emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
atap/Samples/Outdated/Windows10.html
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

15 lines
163 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="X-UA-Compatible" content="ie=edge"><title>Windows 10 Report [05/14/2019 08:14:34]</title><style>body { font-family: Cambria, Georgia, serif; margin: 0; color: default; background-color: default; } .content { padding: 30px 40px; } a { color: default; } a:visited { color: default; } .header { background-color: #c6c9cc; } .header svg { margin-left: 3px; opacity: 0.8; } .header svg g path:nth-child(1), /*F*/ .header svg g path:nth-child(2), /*B*/ .header svg g path:nth-child(6), /*G*/ .header svg g path:nth-child(7), /*m*/ .header svg g path:nth-child(8), /*b*/ .header svg g path:nth-child(9) /*H*/{ fill: black; } .header h1 { margin: 0; } h1, h2, h3, h4, h5, h6 { font-family: 'Calibri', 'Segoe UI', sans-serif; } li a { display: block; } li a:hover { background-color: #f2f2f2; } .gauge { height: 10px; background: #a7a7a7; border-radius: 5px; overflow: hidden; } .gauge .gauge-meter { height: 100%; float: left; } .gauge-info { margin: 0; padding: 20px 0; } .gauge-info .gauge-info-item { display: table-cell; width: 1%; text-align: center; line-height: 30px; } .gauge-info .gauge-info-item span.auditstatus { display: inline; } table { border-collapse: collapse; font-family: Arial, sans-serif; } th, td { padding: 5px 10px; text-align: left; vertical-align: top; } /* audit-info table */ table.audit-info { width: 100%; } table.audit-info th, table.audit-info td { border: 1px solid #d2d2d2; } table.audit-info th { border-bottom-width: 2px; } table.audit-info tr:nth-child(even) { background-color: #efefef; } /* First column in an audit-info table */ table.audit-info th:nth-child(1), table.audit-info td:nth-child(1) { text-align: left; white-space: nowrap; width: 40px; } /* First column in an audit-info table */ table.audit-info th:nth-child(2), table.audit-info td:nth-child(2) { text-align: left; width: 30%; } /* Last column in an audit-info table */ table.audit-info th:last-child, table.audit-info td:last-child { text-align: center; width: 70px; } .passed, .green, .failed, .red { color: #fff; } .warning, .orange { color: #000; } .passed, .green { background-color: #33cca6; } .failed, .red { background-color: #cc0000; } .warning, .orange { background-color: #ff9933; } h1 span.passed, h1 span.failed, h1 span.warning, h2 span.passed, h2 span.failed, h2 span.warning, h3 span.passed, h3 span.failed, h3 span.warning { padding: 5px 10px; border-radius: 8px; } span.auditstatus { display: block; padding: 5px 10px; border-radius: 8px; font-weight: bold; margin: auto; } a.totop { display: inline-block; width: 30px; height: 30px; text-align: center; text-decoration: none; margin: 0 15px; color: #a7a7a7; background-color: #eeeeee; border-radius: 8px; font-weight: bold; } a.totop:hover { background-color: #dddddd;; color: blue; } #host-information { float: left; } /* Overall compliance donut chart */ .card { float: right; margin: 0 100px 0 0; width: 250px; } .donut-chart { position: relative; border-radius: 50%; overflow: hidden; } .donut-chart.chart { width: 200px; height: 200px; background: #c6c9cc; } .donut-chart .slice { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } .donut-chart .chart-center { position: absolute; border-radius: 50%; top: 25px; left: 25px; width: 150px; height: 150px; background: white; } .donut-chart .chart-center span { display: block; text-align: center; font-size: 40px; line-height: 150px; color: black; }.donut-chart.chart .slice.one {clip: rect(0 200px 100px 0); -webkit-transform: rotate(164.268deg); transform: rotate(164.268deg);}.donut-chart.chart .slice.two {clip: rect(0 100px 200px 0); -webkit-transform: rotate(0deg); transform: rotate(0deg);}.donut-chart.chart .chart-center span:after {content: "20.63 %";}</style></head><body><div class="header content"><svg width="169" height="23" viewBox="0 0 169 23" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:1.41421;"><rect id="Artboard1" x="-8.32" y="-4.677" width="186.148" height="32.667" style="fill:none;"/><g><path d="M12.652,1.882c0,0.349 -0.014,0.642 -0.043,0.88c-0.03,0.238 -0.076,0.427 -0.14,0.567c-0.064,0.139 -0.136,0.244 -0.218,0.313c-0.081,0.07 -0.174,0.105 -0.279,0.105l-7.371,0l0,6.064l6.918,0c0.105,0 0.198,0.03 0.279,0.088c0.082,0.058 0.154,0.156 0.218,0.296c0.064,0.139 0.11,0.325 0.139,0.558c0.029,0.232 0.044,0.522 0.044,0.871c0,0.348 -0.015,0.639 -0.044,0.871c-0.029,0.233 -0.075,0.424 -0.139,0.575c-0.064,0.151 -0.136,0.259 -0.218,0.323c-0.081,0.064 -0.174,0.096 -0.279,0.096l-6.918,0l0,8.399c0,0.128 -0.035,0.239 -0.105,0.332c-0.07,0.093 -0.194,0.171 -0.374,0.235c-0.181,0.064 -0.416,0.113 -0.706,0.148c-0.291,0.035 -0.663,0.052 -1.116,0.052c-0.441,0 -0.81,-0.017 -1.106,-0.052c-0.297,-0.035 -0.532,-0.084 -0.706,-0.148c-0.174,-0.064 -0.299,-0.142 -0.375,-0.235c-0.075,-0.093 -0.113,-0.204 -0.113,-0.332l0,-20.442c0,-0.511 0.131,-0.88 0.392,-1.106c0.262,-0.227 0.584,-0.34 0.967,-0.34l10.613,0c0.105,0 0.198,0.032 0.279,0.096c0.082,0.064 0.154,0.168 0.218,0.314c0.064,0.145 0.11,0.339 0.14,0.583c0.029,0.244 0.043,0.541 0.043,0.889Z" style="fill-rule:nonzero;"/><path d="M32.711,15.789c0,0.802 -0.111,1.528 -0.331,2.178c-0.221,0.651 -0.526,1.226 -0.915,1.726c-0.39,0.499 -0.854,0.929 -1.394,1.289c-0.541,0.36 -1.136,0.657 -1.787,0.889c-0.65,0.232 -1.345,0.404 -2.082,0.514c-0.738,0.111 -1.56,0.166 -2.466,0.166l-5.995,0c-0.384,0 -0.706,-0.114 -0.967,-0.34c-0.262,-0.227 -0.392,-0.596 -0.392,-1.107l0,-19.658c0,-0.511 0.13,-0.88 0.392,-1.106c0.261,-0.227 0.583,-0.34 0.967,-0.34l5.664,0c1.382,0 2.553,0.116 3.511,0.349c0.959,0.232 1.766,0.583 2.423,1.054c0.656,0.47 1.158,1.066 1.507,1.786c0.349,0.72 0.523,1.569 0.523,2.545c0,0.546 -0.07,1.06 -0.209,1.542c-0.14,0.482 -0.343,0.921 -0.61,1.316c-0.267,0.395 -0.596,0.743 -0.985,1.045c-0.389,0.302 -0.833,0.546 -1.333,0.732c0.639,0.116 1.229,0.32 1.769,0.61c0.54,0.291 