKAoCgKAoCgKAoMEA7CAR1Ggw2hLSw6ykMup2pdb81Q8ShoaCf2bmrzTx0tGwczctsvq5BYTCvk9lKNN2iUPgD3qou7HO/D3scXKfUOd18noSNA1eERLoPdMxh1X86lRcmPe1B71VmcSbpcMWy1oHzm7lZksEjq4oDsbyUqL0sftfM5ZQlOTclLHcnBpxO2u7yYQPXoh+PK0/Kq1F0Y37XbldLLact5T5VYCdO0dtsiFc0DrI41w1H8mlRdFk9p73ULu8hqZf8AIccC/wCludjlFA8ZiCTpSovGxd8vusZGlKrbz1xJBVpo3Pmi3r29aJgZUPeqi6Mf5iYBlqUrxbOcfyVKwCg2u5RZmuu3+hcXQTGgKAoCg8ufa7/wp277/WT9RNqSPmd39GtYjOuvvUFkI9BHzR5KBVAUHo/3Ne7Hyq5p4BkOXc4kzEJzDJ4+B8plRpL0QpvBiPSXZA7MgOgHhTooKSOBWo21Ygeet9slzxm+XrGr1HVFvGPT5NsusZY0KJER1TLqSPnJNQXjyG5DHndbOcc9OUf7aXynxB7K0tGJ60meGe0JjE9q0WtQ3sV52/dVoOu6FcSUq004gDp46gsLlnyuzfnBk/8As3l7aE3zJDAlXJFuVIZi8UeGkLeKXJC20agEaDXU9FUROz2S8ZDebdjthtki8X67ykQrVaIaC7IkyXFcKGmkJ2qUo7ABUEov3KvmhixWMk5a5VYQ36a51mmsoGnWtTIT8NBAtRxKRuWg6LQdhB6iN4oM0BQFAUBQFAUBQFAUBQFAEA7xrQJbSllwOsjsXQdQ635qgfAoaGgnNl5m8y8beRIx7mNlVjeb/RuQbzOYI02/IeAqi77D32+9hjqEtweeOQS206aJugi3I7PxpjDyvhpUemvs+O97z05781shwTmhkFuv9mteKSLvEkNW2PDlesszIjCeJyMG0FPA8rUcG/pqxI9gqo8ufa7/AMKdu+/tk/UTakj5nt+ysRjy9NBZKPQR80eSgVQKQ268ttmO0p+Q8pLcdhI1UtxZ4UpA6SSQBQekveqy25d3u291jkJilwS1d+Rdug51lj0bQKXksx0yAF6aeiO1Oh3pcGtUVh388Ys8XnPA5o4qrtsP5+47b85sshAPB28psNzEA7teNKXFDoK6SJt3Chrj3fD/APSCd9WTSB52s/omvmJ8lQd+fZtfxPQ/ufkf+HRVgUT3X/4neR/39tn+KoOyveD73feVwDvCc4McxPm7eLZj2P5VNiWaxrbiSI0eO2ocDSUPsOeaOomlRs8G518u+95Lh8ou8vjFjxvP76kQeXHPzHobVuls3JZPYx7m0jRtaH16IGzgJPDwoUQsXeOgfMXB8i5YZjluAZVHTEyPD5z9vuaGyS2pbW1DrRIGqHEFK0HpSRUHafvE4Vym5Y81uQ6F4c6zgV35e4lkXMCwWd9bUm4OTEuqnrZddc/NuuhI0IUkA9VBvrBZO4FzCyaxYzaWudGC3LJbhFtdtS65arhFEma8hhoLWe0cSniWNTt0oJHzC7r/AHScRzHJcDe72lww3KsVmKg3a2ZLjb0llt4JSvhEqIGkLGigdU0oOjuf45Y8Sy+849jWawOYljty2hb8ytjTjEWalxpDilNtukrTwKUUEE70mgh1QFAUBQFAUBQFAUBQFB6g+ya/iJzL7gTf9St9WB9DlZDy59rt/Cnbvv7ZP1E2pI+Z7494rEH/ALa0Fko9BHzR5KyoM1KDt53GuWkfmT3jMPVdeyTjXLxD2aZM6+kKaDFo4VspXrs0VIU3rr0A0gWjzE5s9x7nTzAyjPs9xTnBYchyaaXrjdbTcbZMiuBpIYaW0w6eJCOzbTokbqs0Fhc7ofKTmx3LLHcOSOQ33Jbd3Xr83DmLymK3Gu7FovhKSyrskpSttta2uFSRpogjemgr/uEHWw98FtJ1cc5Pz+BsbyAJGug8GoqQPOxn9E18xPkqDv17Nka95+H9zsi/w7dWCVEd1/8Aid5H/f22f4qge72v8TvPj75XD6wpI69du7EKZcdZbkRCH47o3pcaPGhQ8RANQd8faMhqbzgwvKjHTHuWb8rscvN64RpxynG32ypXh4UJT4gKsjWd+v8A768kf/RbDv1L1JHWvkx/5x8pPvrYP9RYoLU76X8V3Pf7zL/wzFJHWGoCgKAoCgKAoCgKAoCgKD1B9k1/ETmX3Am/6lb6sD6HKyHlz7Xf+FO3ff6yfqJtSR8zu7fsrEHgNBZSPQR80eSswqg7ZcnOemG8puQfPzEYNtuiub/N1iPY7ZkDTbaYUOyaBEhBf7UOBag48eEN6E8HnbKDqYAAAANANgFSg7odynPcNseYcxOWXMy8wrDy654YdPxu9Xe5vBiFEmtoU7BfdWo8KdCpaUqO5Sk7aRAgvdm5vRe71zkVccnYGQYTdI0/D+ZEKCtLzcu1S1di8+wpHEHQ2pAdTwnz06hJ86oLkzDuCcxLvKOTd2+42jnfyovRMrG7xa7lEZmxGHTxNxJrEl1vR1pBCSQdTp5yUHzaUFs8p+VNz7jONZ7z0543C3WHmVdMcnY5yf5Zx5jUyfImXBGipUhLClJCElCdSklKU8RUoKKUm7h0m7q3F/8A0tyFK1caznFoK1npPrA1Pu1BvO95aLxH7y3PGZIs8+PDl5fPdiTHYryGXW1KGi23FICVJPQQdKSNd3fO7fn/AD/zizWC0WOdBxLt0P5dmkmO43b4NubUDIX26wlC3CkFKEJVqVHbokEgJV34eadh5rc+cmm4i41Iw7CrbFxDFpjCgtqRGtSVpW+2obChTy1hBG9ISemkiX9+v/vryS/9FsO/UvUkda+TH/nHyk++tg/1FigtTvpfxXc9/vMv/DMUkdYagKAoCgKAoCgKAoCgKAoPUH2TX8ROZfcCb/qVvqwPocrIeXPtd/4U7d9/bJ+om1JHzO7taxGT1nxUFlIB4EfNHkrMZoORGjOy3gwyAXFAkBR0GwanbWnPntw2cd256PK+V5+Z6iNPgiJvmJmKzSNkVna5qrJc0/8AZ+LwpUk/HXNbzTTz+L2S93L5E5zj/wAiv5brZ+1xl26ej0ob35JPkrdbrMN26+PW8zL5a5pi8WmyfszPuq47jLrWnatLa13cSSny1utyWX+GYnsl5uo0WfT0+bjusru4rZtr64biw5Rk+KPuysWyW7YxIfGj79pnSIK3B+OY60FXu1lRzTMQ4V1u92v0526X27Tb5c3ho9crjIdlyFAbgXXlLWR4Nak1Imrl41kl8w7IrJlmM3BdpyLHJrVwsl0bSha48lhXE24lLiVJJSehQIqDuJC9or3sIrKI8rOLTemkbALlYbc7r4+BpurUQbmd30e8dzasDmKZPnv2fjElJROsWPxGbSxJbVsLb5jgOLQelBXwnpBpUdVloCm1NjzQpJSPBqNKgvfn1zlZ513rBLw1jzmOHDsIs2IPR1yRK9YXaUuJMlKg23whzj9EgkdZqiveXN8gYxzDwHJrqXE2rHMktV0uamUdo4I8OY0+6UI1HErgQdB0mgnXePzzH+aHPbmhzCxRyQ7jmW3pU+zuSmSw8Wiy0jz2lalJ4kHYaSKTqAoCgKAoCgKAoCgKAoCg9QfZNfxE5l9wJv8AqVvqwPocrIeXHtd/4U7d9/rJ+om1JHzP+OsRg9JoLNR6CPmjyVahVWo5UKSYUlMlCA4UgjgJ0G0ab60arTxqMc2TNKvY5Fzi7lOrt1NlsXTbExSZpHxRToSiBelTZKI6owbKwTxhWu4a7tK8HV8rjBjm+Lq09D9a8u+fr+a6yzS3YIt4q7Yumd0TO6Y9HW2M64NW9LS3krUHVFI4NNmg16SK4tJo7tTMxbMbOt9T5g8x4OSWY781t0xfMxHDTZSK7azCL3i5x57cdLIWC0pRUFgDeBu0Jr3eW6G/TXXTdTbTc/JfO3mrS86xYbcEXxNl10zxREb4iNlJlzccipU3JkOISsLIbQFAHdtVv9yubnOeYm2y2adP3Pc+mXKbb8ebVZbYmJmLLaxE7viu3/pg5kERoRW5DTaUFpei+EAapV16eGsOUai6ck2XTM1jp9Dp+o/J8MaPHqsNltvDdSeGIitt+6Zp1TEetFY6ErfYQsapW4hKh1gqANe7mmbbLpjfET7n5Ny3Fbm1WLHfFbbr7Ynsm6IlOFWG2HXRhSfEtX8tfLxzXUR0x6ofveT6fcmv2Riujsvu+2ZcGVjjPZqMRxaXRtS2s6hXg102V1YOcXcVMkRTrh89zb6ZYJxTdor7oyRutvmJtu9FaRMT1b0QIKSUqGiknQg9BFfQVidz8autm2ZtuikxsmOqWKMRQFAUBQFAUBQFAUBQFAUBQFB6g+ya/iJzL7gTf9St9WB9DlZDy59rv/Cnbvv9ZP1E2pI+Z3YfBWIxQWcj0EfNHkoFUBQbex/vFn5q/qmuDmn9Pd3e99j5Bj/9rD2X/uy22SDViJ/aK+rXn8k8d/ZHvfcfVSP/AFtP+e792ERKeqvon4snrSRbbRqfNU0yVq1/DUNfKdK+SyTOq1fbdTuj+x/ROkxW8h8v1nZdZim6f/JfFf3piO4iL/mNlS2dq1tFok/hI2A/ADWWf/1tZxdFa90uflEf655cjFO26cc2frs2Wz64tlC4oIlxgRoQ8gEfSFfS6j+Fd+Wfc/D+URMa7BE7J+bZ+9CaX7j+z18HFxdojTh113+CvmuUzHz9vVL9y+oluSeVz8utfmW+GtenqN2AyDEc7fj4e0/Mleuumm3TXo1rPnEWfNjhpWm2jk+nF2ru0F/z+Lh4/g4q7qfFSu2le6tUXuwSLlMCd3aanxkDWvc0G3T2V6n5V5uttt5vqYt3cc+uYiZ9rXV1UfOCoCgKAoCgKAoCgKAoCgKAoCg9QfZNfxE5l9wJv+pW+rA+hysh5ce13/hTt33+sn6ibUkfM/qPerEB6urpoLMR6CPmjyUCqAoNvY/3i181f1TXn80/p7u73vsvIH+9Yey/92W3yT9BE/tFfVrz+S+O/sj3vuPqr/Taf8937sNBbI/rM6O0fRCuNfzU7TXr6zN8rDdd00p635r5X5b/AKhzPDhnw8XFd+Wz4p9dKd6cS5MRhKUzFJSh3XRKklQOng0NfLabBlyTXHWsP6D53zTl2jtizXXWxbfWkXRxRNPRSd2wmI/BcCkQltkJ85SGxw6a9Omgq6nFmtpOWJ6qy1ck5hyvPF2Pl91mz4ptsjhpXZWlIRGXG9XvKUpGiFvtuI8SlA+XWvotPl+bpK9MWzHqh+L855dGh8xRjjw3ZrL47L7ou9k1hMZctqE0X3uLgCgk8I1Op96vmtNp7s93Dbvp0v3HnXOcHKcH8xn4uHii34YrNZ74al7IoaUEsJcdc+SlQ4QPGTXo4uTZZn45iI9b4vX/AFN0FmOZ09t99/RWOG2J9MzNaeiENccW64t1w8S3FFS1dZNfSWWRZbFsbofiWo1F+oyXZck1uumZmeuZ3kVk0igKlBipQFQFAUBQFAUBQFAUBQFB6g+ya/iJzL7gTf8AUrfVgfQ5WQ8ufa7/AMKdu+/tk/UTakj5nhsrEB3E/BQWYj0EfNHkoFUBQPxpLsR5L7JAcTrpqNRtGm6tebDbmsmy7dL0OWcyzcu1FuowTEX21pWKxtik7OxyZlykzkNofCNGyVJKRodSNNu2tGm0WPTzM2V29b1OeeadZznHZZqOGlkzMcMU2zFNu2SYE5UBxbqGkuqWnh84kaDXXZpV1eljUWxbMzEVrsYeXPMN/JM92azHbfddbw/FWKRWs0p10KuNwXcHG1qbDSWk8KUA6jUnUmpo9JbprZiJrWWzzN5ly88zWZL7Isiy2kRE13zWZ2037PULbNECT2ykFaFIKFJSdDt3eSmt038xj4Ymk1qnlbn0cm1v8xdbN1s2zbMRNJ27t/VMOZPuUaXIhSENuNlhQ7UKA2pCgdmh8dc+k0eTDjvsmYmu7tpR7XmLzRo+aa3TarHZfbOO6OKsRtti6LopSdsxt2bN7l3W6QpsNTTKl9oVpUEqTpsB660cu0GXBl4rqUpPS9rzj5v5fzbl84cE3cfHbNLrabIrXbthF9BXu1fk7GhoMUBQFAUBUoClBipQFQFAUBQFAUBQFB6g+ya/iJzL7gTf9St9WB9DlZDy59rt/Cnbvv8AWT9RNqSPmdOm2sQhS0I0C1hJVsSCdNT1CgswPNISkLdQghIBCiARs6jQKDzJ3OoPiUKBwEHcdaAoCgKAoCgKAoCgKtQbOqrUY4eqqMaEbeigxQFAUBQFKDFY0BQFQFAUBQFB6g+ya/iJzL7gTf8AUrfVgfQ5WQ6Yd+vkBkneS5MWvlzjF7tmOzEZZbbtMut1Dy2W40VqSlzhQwlSlrJdGidg61Ckjo1y+9k5yisi0SeZGf5DnzwA1t1tQ3Y4eum3VSDIkK29TialB3l5d92XkBypZaRg3KbHbZKa4T9sSoibhcFKTuUqZN7Z7XXbsUKtBaczEsSuJJuOJ2O4EnUmVbYrxJ8a2jQRyXyh5Sz0qRN5WYfKSoaKDlit511/6CghVw7rndvunF67yOw1ZVsKmrY1HPvsdnpUoITP7jvdUuPFx8n7fDKvlQZtxjaeINygB71KCISvZ391iQpSm8QvMTi+SxfpwA8QWtdKJVGJ/s1O7ZJ/upzC1E66Fm8pdAPifjOUotUJn+y45PvcX2dzHzO3E7Eh0W+SAf8A8don36UEPl+yqx0qV6hzsuraPkpk2SO4fdKJSPJSgjk72VM8A/ZnPCMtXQJlhcSPfamq8lKCFz/Zac1Wtfs3mjiE8bdA+xcIx8G5p4VKCGzPZm94qOrSLc8KuKfwm7rIa+B2GmlCqOzPZz96GKkqasWOXDTcmPfY4UfF2yWx8NKCGT+4v3qrfxa8qX5wT0wblbH9fEEygfgpQQud3Ue8vbjpJ5HZadumrEH1ge+wpygjcvu/894KVLl8mM2YQkaqUbHNUBp81o0EMn4JnNr1+1MGyK3cI1UZVpms6Dw8bIq1EXfYejEpksuRlDel5CmyPGFAVRxS+yN7yB41CgUHEK9FaVeIg0C6AoCgKlBipQFQFAUHqD7Jr+InMvuBN/1K31YH0OVkI/kv7uT/AGyPIaCB0BQFEoKCI53lacIxedkioAufqkiDGbhKkoiIW5PmMwkFchxKktpSp8KUog6AGiojL5nOxE5GqVa2YLmG4o1l2RMsvoubS4jr8tAahyWFsoccDcB46lITxLb2+augfsXNyxX3KziqLRdret673SxWq9Sm4/qc242ZhEmbHaLT63klLKitJcbSlQSrQ6jQhyrXzUstzefCrFkNst6b9/tuBf50BLcCdcBOct5RFeQ6sqAfaUCVJToBrQoYic5uWdwx20ZVEyPtrJfYEq5W2Q3FkuOKZhS48GQlTLbanEuNyJLbRbKePiVsB0NESROZ4uXcajvXYW6bmUiTExe23Fl+DLmvw21vSG240ptt0KQ2hSjxJGzaNdRqKuIeYmCJvNzx05bbRe7LoLvAL22MoqbRwOuadmlfE82Cgq4gVDUbaK2Nyy7E7O85GvGU2azyG5CYjrM6fHjKTIU0H0tEOuJIWW1BYTv4SFbqDfFxtKm0FxAW8T2KSoAr0Gp4QTqdBt2UDg27B5xO7TbRKM9itR0DauLTXQA7juNAktOJ181Q02nUaaUKkBS07lKHumil9u9pp2yyOriNBwJEGDMBEyBFmA7w+w26P56TQaWRhmFywpMvDMflBXpB61w16/lNGiUQ64cieSF21+0uT2FyyddSqxwQdu/alkGghE/uhd2K5cXrHI/GGyobVRWXYp9zsHW9KFUXkdxfuqSNdeU0djX+ouVzb8kuiorP9nf3W5vEWsXvlsJOv/J32YAPAA8XRQQqd7Mnu/SNfUcgza1666BNwiPgf9bDJ2eOghkz2WPLdxRMDm1lUVOmxL8KA/t8aQ1QR2Z7KuylKvs7ndcG1/J9bsTK0+72ctBoIdP9lZlqOI2rnRZJG3zEzLPKZOnhLb7vkqUSqEzvZf8AO1g/8hnGFXFOp2qduEc6dGwxF+WpRau4PcJ7oPNbkBziyLLs3m49Ls9yxOTaWDaZrr7wkOTYjyeJtyO1onhZVt136VYgeu1UR/Jf3cn+2R5DQQOgDuNAUBQRrL8XhZlYXsfuLnZwpEy3y3x2aHQsW+axNDSkOapUlwsBCtRuJoK9zPlI9fZd2Xi+QRsMtuVY
