emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
atap/Samples/Outdated/Microsoft Windows 10 BSI Dark.html
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

29 lines
288 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html><html lang="en"><head ><meta charset="UTF-8"></meta><meta content="width=device-width, initial-scale=1.0" name="viewport"></meta><meta content="ie=edge" http-equiv="X-UA-Compatible"></meta><title >Windows 10 BSI Report [01/17/2022 14:14:21]</title><style >body { font-family: Cambria, Georgia, serif; margin: 0; color: #f3f3f3; background-color: #14141d;}.content { padding: 30px 40px;}a { color: #ffc17a;}a:visited { color: #ff7aad;}.header { background-color: #2a2a3d;}.header svg { margin-left: 3px; opacity: 0.8;}.header svg g path:nth-child(1), /*F*/.header svg g path:nth-child(2), /*B*/.header svg g path:nth-child(6), /*G*/.header svg g path:nth-child(7), /*m*/.header svg g path:nth-child(8), /*b*/.header svg g path:nth-child(9) /*H*/{ fill: white;}.header h1 { margin: 0;}h1, h2, h3, h4, h5, h6 { font-family: 'Calibri', 'Segoe UI', sans-serif;}li a { display: block;}li a:hover { background-color: #2a2a3d;}.gauge { height: 25px; background: #43435f; border-radius: 8px; overflow: hidden;}.gauge .gauge-meter { height: 100%; float: left;}.gauge-info { margin: 0; padding: 20px 0;}.gauge-info .gauge-info-item { display: table-cell; width: 1%; text-align: center; line-height: 30px;}.gauge-info .gauge-info-item span.auditstatus { display: inline;}section.collapsed > :not(:first-child) { display: none;}table { border-collapse: collapse; font-family: Arial, sans-serif;}th, td { padding: 5px 10px; text-align: left; vertical-align: top;}/* audit-info table */table.audit-info { width: 100%;}table.audit-info th, table.audit-info td { border: 1px solid #55555f;}table.audit-info th { border-bottom-width: 2px;}table.audit-info tr:nth-child(even) { background-color: #272733;}/* First column in an audit-info table */table.audit-info th:nth-child(1), table.audit-info td:nth-child(1) { text-align: left; white-space: nowrap; width: 40px;}/* First column in an audit-info table */table.audit-info th:nth-child(2), table.audit-info td:nth-child(2) { text-align: left; width: 30%;}/* Last column in an audit-info table */table.audit-info th:last-child, table.audit-info td:last-child { text-align: center; width: 70px;}.passed, .green, .failed, .red { color: #fff;}.warning, .orange { color: #000;}.passed, .green { background-color: #33cca6;}.failed, .red { background-color: #cc0000;}.warning, .orange { background-color: #ff9933;}h1 span.passed, h1 span.failed, h1 span.warning,h2 span.passed, h2 span.failed, h2 span.warning,h3 span.passed, h3 span.failed, h3 span.warning { padding: 5px 10px; border-radius: 8px;}span.auditstatus { display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto;}.sectionAction { display: inline-block; text-align: center; text-decoration: none; margin: 0 0 0 15px; padding: 0 8px; color: #dddddd; background-color: #212130; border-radius: 8px; font-weight: bold; cursor: pointer;}.sectionAction:hover { background-color: #43435f; color: #ff9924;}#host-information { float: left;}/* Overall compliance donut chart */.card { float: right; margin: 0 100px 0 0; width: 250px;}.donut-chart { position: relative; border-radius: 50%; overflow: hidden;}.donut-chart.chart { width: 200px; height: 200px; background: #424252;}.donut-chart .slice { position: absolute; top: 0; left: 0; width: 100%; height: 100%;}.donut-chart .chart-center { position: absolute; border-radius: 50%; top: 25px; left: 25px; width: 150px; height: 150px; background: #14141d;}.donut-chart .chart-center span { display: block; text-align: center; font-size: 40px; line-height: 150px; color: #f3f3f3;}.donut-chart.chart .slice.one {clip: rect(0 200px 100px 0); -webkit-transform: rotate(90deg); transform: rotate(90deg);}.donut-chart.chart .slice.two {clip: rect(0 100px 200px 0); -webkit-transform: rotate(286.272deg); transform: rotate(286.272deg);}.donut-chart.chart .chart-center span:after {content: "79.52 %";}</style></head><body ><div class="header content"><svg width="169" height="23" viewBox="0 0 169 23" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:1.41421;"><rect id="Artboard1" x="-8.32" y="-4.677" width="186.148" height="32.667" style="fill:none;"/><g><path d="M12.652,1.882c0,0.349 -0.014,0.642 -0.043,0.88c-0.03,0.238 -0.076,0.427 -0.14,0.567c-0.064,0.139 -0.136,0.244 -0.218,0.313c-0.081,0.07 -0.174,0.105 -0.279,0.105l-7.371,0l0,6.064l6.918,0c0.105,0 0.198,0.03 0.279,0.088c0.082,0.058 0.154,0.156 0.218,0.296c0.064,0.139 0.11,0.325 0.139,0.558c0.029,0.232 0.044,0.522 0.044,0.871c0,0.348 -0.015,0.639 -0.044,0.871c-0.029,0.233 -0.075,0.424 -0.139,0.575c-0.064,0.151 -0.136,0.259 -0.218,0.323c-0.081,0.064 -0.174,0.096 -0.279,0.096l-6.918,0l0,8.399c0,0.128 -0.035,0.239 -0.105,0.332c-0.07,0.093 -0.194,0.171 -0.374,0.235c-0.181,0.064 -0.416,0.113 -0.706,0.148c-0.291,0.035 -0.663,0.052 -1.116,0.052c-0.441,0 -0.81,-0.017 -1.106,-0.052c-0.297,-0.035 -0.532,-0.084 -0.706,-0.148c-0.174,-0.064 -0.299,-0.142 -0.375,-0.235c-0.075,-0.093 -0.113,-0.204 -0.113,-0.332l0,-20.442c0,-0.511 0.131,-0.88 0.392,-1.106c0.262,-0.227 0.584,-0.34 0.967,-0.34l10.613,0c0.105,0 0.198,0.032 0.279,0.096c0.082,0.064 0.154,0.168 0.218,0.314c0.064,0.145 0.11,0.339 0.14,0.583c0.029,0.244 0.043,0.541 0.043,0.889Z" style="fill-rule:nonzero;"/><path d="M32.711,15.789c0,0.802 -0.111,1.528 -0.331,2.178c-0.221,0.651 -0.526,1.226 -0.915,1.726c-0.39,0.499 -0.854,0.929 -1.394,1.289c-0.541,0.36 -1.136,0.657 -1.787,0.889c-0.65,0.232 -1.345,0.404 -2.082,0.514c-0.738,0.111 -1.56,0.166 -2.466,0.166l-5.995,0c-0.384,0 -0.706,-0.114 -0.967,-0.34c-0.262,-0.227 -0.392,-0.596 -0.392,-1.107l0,-19.658c0,-0.511 0.13,-0.88 0.392,-1.106c0.261,-0.227 0.583,-0.34 0.967,-0.34l5.664,0c1.382,0 2.553,0.116 3.511,0.349c0.959,0.232 1.766,0.583 2.423,1.054c0.656,0.47 1.158,1.066 1.507,1.786c0.349,0.72 0.523,1.569 0.523,2.545c0,0.546 -0.07,1.06 -0.209,1.542c-0.14,0.482 -0.343,0.921 -0.61,1.316c-0.267,0.395 -0.596,0.743 -0.985,1.045c-0.389,0.302 -0.833,0.546 -1.333,0.732c0.639,0.116 1.229,0.32 1.769,0.61c0.54,0.291 1.011,0.665 1.411,1.124c0.401,0.459 0.718,0.996 0.95,1.612c0.233,0.616 0.349,1.307 0.349,2.074Zm-5.925,-9.498c0,-0.453 -0.07,-0.86 -0.21,-1.22c-0.139,-0.36 -0.348,-0.659 -0.627,-0.897c-0.279,-0.238 -0.63,-0.421 -1.054,-0.549c-0.424,-0.128 -0.991,-0.192 -1.699,-0.192l-2.318,0l0,5.856l2.562,0c0.662,0 1.19,-0.079 1.585,-0.236c0.395,-0.156 0.724,-0.371 0.985,-0.644c0.261,-0.273 0.456,-0.593 0.584,-0.959c0.128,-0.366 0.192,-0.752 0.192,-1.159Zm1.167,9.655c0,-0.523 -0.087,-0.991 -0.261,-1.403c-0.175,-0.412 -0.43,-0.758 -0.767,-1.037c-0.337,-0.279 -0.767,-0.494 -1.29,-0.645c-0.522,-0.151 -1.202,-0.226 -2.039,-0.226l-2.718,0l0,6.413l3.311,0c0.639,0 1.176,-0.067 1.612,-0.201c0.436,-0.133 0.813,-0.331 1.133,-0.592c0.319,-0.261 0.569,-0.587 0.749,-0.976c0.18,-0.389 0.27,-0.834 0.27,-1.333Z" style="fill-rule:nonzero;"/><path d="M59.897,6.849c0,1.266 -0.197,2.387 -0.592,3.363c-0.395,0.976 -0.971,1.798 -1.726,2.466c-0.755,0.668 -1.681,1.177 -2.779,1.525c-1.098,0.349 -2.391,0.523 -3.878,0.523l-1.882,0l0,7.197c0,0.117 -0.038,0.221 -0.113,0.314c-0.076,0.093 -0.201,0.168 -0.375,0.227c-0.174,0.058 -0.407,0.104 -0.697,0.139c-0.291,0.035 -0.662,0.052 -1.115,0.052c-0.442,0 -0.811,-0.017 -1.107,-0.052c-0.296,-0.035 -0.532,-0.081 -0.706,-0.139c-0.174,-0.059 -0.296,-0.134 -0.366,-0.227c-0.07,-0.093 -0.104,-0.197 -0.104,-0.314l0,-20.285c0,-0.546 0.142,-0.955 0.427,-1.228c0.284,-0.273 0.659,-0.41 1.124,-0.41l5.315,0c0.534,0 1.043,0.02 1.525,0.061c0.482,0.041 1.06,0.128 1.734,0.261c0.674,0.134 1.356,0.381 2.047,0.741c0.692,0.36 1.281,0.816 1.769,1.368c0.488,0.552 0.86,1.197 1.116,1.934c0.255,0.738 0.383,1.566 0.383,2.484Zm-4.792,0.331c0,-0.79 -0.14,-1.441 -0.419,-1.952c-0.278,-0.511 -0.621,-0.889 -1.028,-1.133c-0.406,-0.244 -0.833,-0.398 -1.281,-0.461c-0.447,-0.064 -0.909,-0.096 -1.385,-0.096l-1.952,0l0,7.65l2.056,0c0.732,0 1.345,-0.099 1.839,-0.296c0.494,-0.198 0.897,-0.473 1.211,-0.828c0.314,-0.354 0.552,-0.778 0.715,-1.272c0.162,-0.494 0.244,-1.031 0.244,-1.612Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M73.177,7.86c0,0.418 -0.012,0.761 -0.035,1.028c-0.024,0.267 -0.058,0.476 -0.105,0.627c-0.046,0.151 -0.107,0.256 -0.183,0.314c-0.075,0.058 -0.171,0.087 -0.287,0.087c-0.093,0 -0.198,-0.02 -0.314,-0.061c-0.116,-0.041 -0.247,-0.084 -0.392,-0.131c-0.145,-0.046 -0.305,-0.09 -0.479,-0.13c-0.175,-0.041 -0.366,-0.061 -0.576,-0.061c-0.244,0 -0.487,0.049 -0.731,0.148c-0.244,0.099 -0.497,0.252 -0.759,0.462c-0.261,0.209 -0.534,0.488 -0.819,0.836c-0.284,0.349 -0.589,0.779 -0.915,1.29l0,9.689c0,0.116 -0.034,0.218 -0.104,0.305c-0.07,0.087 -0.189,0.16 -0.357,0.218c-0.169,0.058 -0.392,0.102 -0.671,0.131c-0.279,0.029 -0.633,0.043 -1.063,0.043c-0.43,0 -0.785,-0.014 -1.063,-0.043c-0.279,-0.029 -0.503,-0.073 -0.671,-0.131c-0.169,-0.058 -0.288,-0.131 -0.358,-0.218c-0.069,-0.087 -0.104,-0.189 -0.104,-0.305l0,-15.545c0,-0.116 0.029,-0.218 0.087,-0.305c0.058,-0.087 0.163,-0.16 0.314,-0.218c0.151,-0.058 0.345,-0.101 0.583,-0.13c0.239,-0.029 0.538,-0.044 0.898,-0.044c0.372,0 0.68,0.015 0.924,0.044c0.244,0.029 0.432,0.072 0.566,0.13c0.134,0.058 0.229,0.131 0.288,0.218c0.058,0.087 0.087,0.189 0.087,0.305l0,1.935c0.406,-0.581 0.79,-1.061 1.15,-1.438c0.36,-0.378 0.703,-0.677 1.028,-0.898c0.325,-0.22 0.651,-0.374 0.976,-0.461c0.325,-0.088 0.651,-0.131 0.976,-0.131c0.151,0 0.314,0.009 0.488,0.026c0.174,0.017 0.354,0.046 0.54,0.087c0.186,0.041 0.349,0.087 0.488,0.14c0.139,0.052 0.241,0.107 0.305,0.165c0.064,0.058 0.11,0.122 0.139,0.192c0.029,0.069 0.056,0.165 0.079,0.287c0.023,0.122 0.041,0.305 0.052,0.549c0.012,0.244 0.018,0.575 0.018,0.994Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M91.161,14.029c0,1.324 -0.174,2.533 -0.522,3.625c-0.349,1.092 -0.878,2.033 -1.586,2.823c-0.709,0.79 -1.598,1.4 -2.667,1.83c-1.069,0.43 -2.317,0.645 -3.747,0.645c-1.382,0 -2.585,-0.192 -3.607,-0.576c-1.022,-0.383 -1.87,-0.941 -2.544,-1.673c-0.674,-0.731 -1.174,-1.632 -1.499,-2.701c-0.325,-1.069 -0.488,-2.289 -0.488,-3.659c0,-1.325 0.177,-2.536 0.532,-3.634c0.354,-1.098 0.885,-2.039 1.594,-2.823c0.709,-0.784 1.595,-1.391 2.658,-1.821c1.063,-0.43 2.309,-0.645 3.738,-0.645c1.394,0 2.602,0.189 3.625,0.566c1.022,0.378 1.867,0.933 2.535,1.665c0.668,0.731 1.165,1.632 1.49,2.701c0.326,1.069 0.488,2.294 0.488,3.677Zm-4.513,0.174c0,-0.767 -0.061,-1.472 -0.183,-2.117c-0.122,-0.645 -0.328,-1.206 -0.619,-1.682c-0.29,-0.476 -0.677,-0.848 -1.159,-1.115c-0.482,-0.268 -1.089,-0.401 -1.821,-0.401c-0.651,0 -1.22,0.119 -1.708,0.357c-0.488,0.238 -0.889,0.587 -1.202,1.046c-0.314,0.459 -0.549,1.011 -0.706,1.655c-0.157,0.645 -0.235,1.38 -0.235,2.205c0,0.767 0.064,1.472 0.191,2.117c0.128,0.645 0.334,1.206 0.619,1.682c0.285,0.476 0.671,0.845 1.159,1.107c0.488,0.261 1.092,0.392 1.812,0.392c0.663,0 1.238,-0.119 1.726,-0.358c0.488,-0.238 0.888,-0.583 1.202,-1.036c0.314,-0.454 0.546,-1.003 0.697,-1.647c0.151,-0.645 0.227,-1.38 0.227,-2.205Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M114.685,7.232c0,0.173 -0.009,0.326 -0.027,0.459c-0.019,0.132 -0.046,0.242 -0.083,0.329c-0.036,0.086 -0.082,0.148 -0.137,0.185c-0.055,0.036 -0.114,0.054 -0.178,0.054c-0.109,0 -0.292,-0.086 -0.548,-0.26c-0.256,-0.173 -0.598,-0.365 -1.028,-0.575c-0.429,-0.21 -0.943,-0.402 -1.541,-0.576c-0.598,-0.173 -1.309,-0.26 -2.131,-0.26c-0.977,0 -1.854,0.178 -2.631,0.534c-0.776,0.356 -1.434,0.85 -1.973,1.48c-0.539,0.63 -0.952,1.379 -1.24,2.247c-0.287,0.868 -0.431,1.809 -0.431,2.823c0,1.132 0.157,2.137 0.472,3.014c0.316,0.877 0.752,1.617 1.309,2.22c0.557,0.603 1.222,1.06 1.994,1.37c0.771,0.311 1.619,0.466 2.541,0.466c0.548,0 1.103,-0.066 1.665,-0.199c0.562,-0.132 1.085,-0.331 1.569,-0.596l0,-5.165l-4.111,0c-0.155,0 -0.271,-0.078 -0.349,-0.233c-0.078,-0.156 -0.116,-0.398 -0.116,-0.727c0,-0.173 0.009,-0.322 0.027,-0.445c0.018,-0.123 0.048,-0.224 0.089,-0.301c0.041,-0.078 0.089,-0.135 0.144,-0.172c0.055,-0.036 0.123,-0.054 0.205,-0.054l5.632,0c0.1,0 0.201,0.018 0.301,0.054c0.101,0.037 0.192,0.092 0.274,0.165c0.083,0.073 0.147,0.173 0.192,0.301c0.046,0.128 0.069,0.274 0.069,0.439l0,6.755c0,0.237 -0.041,0.443 -0.124,0.617c-0.082,0.173 -0.255,0.326 -0.52,0.459c-0.265,0.132 -0.608,0.276 -1.028,0.431c-0.42,0.155 -0.854,0.288 -1.302,0.398c-0.447,0.109 -0.899,0.191 -1.356,0.246c-0.457,0.055 -0.909,0.082 -1.357,0.082c-1.37,0 -2.594,-0.212 -3.672,-0.637c-1.078,-0.425 -1.989,-1.03 -2.733,-1.815c-0.745,-0.786 -1.313,-1.727 -1.706,-2.823c-0.393,-1.096 -0.589,-2.32 -0.589,-3.672c0,-1.407 0.212,-2.681 0.637,-3.823c0.425,-1.142 1.023,-2.115 1.795,-2.919c0.772,-0.803 1.699,-1.427 2.781,-1.87c1.083,-0.443 2.282,-0.664 3.597,-0.664c0.676,0 1.311,0.059 1.905,0.178c0.593,0.118 1.121,0.258 1.582,0.418c0.462,0.159 0.85,0.333 1.165,0.52c0.315,0.188 0.532,0.341 0.651,0.459c0.119,0.119 0.201,0.256 0.246,0.411c0.046,0.156 0.069,0.379 0.069,0.672Z" style="fill-rule:nonzero;"/><path d="M137.102,22.208c0,0.073 -0.019,0.135 -0.055,0.185c-0.037,0.05 -0.096,0.094 -0.178,0.13c-0.083,0.037 -0.197,0.064 -0.343,0.083c-0.146,0.018 -0.329,0.027 -0.548,0.027c-0.228,0 -0.416,-0.009 -0.562,-0.027c-0.146,-0.019 -0.262,-0.046 -0.349,-0.083c-0.087,-0.036 -0.149,-0.08 -0.185,-0.13c-0.037,-0.05 -0.055,-0.112 -0.055,-0.185l0,-7.495c0,-0.521 -0.046,-0.996 -0.137,-1.425c-0.091,-0.429 -0.238,-0.799 -0.439,-1.11c-0.2,-0.31 -0.456,-0.548 -0.767,-0.712c-0.31,-0.165 -0.676,-0.247 -1.096,-0.247c-0.521,0 -1.044,0.201 -1.569,0.603c-0.525,0.402 -1.103,0.991 -1.733,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.037,0.05 -0.098,0.094 -0.185,0.13c-0.087,0.037 -0.203,0.064 -0.349,0.083c-0.147,0.018 -0.329,0.027 -0.548,0.027c-0.211,0 -0.391,-0.009 -0.542,-0.027c-0.15,-0.019 -0.269,-0.046 -0.356,-0.083c-0.087,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-7.495c0,-0.521 -0.05,-0.996 -0.151,-1.425c-0.1,-0.429 -0.251,-0.799 -0.452,-1.11c-0.201,-0.31 -0.454,-0.548 -0.76,-0.712c-0.306,-0.165 -0.67,-0.247 -1.09,-0.247c-0.52,0 -1.046,0.201 -1.575,0.603c-0.53,0.402 -1.106,0.991 -1.727,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.036,0.05 -0.096,0.094 -0.178,0.13c-0.082,0.037 -0.196,0.064 -0.342,0.083c-0.147,0.018 -0.334,0.027 -0.562,0.027c-0.219,0 -0.402,-0.009 -0.548,-0.027c-0.146,-0.019 -0.263,-0.046 -0.35,-0.083c-0.086,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-12.332c0,-0.073 0.014,-0.134 0.041,-0.185c0.028,-0.05 0.083,-0.096 0.165,-0.137c0.082,-0.041 0.187,-0.068 0.315,-0.082c0.128,-0.014 0.297,-0.02 0.507,-0.02c0.201,0 0.368,0.006 0.5,0.02c0.132,0.014 0.235,0.041 0.308,0.082c0.073,0.041 0.126,0.087 0.158,0.137c0.032,0.051 0.048,0.112 0.048,0.185l0,1.631c0.694,-0.777 1.368,-1.345 2.021,-1.706c0.653,-0.361 1.313,-0.541 1.98,-0.541c0.511,0 0.97,0.059 1.377,0.178c0.406,0.119 0.765,0.285 1.076,0.5c0.31,0.215 0.575,0.47 0.794,0.767c0.219,0.297 0.402,0.628 0.548,0.994c0.411,-0.448 0.802,-0.827 1.172,-1.138c0.37,-0.31 0.726,-0.561 1.069,-0.753c0.342,-0.192 0.676,-0.331 1,-0.418c0.324,-0.087 0.651,-0.13 0.98,-0.13c0.794,0 1.461,0.139 2,0.418c0.539,0.278 0.975,0.65 1.309,1.116c0.333,0.466 0.571,1.012 0.712,1.638c0.142,0.625 0.213,1.285 0.213,1.98l0,7.796Z" style="fill-rule:nonzero;"/><path d="M152.571,15.878c0,1.069 -0.116,2.03 -0.349,2.884c-0.233,0.854 -0.576,1.583 -1.028,2.186c-0.452,0.602 -1.007,1.064 -1.665,1.383c-0.657,0.32 -1.411,0.48 -2.261,0.48c-0.392,0 -0.755,-0.039 -1.089,-0.116c-0.333,-0.078 -0.66,-0.204 -0.98,-0.377c-0.319,-0.174 -0.639,-0.393 -0.959,-0.658c-0.319,-0.265 -0.657,-0.585 -1.014,-0.959l0,1.507c0,0.073 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.096,0.098 -0.179,0.13c-0.082,0.032 -0.185,0.057 -0.308,0.076c-0.123,0.018 -0.281,0.027 -0.473,0.027c-0.182,0 -0.338,-0.009 -0.465,-0.027c-0.128,-0.019 -0.233,-0.044 -0.316,-0.076c-0.082,-0.032 -0.137,-0.075 -0.164,-0.13c-0.027,-0.055 -0.041,-0.119 -0.041,-0.192l0,-18.306c0,-0.073 0.016,-0.137 0.048,-0.192c0.032,-0.054 0.091,-0.1 0.178,-0.137c0.087,-0.036 0.203,-0.064 0.349,-0.082c0.147,-0.018 0.329,-0.027 0.548,-0.027c0.229,0 0.416,0.009 0.562,0.027c0.146,0.018 0.261,0.046 0.343,0.082c0.082,0.037 0.141,0.083 0.178,0.137c0.036,0.055 0.055,0.119 0.055,0.192l0,7.386c0.365,-0.375 0.719,-0.69 1.062,-0.946c0.342,-0.256 0.678,-0.463 1.007,-0.623c0.329,-0.16 0.657,-0.277 0.986,-0.35c0.329,-0.073 0.676,-0.109 1.042,-0.109c0.895,0 1.66,0.178 2.295,0.534c0.635,0.356 1.151,0.834 1.548,1.432c0.397,0.598 0.687,1.299 0.87,2.103c0.183,0.804 0.274,1.654 0.274,2.549Zm-2.343,0.26c0,-0.63 -0.048,-1.242 -0.145,-1.836c-0.096,-0.594 -0.264,-1.119 -0.503,-1.576c-0.239,-0.456 -0.556,-0.824 -0.951,-1.103c-0.395,-0.278 -0.887,-0.418 -1.475,-0.418c-0.294,0 -0.584,0.041 -0.869,0.124c-0.285,0.082 -0.574,0.219 -0.868,0.411c-0.294,0.192 -0.6,0.438 -0.917,0.74c-0.317,0.301 -0.655,0.68 -1.013,1.137l0,4.919c0.625,0.758 1.222,1.336 1.792,1.733c0.57,0.398 1.163,0.596 1.778,0.596c0.57,0 1.057,-0.137 1.462,-0.411c0.404,-0.274 0.733,-0.637 0.985,-1.089c0.253,-0.452 0.437,-0.959 0.552,-1.521c0.115,-0.562 0.172,-1.13 0.172,-1.706Z" style="fill-rule:nonzero;"/><path d="M169,22.194c0,0.074 -0.018,0.137 -0.055,0.192c-0.036,0.055 -0.1,0.098 -0.192,0.13c-0.091,0.032 -0.212,0.06 -0.363,0.083c-0.15,0.023 -0.335,0.034 -0.555,0.034c-0.237,0 -0.429,-0.011 -0.575,-0.034c-0.146,-0.023 -0.265,-0.051 -0.356,-0.083c-0.092,-0.032 -0.156,-0.075 -0.192,-0.13c-0.037,-0.055 -0.055,-0.118 -0.055,-0.192l0,-7.865l-8.071,0l0,7.865c0,0.074 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.101,0.098 -0.192,0.13c-0.092,0.032 -0.213,0.06 -0.363,0.083c-0.151,0.023 -0.341,0.034 -0.569,0.034c-0.219,0 -0.406,-0.011 -0.562,-0.034c-0.155,-0.023 -0.278,-0.051 -0.37,-0.083c-0.091,-0.032 -0.155,-0.075 -0.192,-0.13c-0.036,-0.055 -0.054,-0.118 -0.054,-0.192l0,-17.018c0,-0.073 0.018,-0.137 0.054,-0.191c0.037,-0.055 0.101,-0.099 0.192,-0.131c0.092,-0.032 0.215,-0.059 0.37,-0.082c0.156,-0.023 0.343,-0.034 0.562,-0.034c0.228,0 0.418,0.011 0.569,0.034c0.15,0.023 0.271,0.05 0.363,0.082c0.091,0.032 0.155,0.076 0.192,0.131c0.036,0.054 0.054,0.118 0.054,0.191l0,7.098l8.071,0l0,-7.098c0,-0.073 0.018,-0.137 0.055,-0.191c0.036,-0.055 0.1,-0.099 0.192,-0.131c0.091,-0.032 0.21,-0.059 0.356,-0.082c0.146,-0.023 0.338,-0.034 0.575,-0.034c0.22,0 0.405,0.011 0.555,0.034c0.151,0.023 0.272,0.05 0.363,0.082c0.092,0.032 0.156,0.076 0.192,0.131c0.037,0.054 0.055,0.118 0.055,0.191l0,17.018Z" style="fill-rule:nonzero;"/></g></svg><h1 >Windows 10 BSI Report</h1><p >Generated by the <i>ATAPAuditor</i> Module Version <i>4.14</i> by FB Pro GmbH. Get it in the <a href="https://github.com/fbprogmbh/Audit-Test-Automation">Audit Test Automation Package</a>. Are you seeing a lot of red sections? Check out our <a href="https://www.fb-pro.com/enforce-suite">hardening solutions</a>.</p><p >Based on:<ul ><li >BSI SiM-08202 Client unter Windows 10, Version: 1, Date: 2017-09-13</li><li >Configuration Recommendations for Hardening of Windows 10 Using Built-in Functionalities: Version 1.3, Date: 2021-05-03</li></ul></p></div><div class="main content"><div class="host-information"><p >This report was generated on 01/17/2022 14:14:21 on DESKTOP-UTMU75K.fb-pro.com with TAPHtmlReport version 1.8.</p><table ><tbody ><tr ><th scope="row">Hostname</th><td >DESKTOP-UTMU75K.fb-pro.com</td></tr><tr ><th scope="row">Build Number</th><td >19043</td></tr><tr ><th scope="row">Free disk space(GB) </th><td >100.5</td></tr><tr ><th scope="row">Free physical memory (GB)</th><td >5.398</td></tr><tr ><th scope="row">Operating System</th><td >Microsoft Windows 10 Pro</td></tr><tr ><th scope="row">Installation Language</th><td >English (United States)</td></tr></tbody></table><h1 style="clear:both; padding-top: 50px;">Summary</h1><p >A total of 1250 tests have been executed.