1.011,0.665 1.411,1.124c0.401,0.459 0.718,0.996 0.95,1.612c0.233,0.616 0.349,1.307 0.349,2.074Zm-5.925,-9.498c0,-0.453 -0.07,-0.86 -0.21,-1.22c-0.139,-0.36 -0.348,-0.659 -0.627,-0.897c-0.279,-0.238 -0.63,-0.421 -1.054,-0.549c-0.424,-0.128 -0.991,-0.192 -1.699,-0.192l-2.318,0l0,5.856l2.562,0c0.662,0 1.19,-0.079 1.585,-0.236c0.395,-0.156 0.724,-0.371 0.985,-0.644c0.261,-0.273 0.456,-0.593 0.584,-0.959c0.128,-0.366 0.192,-0.752 0.192,-1.159Zm1.167,9.655c0,-0.523 -0.087,-0.991 -0.261,-1.403c-0.175,-0.412 -0.43,-0.758 -0.767,-1.037c-0.337,-0.279 -0.767,-0.494 -1.29,-0.645c-0.522,-0.151 -1.202,-0.226 -2.039,-0.226l-2.718,0l0,6.413l3.311,0c0.639,0 1.176,-0.067 1.612,-0.201c0.436,-0.133 0.813,-0.331 1.133,-0.592c0.319,-0.261 0.569,-0.587 0.749,-0.976c0.18,-0.389 0.27,-0.834 0.27,-1.333Z" style="fill-rule:nonzero;"/><path d="M59.897,6.849c0,1.266 -0.197,2.387 -0.592,3.363c-0.395,0.976 -0.971,1.798 -1.726,2.466c-0.755,0.668 -1.681,1.177 -2.779,1.525c-1.098,0.349 -2.391,0.523 -3.878,0.523l-1.882,0l0,7.197c0,0.117 -0.038,0.221 -0.113,0.314c-0.076,0.093 -0.201,0.168 -0.375,0.227c-0.174,0.058 -0.407,0.104 -0.697,0.139c-0.291,0.035 -0.662,0.052 -1.115,0.052c-0.442,0 -0.811,-0.017 -1.107,-0.052c-0.296,-0.035 -0.532,-0.081 -0.706,-0.139c-0.174,-0.059 -0.296,-0.134 -0.366,-0.227c-0.07,-0.093 -0.104,-0.197 -0.104,-0.314l0,-20.285c0,-0.546 0.142,-0.955 0.427,-1.228c0.284,-0.273 0.659,-0.41 1.124,-0.41l5.315,0c0.534,0 1.043,0.02 1.525,0.061c0.482,0.041 1.06,0.128 1.734,0.261c0.674,0.134 1.356,0.381 2.047,0.741c0.692,0.36 1.281,0.816 1.769,1.368c0.488,0.552 0.86,1.197 1.116,1.934c0.255,0.738 0.383,1.566 0.383,2.484Zm-4.792,0.331c0,-0.79 -0.14,-1.441 -0.419,-1.952c-0.278,-0.511 -0.621,-0.889 -1.028,-1.133c-0.406,-0.244 -0.833,-0.398 -1.281,-0.461c-0.447,-0.064 -0.909,-0.096 -1.385,-0.096l-1.952,0l0,7.65l2.056,0c0.732,0 1.345,-0.099 1.839,-0.296c0.494,-0.198 0.897,-0.473 1.211,-0.828c0.314,-0.354 0.552,-0.778 0.715,-1.272c0.162,-0.494 0.244,-1.031 0.244,-1.612Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M73.177,7.86c0,0.418 -0.012,0.761 -0.035,1.028c-0.024,0.267 -0.058,0.476 -0.105,0.627c-0.046,0.151 -0.107,0.256 -0.183,0.314c-0.075,0.058 -0.171,0.087 -0.287,0.087c-0.093,0 -0.198,-0.02 -0.314,-0.061c-0.116,-0.041 -0.247,-0.084 -0.392,-0.131c-0.145,-0.046 -0.305,-0.09 -0.479,-0.13c-0.175,-0.041 -0.366,-0.061 -0.576,-0.061c-0.244,0 -0.487,0.049 -0.731,0.148c-0.244,0.099 -0.497,0.252 -0.759,0.462c-0.261,0.209 -0.534,0.488 -0.819,0.836c-0.284,0.349 -0.589,0.779 -0.915,1.29l0,9.689c0,0.116 -0.034,0.218 -0.104,0.305c-0.07,0.087 -0.189,0.16 -0.357,0.218c-0.169,0.058 -0.392,0.102 -0.671,0.131c-0.279,0.029 -0.633,0.043 -1.063,0.043c-0.43,0 -0.785,-0.014 -1.063,-0.043c-0.279,-0.029 -0.503,-0.073 -0.671,-0.131c-0.169,-0.058 -0.288,-0.131 -0.358,-0.218c-0.069,-0.087 -0.104,-0.189 -0.104,-0.305l0,-15.545c0,-0.116 0.029,-0.218 0.087,-0.305c0.058,-0.087 0.163,-0.16 0.314,-0.218c0.151,-0.058 0.345,-0.101 0.583,-0.13c0.239,-0.029 0.538,-0.044 0.898,-0.044c0.372,0 0.68,0.015 0.924,0.044c0.244,0.029 0.432,0.072 0.566,0.13c0.134,0.058 0.229,0.131 0.288,0.218c0.058,0.087 0.087,0.189 0.087,0.305l0,1.935c0.406,-0.581 0.79,-1.061 1.15,-1.438c0.36,-0.378 0.703,-0.677 1.028,-0.898c0.325,-0.22 0.651,-0.374 0.976,-0.461c0.325,-0.088 0.651,-0.131 0.976,-0.131c0.151,0 0.314,0.009 0.488,0.026c0.174,0.017 0.354,0.046 0.54,0.087c0.186,0.041 0.349,0.087 0.488,0.14c0.139,0.052 0.241,0.107 0.305,0.165c0.064,0.058 0.11,0.122 0.139,0.192c0.029,0.069 0.056,0.165 0.079,0.287c0.023,0.122 0.041,0.305 0.052,0.549c0.012,0.244 0.018,0.575 0.018,0.994Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M91.161,14.029c0,1.324 -0.174,2.533 -0.522,3.625c-0.349,1.092 -0.878,2.033 -1.586,2.823c-0.709,0.79 -1.598,1.4 -2.667,1.83c-1.069,0.43 -2.317,0.645 -3.747,0.645c-1.382,0 -2.585,-0.192 -3.607,-0.576c-1.022,-0.383 -1.87,-0.941 -2.544,-1.673c-0.674,-0.731 -1.174,-1.632 -1.499,-2.701c-0.325,-1.069 -0.488,-2.289 -0.488,-3.659c0,-1.325 0.177,-2.536 0.532,-3.634c0.354,-1.098 0.885,-2.039 1.594,-2.823c0.709,-0.784 1.595,-1.391 2.658,-1.821c1.063,-0.43 2.309,-0.645 3.738,-0.645c1.394,0 2.602,0.189 3.625,0.566c1.022,0.378 1.867,0.933 2.535,1.665c0.668,0.731 1.165,1.632 1.49,2.701c0.326,1.069 0.488,2.294 0.488,3.677Zm-4.513,0.174c0,-0.767 -0.061,-1.472 -0.183,-2.117c-0.122,-0.645 -0.328,-1.206 -0.619,-1.682c-0.29,-0.476 -0.677,-0.848 -1.159,-1.115c-0.482,-0.268 -1.089,-0.401 -1.821,-0.401c-0.651,0 -1.22,0.119 -1.708,0.357c-0.488,0.238 -0.889,0.587 -1.202,1.046c-0.314,0.459 -0.549,1.011 -0.706,1.655c-0.157,0.645 -0.235,1.38 -0.235,2.205c0,0.767 0.064,1.472 0.191,2.117c0.128,0.645 0.334,1.206 0.619,1.682c0.285,0.476 0.671,0.845 1.159,1.107c0.488,0.261 1.092,0.392 1.812,0.392c0.663,0 1.238,-0.119 1.726,-0.358c0.488,-0.238 0.888,-0.583 1.202,-1.036c0.314,-0.454 0.546,-1.003 0.697,-1.647c0.151,-0.645 0.227,-1.38 0.227,-2.205Z" style="fill:#a91a1b;fill-rule:nonzero;"/><path d="M114.685,7.232c0,0.173 -0.009,0.326 -0.027,0.459c-0.019,0.132 -0.046,0.242 -0.083,0.329c-0.036,0.086 -0.082,0.148 -0.137,0.185c-0.055,0.036 -0.114,0.054 -0.178,0.054c-0.109,0 -0.292,-0.086 -0.548,-0.26c-0.256,-0.173 -0.598,-0.365 -1.028,-0.575c-0.429,-0.21 -0.943,-0.402 -1.541,-0.576c-0.598,-0.173 -1.309,-0.26 -2.131,-0.26c-0.977,0 -1.854,0.178 -2.631,0.534c-0.776,0.356 -1.434,0.85 -1.973,1.48c-0.539,0.63 -0.952,1.379 -1.24,2.247c-0.287,0.868 -0.431,1.809 -0.431,2.823c0,1.132 0.157,2.137 0.472,3.014c0.316,0.877 0.752,1.617 1.309,2.22c0.557,0.603 1.222,1.06 1.994,1.37c0.771,0.311 1.619,0.466 2.541,0.466c0.548,0 1.103,-0.066 1.665,-0.199c0.562,-0.132 1.085,-0.331 1.569,-0.596l0,-5.165l-4.111,0c-0.155,0 -0.271,-0.078 -0.349,-0.233c-0.078,-0.156 -0.116,-0.398 -0.116,-0.727c0,-0.173 0.009,-0.322 0.027,-0.445c0.018,-0.123 0.048,-0.224 0.089,-0.301c0.041,-0.078 0.089,-0.135 0.144,-0.172c0.055,-0.036 0.123,-0.054 0.205,-0.054l5.632,0c0.1,0 0.201,0.018 0.301,0.054c0.101,0.037 0.192,0.092 0.274,0.165c0.083,0.073 0.147,0.173 0.192,0.301c0.046,0.128 0.069,0.274 0.069,0.439l0,6.755c0,0.237 -0.041,0.443 -0.124,0.617c-0.082,0.173 -0.255,0.326 -0.52,0.459c-0.265,0.132 -0.608,0.276 -1.028,0.431c-0.42,0.155 -0.854,0.288 -1.302,0.398c-0.447,0.109 -0.899,0.191 -1.356,0.246c-0.457,0.055 -0.909,0.082 -1.357,0.082c-1.37,0 -2.594,-0.212 -3.672,-0.637c-1.078,-0.425 -1.989,-1.03 -2.733,-1.815c-0.745,-0.786 -1.313,-1.727 -1.706,-2.823c-0.393,-1.096 -0.589,-2.32 -0.589,-3.672c0,-1.407 0.212,-2.681 0.637,-3.823c0.425,-1.142 1.023,-2.115 1.795,-2.919c0.772,-0.803 1.699,-1.427 2.781,-1.87c1.083,-0.443 2.282,-0.664 3.597,-0.664c0.676,0 1.311,0.059 1.905,0.178c0.593,0.118 1.121,0.258 1.582,0.418c0.462,0.159 0.85,0.333 1.165,0.52c0.315,0.188 0.532,0.341 0.651,0.459c0.119,0.119 0.201,0.256 0.246,0.411c0.046,0.156 0.069,0.379 0.069,0.672Z" style="fill-rule:nonzero;"/><path d="M137.102,22.208c0,0.073 -0.019,0.135 -0.055,0.185c-0.037,0.05 -0.096,0.094 -0.178,0.13c-0.083,0.037 -0.197,0.064 -0.343,0.083c-0.146,0.018 -0.329,0.027 -0.548,0.027c-0.228,0 -0.416,-0.009 -0.562,-0.027c-0.146,-0.019 -0.262,-0.046 -0.349,-0.083c-0.087,-0.036 -0.149,-0.08 -0.185,-0.13c-0.037,-0.05 -0.055,-0.112 -0.055,-0.185l0,-7.495c0,-0.521 -0.046,-0.996 -0.137,-1.425c-0.091,-0.429 -0.238,-0.799 -0.439,-1.11c-0.2,-0.31 -0.456,-0.548 -0.767,-0.712c-0.31,-0.165 -0.676,-0.247 -1.096,-0.247c-0.521,0 -1.044,0.201 -1.569,0.603c-0.525,0.402 -1.103,0.991 -1.733,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.037,0.05 -0.098,0.094 -0.185,0.13c-0.087,0.037 -0.203,0.064 -0.349,0.083c-0.147,0.018 -0.329,0.027 -0.548,0.027c-0.211,0 -0.391,-0.009 -0.542,-0.027c-0.15,-0.019 -0.269,-0.046 -0.356,-0.083c-0.087,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-7.495c0,-0.521 -0.05,-0.996 -0.151,-1.425c-0.1,-0.429 -0.251,-0.799 -0.452,-1.11c-0.201,-0.31 -0.454,-0.548 -0.76,-0.712c-0.306,-0.165 -0.67,-0.247 -1.09,-0.247c-0.52,0 -1.046,0.201 -1.575,0.603c-0.53,0.402 -1.106,0.991 -1.727,1.768l0,8.618c0,0.073 -0.018,0.135 -0.055,0.185c-0.036,0.05 -0.096,0.094 -0.178,0.13c-0.082,0.037 -0.196,0.064 -0.342,0.083c-0.147,0.018 -0.334,0.027 -0.562,0.027c-0.219,0 -0.402,-0.009 -0.548,-0.027c-0.146,-0.019 -0.263,-0.046 -0.35,-0.083c-0.086,-0.036 -0.146,-0.08 -0.178,-0.13c-0.032,-0.05 -0.048,-0.112 -0.048,-0.185l0,-12.332c0,-0.073 0.014,-0.134 0.041,-0.185c0.028,-0.05 0.083,-0.096 0.165,-0.137c0.082,-0.041 0.187,-0.068 0.315,-0.082c0.128,-0.014 0.297,-0.02 0.507,-0.02c0.201,0 0.368,0.006 0.5,0.02c0.132,0.014 0.235,0.041 0.308,0.082c0.073,0.041 0.126,0.087 0.158,0.137c0.032,0.051 0.048,0.112 0.048,0.185l0,1.631c0.694,-0.777 1.368,-1.345 2.021,-1.706c0.653,-0.361 1.313,-0.541 1.98,-0.541c0.511,0 0.97,0.059 1.377,0.178c0.406,0.119 0.765,0.285 1.076,0.5c0.31,0.215 0.575,0.47 0.794,0.767c0.219,0.297 0.402,0.628 0.548,0.994c0.411,-0.448 0.802,-0.827 1.172,-1.138c0.37,-0.31 0.726,-0.561 1.069,-0.753c0.342,-0.192 0.676,-0.331 1,-0.418c0.324,-0.087 0.651,-0.13 0.98,-0.13c0.794,0 1.461,0.139 2,0.418c0.539,0.278 0.975,0.65 1.309,1.116c0.333,0.466 0.571,1.012 0.712,1.638c0.142,0.625 0.213,1.285 0.213,1.98l0,7.796Z" style="fill-rule:nonzero;"/><path d="M152.571,15.878c0,1.069 -0.116,2.03 -0.349,2.884c-0.233,0.854 -0.576,1.583 -1.028,2.186c-0.452,0.602 -1.007,1.064 -1.665,1.383c-0.657,0.32 -1.411,0.48 -2.261,0.48c-0.392,0 -0.755,-0.039 -1.089,-0.116c-0.333,-0.078 -0.66,-0.204 -0.98,-0.377c-0.319,-0.174 -0.639,-0.393 -0.959,-0.658c-0.319,-0.265 -0.657,-0.585 -1.014,-0.959l0,1.507c0,0.073 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.096,0.098 -0.179,0.13c-0.082,0.032 -0.185,0.057 -0.308,0.076c-0.123,0.018 -0.281,0.027 -0.473,0.027c-0.182,0 -0.338,-0.009 -0.465,-0.027c-0.128,-0.019 -0.233,-0.044 -0.316,-0.076c-0.082,-0.032 -0.137,-0.075 -0.164,-0.13c-0.027,-0.055 -0.041,-0.119 -0.041,-0.192l0,-18.306c0,-0.073 0.016,-0.137 0.048,-0.192c0.032,-0.054 0.091,-0.1 0.178,-0.137c0.087,-0.036 0.203,-0.064 0.349,-0.082c0.147,-0.018 0.329,-0.027 0.548,-0.027c0.229,0 0.416,0.009 0.562,0.027c0.146,0.018 0.261,0.046 0.343,0.082c0.082,0.037 0.141,0.083 0.178,0.137c0.036,0.055 0.055,0.119 0.055,0.192l0,7.386c0.365,-0.375 0.719,-0.69 1.062,-0.946c0.342,-0.256 0.678,-0.463 1.007,-0.623c0.329,-0.16 0.657,-0.277 0.986,-0.35c0.329,-0.073 0.676,-0.109 1.042,-0.109c0.895,0 1.66,0.178 2.295,0.534c0.635,0.356 1.151,0.834 1.548,1.432c0.397,0.598 0.687,1.299 0.87,2.103c0.183,0.804 0.274,1.654 0.274,2.549Zm-2.343,0.26c0,-0.63 -0.048,-1.242 -0.145,-1.836c-0.096,-0.594 -0.264,-1.119 -0.503,-1.576c-0.239,-0.456 -0.556,-0.824 -0.951,-1.103c-0.395,-0.278 -0.887,-0.418 -1.475,-0.418c-0.294,0 -0.584,0.041 -0.869,0.124c-0.285,0.082 -0.574,0.219 -0.868,0.411c-0.294,0.192 -0.6,0.438 -0.917,0.74c-0.317,0.301 -0.655,0.68 -1.013,1.137l0,4.919c0.625,0.758 1.222,1.336 1.792,1.733c0.57,0.398 1.163,0.596 1.778,0.596c0.57,0 1.057,-0.137 1.462,-0.411c0.404,-0.274 0.733,-0.637 0.985,-1.089c0.253,-0.452 0.437,-0.959 0.552,-1.521c0.115,-0.562 0.172,-1.13 0.172,-1.706Z" style="fill-rule:nonzero;"/><path d="M169,22.194c0,0.074 -0.018,0.137 -0.055,0.192c-0.036,0.055 -0.1,0.098 -0.192,0.13c-0.091,0.032 -0.212,0.06 -0.363,0.083c-0.15,0.023 -0.335,0.034 -0.555,0.034c-0.237,0 -0.429,-0.011 -0.575,-0.034c-0.146,-0.023 -0.265,-0.051 -0.356,-0.083c-0.092,-0.032 -0.156,-0.075 -0.192,-0.13c-0.037,-0.055 -0.055,-0.118 -0.055,-0.192l0,-7.865l-8.071,0l0,7.865c0,0.074 -0.018,0.137 -0.054,0.192c-0.037,0.055 -0.101,0.098 -0.192,0.13c-0.092,0.032 -0.213,0.06 -0.363,0.083c-0.151,0.023 -0.341,0.034 -0.569,0.034c-0.219,0 -0.406,-0.011 -0.562,-0.034c-0.155,-0.023 -0.278,-0.051 -0.37,-0.083c-0.091,-0.032 -0.155,-0.075 -0.192,-0.13c-0.036,-0.055 -0.054,-0.118 -0.054,-0.192l0,-17.018c0,-0.073 0.018,-0.137 0.054,-0.191c0.037,-0.055 0.101,-0.099 0.192,-0.131c0.092,-0.032 0.215,-0.059 0.37,-0.082c0.156,-0.023 0.343,-0.034 0.562,-0.034c0.228,0 0.418,0.011 0.569,0.034c0.15,0.023 0.271,0.05 0.363,0.082c0.091,0.032 0.155,0.076 0.192,0.131c0.036,0.054 0.054,0.118 0.054,0.191l0,7.098l8.071,0l0,-7.098c0,-0.073 0.018,-0.137 0.055,-0.191c0.036,-0.055 0.1,-0.099 0.192,-0.131c0.091,-0.032 0.21,-0.059 0.356,-0.082c0.146,-0.023 0.338,-0.034 0.575,-0.034c0.22,0 0.405,0.011 0.555,0.034c0.151,0.023 0.272,0.05 0.363,0.082c0.092,0.032 0.156,0.076 0.192,0.131c0.037,0.054 0.055,0.118 0.055,0.191l0,17.018Z" style="fill-rule:nonzero;"/></g></svg><h1>Windows 10 Report</h1><p>Generated by the <i>Windows10Audit</i> Module by FB Pro GmbH. Get it in the <a href="https://github.com/fbprogmbh/Audit-Test-Automation">Audit Test Automation Package</a>.