0nEMrtLVsbfaNrQ/IeS5bwh1hMaQBLeRxKS43ovUt8SQSHDxnkpDxPmBJ5g2qdFTdLvkF9uGQrVGV2sq13ZhoR4IX2hAXFfYbWHNPOTxJ0GtEqjdi5LXyz3e4v8AqeMRmZmat5U5kUN+4faU1lN4euXq8uO6gx0qQ29wJW2raQNdlFRZfdyyOOi1xrbfYLFtXiMa2X23NreYKL6ibZFyp8N5tHGlMmNahxa6KDqUrHprICcZ1ytyi95FEyS0TvWnOXcO3yeXLd0lGXMnXFu6JuU5MqZI1Wwl1MZiOFhSiUFYV5tBqHcQzpjllkfJ1rF5ravXn5tpz63y4AjSkSb+i5B4tvOl9uYlpxSl8bCm+NBIUpKkghC7jy5zrHeY96vzz2XZba5ORrlM5XHttju1xkRnMet8QB2I6ywx2SXmFtFSWg4OEdepCwOaFm5gzeYOLZrYMcZu9h5VN2+5QYSluJuEuVcJnZ3YW9pCFIcW3bUFspWpA1cISSaFVVZ7YcjnYanGo+P3t6XglqzVrJEpgy+yfRc7rHVD9UcDfDL9YY4nEpZKyEBXEEnzaDbv40xduYNhtdlst0hckrnfZarJZuzuVsY7ZGN3Fyc600osPsRlSRH7MHgQXkrLY26kDDH4eHK5AmTcZV1mZFYrMzNwyRebp9sx7ndNQ7eURHXlpmMq85MtD2xlDYWjTzkqCUZnnt3tsXLLRb8ncYyi05Vkj67Uh5Bms2WPjcu4RnQ0rVQjoc7FxKtOHi0GuuyiURO059m96uGH4XkGaysYvbE3HbRmV2tvqrCnjJtF+uLc1hU1h5tKZ7cWI6rzSAoLbGmiqKsV6/5lfOXuI5Bac7XbprmVN2F6/wAC329+PeYL19FpanBqS08lHaMjtU9kUpKla7UcIoIo9zoyixK5iJuclM049Bun2I5cLYITCpzd/FitvYOsLBlsqUoKlEJBbVoAoBYABpnvE3lQt8h20Qfs664jZJ8WehDqm2shmTZceXEeUF7GVtwXixsCuJHConiSKDnZJz1yTFGJAubWNMXxN9nwX8UnouEGXBYiwpk2LFWvV31p+emMlMZ5lvsllR4UKKdKCZT+djcGfmUByyxYTmNW60S4SblcURSt+c7DZnszSlt31ZMBdwjhxeitdVaDzaJRpIneLt0qLkMoY0jix3H3L8q3N3eOZtyQ2ua2n7JYW2j1ph0wuJt/iQkocQopG2ipC7zthvy7WzjuH3TKYl4u8Gxw7jElW9hHrk+1JvDaSmTIaUAlgqCz0LQU79KCbcvs4Z5hY8zksSyTbJb5nCu3InPQ3XH2HEBaHQIciQG9QdOBwpWDvSKCcUBQFEok2KafaL2z/s6vrJoQsKio/kv7uT/bI8hoIHQB3GgXvA1ojHCOiiqt5z3GbaOXd1mwJ7ltkC42NhUxqYq3KDMm8QmH0+uI85gLacUhSx6IJNB1rxTLcovvMTAsdl5NeZFuhRMjNwhRcsaiNKXCyZiPHUbi4lIvLbER4M8QAU55wI4waDiYrzO5jRjFky7xf5abmu3XD1G8LgyBc0u5eLYv7G9WQpTMcxwY7jbxCwpbSkIG1ZCz4mX5vA5XYDzXXk1yy2fzCn4kqbikKJbvUmG7zNYTLhWtCmmHAtCHVMavyFK1BUSlVCjkDOeYd/k+sW27O4U05zObwhNhutnhyJDMN+AzJDr3A+v86lalacLhSUqGu0UG25c59mV/xbPcmvkxMpzH15Gzaof2E9AhhVlnTorK25xfWmVxpipLiUBPCSfBQaKxc/pU1q1wLhbT9v3W/wCIWtkMWy4m3+rZBb7VLlLVOShcZDraprvZpW6DoEApJPnBDofegvb9ksNwci4hxXu5WyDIvipF0ZtdtXcbbcLgqHMCWH3zJZ9SQkloKbIdSrzdCKC4MU5wPZFzDlYE7abfxs3GfbRKt89UiSz9nQYkxc2VEWw2WYrypQaaXxklfCCnztgbGxczb5f7xjMCLhLYt2Ss3OXGuqrugOMMWic3AlKXHMYaq43EqQlK/OGupBolD965oG1XrNrczi8u6QsBiR5mTz2Z0RElDT7Tckut29xYfcZbaWVF0eaVIWhOqk0Uyzzdt1zvDFpxvGr1lSpP2i8zPgGC227Bt8j1N2cx63LYU+y5ISptJaCiQnjUAhSFKDW2jnFZL3MhRUcv8tau13m3Syxob1thOPOKsznZ3FKlNTHE9lHcOitVaEnzQobaDmyc/wCUWQ26I7cl267wLllMnDGGp1t9YSu9WlUhDkdTbjK+ENdk4UOKARooFJ88ahM7DeMfzSzRJ9vt8hVoQuNItzdytkiAD2QbkRXmGZbTRKU+YptaBoCNh1FBylYtjSpUGcbFD9ctkl6Zb5QbAWzIkPiU86kj5S30hwn8IcW+iNPO5bYHckXhEzF4UgZBKjTb1xhesiRDmruMd1RCgQpuU4t4aaeco9elCpMHl3i1uyBGVNw5UnI2Xi81eZs6XMfQCy+wllKn3V8LKESnuBseakrUQNdtFq1TvKXBnZUaeLWtm5R7nNuzl0bc0kyJFwmNTpAkukFTrZeYbKUKOiQlIToBQaJPJHH2DkjMHIb5AtGWRXod6sTa4a46mnH5chAaW7FW80GVzXAgIcACQlJBA2ht4fKbGrbd13a3PS4XaZr/AL6XAbLfYJuCrc5bnGW08AKGVh1TpAOvaE6Hh2UGy5cYK1y6xtjGY86NcIkMIREks21i3OqQ22lsKlFhSg+6QnznSAT1URPaFRRaigk2KfvJ79nV9ZNBYVBH8l/dyf7ZHkNBA6AO40Dg3CgKBmRHjy2XI0uO1LjPJ4Xoz6EuNrT1KQsFJHjFBpLjiGI3gW5N3xOy3UWjQWgTLfGf9UCVBQEftG1dlooAjg027aB5eNY8tUBSrFbiq1nW2H1Voern1hEvVrRPmfn2kO+b8tIVvGtBpYvLvBIE6ZcoWIWqJOnzW7jMfZjpQHJjT4lIkFA0QHA8A5xAa8XnHbQbY43YC725tEbtjeEZAXQkgm6NtBlEw6Ha4G0hOp6BQaW0cvMSsLd9YtMCTEh5ImaLtbTcJzsRRuLrj0tTUZ19bTKnXHVqUWkpOqjQJh8usRgW5Fph25yPb27naruhhMh06S7I1FYgq4lKJ0bbhMpKddFcPnakmgjcvkvirysXftt0v2OXDDo9vi4/dLXNQl9pFsjzYkYq7dl5C1Bm4PoUVJ2gj8EURvLTy3sVmvcTIo0u4vXeNd7henpbzyFesyLpDYhSkvhLaQW1JjNuBI00cTxeChVm38ucfgItMdReuEO