</p><div class="gauge"><div title="True 994 test(s), 79.52%" style="width: 79.52%" class="gauge-meter passed"></div><div title="False 256 test(s), 20.48%" style="width: 20.48%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 994 test(s) &#x2259; 79.52%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 256 test(s) &#x2259; 20.48%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS Logging</h2><p >A total of 51 tests have been executed in section BSI Benchmarks SiSyPHuS Logging.</p><div class="gauge"><div title="True 51 test(s), 100.00%" style="width: 100.00%" class="gauge-meter passed"></div><div title="False 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 51 test(s) &#x2259; 100.00%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS HD</h2><p >A total of 379 tests have been executed in section BSI Benchmarks SiSyPHuS HD.</p><div class="gauge"><div title="True 313 test(s), 82.59%" style="width: 82.59%" class="gauge-meter passed"></div><div title="False 66 test(s), 17.41%" style="width: 17.41%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 313 test(s) &#x2259; 82.59%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 66 test(s) &#x2259; 17.41%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS ND</h2><p >A total of 287 tests have been executed in section BSI Benchmarks SiSyPHuS ND.</p><div class="gauge"><div title="True 240 test(s), 83.62%" style="width: 83.62%" class="gauge-meter passed"></div><div title="False 47 test(s), 16.38%" style="width: 16.38%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 240 test(s) &#x2259; 83.62%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 47 test(s) &#x2259; 16.38%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiSyPHuS NE</h2><p >A total of 258 tests have been executed in section BSI Benchmarks SiSyPHuS NE.</p><div class="gauge"><div title="True 212 test(s), 82.17%" style="width: 82.17%" class="gauge-meter passed"></div><div title="False 46 test(s), 17.83%" style="width: 17.83%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 212 test(s) &#x2259; 82.17%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 46 test(s) &#x2259; 17.83%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h2 style="clear:both; margin-top: 0;">BSI Benchmarks SiM-08202 - BPOL</h2><p >A total of 275 tests have been executed in section BSI Benchmarks SiM-08202 - BPOL.</p><div class="gauge"><div title="True 178 test(s), 64.73%" style="width: 64.73%" class="gauge-meter passed"></div><div title="False 97 test(s), 35.27%" style="width: 35.27%" class="gauge-meter failed"></div><div title="Warning 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter warning"></div><div title="None 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div><div title="Error 0 test(s), 0.00%" style="width: 0.00%" class="gauge-meter "></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 178 test(s) &#x2259; 64.73%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 97 test(s) &#x2259; 35.27%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">Error</span> 0 test(s) &#x2259; 0.00%</li></ol><h1 id="toc">Table of Contents</h1><p >Click the link(s) below for quick access to a report section.</p><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-Logging">BSI Benchmarks SiSyPHuS Logging</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-LoggingRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-LoggingAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HD">BSI Benchmarks SiSyPHuS HD</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-HDAccount-Policies">Account Policies</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-ND">BSI Benchmarks SiSyPHuS ND</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NDAccount-Policies">Account Policies</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NE">BSI Benchmarks SiSyPHuS NE</a><ul ><li ><a href="#BSI-Benchmarks-SiSyPHuS-NERegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NEUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiSyPHuS-NEAccount-Policies">Account Policies</a></li></ul></li><li ><a href="#BSI-Benchmarks-SiM--08202----BPOL">BSI Benchmarks SiM-08202 - BPOL</a><ul ><li ><a href="#BSI-Benchmarks-SiM--08202----BPOLRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li ><a href="#BSI-Benchmarks-SiM--08202----BPOLUser-Rights-Assignment">User Rights Assignment</a></li><li ><a href="#BSI-Benchmarks-SiM--08202----BPOLAccount-Policies">Account Policies</a></li><li ><a href="#BSI-Benchmarks-SiM--08202----BPOLAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li></ul><section ><h1 id="BSI-Benchmarks-SiSyPHuS-Logging"><span class="passed">BSI Benchmarks SiSyPHuS Logging</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-LoggingRegistry-Settings/Group-Policies"><span class="passed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >4.1.1</td><td >Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.1.2</td><td >Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.1</td><td >Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.2</td><td >Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.3</td><td >Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.1.4</td><td >Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.1</td><td >Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.2</td><td >Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.3</td><td >Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.2.4</td><td >Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.1</td><td >Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.2</td><td >Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.3</td><td >Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.2.3.4</td><td >Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.1.1</td><td >Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.1.1</td><td >Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.1.2</td><td >Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.2.1</td><td >Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.2.2</td><td >Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.3.1</td><td >Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.3.2</td><td >Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.4.1</td><td >Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.2.4.2</td><td >Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.3.1</td><td >Ensure 'Include command line in process creation events' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.4.2</td><td >Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4.3.4.3</td><td >Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-LoggingAdvanced-Audit-Policy-Configuration"><span class="passed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >5.1.1.1</td><td >Ensure 'Audit Credential Validation' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.2</td><td >Ensure 'Audit User Account Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.3</td><td >Ensure 'Audit Account Lockout' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.4</td><td >Ensure 'Audit Group Membership' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.5</td><td >Ensure 'Audit Logoff' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.6</td><td >Ensure 'Audit Logon' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.7</td><td >Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.1.1.8</td><td >Ensure 'Audit Special Logon' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.1</td><td >Ensure 'Audit Other System Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.2</td><td >Ensure 'Audit Security State Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.3</td><td >Ensure 'Audit Security System Extension' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.4</td><td >Ensure 'Audit System Integrity' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.5</td><td >Ensure 'Audit File Share' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.6</td><td >Ensure 'Audit Detailed File Share' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.7</td><td >Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.8</td><td >Ensure 'Audit Removable Storage' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.2.1.9</td><td >Ensure 'Audit PNP Activity' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.1</td><td >Ensure 'Audit Security Group Management' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.2</td><td >Ensure 'Audit Audit Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.3</td><td >Ensure 'Audit Authentication Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.4</td><td >Ensure 'Audit Authorization Policy Change' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.5</td><td >Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.3.1.6</td><td >Ensure 'Audit Other Policy Change Events' is set to include 'Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.5.1.1</td><td >Ensure 'Audit Process Creation' is set to include 'Success'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5.5.1.2</td><td >Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HD"><span class="failed">BSI Benchmarks SiSyPHuS HD</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling OverwriteProtection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >11</td><td >(HD) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >13</td><td >(HD) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >15</td><td >(HD) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >18</td><td >(HD) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >19</td><td >(HD) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >23</td><td >(HD) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >25</td><td >(ND) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >26</td><td >(ND) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >27</td><td >(ND) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >28</td><td >(HD) Ensure 'Enable Font Providers' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >29</td><td >(HD) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >30</td><td >(HD) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >31</td><td >(HD) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >32</td><td >(HD) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >36</td><td >(HD) Ensure 'Turn off notifications network usage' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >38</td><td >(HD) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >42</td><td >(ND) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >43</td><td >(ND) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >45</td><td >(ND) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >47</td><td >(HD) Ensure 'Turn off the advertising ID' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >48</td><td >(HD) Ensure 'Allow upload of User Activities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >49</td><td >(HD) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >51</td><td >(ND) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >58</td><td >(HD) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >62</td><td >(ND) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >63</td><td >(ND) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >64</td><td >(ND) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >65</td><td >(ND) Ensure 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >66</td><td >(HD) Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >67</td><td >(HD) Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >69</td><td >(HD) Ensure 'Turn off printing over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >70</td><td >(HD) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >71</td><td >(HD) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >72</td><td >(HD) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >73</td><td >(HD) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >75</td><td >(HD) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >76</td><td >(HD) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >77</td><td >(HD) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >78</td><td >(HD) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >79</td><td >(HD) Ensure 'Turn off access to the Store' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >80</td><td >(HD) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >82</td><td >(HD) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >83</td><td >(HD) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >91</td><td >(HD) Ensure 'Enable Windows NTP Client' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >92</td><td >(HD) Ensure 'Enable Windows NTP Server' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >93</td><td >(HD) Ensure 'Allow Online Tips' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >104</td><td >(HD) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >105</td><td >(ND) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >108</td><td >(HD) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >110</td><td >(HD) Ensure 'Turn off all Windows spotlight features' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >111</td><td >(HD) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >122</td><td >(HD) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >123</td><td >(HD) Ensure 'Allow Use of Camera' is set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >125</td><td >(HD) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >128</td><td >(HD) Ensure 'Turn off location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >129</td><td >(HD) Ensure 'Turn off Push To Install service' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >130</td><td >(HD) Ensure 'Do not allow COM port redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >132</td><td >(HD) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >133</td><td >(HD) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >140</td><td >(HD) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >141</td><td >(HD) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >144</td><td >(HD) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >150</td><td >(HD) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >151</td><td >(HD) Ensure 'Disable all apps from Microsoft Store' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >154</td><td >(HD) Ensure 'Only display the private store within the Microsoft Store' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >155</td><td >(HD) Ensure 'Turn off the Store application' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >156</td><td >(HD) Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '1'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >166</td><td >(HD) Ensure 'Join Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >176</td><td >(HD) Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >179</td><td >(HD) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >182</td><td >(HD) Ensure 'Prevent Codec Download' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >184</td><td >(HD) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow only signed scripts'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >190</td><td >(HD) Ensure 'Allow Remote Shell Access' is set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >195</td><td >(HD) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >219</td><td >(ND) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >220</td><td >(ND) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >221</td><td >(ND) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >222</td><td >(ND) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >223</td><td >(ND) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >224</td><td >(ND) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >225</td><td >(HD) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >228</td><td >(HD) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >232</td><td >(ND) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >233</td><td >(ND) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >248</td><td >(ND) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >250</td><td >(HD) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Deny all'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >251</td><td >(HD) Ensure 'Network security: Restrict NTLM: Incoming NTLM traffic' is set to 'Deny all accounts'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >273</td><td >(HD) Ensure 'System settings: Optional subsystems' is set to 'None'. </td><td >Registry value is ''. Expected: </td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >274</td><td >(HD) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >316</td><td >(HD) Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >318</td><td >(HD) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >319</td><td >(HD) Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >322</td><td >(HD) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >325</td><td >(HD) Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >327</td><td >(HD) Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >329</td><td >(HD) Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >330</td><td >(HD) Ensure 'Microsoft Store Install Service (InstallService)' is set to 'Disabled'.</td><td >Registry value is '3'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >332</td><td >(HD) Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >333</td><td >(HD) Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >334</td><td >(HD) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >335</td><td >(HD) Ensure 'PNRP Machine Name Publication Service (PNRPAutoReg)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >336</td><td >(HD) Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >337</td><td >(HD) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >340</td><td >(HD) Ensure 'Server (LanmanServer)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >342</td><td >(HD) Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >344</td><td >(HD) Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >346</td><td >(HD) Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >347</td><td >(HD) Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >350</td><td >(HD) Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >352</td><td >(HD) Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >353</td><td >(HD) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >354</td><td >(HD) Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >355</td><td >(HD) Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'.</td><td >Registry value is '2'. Expected: 4</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >361</td><td >(ND) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >362</td><td >(ND) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >363</td><td >(ND) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >364</td><td >(ND) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.
</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >281</td><td >(HD) Configure 'Log on as a service'.</td><td >The user right 'SeServiceLogonRight' contains following unexpected users: DESKTOP-UTMU75K\SQLServer2005SQLBrowserUser$DESKTOP-UTMU75K, NT SERVICE\ALL SERVICES, NT SERVICE\SQLTELEMETRY, NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER, NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >283</td><td >(HD) Ensure 'Log on as a batch job' is set to 'Administrators'.</td><td >The user right 'SeBatchLogonRight' contains following unexpected users: BUILTIN\Backup Operators, BUILTIN\Performance Log Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account
The user 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.
</td><td >The user right 'SeIncreaseQuotaPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >293</td><td >(ND) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >The user right 'SeAssignPrimaryTokenPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >The user right 'SeCreateSymbolicLinkPrivilege' contains following unexpected users: NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >The user right 'SeShutdownPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.
</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >The user right 'SeInteractiveLogonRight' contains following unexpected users: DESKTOP-UTMU75K\OldGuest, BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >The user right 'SeBackupPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >The user right 'SeRestorePrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'.
</td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-HDAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >206</td><td >(ND) Ensure 'Account lockout duration' is set to '15 or more minute(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >207</td><td >(ND) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >208</td><td >(ND) Ensure 'Reset account lockout counter after' is set to '15 or
more minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-ND"><span class="failed">BSI Benchmarks SiSyPHuS ND</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling OverwriteProtection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >6</td><td >(ND, NE) Ensure 'LSA Protection' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routingprotection level (protects against packet spoofing)' is set to 'Enabled:Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects tooverride OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >25</td><td >(ND) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >26</td><td >(ND) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >27</td><td >(ND) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >42</td><td >(ND) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >43</td><td >(ND) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >45</td><td >(ND) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >51</td><td >(ND) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >62</td><td >(ND) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >63</td><td >(ND) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >64</td><td >(ND) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >65</td><td >(ND) Ensure 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >105</td><td >(ND) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '1'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >183</td><td >(ND, NE) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow local scripts and remote signed scripts'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >219</td><td >(ND) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >220</td><td >(ND) Ensure 'Domain member: Digitally sign secure channel data(when possible)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >221</td><td >(ND) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >222</td><td >(ND) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >223</td><td >(ND) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >224</td><td >(ND) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >232</td><td >(ND) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >233</td><td >(ND) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >248</td><td >(ND) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >361</td><td >(ND) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >362</td><td >(ND) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >363</td><td >(ND) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >364</td><td >(ND) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account
The user 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.</td><td >The user right 'SeIncreaseQuotaPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >293</td><td >(ND) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >The user right 'SeAssignPrimaryTokenPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >The user right 'SeCreateSymbolicLinkPrivilege' contains following unexpected users: NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >The user right 'SeShutdownPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >The user right 'SeInteractiveLogonRight' contains following unexpected users: DESKTOP-UTMU75K\OldGuest, BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >The user right 'SeBackupPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >The user right 'SeRestorePrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'. </td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NDAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >206</td><td >(ND) Ensure 'Account lockout duration' is set to '15 or more minute(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >207</td><td >(ND) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >208</td><td >(ND) Ensure 'Reset account lockout counter after' is set to '15 ormore minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NE"><span class="failed">BSI Benchmarks SiSyPHuS NE</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NERegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >1</td><td >(ND, NE) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >2</td><td >(ND, NE) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >3</td><td >(ND, NE) Ensure 'Configure SMB v1 server' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >4</td><td >(ND, NE) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >5</td><td >(ND, NE) Ensure 'WDigest Authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >6</td><td >(ND, NE) Ensure 'LSA Protection' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >7</td><td >(ND, NE) Ensure 'MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >8</td><td >(ND, NE) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon(not recommended)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >9</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >10</td><td >(ND, NE) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >12</td><td >(ND, NE) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >14</td><td >(ND, NE) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >16</td><td >(ND, NE) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >17</td><td >(ND, NE) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >20</td><td >(ND, NE) Ensure 'Turn off multicast name resolution' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >21</td><td >(ND, NE) Ensure 'NetBIOS node type' is set to 'P-node'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >22</td><td >(ND, NE) Ensure 'Enable insecure guest logons' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_1</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >24_2</td><td >(ND, NE) Ensure 'Hardened UNC Paths' is set to "Require Mutual Authentication=1, "Require Integrity=1" for the value names "\\*\NETLOGON" und "\\*\SYSVOL".</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >33</td><td >(ND, NE) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to the value 'Enabled: 1 = Minimize the number of simultaneous connections'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >34</td><td >(ND) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >35</td><td >(ND, NE) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >37</td><td >(ND, NE) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'. </td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >39</td><td >(ND, NE) Ensure 'Turn off picture password sign-in' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >40</td><td >(ND, NE) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >41</td><td >(ND, NE) Ensure 'Block user from showing account details on signin' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >44</td><td >(ND, NE) Ensure 'Do not display network selection UI' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >46</td><td >(ND, NE) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >50</td><td >(ND, NE) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >52</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >53</td><td >(ND, NE) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >54</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >55</td><td >(ND, NE) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >56</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >57</td><td >(ND, NE) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >59</td><td >(ND, NE) Ensure 'Prevent installation of devices that match any of these device IDs' is configured.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >60</td><td >(ND, NE) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is configured.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >61</td><td >(ND, NE) Ensure 'Continue experiences on this device' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >68</td><td >(ND, NE) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >74</td><td >(ND, NE) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >81</td><td >(ND, NE) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >84</td><td >(ND, NE) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >85</td><td >(ND, NE) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >86</td><td >(ND, NE) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >87</td><td >(ND, NE) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >88</td><td >(ND, NE) Ensure 'Ignore the default list of blocked TPM commands' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >89</td><td >(ND, NE) Ensure 'Standard User Lockout Duration' is set to '30 minutes'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >90</td><td >(ND, NE) Ensure 'Standard User Total Lockout Threshold' is set to '5'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >94</td><td >(ND, NE) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >95</td><td >(ND, NE) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >96</td><td >(ND, NE) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >97</td><td >(ND, NE) Ensure 'Enable screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >98</td><td >(ND, NE) Ensure 'Password protect the screen saver' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >99</td><td >(ND, NE) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_1</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >100_2</td><td >(ND, NE) Ensure 'Turn off automatic learning' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >101</td><td >(ND, NE) Ensure 'Allow users to enable online speech recognition services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >102</td><td >(ND, NE) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >103</td><td >(ND, NE) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >106</td><td >(ND, NE) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >107</td><td >(ND, NE) Ensure 'Do not display the password reveal button' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >109</td><td >(ND, NE) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >112</td><td >(ND, NE) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >113</td><td >(ND, NE) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >114</td><td >(ND, NE) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >115</td><td >(ND, NE) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >116</td><td >(ND, NE) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >117</td><td >(ND, NE) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >118</td><td >(ND, NE) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >119</td><td >(ND, NE) Ensure 'Do not show feedback notifications' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >120</td><td >(ND, NE) Ensure 'Allow Telemetry' is set to 'Enabled: 0 Security [Enterprise Only]'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >121</td><td >(ND, NE) Ensure 'Allow device name to be sent in Windows diagnostic data' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >124</td><td >(ND, NE) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >126</td><td >(ND, NE) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >127</td><td >(ND, NE) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >131</td><td >(ND, NE) Ensure 'Do not allow drive redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >134</td><td >(ND, NE) Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >135</td><td >(ND, NE) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >136</td><td >(ND, NE) Ensure 'Require secure RPC communication' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >137</td><td >(ND, NE) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >138</td><td >(ND, NE) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >139</td><td >(ND, NE) Ensure 'End session when time limits are reached' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >142</td><td >(ND, NE) Ensure 'Do not use temporary folders per session' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >143</td><td >(ND, NE) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >145</td><td >(ND, NE) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >146</td><td >(ND, NE) Ensure 'Disallow Autoplay for non-volume devices' is set to'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >147</td><td >(ND, NE) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >148</td><td >(ND, NE) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >149</td><td >(ND, NE) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >152</td><td >(ND, NE) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >153</td><td >(ND, NE) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >157</td><td >(ND, NE) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >158</td><td >(ND, NE) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >159</td><td >(ND, NE) Ensure 'Improve inking and typing recognition' is set to 'Disabled'. </td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >160</td><td >(ND, NE) Ensure 'Download Mode' is set to 'Enabled: Simple (99)' .</td><td >Registry value is '1'. Expected: 99</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >161</td><td >(ND, NE) Ensure 'Require pin for pairing' is set to 'Enabled: Always'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >162</td><td >(ND, NE) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >163</td><td >(ND, NE) Ensure 'Turn off Windows Defender Antivirus' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >164</td><td >(ND, NE) Ensure 'Configure Watson events' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >165</td><td >(ND, NE) Ensure 'Turn on behavior monitoring' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >167</td><td >(ND, NE) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >168</td><td >(ND, NE) Ensure 'Turn on e-mail scanning' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >169</td><td >(ND, NE) Ensure 'Scan removable drives' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >170</td><td >(ND, NE) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >171</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_1</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_2</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_3</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_4</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_5</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_6</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_7</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_8</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_9</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_10</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >172_11</td><td >(ND, NE) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >173</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >174</td><td >(ND, NE) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >175</td><td >(ND, NE) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >177</td><td >(ND, NE) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >178</td><td >(ND, NE) Ensure 'Allow user control over installs' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >180</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >181</td><td >(ND, NE) Ensure 'Always install with elevated privileges' is set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >183</td><td >(ND, NE) Ensure 'Turn on Script Execution' is set to 'Enabled: Allow local scripts and remote signed scripts'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >185</td><td >(ND, NE) Ensure 'Configure Automatic Updates' is set to 'Enabled: 4 Auto download and schedule the install'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >186</td><td >(ND, NE) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >187</td><td >(ND, NE) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >188</td><td >(ND, NE) Ensure 'Remove access to "Pause updates" feature' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >189</td><td >(ND, NE) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >191</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >192</td><td >(ND, NE) Ensure 'Disallow Digest authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >193</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >194</td><td >(ND, NE) Ensure 'Allow Basic authentication' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >196</td><td >(ND, NE) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >197</td><td >(ND, NE) Ensure 'Allow unencrypted traffic' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >198</td><td >(ND, NE) Ensure 'Prevent users from modifying settings' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >199</td><td >(ND, NE) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >209</td><td >(ND, NE) Configure 'Interactive logon: Message title for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >210</td><td >(ND, NE) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >211</td><td >(ND, NE) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >212</td><td >(ND, NE) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >213</td><td >(ND, NE) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >214</td><td >(ND, NE) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >215</td><td >(ND, NE) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >216</td><td >(ND, NE) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >217</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >218</td><td >(ND, NE) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Prompt for credentials on the secure desktop'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >226</td><td >(ND, NE) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >227</td><td >(ND, NE) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >229</td><td > Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >230</td><td >(ND, NE) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >231</td><td >(ND, NE) Configure 'Interactive logon: Message text for users attempting to log on'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >234</td><td >(ND, NE) Ensure 'Interactive logon: Don't display last signed-in' is setto 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >239</td><td >(ND, NE) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >240</td><td >(ND, NE) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >241</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >242</td><td >(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >243</td><td >(ND, NE) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >244</td><td >(ND, NE) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >245</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >246</td><td >(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. </td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >247</td><td >(ND, NE) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >252</td><td >(ND) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >253</td><td >(ND, NE) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >254</td><td >(ND, NE) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >255</td><td >(ND, NE) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >256</td><td >(ND, NE) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >257</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >258</td><td >(ND) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >259</td><td >(ND) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >260</td><td >(ND, NE) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >261</td><td >(ND, NE) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >262</td><td >(ND) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >263</td><td >(ND) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >264</td><td >(ND, NE) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >265</td><td >(ND, NE) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >266</td><td >(ND) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >267</td><td >(ND, NE) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >268</td><td >(ND, NE) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >269</td><td >(ND, NE) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >270</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths and sub-paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >271</td><td >(ND, NE) Configure 'Network access: Remotely accessible registry paths'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >272</td><td >(ND, NE) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >275</td><td >(ND, NE) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >276</td><td >(ND, NE) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >317</td><td >(ND, NE) Ensure 'Connected User Experiences and Telemetry' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >320</td><td >(ND, NE) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >321</td><td >(NE, ND) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >323</td><td >(ND, NE) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >324</td><td >(NE, ND) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >326</td><td >(ND, NE) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >328</td><td >(ND, NE) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >331</td><td >(ND, NE) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >338</td><td >(ND, NE) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >339</td><td >(ND, NE) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >341</td><td >(ND, NE) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >343</td><td >(ND, NE) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >345</td><td >(ND, NE) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >348</td><td >(ND, NE) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >349</td><td >(ND, NE) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >351</td><td >(HD) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >356</td><td >(ND, NE) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >357</td><td >(ND, NE) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >358</td><td >(ND, NE) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >359</td><td >(ND, NE) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >360</td><td >(ND, NE) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >365</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >366</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >367</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >368</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >369</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >370</td><td >(ND, NE) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >371</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >372</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >373</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >374</td><td >(ND, NE) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NEUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >277</td><td >(ND, NE) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >278</td><td >(ND, NE) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >279</td><td >(ND, NE) Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >280</td><td >(ND, NE) Ensure 'Deny log on as a batch job' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyBatchLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >282</td><td >(ND, NE) Ensure 'Deny log on as a service' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyServiceLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >284</td><td >(ND) Ensure 'Deny log on through Remote Desktop Services' to include 'ANONYMOUS LOGON, Guests, Local account'.</td><td >The user right 'SeDenyRemoteInteractiveLogonRight' contains following unexpected users: NT AUTHORITY\Local account
The user 'SeDenyRemoteInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON, LOCAL</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >285</td><td >(ND, NE) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >286</td><td >(ND, NE) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >287</td><td >(ND, NE) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'.</td><td >The user right 'SeIncreaseQuotaPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >288</td><td >(ND, NE) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >289</td><td >(ND, NE) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'. </td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Users, BUILTIN\Backup Operators
The user 'SeNetworkLogonRight' setting does not contain the following users: BUILTIN\Remote Desktop Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >290</td><td >(ND, NE) Ensure 'Debug programs' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >291</td><td >(ND, NE) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >292</td><td >(ND, NE) Ensure 'Act as part of the operating system' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >294</td><td >(ND, NE) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >The user right 'SeAssignPrimaryTokenPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >295</td><td >(ND, NE) Ensure 'Create a pagefile' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >296</td><td >(ND, NE) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >297</td><td >(ND, NE) Ensure 'Profile single process' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >298</td><td >(ND, NE) Ensure 'Create a token object' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >299</td><td >(ND, NE) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >300</td><td >(ND, NE) Ensure 'Create symbolic links' is set to 'Administrators'.</td><td >The user right 'SeCreateSymbolicLinkPrivilege' contains following unexpected users: NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >301</td><td >(ND, NE) Ensure 'Create permanent shared objects' is set to 'No One'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >302</td><td >(ND, NE) Ensure 'Force shutdown from a remote system' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >303</td><td >(ND, NE) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >304</td><td >(ND, NE) Ensure 'Shut down the system' is set to 'Administrators, Users'.</td><td >The user right 'SeShutdownPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >305</td><td >(ND, NE) Ensure 'Load and unload device drivers' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >306</td><td >(ND, NE) Ensure 'Deny log on locally' to include 'ANONYMOUS LOGON, Guests'.</td><td >The user 'SeDenyInteractiveLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >307</td><td >(ND, NE) Ensure 'Allow log on locally' is set to 'Administrators, Users'. </td><td >The user right 'SeInteractiveLogonRight' contains following unexpected users: DESKTOP-UTMU75K\OldGuest, BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >308</td><td >(ND, NE) Ensure 'Back up files and directories' is set to 'Administrators'.</td><td >The user right 'SeBackupPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >309</td><td >(ND, NE) Ensure 'Lock pages in memory' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >310</td><td >(ND, NE) Ensure 'Take ownership of files or other objects' is set to 'Administrators' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >311</td><td >(ND, NE) Ensure 'Modify firmware environment values' is set to 'Administrators'. </td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >312</td><td >(ND, NE) Ensure 'Modify an object label' is set to 'No One'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >313</td><td >(ND, NE) Ensure 'Manage auditing and security log' is set to 'Administrators'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >314</td><td >(ND, NE) Ensure 'Restore files and directories' is set to 'Administrators'. </td><td >The user right 'SeRestorePrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >315</td><td >(ND, NE) Ensure 'Deny access to this computer from the network' to include 'ANONYMOUS LOGON, Guest, Local account'. </td><td >The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\ANONYMOUS LOGON</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiSyPHuS-NEAccount-Policies"><span class="passed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >200</td><td >(ND, NE) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >201</td><td >(ND, NE) Ensure 'Password must meet complexity requirements' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >202</td><td >(ND, NE) Ensure 'Enforce password history' is set to '24 or more password(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >203</td><td >(ND, NE) Ensure 'Maximum password age' is set to '365 or fewer days, but not 0'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >204</td><td >(ND, NE) Ensure 'Minimum password length' is set to '14 or more character(s)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >205</td><td >(ND, NE) Ensure 'Minimum password age' is set to '1 or more day(s)' .</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section><section ><h1 id="BSI-Benchmarks-SiM--08202----BPOL"><span class="failed">BSI Benchmarks SiM-08202 - BPOL</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p >This section contains the BSI Benchmark results.</p><section ><h1 id="BSI-Benchmarks-SiM--08202----BPOLRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0003</td><td > Ensure 'Configure Automatic Updates' is set to 4</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0004</td><td > Ensure 'Configure Automatic Updates' is set to 'Every Day'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0005</td><td > Ensure 'Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0006</td><td > Ensure 'Specify the maximum log file size (KB)' is set to 'Enabled: 32768'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0032</td><td >Ensure 'Setup: Specify the maximum log file size (KB)' is set to 32768.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0037</td><td >Ensure 'Allow enhanced PINs for startup' is set 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0038</td><td >Ensure 'Allow Secure Boot for integrity validation' is set 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0039</td><td >Ensure 'Allow Secure Boot for integrity validation' is set 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0040</td><td >Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0041</td><td >Ensure 'Allow user control over installs' is set 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0043</td><td >Ensure 'Enable Windows NTP Client' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0065</td><td >Ensure 'Enumerate administrator accounts on elevation' is set 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0101</td><td > Ensure 'Restrict Unauthenticated RPC clients' is set 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0109</td><td >Ensure 'Allow Telemetry' is set to 0.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0110</td><td >Ensure 'Do not show feedback notifications' is set to 1.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0111</td><td >Ensure 'Turn on MSDT interactive communication with support provider' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0112</td><td >Ensure 'Toggle user control over Insider builds' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0113</td><td >Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0114</td><td >Ensure 'Turn off location' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0115</td><td >Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0116</td><td >Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0117</td><td >Ensure 'Turn off the Windows Customer Experience program' is set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0118</td><td >Ensure 'Turn off the Windows Error Reporting' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0119</td><td >Ensure 'Windows Game Recording and Broadcasting' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >82020121</td><td >Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0122</td><td >Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0123</td><td >Ensure 'Prevent using Localhost IP address for WebRTC' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0131</td><td >Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0132</td><td >Ensure 'Allow indexing of encrypted files' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0133</td><td >Ensure 'Allow InPrivate browsing' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0135</td><td >Ensure 'Allow Standby States (S1-S3) When Sleeping (On Battery)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0136</td><td >Ensure 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0137</td><td >Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0138</td><td >Ensure 'Always install with elevated privileges ' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0139</td><td >Ensure 'Always prompt for password upon connection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0140</td><td >Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled'.