</p><p>Based on Windows 10 Security Technical Implementation Guide V1R16 2019-01-25.</p></div><div class="main content"><div id="host-information"><p>This report was generated at 05/14/2019 08:14:34 on DESKTOP-VSBMIM9.</p><table><tbody><tr><th scope="row">Hostname</th><td>DESKTOP-VSBMIM9</td></tr><tr><th scope="row">Build Number</th><td>17763</td></tr><tr><th scope="row">Free disk space(GB) </th><td>115.2</td></tr><tr><th scope="row">Operating System</th><td>Microsoft Windows 10 Enterprise Evaluation</td></tr><tr><th scope="row">Free physical memory (GB)</th><td>0.564</td></tr></tbody></table></div><h1 style="clear:both; padding-top: 50px;">Summary</h1><p>A total of 640 tests have been run. 503 resulted in false. 0 resulted in warning.</p><div class="gauge"><div class="gauge-meter passed" style="width: 20.63%" title="True 132 test(s), 20.63%"></div><div class="gauge-meter failed" style="width: 78.59%" title="False 503 test(s), 78.59%"></div><div class="gauge-meter warning" style="width: 0.00%" title="Warning 0 test(s), 0.00%"></div><div class="gauge-meter " style="width: 0.78%" title="None 5 test(s), 0.78%"></div></div><ol class="gauge-info"><li class="gauge-info-item"><span class="auditstatus passed">True</span> 132 test(s) &#x2259; 20.63%</li><li class="gauge-info-item"><span class="auditstatus failed">False</span> 503 test(s) &#x2259; 78.59%</li><li class="gauge-info-item"><span class="auditstatus warning">Warning</span> 0 test(s) &#x2259; 0.00%</li><li class="gauge-info-item"><span class="auditstatus ">None</span> 5 test(s) &#x2259; 0.78%</li></ol><h1>Navigation</h1><p>Click the link(s) below for quick access to a report section.</p><ul><li><a href="#DISA-Recommendations">DISA Recommendations</a><ul><li><a href="#DISA-RecommendationsRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li><a href="#DISA-RecommendationsUser-Rights-Assignment">User Rights Assignment</a></li><li><a href="#DISA-RecommendationsAccount-Policies">Account Policies</a></li><li><a href="#DISA-RecommendationsWindows-Features">Windows Features</a></li><li><a href="#DISA-RecommendationsFile-System-Permissions">File System Permissions</a></li><li><a href="#DISA-RecommendationsRegistry-Permissions">Registry Permissions</a></li></ul></li><li><a href="#CIS-Benchmarks">CIS Benchmarks</a><ul><li><a href="#CIS-BenchmarksRegistry-Settings/Group-Policies">Registry Settings/Group Policies</a></li><li><a href="#CIS-BenchmarksUser-Rights-Assignment">User Rights Assignment</a></li><li><a href="#CIS-BenchmarksAccount-Policies">Account Policies</a></li><li><a href="#CIS-BenchmarksWindows-Firewall-with-Advanced-Security">Windows Firewall with Advanced Security</a></li><li><a href="#CIS-BenchmarksAdvanced-Audit-Policy-Configuration">Advanced Audit Policy Configuration</a></li></ul></li></ul><section><h1 id="DISA-Recommendations"><span class="failed">DISA Recommendations</span><a href="#" class="totop">^</a></h1><p>TThis section contains all DISA recommendations</p><section><h1 id="DISA-RecommendationsRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-CC-000310</td> <td>Users must be prevented from changing installation options.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000315</td> <td>The Windows Installer Always install with elevated privileges must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000320</td> <td>Users must be notified if a web-based program attempts to install software.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000325</td> <td>Automatically signing in the last interactive user after a system-initiated restart must be disabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000330</td> <td>The Windows Remote Management (WinRM) client must not use Basic authentication.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000335</td> <td>The Windows Remote Management (WinRM) client must not allow unencrypted traffic.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000340</td> <td>The Windows Remote Management (WinRM) client must not use Digest authentication.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000345</td> <td>The Windows Remote Management (WinRM) service must not use Basic authentication.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000350</td> <td>The Windows Remote Management (WinRM) service must not allow unencrypted traffic.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000355</td> <td>The Windows Remote Management (WinRM) service must not store RunAs credentials.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AU-000500</td> <td>The Application event log size must be configured to 32768 KB or greater.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AU-000505</td> <td>The Security event log size must be configured to 1024000 KB or greater.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AU-000510</td> <td>The System event log size must be configured to 32768 KB or greater.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000005</td> <td>Camera access from the lock screen must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000010</td> <td>The display of slide shows on the lock screen must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000020</td> <td>IPv6 source routing must be configured to highest protection.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000025</td> <td>The system must be configured to prevent IP source routing.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000030</td> <td>The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF) generated routes.