02682wQZnZuNSI99ltzJSXk8A4tFthKRu4SQdd9Fat7lhHfzCwZIbozGtGJQJcDGMah22NHMdqbFMR5l6akl16NoouJYKQkOcKiTwpADQv8n5P2Xylx6Ff4EazcrmbUhi4m1f50V2stA+oTkSUpholttBmQjs1hTZUnp2BwrpyYkSZ2LXBmXZbsvG8nyfIhAvcKQ5HWcjl+tJSj1d9tSHI2miVkkK38IoIpA7tr1vuTd2RlaHXkzY92XA9XWiKLoq5ql3CclPGo9pIiNx423d2ZV8vYSq4eWmLXPDsXh4/c40Nly2sx47b0K4zrgh8Mx22VOn19CVM8RRqGkEoHRRVgdVAe5QYolBoDvG2gwU9XvUKkkEUVigKDOtEoKCTYoP8xeP/wBur6yaCwaK018jqkw0tpUEntUqJPgBoIwm0J+W+T81IHl1oOQm1xBvSpZ8Kj8WlA/9nxP6r4T/AC0CTbIh+QofSNEJNsjfgq/KotSDbI2vyx7v/CgSbXH6FuD3R/JQJ+ymuh5fvCgSbS2f6ZQ+iP5aIQbOOh8/k/8AGhUg2k/1/wDN/wCNFJNpX0Pp90GgSbU90Oo+GgT9mP8A4SD7p/kolGPsuT0FHv8A/CgSbbKHQk/SotSDAlD5AP0hQJ9Slf1Xwj+Wgx6nJ/qVH3qFCDDf6WFjwgUQ2qJIG5pZPzTQqbLD43sLH0TRSS270tqH0TQY4Vg+ioHwigwdemiUJIQfB4aBJT1HWhUnwUUUEmxT94u/s6vrJoLCoOFcP0H0h8dBpKAoHKAoCgNB0igTw9RojBBFFYoCgKJRjhHioE8J8dCrFFFAUBoD0URjh6qFSNCKKKAoM60SjGg8VAkg+OhUnQbiKKSUoO9CT7goMdm3/Vp/JFBgtMne0g9fmiiUIMWMf6FH5IoNpZo7TUpakNpQS0Rqnxii1Seg4Vw/QfSHx0GkoCg5FCjGgoElJFCrFAUBQY0B6KIxw9W2hUnTSiigKA37xRKMcI6KBJBFCrFFFAUKAp6xpRCSnqoVJoooCgPcolGOEdGygSQRQqxRRQbS1f3hf9mfKKCQUHCuH6D6Q+Og0lAUHIoCgKA376DHD1UQkgiisUBQFCjGgPgojHCfHRak0BQFAHTQk6AAalR2AAbyTRHV3mb3nMYxFcm1YlHRl98Z1Q7KCym3MLB0IU4nzniOpvZ+NXVj0t122dkNd2WIdMcs7xnOC/vvLTlr1giubEW+zoTEbQOoLAU6fGV1126fHbG5qnJdKt2Od3OCyyPWLfzJv6XAfRfmLkoPjbkdok+9WU4bJ6ITjnrdr+UPfWjTJMfH+cDMe1uO8LcbNoTZRHKt3/Ox08XZ6n5bfmjpSkba5cukptt9Tbbl63f+NKjTY0ebCkszYUttLsSZHWl1p1tQ1StC0EpUD0EGuKYo2nSAfBQY4T46FSaKKAoUGw7xRKMcPVQq2NqBEhf9mfKKKkFBwrh+g+kPjoNJQFBzBuoMcI8VEJ4T46KxQFAUBsO+iElPUaKxoR0UGKAoCiUY4R16UHFmSo1viyZ06Q3EhQ21PSpTqglDbaBqpSidwAqxFdkFXn/zn553HMVysexh522YkklD7ydW37iNxLm4paPQjp3q6h6GDTxbtne0X5K7nVCUNOLxbK62uXGteM3vKJZh2WEqUtGnbvnzWWgelxw7B4t/UKxmYjekRVdFk5G4/CSh/IpDl9lg6qjIKmYo8Gg0Wv3SPFWmckzuZ8KXnAMHbQUJxG08GmhCoyFHTxqBNY8U9aUT7AMif5ZqREx9gM47xKU/jIWoRPOOqlsoOoZWetAAPyga132Rfv3srb5tdyMcyO15Ta2braneNlfmvsK2OMuAec24Ogj3jvFcd1s2zSXRE1b6sVFEoxwjroE6GisUBQbK1/p1/MPlFBvqDhXD9B9IfHQaSgKDmDcKAoCgN++iUY4RQJIIorFAUBQY0B8FEY4T0baFSdNKKKDoxz15pryiU9itikEY1bndJkhB/v0hs79m9tB9H8I+d1V6OmwcPxTvaL767HViXoQfdrqaZbDE8GmZfLUtSlQ7RFUBMnaaknf2bQO9RG87h09VYX38KxFXZO3WiBZYTFstURMWK1oG2kDVS1HZxKO9Sj1nbXPWZ2y2Qn9r5b5Hdgh11tu1R3NqVyiQvTwNJBUPd0rCb4hlFsy20rkvdexUqHe4sh8eiy42toKPVx6r090Vj82EmyVGzGVx5EuG+ns5MJ5yPLZO9t1s8KknwgitkTE7muYomnK7KlYzkrbTqlrtl60izGEkbHCfzLg12ahR08RrXnittepnimeKI63aFzKACQ3BJ6ipenwAV5k5/Q9ONL6XCXlEzXzIzKPHxH4xWPz5bI0tvXJk5PcRubY8XCr/AOKp8+5lGks9Jactlp9OKyseAqT8ZqxnnqYzo7etzEZdHJ/PQXED8JCgr4CBWUaiOmGE6KeiW2jXy1SjwolpaX+A8OA++dnw1sty2z0tF2DJbvj1JPa/06jvBbOh6DtFbGpvqDhXD9B9IfHQaSgDuNBsOgUGCkdFAkpPjolWKKKAoDQGgTw9VBjQigxQFAUSiheeWdqsFnGNWp8t3i9tH111CtFx4Z2HxKd2pHg18FdOnxcU1ndDXkupsdEJg04hpoBu8Vela0QRj+NSsouiILOrUVv85cJYGxprXo6OJW5IrDJfFq0q7P2myIaRDslkh8LbY7ONGR0DpUo/CpRrk4qzWWcL3xrEbfY20yXUpl3MjVctQ1DfgaB3ePfWN0sohLFzmGtAnV1fUN3v1ouviG22yZMKmynASk9mgbwnoHhNaLr5lvtsiN7pvznQcd5gRrkkcEHJIjTs0dCnW1Flbh8I0STW3BkmGrPYiy1LaPaNq0cbIW2odBSdQa7t7imXbaG/63ChyztMlht06da0hR8teBdFJmH0OO6sRPWfUN2ysWZk0WDRFGRo1Amip3gLz32rIYLqyyIqlBoqPCCFpGoHu1v087XHrLY4Yn0rcrree4Vw/QfSHx0GkoA7jQbAbhQFAUBvoMFI6KIToaKxQFAUGNAfBRGOE+OitfdLlEs1unXWevsodvZW/IUfwUDXQeEnYPDViKzSEmaPOvKr3MyS83K9zie3uDynOz11DaNyG0+BCdAK9Sy3hijmmaygEhp191thhBdeeWG2W071KUdAB4zWbF2IxfG28etjNvaSHZ0ghc51A1LjyvkjrCfRH/GubJdxTVsiKL8x+0MWCKVO6O3SUAZKh8gbw2D0AdPWa0zdRnbZMtyp9170z5o3IG6tF10y6ItiCQOmtcs4eXffB5+Zq1zbxHl9yjv0y1XnC5KEyJFuc0VKvdy4WkRHEEFDiG21JSUrBTxLVqNlfM8z1t/z4x45229XXPQ/XvJXlzTTy/JqdbZE25I2V6Mdm3ijpiZnpjoiOt2P58Q75Gxzlm1lUyPcsqZtzzGR3GI0GWHpiW4/brabGxKC5roBX0mni6Lfi39Pa/J9fdiuy3ThiYsmZ4YnbMW12VnrohNvcMi1QHidS5GbKid+oGh+EV6dk1iHkX7Jds8YUpWN2JSt5gMfAgCvFz+O7te5gn/Dt7G7O6tLeYIosE1GRsga7qoaKSOmoqa4D++ZH7Iv66K36fxOXWeCO1cFdbzXCuH6D6Q+Og0lAUGz6BsoDhHRQJIIoVYoCgKA0BohPD1UVjQigxQFB1/575EY9vgYxHd0XcD63ckj+pbOjST85YJ+jXVprNvE1ZJ6HUKYNOLTw13NKVcvbCJM1++yW9WoJLUEEbC8oecr6APvnwVryXdC2w7DY5C1fVcXE7GTpF1/D6VDxdFc191G6y2u1OE79u3XfWiW+1yhWtkr/mxzBg8reXeTZxNCXF2mKU2qKSAZE549nFaAO/VxQKvxQTXJrdTGnxXZJ6N3b0PV5Jyy7mWsx6e38U7Z6rY23T6vbR5q9ynl3cOZHN6+c3csLlzYw11c716QniEu/wBwKylZJ2EspK3dm5RRXzXJsM5ss5bttPbdL9Z8+cys0Ggs0WH4fmRSkfhx2/fst7Ku4HeXmhd1xm3BWpiwX5DieovOhI+BuvrsT8Ry71cWPVNht2vRH198k16GPww8/JvdxbKz6vZLMzu7ODHT7vZp1rxMs1vnte7iilkdkNnoCK1tsGlo27KKZIIoyqQqimz11FTTAv3zJ/ZFfXRW7T+Jy6zwR2rersea4Vw/QfSHx0GkoCg2g3CgKAoDQGgTw9VEY0NFYoCgKDGg8VBjhNB0W5h3k37KbzcEuFyP25YhHqZZ8xGnj0J92vSxW8NsQ5r5rKrZKFurS02njcdUENp61KOgHv1uYuwVntAtlut1pYSONtKUOEfKdUdVq91RNck3VmrOIWtGjtx2W2EDzWkhIPWek+6a1S6YikOagbfDWuWUTRyUgnYKwllV5Yd9/mW5lGX2jlbY1mXCxJxLl1ZaGpevMoBCGRt2lptQTp+EtQ6K+M5/q/m5Yw27rd/5p+77X7R9POUfy2mu1mTZOTd6MdvT+qdvZEPQDkHyxa5R8rcbw9baE3hLZn5S82eIOXOVop/zukI0S2nwJFfQ6HS/y2G2zp3z2vzfzDzaeaa7Jn/Dus/JG717+91q55XZN2zy9Fra1bEt29sjpLCfP/nqVXpWRSHzl81ucmzW9x9NntSB+dfEeNp1FXCk+Wu7ZbbWeiHJw8V1OuXcUtpbbQ2gaIaAQ34kjQfAK8De94gdVGUBW6opg7KLBpQ6KjI2R0UEzwMaXiR+yK+uit+n8Tl1ngjtW7XW85wrh+g+kPjoNJQFBt9BpQY4erbQJ0oCgKAoMaCgxwno20Qmiig0OU3P7Hxy9XIHz4sRzsf7RY4EfzlCsrIrdEJM0h0LmjeDt06a9OHKexC2CfkLDi08TNvSqS5ru4hsR/OIPuVMl1LViNrsDZY/aTFPKGqYydQfxlbB8Gtcsy22RtS4bz4awlvPN793VWEiFczM7h8tMFyLMpYQ65aYxFsiLUE+sTHfMjtDXfqsgn8UGuDX6qNLhuyT0bvTPQ9bknK7uZazHp7fxTtnqtjbdPq9rzW7qWAS+Z/OOZneTFdyg4c6b7dJL6eNMu7yVqMZKirYSlfE8R+KK+Q5Hp51OonJfti3bPpund979g87cyt5by6NNh+GcnwREfhxx4vZS3vesN6u7Nhsl0vMhQCLdHW+OL5SwPMT4eJRAr7alZo/D60irztcRIvN6bXKV2z82UqRMcO3UlXaOE+PbXVbbWYhy3TsmV8cvLcLhlMZ1aNWrchctZ6ApPmt6/SVr7lZ6y/hxz6dhpLOLJHo2uyB2jSvGewa4R/xoEFOyoyMqSfH4aLBhVRkbV10E0wP97v/ALKv66K34PE5NX4Y7Vt11vPcK4foPpD46DSUBQbgbhQFAUGNB4qBPCfHQYoCgKAoMEA+CiKw5uylRsOdZSdDPlsMnwpSS4fqVuwR8TG/c6dTflV3Q55TjAIgRCuM4jzpLyWUfNaGp+FVa8s7oZWrlsjXDEU5ptecPvJ2D4655brNzq1zT52ZFYM5VFxSYybZYG/VZ8V1AdYlyCQp7j3EcB8wFJBGh66/OudeZ8+HWzbgujhs2TG+Lrun1btnpfrnlvybptTy7j1Vs8eT4omJpdbb+Gnb4prG3Yn2Dd5DB8lWxb8hcGHXpw8ITLXxQXFdHBK0ATr1OBPjNe3y7zTptVS3J/h3enw9133vn+ceRNboq34f8Wz0eOO23p/TXsdW++PzIRkGQ27ALRK9YtWLgSrr2WikPXJ9HmJSRrxBppQA0+UpVeP5l1/zc0YbJrFu/wDNP3R732f085LOm092ryRS/Jstr0WR7uK72RDub3e+Wg5W8sLJZZTHY5Bdv82ykk6kTJKU/mteplsJb8YPXX03KtH/ACunttnxTtntn7tz888084/1PX35LZrZb8Nn5Y6f1TWWu54ZGExomLRXTqspmXUDqH6Fs+7qojxV6uO3pfNZZ6IUBj8Lz5NwWN35lg/Co+QV1Yo6XLknodn+WNn9Tssi6OJ4Xbs5q3qP6FrVKffUSa4tbkrdTqd2ispbXrWORp01wu00rYeqik1GUGzQMqAOwioygwpNFTHBBpeH/wBlX9dFb8Hicmr8Mdq2663nuFcP0H0h8dBpKAoNyBsHioMaUBQFAUBv30CSnqoMaGgaceaa/SOJT4NdvvVJmIWLZlrXrmBsZQSfw1bB71YTf1NluLrUvzbdddtFtU4sr1mHXXdsbVuFb9JNb57GGpiItinW60TflV6TiWxiUYMY5A02Kf43lfTWdPgArnyT8TOFn25s/ZjKUrLSloUQ4nTiSVE6KGoI1G/aK03RWrfjmlNlXTDmHyAyy3iVdMefOWRFKU6+wlPBcAVElSi3tDu3aSg6/i1+Xcy8o6nBM34p+bG+f7/q6e71P2rknnvR6iIxZ4+Tduj/AOP0bd9vfs9LqBd2nGXH477SmX2VFD7DiSlaFDelSVaEEdRr5u2Jtmk74foOO6Loi6JrE7pWT3beXCOYHNGDIuDAex/DQm8XVtaSpt1xC9IjB6POcHEQfkoNfSeX9F/M6mJnw2bZ+yPX7nzHnXnH+n6C62yaZMvwW9cR+K7ujZ2zD1Wv95jWG2SrrLPGGh+Za18511XooHjO/wAFfpNJmX4DWkOlt8kTb3cpEuQvtptxeK3VDdqrqHQEjd4K3xHRDRM9MpNY7EudMt9jig/nl
hC3ANyBtccPiGprfddGO2vU02Wzkuo7WMRmYkdiJHRwR4zaWmUdSUDQfAK8WZmZrL2oikUhjrrBmbPhopJT4aLBtSSCeqoplW+osGVD4aMkvwX98P8A7Kv66K34PE5NX4Y7Vs11vPcK4foPpD46DRkhIKlHQDaSaDUu3IkkMoASPlq3n3K1ze3Ri60m7ZwJTt6B0VeKWPDAEhzwH3KcRwQwZCh8kfDSLjgJMlY/owfdNOM4CDMV/Vge6anGcBJmuD5CfhpxysY4kwua/wBHCnxD+Wpxyy+XDiqkPr9J1WnUDoPgqcUs4tiDBAPR7tYqaWjcQaCsOacdS8ejP6bI0xBV4loUny6V1aSfj7mjUx8Pe6xzek16bgXRYtBYbQB/9I35K5rt7OFhWtQVAj/igpPuE1rlut3NknbpUlmgGdcqMG5isOIyOyoVPKChi+RfzE1rXcQ6kefp1LCh4K8vX8p02tiuS34v70bLvX099Xt8p8w63lc/4F/w/wB2dtk93R2xSXB5V8sbDyZxu62+LcVzvXZq59yvMlCW3FpA4GWylBI0bRsGm8knTbpWvlnLLNBjmy2azM1mfd6m7zB5gy84zW5ckRbFttItiaxHXPfPspCEZtkj+QSiRxNW+LqmFGPh3uKH4SvgGyvWtto+cuuqhEWJ2fFJcH5xWxsH5KT0+7W+y3pab7uhfHLvHvU4a71Kb4ZVwSBESobUMb+L6Z2+LSuHV5eKeGN0O3SYuGOKd8rJI2Vxu0wpBB16KkwsSZI26VFJ6KLBKt1RkYIG3WgaUmoyS3B06Xh/9lV9dFb8Hicur8Mdq1663nuFcP0H0h8dBELg6djSTs3r+IVrvnobsVvS09a21Nx6I8Q8lbGkiorB20UipIbV7+lA2RrUWDaknfvozMEaVBigwoagigjWUWxd4x+6QGhq86yVxx1uNkLSPdI0rZiv4b4lhkt4rZh01