</td><td >Registry value is '3'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0141</td><td >Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0142</td><td >Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0143</td><td >Ensure 'Configure Password Manager' is set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0144</td><td >Ensure 'Configure Pop-up Blocker' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0145</td><td >Ensure 'Configure registry policy processing' is set to 'Do not apply during periodic background processing (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0146</td><td >Ensure 'Configure registry policy processing' is set to 'Process even if the Group Policy objects have not changed (False)'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0147</td><td >Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0148</td><td >Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0149</td><td >Ensure 'Disallow copying of user input methods to the system account for sign-in ' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0150</td><td >Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0151</td><td >Ensure 'Do not allow passwords to be saved' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0152</td><td >Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0153</td><td >Ensure 'Do not delete temp folders upon exit' set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0154</td><td >Ensure 'Do not display network selection UI' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0155</td><td >Ensure 'Do not enumerate connected users on domain-joined computers' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0156</td><td >Ensure 'Enable insecure guest logons' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0157</td><td >Ensure 'Enable local admin password management' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0158</td><td >Ensure 'Enable RPC Endpoint Mapper Client Authentication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0159</td><td >Ensure 'Enable screen saver' set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0160</td><td >Ensure 'Enable Windows NTP Server' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0161</td><td >Ensure 'Enable/Disable PerfTrack' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0163</td><td >Ensure 'Enumerate local users on domain-joined computers' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0164</td><td >Ensure 'Include command line in process creation events' set to 'Disabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0165</td><td >Ensure 'Let Windows apps access account information' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0166</td><td >Ensure 'Let Windows apps access call history' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0167</td><td >Ensure 'Let Windows apps access contacts' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0168</td><td >Ensure 'Let Windows apps access email' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0169</td><td >Ensure 'Let Windows apps access location' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0170</td><td >Ensure 'Let Windows apps access messaging' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0171</td><td >Ensure 'Let Windows apps access motion' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0172</td><td >Ensure 'Let Windows apps access notifications' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0173</td><td >Ensure 'Let Windows apps access the calendar' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0174</td><td >Ensure 'Let Windows apps access the camera' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0175</td><td >Ensure 'Let Windows apps access the microphone' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0176</td><td >Ensure 'Let Windows apps access trusted devices' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0177</td><td >Ensure 'Let Windows apps control radios' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0178</td><td >Ensure 'Let Windows apps make phone calls' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0179</td><td >Ensure 'Let Windows apps sync with devices' set to 'Enabled:Force Deny'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0185</td><td >Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0209</td><td >Ensure 'Prevent downloading of enclosures' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0210</td><td >Ensure 'Prevent enabling lock screen camera' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0211</td><td >Ensure 'Prevent enabling lock screen slide show' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0212</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0213</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0214</td><td >Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0215</td><td >Ensure 'Prevent the computer from joining a homegroup' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0216</td><td >Ensure 'Prohibit access of the Windows Connect Now wizards' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0217</td><td >Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0218</td><td >Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' set to 'Enalbed'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0220</td><td >Ensure 'Require a password when a computer wakes (on battery)' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0221</td><td >Ensure 'Require a password when a computer wakes (plugged in)' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0222</td><td >Ensure 'Require additional authentication at startup' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0223</td><td >Ensure 'Require domain users to elevate when setting a network's location' set to 'Enalbed'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0224</td><td >Ensure 'Set the default behavior for AutoRun' set to 'Enalbed: Do not execute any autorun commands'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0225</td><td >Ensure 'Sign-in last interactive user automatically after a system-initiated restart' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0229</td><td >Ensure 'Turn off background refresh of Group Policy' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0230</td><td >Ensure 'Turn off Data Execution Prevention for Explorer' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0231</td><td >Ensure 'Turn off downloading of print drivers over HTTP' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0232</td><td >Ensure 'Turn off handwriting personalization data sharing' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0233</td><td >Ensure 'Turn off handwriting recognition error reporting' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0234</td><td >Ensure 'Turn off heap termination on corruption' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0235</td><td >Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0236</td><td >Ensure 'Turn off Internet download for Web publishing and online ordering wizards' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0237</td><td >Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0238</td><td >Ensure 'Turn off picture password sign-in' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0239</td><td >Ensure 'Turn off printing over HTTP' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0240</td><td >Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0241</td><td >Ensure 'Turn off Search Companion content file updates' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0242</td><td >Ensure 'Turn off shell protocol protected mode' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0243</td><td >Ensure 'Turn off the 'Order Prints' picture task' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0244</td><td >Ensure 'Turn off the 'Publish to Web' task for files and folders' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0245</td><td >Ensure 'Turn on convenience PIN sign-in' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0246</td><td >Ensure 'Turn on Mapper I/O (LLTDIO) driver' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0247</td><td >Ensure 'Turn on Responder (RSPNDR) driver' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0248</td><td >Ensure 'Turn On Virtualization Based Security' set to 'Enabled: Block untrusted fonts and log events'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0249</td><td >Ensure 'Untrusted Font Blocking' set to 'Enabled'.</td><td >Registry key not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0250</td><td >Ensure 'Configure enhanced anti-spoofing' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0251</td><td >Ensure 'WDigest Authentication' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0253</td><td >Ensure 'Windows Firewall: Domain: Apply local firewall rules' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0254</td><td >Ensure 'Windows Firewall: Domain: Display a notification' set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0279</td><td >Ensure 'Windows Firewall: Domain: Logging: Name' set to '%windir%\system32\logfiles\firewall\domainfirewall.log'.</td><td >Registry value is '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. Expected: %windir%\system32\logfiles\firewall\domainfirewall.log</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0280</td><td >Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' set to '16,384'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0281</td><td >Ensure 'Windows Firewall: Public: Outbound connections' set to 'Allow'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0282</td><td >Ensure 'Block launching Windows Store apps with Windows RuntimeAPIaccessfromhostedcontent' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0283</td><td >Ensure 'Turn off KMS Client Online AVS Validation' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0284</td><td >Ensure 'Do not display the password reveal button' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0285</td><td >Ensure 'Join Microsoft MAPS' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0286</td><td >Ensure 'Configure search suggestions in Address bar' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0287</td><td >Ensure 'Configure Windows SmartScreen' set to 'Enabled: Require approval from an administrator before running downloaded unknown software'.</td><td >Registry value is '1'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0288</td><td >Ensure 'Don't allow SmartScreen Filter warning overrides for unverified files' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0289</td><td >Ensure 'Don't allow SmartScreen Filter warning overrides' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0290</td><td >Ensure 'Prevent managing SmartScreen Filter' set to 'Enabled: On'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0291</td><td >Ensure 'Prevent managing SmartScreen Filter' set to 'Enabled: On'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0292</td><td >Ensure 'Turn on SmartScreen Filter scan' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0293</td><td >Ensure 'Allow Cortana' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0294</td><td >Ensure 'Allow search and Cortana to use location' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0295</td><td >Ensure 'Disable all apps from Microsoft Store' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0296</td><td >Ensure 'Disable pre-release features or settings' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0297</td><td >Ensure 'Turn off access to the Store' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0298</td><td >Ensure 'Turn off Automatic Download and Install of updates' set to 'Enabled'.</td><td >Registry value is '4'. Expected: 2</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0299</td><td >Ensure 'Turn off the offer to update to the latest version of Windows' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0300</td><td >Ensure 'Turn off the Store application' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0301</td><td >Ensure 'Allow Basic authentication' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0302</td><td >Ensure 'Allow unencrypted traffic' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0304</td><td >Ensure 'Allow Remote Shell Access' set to 'Disabled'.</td><td >Registry value is '1'. Expected: 0</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0306</td><td >Ensure 'Allow users to connect remotely by using Remote Desktop Services' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0307</td><td >Ensure 'Disallow Digest authentication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0308</td><td >Ensure 'Disallow WinRM from storing RunAs credentials' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0309</td><td >Ensure 'Do not allow COM port redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0310</td><td >Ensure 'Do not allow drive redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0311</td><td >Ensure 'Do not allow LPT port redirection' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0312</td><td >Ensure 'Do not use temporary folders per session' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0313</td><td >Ensure 'Apply UAC restrictions to local accounts on network logons' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0323</td><td >Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' set to 'Disabled'.</td><td >Registry value is '<none>'. Expected: </td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0324</td><td >Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' set to 'Disabled'.</td><td >Registry value is '<none>'. Expected: </td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0325</td><td >Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' set to 'XTS-AES 256-bit'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0328</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0329</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0330</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Enabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0331</td><td >Ensure 'Configure minimum PIN length for startup' set to 'Enabled' and 'minimum characters' set to 10.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0332</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0333</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0334</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0335</td><td >Ensure 'Configure use of passwords for fixed data drives' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0336</td><td >Ensure 'Configure use of passwords for operating system drives' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0337</td><td >Ensure 'Configure use of passwords for removable data drives' set to 'Disabled'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0338</td><td >Ensure 'Configure use of smart cards on fixed data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0339</td><td >Ensure 'Configure use of smart cards on removable data drives' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0340</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >82020342</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Save BitLocker recovery information to AD DS for fixed data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0343</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Save BitLocker recovery information to AD DS for operating system drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0344</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Save BitLocker recovery information to AD DS for removable data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0345</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow startup key and PIN with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0346</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0347</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0348</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Allow data recovery agent'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0349</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0350</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0351</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Use BitLocker software-based encryption when hardware encryption is not available'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0352</td><td >Ensure 'Configure use of smart cards on fixed data drives' set to 'Require use of smart cards on fixed data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0353</td><td >Ensure 'Configure use of smart cards on removable data drives' set to 'Require use of smart cards on removable data drives'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0354</td><td >Ensure 'Deny write access to removable drives not protected by BitLocker' set to 'Do not allow write access to devices configured in another organization'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0355</td><td >Ensure 'Password Settings' set to 'Large letters + small letters + numbers + specials'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0358</td><td >Ensure 'Require additional authentication at startup' set to 'Allow BitLocker without a compatible TPM'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0359</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0360</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard (Test)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0361</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Omit recovery options from the BitLocker setup wizard (True)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0362</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow startup key with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0363</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Allow 48-digit recovery password'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0364</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Require 48-digit recovery password '.