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000035</td> <td>The system must be configured to ignore NetBIOS name release requests except from WINS servers.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000040</td> <td>Insecure logons to an SMB server must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000055</td> <td>Simultaneous connections to the Internet or a Windows domain must be limited.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000060</td> <td>Connections to non-domain networks when connected to a domain authenticated network must be blocked.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000065</td> <td>Wi-Fi Sense must be disabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000037</td> <td>Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000085</td> <td>Early Launch Antimalware, Boot-Start Driver Initialization Policy must prevent boot drivers identified as bad.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000090</td> <td>Group Policy objects must be reprocessed even if they have not changed.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000100</td> <td>Downloading print driver packages over HTTP must be prevented.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000015</td> <td>Local accounts with blank passwords must be restricted to prevent access from the network.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000105</td> <td>Web publishing and online ordering wizards must be prevented from downloading a list of providers.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000110</td> <td>Printing over HTTP must be prevented.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000115</td> <td>Systems must at least attempt device authentication using certificates.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000120</td> <td>The network selection user interface (UI) must not be displayed on the logon screen.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000130</td> <td>Local users on domain-joined computers must not be enumerated.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000030</td> <td>Audit policy using subcategories must be enabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000035</td> <td>Outgoing secure channel traffic must be encrypted or signed.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000040</td> <td>Outgoing secure channel traffic must be encrypted when possible.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000145</td> <td>Users must be prompted for a password on resume from sleep (on battery).</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000045</td> <td>Outgoing secure channel traffic must be signed when possible.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000150</td> <td>The user must be prompted for a password on resume from sleep (plugged in).</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000155</td> <td>Solicited Remote Assistance must not be allowed.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000050</td> <td>The computer account password must not be prevented from being reset.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000165</td> <td>Unauthenticated RPC clients must be restricted from connecting to the RPC server.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000170</td> <td>The setting to allow Microsoft accounts to be optional for modern style apps must be enabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000175</td> <td>The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000060</td> <td>The system must be configured to require a strong session key.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000180</td> <td>Autoplay must be turned off for non-volume devices.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000070</td> <td>The machine inactivity limit must be set to 15 minutes, locking the system with the screensaver.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000185</td> <td>The default autorun behavior must be configured to prevent autorun commands.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000190</td> <td>Autoplay must be disabled for all drives.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000195</td> <td>Enhanced anti-spoofing for facial recognition must be enabled on Window 10.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000200</td> <td>Administrator accounts must not be enumerated during elevation.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000215</td> <td>Explorer Data Execution Prevention must be enabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000220</td> <td>Turning off File Explorer heap termination on corruption must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000225</td> <td>File Explorer shell protocol must run in protected mode.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000095</td> <td>The Smart Card removal option must be configured to Force Logoff or Lock Workstation.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000230</td> <td>Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious websites in Microsoft Edge.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000235</td> <td>Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified files in Microsoft Edge.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000100</td> <td>The Windows SMB client must be configured to always perform SMB packet signing.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000240</td> <td>InPrivate browsing in Microsoft Edge must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000105</td> <td>The Windows SMB client must be enabled to perform SMB packet signing when possible.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000110</td> <td>Unencrypted passwords must not be sent to third-party SMB Servers.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000250</td> <td>The Windows Defender SmartScreen filter for Microsoft Edge must be enabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000255</td> <td>The use of a hardware security device with Windows Hello for Business must be enabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000120</td> <td>The Windows SMB server must be configured to always perform SMB packet signing.