mqb4+zK0h0jUNagL0G88O+vaeYuDGXQ/jtrUk6lDXZK8bain4q5skUuZxuTmxyAUOxVHz0HtEDrSd/vGtcttk9CRJ6KxlsgzLnxoKCt5fnAea0nao+5/LUpMk3RCq8lvUq6Hs1fmojZ1ajJ3a/hK6zWcW0apuqrx1gKVxLG47E/y1lbZXbLCb6bEpxDGF3+cXpKCLXCUFSVbu0VvDQPh+V4PHWOozcEUjfLZgw/Mur0Qv7hSkBKUhKUjRKQNAAOgCvJesQagQsbPFUlYNEA76imSnhOnvUCdKjMwobaBFRmlmEj/Nn/ANlV9dFb8Hicur8Mdq1K63nODcDpH1/GHx0FXWq7G9s3ORwtBdvuk+3vIZVx8IiSXGEFe/hUpKQog9daJdNm5zDvqMk9SAUo1HyR5K2tJpSOo+OsZU2UkUlTdQIVQNEabKisUZwbIB3ioQaKduygRu30EE5g51aOXWPSb/dSXVg9la7ahQS7LkEapbRruA3qV8kbeqs7LJvmkMb74tisvJnLMmut+yGfk0l0RblLkKkI9V1bQxqokIZGuqUp12V6O6jz52y7X8gM9VlVjulmnlIvNjdS66obA8w/sDgHWFJIVp0nw0umovlMh2K82+yeFxvcTuPWD4DSBvRf4zqNHVKiufLTtKfcI+OkwtZR6fcImiuF3tCfwQTUiEQ2W/2hPCOFPh31nFpU5Y8el5BK7JoFqI2R63MI81A6h1qPQKwy5Yxx6Vw4ZyTToX3AgRLZEZgwmgzHYGiU9JJ3qUeknpNeXddN01l69lkWRSHJUBvqMjZHhrCQ2R0VAzWLI2sdNFIFRYJUKKYKdu+osSleFD/Nn/2VX10VvweJzavwx2rSrree1t1OkXxrA8tSVje6oYvgXJP/AMQ8iyu2w8Tkc4LffrtIvtztE1r7YbVKccCW7izHeStSxHcSkpfQeHZpuBrVLfbELuO81izT5Poo+aPJW1oglQqSyINRYMkbahBJTruoGVpI2ke7QN1GUSSrrqMjaqDrX3k+fkDkpi6Wbcpmbn+QtrRjFqc0WlhHornSEf1bZ2JB9NezcFabsWLjn0NWXJwx6Xk/I5w8wb/Ljv5jks7LW2OJLaLg4FqaS4riX2JAARqejTTo3V6FlsRGyHHN0zvSplRvpiJtLTk964rQ1DispK3XHVnhS2EDU8RJ00rG7YkRV6Ccse7rNwaww719pBrP5ae1vERw8UPslDVMHiTqQU/KcGoKujQCueNTETMU2On+XrG/asiXGlxSlEyK5EdUNra9D49FDUK8YNb7Lou3S57rJt3tM/8AKrNGud2DXoG80Els2FS7p2cm4FUKCrzgnTR5wfig+iD1n3q58mpi3ZG2W/Hp5u2zshakWDFgx0RITKWGGRohtPX0knpJ6Sa4Lrpumsu62ItikHdDWNW2pJ2iqEHdWMhpQ6axWCDUlSFJ13VBx9x20WAd1RkZUKLCV4X+9X/2ZX10VuweJz6vwx2rPrrec1t1/uv0x8dSdyw6hR0RJ/Ok32VydxFqzIu0/H8Z5rssNf7mF9iRFqmOST6ukpivpS/GbWHivjb89PA4nTXLdbvTLldze5fc57Lech5c35N/tNhvk7HrnIDamiidAUEupCV6EoUFJWhW5SSCKxmGyJidzsOj0E/NHkrY54nayd3iozNncaxDSug1FJpIwR00DBAPRtqSsG1DoqM1Rc5+b+NclcMlZVkBEqW8VRscsCFcL1xm8PElpJ0JShO9xemiU+EgHOyyb5owvv4Yq8J8yzbIuYmVXfMsqmmdery72j6hsbaQnY2wyjchttOiUgeUk16NtsWxSHDdMzNZapno+GtkMXf3uK46bhlWV5DNsypUGxQmkWi8uA9lGuDy9Fob180uKZJOu9I+dXNqppEQ6NPG2r00ecbZacedcS000CpxxZCUpA3kk7BXC7VR5Pm7Utt23WllDjJ81dwdSDr0Hskq3fOPuVYmY2wTbE70FiC63J9ESG2ZT69yEpGun4SjuAHSTWz59/W1fIs6ls2LDY9uLcu5rE+4J2pQdrLR/FT8ojrPuVrvyXXb5bLMdtu6EzVvB9+tbYaVv8FQIIG6sZZQbIG6lVIKf/dVqGVA6bt1YkGqSyFYqaUNpHv0Qk6bemozMqTs2UEowwf5o/8Asyvrprdg8Tn1c/D3rOrree1t1/uv0x8dSVh1lS1zJh5C9YJ3L6MrD5ORXK7WvPLfeWHSmO+JL6BNtz7Ud5txS3ezHYqeGuhJSNdNUt1taui/cKyHN8by7MuUec8hr7ylnuY3ZZ7N1lRVx7fOcx6O1aX5BKmW0KkTA6h1RQpXoniJ30uLN9HsANiU/NHkrNqZozggp6qxlTJG8HZRTdAHdUDKh79RUQzvN8a5cYpec0y6eLdYrIz2slzYXHVnY2wwgkcbrqtEoT0nwamrbbN00hZuiIeCHOjnLkXPDOJWWXvWFbmAY2MY+lfE1b4QOobB3FxZ85xXylfihIHdZZFsUhxXXcU1VszvHircwW/yj5X5DzczCDiWPI7ILAfvN3WkqZgQ0nRb7un5KE/KUQOsiX3xZbWWVls3TSHtZYrPhnJzEbXilkY9Wt9uaPq0UaKlS3VbXJDx2arcVtUo7OgbABXmXXTdNZd9tsWxSFcX/JrlfnD6wvsIaTqzBbPmJ8KjvUfCfcrFT+P4lcL4pLygYdu186YsbVjqbSfS8e6qzXXa7RAs0cR4DAaSQO1dO1xwjpWrefJUkbIjUaVipkp13bKKYUNfcqBo7/BUuWCVViyJoMEa0HGUBqalWRulAhQqKb108VRYJNFSfDhpdH/2ZX101uweJzarwx2rLrrcDXXT+6/THx1JWN7rnO5b2bF83j8w8blXmz3LJbm6nL7Mi5THrTd/WYzv5xdvfdcjtPIcbQtDjCEK2FJ4kqIrXc3W73TDui86+dneI5r5jnmYZDZLLy2s2MNs2DlLYX1yBClz7i+wl65LUlK/XGhbXQtLm1KXE8CEgmpMUhbJmZerIHmI8CR5KzaWKMrRUZEK66kLBtSRvpAbIqDXXS4W6z26feLtMat1qtcdyXcrhIVwNMMMpK3HFqO4JSNTSIqTNHg33oO8hcefGWep2lx6Dy1xp5acXtS/NVKdGqFXGSn8Nwfo0n0EbPSKq7MWPhj0ufJdV1uY3DxitrUm2I4xfczyC14vjNvXdL5eHQzBho0Gp0JUtajsQhCQVKUdgAJrKZiIrJETM0h7Hcs8bxzkZhLOJYkpm75JN4X8ty/g82TL00Ia4tpba9FsHYB521RNedkvm+Xdjs4IPLM25y9SXZ06WvwrcWo1rZrSx3l+hjgm30JeeG1u2g6oT4XD8o+AbPHRVjlHCAEpASBoEjYAB0AVVgmoorGSDZ30ZGFbzQII1G3bpUkNlOuu3xVgyIKSP5aKTQMuDbrUllBg76sBJGooGyNaxmGUQQRuqKk+IfvR79mV9ZNb8G9zarw96yq6nA11zGsb6Y+OpJDp0uJychc9304yzf73zPR61eMwttpuVykY/aHnYjiRcbvFXI+zmJTiT2TaUI7f85xdmEnjGu5uspVCOQ3Lqy3bJbV3q8RSjD08+MKYk80+X1vdLtrk3xxbMiNcWzoAH2kl9t0kAq4+LQK4+LGepnbHS7+j0EeFI8lbGg3QgUbGCNdlYhBqLJs6AEkhISCVKJ0AA3kk0Hir30+9KnmTdXuVXL+5dry+scj/APY7xHUeC9T2VeghXyozCh5vQ4vztqQnXox2U2tN91XQtlI10rohrubuGw8+6zHjsrkyH1pbYYbSVrcWs6JSlI2kknQAVWL1H5CcpDyysb9xuyUqzHIWEouq07fVIxIWIaFDftALhG9QA3JFcmbJxTSNzrxY+GK9LsvY8buV/dKIjfZxkHR+a5sbR4Pxj4BWhtXfYsattgY4YqC7LcGj85wDtFeAfgjwCoN1RTZqqSUg0U3wkVjIbUDUUysbjRTVQJrGWUCopop39dA0tOo8IosOMoEUhSaBvrqSyqRtFYqk+IfvR79nV9ZNbsHic2q8PesiutwNfcv7t9MfHUkh1wOJ3vEuYc2647FVccL5g+vu5HaklCFWe+SGkOOXNsrUC4xO9VbbdbTtbe0dHmuOcOu5usja6sd0LugNcgjZs+TlGTW+9ZViLcTPuVlzkNv22Len3GX35LHYlKUqbU2pABC9ijovTfJllZbR6dJALaNnyR5K2bmk2pGh2HZUCCCN9GcMGpKkHfWKvKTv5976LjUi5933BLuYeQymW2+Y1/bKkGJHkNhxNtYcGmjjzakl1WvmoVwDapXDtxxHS13T0PKCOAAkJ04QBwgbtOjSuhqbhkgHU7ANpJrOEl6K92Tkj9lRoPMjK4SvtiYkLxK0up2xmVjzZa0Ea9q4D+bHyU7d6tnNmydEN+Gzpl6M47y/ckhE2/JUywdrVuB4XF67QXCNqR4N/irnb1ssRmIzTceM0mPHaGjbLYASkeACoFEEbxqKBlW/ZQNK3+CqpNGTB8lSdwZOw6VisEKSFCiuOU+GoEGpKwxWLIhQ269dA0aBlQ3isWRrQUqptSduo20qu4hW/dRUmxEf5m7+zq+smt2De5tV4e9Y9dTgcC5f3f6Q+OpJCJPbj461y32NUusGxZCRolHhSPJW7fDmJV8VQNUW1gjZrUZmiKkEPDH2m3dsu9pyxfeKxa3uTMZyJqPE5jIZSVG33BhCWGJzgG5mQ2lDalbkuJGvpirEtd0PMrEr85Hks2yW5xxXyERlq2ltZ3J16ju8FbrLuhhMPS7und3W4cyLszm18tKpGLWx4Gzw306Mz5LZ/SOlWzsGiNuo89XmjUBVXJkpFI3srLa73s1j2HW+wpQ+sJm3LQaylJ81vwNJ+Tp17/FXK6ISpQ8O+jI2agxQNrSCNdN1AwpOyqsGiNKLDG+oppXXWMkEUZGVDQ6UDR2GpJDGgrBkSpJ02baKYI03igaUOmpLKDJ2GopNRkwRs8VBI8TH+ZO/s6vrJrfg3ubVeHvWLXU4HAuX93+mPjqSIo70+CtcttrUub6wluWQP0aPmjyVuhzMEa+OoGTvoMUZkHfWMq40uJEnxJMGfFZnQZrS2JkKQ2l1l5pwFK23G1gpUlQOhBGhoTDzlzH2YfIPIs2hZTYLlfMGs4mIl3nCba427AkBLgcU3HW8C7FSvakhCiEj0AmrVjwPQSy2G0Y1a4VjsFtYtNotrKI8GBHTwobbbHClI6ToBvNYs2yO6pKmj10ZmiKgTQYI1GnXQMEdFFN1VJ0FFNqSaxkMkEb6iwbWNxophVSRgVjLKGaimiNdQaBlaBpv3dFFhx1J0rFkQASRoCT1VFgssPaallYHXwmitviUqKby9FTLYVKEVSjFDiC6EhaAVFAPFptG3St+De5tV4e9ZddTga+5f3cfPFSRFnumtcttu5qXBtNYNyyUfo0fNHkra5ifBVkNKFQIoyglQqSyJqKSagQqgZIqKQU6jZRlBlSSN9RTdAUDKhoaBojQ0VlLbivRQpXiBNVZmDTykMJJfcQwlO0qcUEAePiIrG6dixEzu2oReOZPLewpUb5zCxm08HpJl3eE0ofRU6D8Fabs2O3fdHrd2Dlmrzfw8N93ZbdP2KuuXep7t1tUpqVzmxtTiPSTGfclbvDHbcHw1qnXYI/HD1cflLm+Tdpr++Ke+YVRkXf/AO61jzjkc5zPvT7YB7O1Wac8DqNRot1tlHw1vxXxlt4rNsPH5ho8vL804NRbw3xETMb98VjdWFU3D2oHIWKtaLdimb3ZKfRd9ThRgr3HJhI90Vs+XLi+fbCu7x7VjF2+JOPcl7vLO3s3Lnd40YHxpYYfPw0+VPWn8xHUq+4e1W5gvOuC08o8XiIG5Mq4TZKx87swwPgq/K9LGdR6EDm+0l7y1/ktwcds+KWuVLVwRYsC0PzX1KI10QH5DvEQBr6NX5UJOou9Csr335O9r69KgzuY79knMKKZNvj2i3RltKA4iCgxSobNu3oq/LtYznv60Ku3eA70uRtTXbpzczIx4qYypQbuC4KOCY6lllSExuxCgpagPN106asWW9STmv61Q37K8/XcbjBv2aZBOnQpL0Wd6xdpj/51ham3BxKdII4knbWURHUwm6Z6XoZ7KJS3e8ZmTrzinnVYDN1dcUVKP+ZW/eSSazYvoUoKb5385MJ5HYnbsu5gPy4eOzrzGtDk+HHMkx3ZLbq0OONoPGWx2R14ApW7RJrRqNRZgt4r91aPV5PybUc1yzh08RN8WzdSZpWlIpE7q7emkelxMH5l8vuaNqF75eZha8utpH5xdvfC3Wjprwvx1cLzSh1LQDWOPNZlitkxLHW8t1Wgv+XqMd1k+mNk9k7p7pSJ3easudY6PQb+aPJW1ysK31ehTahrUDVFgEE7hrRkSUqSCpQKUjaVHYB7prFYlpJ+RY7bG1O3LILXbmkem5KmMMpHjK1gCsJvtjfMetvx6fLkmltl09kTKsb13h+Q2P8AGLvzjw+KtHpNJu0Z5f5DK1n4K03avDbvvj1vUweXOZ5vBpsk/pmPfEK0n99vutweIK5sw5ZRvEODcZGviKIxB9+tM8y08fi9kvSx+RudX/8A15jtutj/AKlcXf2i/dut3GmDJyfIFJ9H1K0KaSr6Ut1jyVpu5tgjdWe56eD6b83v8UY7e2//ALYlXE/2nvLFsrFu5YZXNA/RqfkQI4V49HHSK1TznH0Wz7HqY/pbrJ8WfHHZF0/ZCubx7UOariGP8l47f4DlzvS1++hiKj61abudT0We16OH6V2/5mpn9Nn33K5ne0x5zPFfqGD4bbwf0fG3PkFPuqlIB96tU84y9ER7XpY/pfy+PFlyz+zH2K4vHtA+8zdOIR8isliQrcLfZo2o8SpPbmtN3NM89MR3PSw/Tvk+PfZfd23z9lFdTu+B3mp/H2vOS+MheuqYqYsYDXq7FhGnuVqnX55/HL0cfk3k9m7TWz21n3yri8c5+cGQ8YvfNTLbklfpodvMzgP0EuhPwVpu1GS7fdPrenh5JoMPgwY4/Rb9yAyLlcphUZlzmTCvasvyHXST4eNR1rVWZehbist8NsR2REOAGmwdQ2kHr0FRsrJdVEDv37yd+Yj6tfWcp/p47Z97+cfqL/veX8tn7sGrI3GevdkZmhBgvXGI3NDh4Udip9Ac41bNE8JOp6q9F8OuqS5y6RjnMZEdUZUlcy7MY2++zbWFp7IwlRAiK0XZO0oeQ0406GwCVOhWpTVGJWeYJIs8Cw3CyKvUS2WG0+rvyHCrsrn2VvjzkwW2m2OxAZEhR7Va0reCV67gYIpPyHFI1xkJtjDSmZ9guVon3e2QjDSl2Y+4uO8zGdUkkts8DLhPCVp4t585QbZHNVqyQ3rPh8GTZrO63DUuO2pLHHJZfiPSHj5z6x2wYcbA7Q8KHFJB4VKSaOCedF/t1qXarDJlWJclMcSbj9pPLkJLAhjsoykdj2LChBRq0Nd587dpBAZDd6ya63C6R7RLmyrzNfmONwozzyS7JdU6oICErJHEvZtNB6oey35e5/jvPDKsiyHBchx+wScIlxI16udrlw4rj658FxLSHX20JUopQpQAO4HqqwPeash5we1J/hnhffS1f4eZXkc7/p++Ptfov0v/AN2n/wAd3vtfPlYsgvuL3SLe8avM7H7zCVxxLrbpDkaQ2fxXGlJUPfr5Oy+6ya2zSX9BajTYtRZNmW2LrZ3xMVj1S768qvaPc58N9Ut3MCND5pWNo8LsmZ/yd3CDp6M1lJQsp/8AmtKJ6VV6mDm+WzZd8Ue1+f8ANvptoNTW7TzOK70bbP2Z+yY7HcyZ7VOwpZ0tfJe5vucI7MzLwwynd09nHdNd888jos9r5bH9J8v49TbHZZM++YVpd/ak8x3ysWLlXjVtSdezVOmTJpHjDYjA1pu53k6LY9r1MP0p0kfxM989kW2+/iV3cfaT94yYhaYcXELSVei4xa3nVJ8Xbylj3xWqecZ53Uju/telj+mXKbZ2zku7bo+y2FaXjvzd6S8hSV80HLWhXyLZbbfF08ShHUr4a0Xcz1E/i9kPTw+Q+S4v8iv5rrp+1Xk/vNd4i5oW1N515ettz00NXJ2OD/1HZ1qnW5533z63pY/K/Ksc1t02P9mJ99VZ3XNMzvqlKvmY368qX6Xr1zlyNfcddUK0XZLrt8zPe9TDodPh/h47Ley2I90IwtKXdroDh61+d5axdUTTcEpSnYlIT4hpUKlVUFAUBQFAUGCAaBJ0G3UAeGopLag6sNtEOuHc2jzle8NTVjaTs2yl9u5fZ/dwlVpwPJLmhfoLi2ia8lXiKGSDWcYr53Wz6pcWXmOlxePLZHbdbH2rQsvdW7x9/KPs7ktlKUOei7NiCAj8qYpnqrfboc926yfc8rP5s5Th8Wpx908X7tUld9nT3tb1PLyMAt9tYdSgdtOvlvQE6D5SWXXVe8K+n5dhvxYYtuik7X4J505jp+Yc0yZ9PdxWTFsRNJjdbETviJWVYvZP8/rglC77mmFY6lXptIfnT3UjxIjNIP5ddtHyq07N7IS8rWn/AHDz0hx2tnEi2WFbivDop6akfzatBcVi9knyZiJByLmTmd8c0871UwICCdnR6s+r+dSgtCx+zD7qlpWlc6zZJkpB14Lne5CUndsKYYjClBcFq7j/AHTrMhCIvI3HZHBp589D05R003qlOuk7qUFs2HkdyYxZLYxzlNh9lLOnZuxLLBacGmmnnpZ4ugdNUWWxGjRUJajR2ozSBohtpAQkAdACQBQP0BQdFvaH8uc35m93tVlwHG5eVXm2ZHAusm0wEhckxI7UlDi22tQpwpLifNQCo9A2V5nNsN+XBSyKzV9x9PuZafQcz49RfFls2TbWd1ZmN89G7fOx82Nxttxs8+Va7vAk2q5wXC1Ot0xpbD7Lid6HGnAlSSOoivjrrZtmkv6SxZbMtsX2TE2zumJrEuFUZrJT6CPmjyVtaSqIKKKIKAoG1OtJ9J1CfGoCovDLYQbdcbotLVqtsu6OqOiW4Ud2QonwBpKjWURM7mvJks
xxW+6I7ZiPesa2cjudV57P7L5Q5nNDunZqRY5wSddx4lMgfDW63S5bt1k+qXm5efcuxePUYo/Xb960rH3Ku9Dfyn1blJcLchen5y6yoUEDXTel6QlY3/g1vt5bqLvweujydR545Nh36iJ/LF13uiiy7V7OPvMT3EpmW/GrG2fSdl3cOae5GZeNbreT6id9I73mZfqVyeyPhm+7st/7pha1m9lpzHfCTf8Amnjds1HnIgQpc0jds1dMXyVvt5Hk6boeRn+q2kj+HgvntmLfdxLJtHsrLKhSVZBzmuElIPnNW20Mx9R4FvSH/q1ut5FHTf7HmZvqxkn+HprY7bpn3Rate1+zK7v8NtIud5zG9PD0luXGPHSfosRUae/XRbyXBG+ZnveTl+qPNLp+G3HbH5Zn33Ssux9wXut2UJ7Tl67fHE/0l1uk9/XxoD6Efza3W8q09v4a9sy8vP8AUHnWX/O4fy22x9lVqWzuw93i0JbRB5L4egN+ip21R31e6p5CyfdNb7dFgt3WR6nk5fNPNcvi1OT9qY9y0LRhmH4+EpsOKWeyJT6It8GPGA8XZIT11vtx227oiO55WbW5838TJdd2zM++UlrNzCgKAoCgKAoCgKAoCgKAoKX5td3rk9zvgKh8x8Ig3qTwhMa+tpMa5McO7sprPA8APwSopPSDXPn0mLPFL4r73scq5/ruV3cWmyTbHVvtnttnZ373k1zp9lZlNpMq8cjssaymDxLcTiF/UiJPbRvShmYkBh49Hnpa8ZrwdTyO6NuKa+ifv/5P1fkv1TxZIizXY+Gf71u23vt3x3cSm7J3A+9Ld22luYFDsaFJHnXS7wWyNnShl15Q96ua3lWon8NO+H0ef6hclx7ss3fltu+2IWXZ/Zl8/p6v81v+HWFHSVTJcpXuJaiAfzq3W8lzTvmI/wCOx5eb6ocrs8FmS7uiPfctiz+ysuy2wcg50RYznS3bbIt0flvS2/q1vt5FPTf7P7Xk5vqzZH8PTTPbfT3Wysiy+y05axilWQcz8nu+npIhMQoKT+W3JI9+t1vI8cb7pn1PMz/VbWXfw8GO3tm677bVq232cPdmgpSJNryK8KT6S5l5fSVeMRwyPeFdFvJ9PHRM97ycn1L5xfuust7LI+2qzrN3LO69YyhUbk/aJjiNzlyXJuBPjEp50fBW63lunt/BHveVn8785zb9RdHZS392IW1bOTfKOytoatPK7E7ehv0AxZoSCPdDOtdFunxW7rY9UPIy8612Wa358k9t933p9Dt8C3NBi3wo8FlOxLMdtLSR9FAArbERG559+S6+a3TMz6XLqsBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQFAUBQf/Z"></img></a></div></div><footer ><h3 >Contact us:</h3><p >FB Pro GmbH</p><p >Fon: +49 6727 7559039</p><p >Web: <a href="https://www.fb-pro.com/">https://www.fb-pro.com/</a></p><p >Mail: <a href="mailto:info@fb-pro.com">info@fb-pro.com</a></p><h3 >Can we help you? </h3><p >Do you need support with system hardening?</p><p >Our team of system hardening experts will be happy to provide you with advice and support.</p><p >Contact us for a no-obligation inquiry!</p><a href="mailto:info@fb-pro.com"><button id="contactUsButton">CONTACT US!</button></a></footer></div></div></div><script type="text/javascript"> function collapseHandler(e) {
var targetSection = e.target.parentElement.parentElement;
if (targetSection.classList.toggle('collapsed')) {
e.target.innerText = '+';
} else {
e.target.innerText = '-';
}
}
var collapseButtons = document.getElementsByClassName("collapseButton");
for (var i = 0; i < collapseButtons.length; i++) {
collapseButtons[i].addEventListener('click', collapseHandler);
}</script></body></body></html>
Reference in New Issue View Git Blame Copy Permalink