</td><td >Registry value is '2'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0365</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not allow 48-digit recovery password'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0366</td><td >Ensure 'Configure use of hardware-based encryption for fixed data drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0367</td><td >Ensure 'Configure use of hardware-based encryption for operating system drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0368</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0369</td><td >Ensure 'Configure use of hardware-based encryption for removable data drives' set to 'Password Length' and set to greater or equal 15.</td><td >Registry value is '14'. Expected: x >= 15</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0370</td><td >Ensure 'Prevent installation of devices that match any of these device IDs' set to 'Also apply to matching devices that are already installed. (True) '.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0371</td><td >Ensure 'Prevent installation of devices using drivers that match these device setup classes' set to 'Also apply to matching devices that are already installed. (True) '.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0372</td><td >Ensure 'Require additional authentication at startup' set to 'Do not allow TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0373</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives (False)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0374</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (Enabled)'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0375</td><td >Ensure 'Choose how BitLocker-protected fixed drives can be recovered' set to 'Backup recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0376</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Store recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0377</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Backup recovery passwords and key packages'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0378</td><td >Ensure 'Choose how BitLocker-protected operating system drives can be recovered' set to 'Do not allow 256-bit recovery key'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0380</td><td >Ensure 'Choose how BitLocker-protected removable drives can be recovered' set to 'Do not allow 256-bit recovery key'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0384</td><td >Ensure 'Password Age' set to less or equal 42.</td><td >Registry value is '20'. Expected: 42</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0385</td><td >Ensure 'Require additional authentication at startup' set to 'Require startup PIN with TPM'.</td><td >Registry value not found.</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0386</td><td >Ensure 'Turn on PowerShell Transcription' set to 'Disabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0387</td><td >Ensure 'Turn on PowerShell Script Block Logging' set to 'Enabled'.</td><td >Registry value is '0'. Expected: 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0388</td><td >Ensure 'Require secure RPC communication' set to 'Enabled'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0389</td><td >Ensure 'Set client connection encryption level' set to 'Enabled: High Level'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0390</td><td >Ensure 'Set time limit for active but idle Remote Desktop Services sessions' set to 'Enabled: 5 minutes'.</td><td >Registry value is '900000'. Expected: 300000</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0391</td><td >Ensure 'Set time limit for disconnected sessions' set to 'Enabled: 1 minute'.</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiM--08202----BPOLUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0044</td><td > Ensure 'SeTrustedCredManAccessPrivilege' is set to 'Enabled'</td><td >The user 'SeTrustedCredManAccessPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0045</td><td > Ensure 'SeNetworkLogonRight' is set to 'Administrator, Users'</td><td >The user right 'SeNetworkLogonRight' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0046</td><td > Ensure 'SeTcbPrivilege' is set to 'None'</td><td >The user 'SeTcbPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0047</td><td > Ensure Adjust memory quotas for a process set to Administrators, LOCAL SERVICE, NETWORK SERVICE</td><td >The user right 'SeIncreaseQuotaPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0048</td><td > Ensure 'Allow log on locally' set to 'Administrators, Users'</td><td >The user right 'SeInteractiveLogonRight' contains following unexpected users: DESKTOP-UTMU75K\OldGuest, BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0049</td><td > Ensure 'SeBackupPrivilege' is set to 'Administrator'</td><td >The user right 'SeBackupPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0050</td><td > Ensure 'SeSystemtimePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0051</td><td > Ensure 'SeTimeZonePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >The user right 'SeTimeZonePrivilege' contains following unexpected users: BUILTIN\Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0052</td><td > Ensure 'SeCreatePagefilePrivilege' is set to 'Administrator, LOCAL SERVICE'</td><td >The user 'SeCreatePagefilePrivilege' setting does not contain the following users: NT AUTHORITY\LOCAL SERVICE</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0053</td><td > Ensure 'SeCreateTokenPrivilege' is set to 'None'</td><td >The user 'SeCreateTokenPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0054</td><td > Ensure 'SeCreateGlobalPrivilege' is set to 'Administrator, SERVICE, LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0055</td><td > Ensure 'SeCreatePermanentPrivilege' is set to 'None'</td><td >The user 'SeCreatePermanentPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0056</td><td > Ensure 'SeCreateSymbolicLinkPrivilege' is set to 'Administrator'</td><td >The user right 'SeCreateSymbolicLinkPrivilege' contains following unexpected users: NT VIRTUAL MACHINE\Virtual Machines</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0057</td><td > Ensure 'SeDebugPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0064</td><td > Ensure 'SeEnableDelegationPrivilege' is set to 'None'</td><td >The user 'SeEnableDelegationPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0066</td><td > Ensure 'SeRemoteShutdownPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0067</td><td > Ensure 'SeAuditPrivilege' is set to 'LOCAL SERVICE, NETWORK SERVICE'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0068</td><td > Ensure 'SeImpersonatePrivilege' is set to 'Administrator, LOCAL SERVICE, NETWORK SERVICE'</td><td >The user right 'SeImpersonatePrivilege' contains following unexpected users: NT AUTHORITY\SERVICE</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0069</td><td > Ensure 'SeIncreaseBasePriorityPrivilege' is set to 'Administrator'</td><td >The user right 'SeIncreaseBasePriorityPrivilege' contains following unexpected users: Window Manager\Window Manager Group</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0085</td><td > Ensure 'SeRelabelPrivilege' is set to 'None'</td><td >The user 'SeRelabelPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0086</td><td > Ensure 'SeSystemEnvironmentPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0087</td><td > Ensure 'SeManageVolumePrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0088</td><td > Ensure 'SeProfileSingleProcessPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0089</td><td > Ensure 'SeSystemProfilePrivilege' is set to 'Administrator, NT SERVICE/WdiServiceHost'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0090</td><td > Ensure 'SeRestorePrivilege' is set to 'Administrator'</td><td >The user right 'SeRestorePrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0091</td><td > Ensure 'SeShutdownPrivilege' is set to 'Administrator, Users'</td><td >The user right 'SeShutdownPrivilege' contains following unexpected users: BUILTIN\Backup Operators</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0094</td><td > Ensure 'SeTakeOwnershipPrivilege' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0104</td><td > Ensure 'SeDenyNetworkLogonRight' is set to 'Local account, Guest'</td><td >The user right 'SeDenyNetworkLogonRight' contains following unexpected users: LOCAL
The user 'SeDenyNetworkLogonRight' setting does not contain the following users: NT AUTHORITY\Local account</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0105</td><td > Ensure 'SeDenyBatchLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0106</td><td > Ensure 'SeDenyServiceLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0107</td><td > Ensure 'SeDenyInteractiveLogonRight' is set to 'Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0108</td><td > Ensure 'SeDenyRemoteInteractiveLogonRight' is set to 'Local account, Guest'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0180</td><td > Ensure 'Load and unload device drivers' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0181</td><td > Ensure 'Lock pages in memory' is set to 'No one'</td><td >The user 'SeLockMemoryPrivilege' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0182</td><td > Ensure 'Log on as a batch job' is set to 'Administrator'</td><td >The user right 'SeBatchLogonRight' contains following unexpected users: BUILTIN\Backup Operators, BUILTIN\Performance Log Users</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0183</td><td > Ensure 'Log on as a service' is set to 'No one'</td><td >The user right 'SeServiceLogonRight' contains following unexpected users: DESKTOP-UTMU75K\SQLServer2005SQLBrowserUser$DESKTOP-UTMU75K, NT SERVICE\ALL SERVICES, NT SERVICE\SQLTELEMETRY, NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER, NT VIRTUAL MACHINE\Virtual Machines
The user 'SeServiceLogonRight' setting does not contain the following users: NULL SID</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0184</td><td > Ensure 'Manage auditing and security log' is set to 'Administrator'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0219</td><td > Ensure 'Replace a process level token' is set to 'Local Service, Network Service'</td><td >The user right 'SeAssignPrimaryTokenPrivilege' contains following unexpected users: NT SERVICE\SQLSERVERAGENT, NT SERVICE\MSSQLSERVER</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0303</td><td > Ensure 'Allow log on through Remote Desktop Services' is set to 'Remote Desktop User'</td><td >The user right 'SeRemoteInteractiveLogonRight' contains following unexpected users: BUILTIN\Administrators</td><td ><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiM--08202----BPOLAccount-Policies"><span class="failed">Account Policies</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0001</td><td > Ensure 'Maximum password age' is set to between 1 and 42</td><td >'MaximumPasswordAge' currently set to: 60. Expected: x <= 42 and x >= 1</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0002</td><td > Ensure 'Password must meet complexity requirements' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0100</td><td > Ensure 'Reset account lockout counter after' is set greater or equal 15</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0102</td><td > Ensure 'Account lockout duration' is set to '15 or more minute(s)'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0103</td><td >Ensure 'Account lockout threshold' is set greater or equal 1 and less or equal 10</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0162</td><td > Ensure 'Enforce password history' is set greater or equal 24</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0186</td><td > Ensure 'Minimum password age' is set to greater or equal 1</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0187</td><td > Ensure 'Minimum password length' is set to greater or equal 14</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section ><h1 id="BSI-Benchmarks-SiM--08202----BPOLAdvanced-Audit-Policy-Configuration"><span class="failed">Advanced Audit Policy Configuration</span><span class="sectionAction collapseButton">-</span><a class="sectionAction" href="#toc"><span style="font-size: 75%;">&uarr;</span></a></h1><p ></p><table class="audit-info"><tbody ><tr ><th >Id</th><th >Task</th><th >Message</th><th >Status</th></tr><tr ><td >0008</td><td > Ensure 'Audit Application Group Management' is set to 'Success and Failure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0011</td><td > Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</td><td >Set to: No Auditing</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0012</td><td > Ensure 'Audit Security Group Management' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0013</td><td > Ensure 'Audit account management' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0014</td><td > Ensure 'Advanced security audit policy settings' is set to 'SuccessAndNotFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0015</td><td > Ensure 'Audit Process Creation' is set to 'SuccessAndNotFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0016</td><td > Ensure 'Audit Other Logon/Logoff Events' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0017</td><td > Ensure 'Audit Account Lockout' is set to 'SuccessAndNotFailure'</td><td >Set to: Failure</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0018</td><td > Ensure 'How to track users logon/logoff' is set to 'SuccessAndNotFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0019</td><td > Ensure 'Audit Policy: Logon-Logoff: Logon' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0020</td><td > Ensure 'Audit Policy: Logon-Logoff: Special Logon' is set to 'Enabled'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0021</td><td > Ensure 'Audit Policy: Object Access:Removable Storage' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0022</td><td > Ensure 'Audit Policy: Policy Change: Audit Policy Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0023</td><td > Ensure 'Audit Policy: Policy Change: Authentication Policy Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0025</td><td > Ensure 'Audit Policy: System: IPsecDriver' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0026</td><td > Ensure 'Audit Policy: System: OtherSystem Events' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr><tr ><td >0027</td><td > Ensure 'Audit Policy: System: Security State Change' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0028</td><td > Ensure 'Audit Policy: System: Security System Extension' is set to 'SuccessAndFailure'</td><td >Set to: Success</td><td ><span class="auditstatus failed">False</span></td></tr><tr ><td >0029</td><td > Ensure 'Audit Policy: System: System Integrity' is set to 'SuccessAndFailure'</td><td >Compliant</td><td ><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section></div></div><script type="text/javascript">function collapseHandler(e) {
var targetSection = e.target.parentElement.parentElement;
if (targetSection.classList.toggle('collapsed')) {
e.target.innerText = '+';
} else {
e.target.innerText = '-';
}
}
var collapseButtons = document.getElementsByClassName("collapseButton");
for (var i = 0; i < collapseButtons.length; i++) {
collapseButtons[i].addEventListener('click', collapseHandler);
}</script></body></body></html>
Reference in New Issue View Git Blame Copy Permalink