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000260</td> <td>Windows 10 must be configured to require a minimum pin length of six characters or greater.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000125</td> <td>The Windows SMB server must perform SMB packet signing when possible.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000270</td> <td>Passwords must not be saved in the Remote Desktop Client.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000275</td> <td>Local drives must be prevented from sharing with Remote Desktop Session Hosts.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000280</td> <td>Remote Desktop Services must always prompt a client for passwords upon connection.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000285</td> <td>The Remote Desktop Session Host must require secure RPC communications.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000290</td> <td>Remote Desktop Services must be configured with the client connection encryption set to the required level.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000295</td> <td>Attachments must be prevented from being downloaded from RSS feeds.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000145</td> <td>Anonymous enumeration of SAM accounts must not be allowed.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-CC-000300</td> <td>Basic authentication for RSS feeds over HTTP must not be used.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000150</td> <td>Anonymous enumeration of shares must be restricted.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000305</td> <td>Indexing of encrypted files must be turned off.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000160</td> <td>The system must be configured to prevent anonymous users from having the same rights as the Everyone group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000165</td> <td>Anonymous access to Named Pipes and Shares must be restricted.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000175</td> <td>Services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity vs. authenticating anonymously.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000180</td> <td>NTLM must be prevented from falling back to a Null session.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000185</td> <td>PKU2U authentication using online identities must be prevented.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000190</td> <td>Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000195</td> <td>The system must be configured to prevent the storage of the LAN Manager hash of passwords.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000205</td> <td>The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000210</td> <td>The system must be configured to the required LDAP client signing level.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000215</td> <td>The system must be configured to meet the minimum session security requirement for NTLM SSP based clients.</td> <td>Registry value: 536870912. Differs from expected value: 537395200.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000220</td> <td>The system must be configured to meet the minimum session security requirement for NTLM SSP based servers.</td> <td>Registry value: 536870912. Differs from expected value: 537395200.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000230</td> <td>The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing.</td> <td>Registry value: 0. Differs from expected value: 1.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000240</td> <td>The default permissions of global system objects must be increased.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000245</td> <td>User Account Control approval mode for the built-in Administrator must be enabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000250</td> <td>User Account Control must, at minimum, prompt administrators for consent on the secure desktop.</td> <td>Registry value: 5. Differs from expected value: 2.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000255</td> <td>User Account Control must automatically deny elevation requests for standard users.</td> <td>Registry value: 3. Differs from expected value: 0.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-SO-000260</td> <td>User Account Control must be configured to detect application installations and prompt for elevation.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000265</td> <td>User Account Control must only elevate UIAccess applications that are installed in secure locations.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000270</td> <td>User Account Control must run all administrators in Admin Approval Mode, enabling UAC.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000275</td> <td>User Account Control must virtualize file and registry write failures to per-user locations.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UC-000015</td> <td>Toast notifications to the lock screen must be turned off.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UC-000020</td> <td>Zone information must be preserved when saving attachments.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000066</td> <td>Command line data must be included in process creation events.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000326</td> <td>PowerShell script block logging must be enabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-00-000150</td> <td>Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000038</td> <td>WDigest Authentication must be disabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000044</td> <td>Internet connection sharing must be disabled.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000197</td> <td>Microsoft consumer experiences must be turned off.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000228</td> <td>Windows 10 must be configured to prevent Microsoft Edge browser data from being cleared on exit.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000252</td> <td>Windows 10 must be configured to disable Windows Game Recording and Broadcasting.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000068</td> <td>Windows 10 must be configured to enable Remote host allows delegation of non-exportable credentials.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-00-000165</td> <td>The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UC-000005</td> <td>The use of personal accounts for OneDrive synchronization must be disabled.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000238</td> <td>Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge.</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-CC-000204</td> <td>If Enhanced diagnostic data is enabled it must be limited to the minimum required to support Windows Analytics.</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section><h1 id="DISA-RecommendationsUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-UR-000005</td> <td>The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000010</td> <td>The Access this computer from the network user right must only be assigned to the Administrators and Remote Desktop Users groups.</td> <td>The following users have too many rights: Everyone, BUILTIN\Users, BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000015</td> <td>The Act as part of the operating system user right must not be assigned to any groups or accounts.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000025</td> <td>The Allow log on locally user right must only be assigned to the Administrators and Users groups.</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest, BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000030</td> <td>The Back up files and directories user right must only be assigned to the Administrators group.</td> <td>The following users have too many rights: BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000035</td> <td>The Change the system time user right must only be assigned to Administrators and Local Service.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000040</td> <td>The Create a pagefile user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000045</td> <td>The Create a token object user right must not be assigned to any groups or accounts.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000050</td> <td>The Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000055</td> <td>The Create permanent shared objects user right must not be assigned to any groups or accounts.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000065</td> <td>The Debug programs user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000070 MW</td> <td>The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td> <td>Not applicable. This audit applies only to MemberWorkstation.</td> <td><span class="auditstatus ">None</span></td></tr> <tr><td>WN10-UR-000070 SW</td> <td>The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000075 MW</td> <td>The Deny log on as a batch job user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts.</td> <td>Not applicable. This audit applies only to MemberWorkstation.</td> <td><span class="auditstatus ">None</span></td></tr> <tr><td>WN10-UR-000080 MW</td> <td>The Deny log on as a service user right on domain-joined workstations must be configured to prevent access from highly privileged domain accounts.</td> <td>Not applicable. This audit applies only to MemberWorkstation.</td> <td><span class="auditstatus ">None</span></td></tr> <tr><td>WN10-UR-000085 MW</td> <td>The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.</td> <td>Not applicable. This audit applies only to MemberWorkstation.</td> <td><span class="auditstatus ">None</span></td></tr> <tr><td>WN10-UR-000085 SW</td> <td>The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000090 MW</td> <td>The Deny log on through Remote Desktop Services user right on workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td> <td>Not applicable. This audit applies only to MemberWorkstation.</td> <td><span class="auditstatus ">None</span></td></tr> <tr><td>WN10-UR-000090 SW</td> <td>The Deny log on through Remote Desktop Services user right on workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems.</td> <td>The following users have don't have the rights: </td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000100</td> <td>The Force shutdown from a remote system user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000105</td> <td>The Generate security audits user right must only be assigned to Local Service and Network Service.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000110</td> <td>The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000115</td> <td>The Increase scheduling priority user right must only be assigned to the Administrators group.</td> <td>The following users have too many rights: Window Manager\Window Manager Group</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000120</td> <td>The Load and unload device drivers user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000125</td> <td>The Lock pages in memory user right must not be assigned to any groups or accounts.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000130</td> <td>The Manage auditing and security log user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000140</td> <td>The Modify firmware environment values user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000145</td> <td>The Perform volume maintenance tasks user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000150</td> <td>The Profile single process user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-UR-000160</td> <td>The Restore files and directories user right must only be assigned to the Administrators group.</td> <td>The following users have too many rights: BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-UR-000165</td> <td>The Take ownership of files or other objects user right must only be assigned to the Administrators group.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section><h1 id="DISA-RecommendationsAccount-Policies"><span class="failed">Account Policies</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-AC-000005</td> <td>Windows 10 account lockout duration must be configured to 15 minutes or greater.</td> <td>Currently not set.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000010</td> <td>The number of allowed bad logon attempts must be configured to 3 or less.</td> <td>Currently set to: 0. Expected: not equal 0</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000015</td> <td>The period of time before the bad logon counter is reset must be configured to 15 minutes.</td> <td>Currently not set.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000020</td> <td>The password history must be configured to 24 passwords remembered.</td> <td>Currently set to: 0. Expected: greater than or equal 24</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000025</td> <td>The maximum password age must be configured to 60 days or less.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-AC-000030</td> <td>The minimum password age must be configured to at least 1 day.</td> <td>Currently set to: 0. Expected: greater than or equal 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000035</td> <td>Passwords must, at a minimum, be 14 characters.</td> <td>Currently set to: 0. Expected: greater than or equal 14</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000040</td> <td>The built-in Microsoft password complexity filter must be enabled.</td> <td>Currently set to: 0. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AC-000045</td> <td>Reversible password encryption must be disabled.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-SO-000140</td> <td>Anonymous SID/Name translation must not be allowed.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section><h1 id="DISA-RecommendationsWindows-Features"><span class="passed">Windows Features</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-00-000100</td> <td>Internet Information System (IIS) or its subcomponents must not be installed on a workstation.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-00-000110</td> <td>Simple TCP/IP Services must not be installed on the system.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-00-000115</td> <td>The Telnet Client must not be installed on the system.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-00-000120</td> <td>The TFTP Client must not be installed on the system.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section><h1 id="DISA-RecommendationsFile-System-Permissions"><span class="failed">File System Permissions</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-AU-000515</td> <td>Permissions for the Application event log must prevent access by non-privileged accounts.</td> <td>Unexpected 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' with access 'ReadData, ReadExtendedAttributes, WriteExtendedAttributes, ReadPermissions'</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AU-000520</td> <td>Permissions for the Security event log must prevent access by non-privileged accounts.</td> <td>Unexpected 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' with access 'ReadData, ReadExtendedAttributes, WriteExtendedAttributes, ReadPermissions'</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-AU-000525</td> <td>Permissions for the System event log must prevent access by non-privileged accounts.</td> <td>Unexpected 'APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES' with access 'ReadData, ReadExtendedAttributes, WriteExtendedAttributes, ReadPermissions'</td> <td><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section><h1 id="DISA-RecommendationsRegistry-Permissions"><span class="failed">Registry Permissions</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>WN10-RG-000005 A</td> <td>Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>WN10-RG-000005 B</td> <td>Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td> <td>Unexpected 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681' with access 'ReadKey'</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>WN10-RG-000005 C</td> <td>Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.</td> <td>Unexpected 'S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681' with access 'ReadKey'</td> <td><span class="auditstatus failed">False</span></td></tr></tbody></table></section></section><section><h1 id="CIS-Benchmarks"><span class="failed">CIS Benchmarks</span><a href="#" class="totop">^</a></h1><p>This section contains all benchmarks from CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.0.0 - 03-31-2017. WARNING: Tests in this version haven't been fully tested yet.</p><section><h1 id="CIS-BenchmarksRegistry-Settings/Group-Policies"><span class="failed">Registry Settings/Group Policies</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>2.3.1.2</td> <td>(L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.1.4</td> <td>(L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.2.1</td> <td>(L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.2.2</td> <td>(L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.4.1</td> <td>(L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.4.2</td> <td>(L2) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.6.1</td> <td>(L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.6.2</td> <td>(L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.6.3</td> <td>(L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.6.4</td> <td>(L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.6.5</td> <td>(L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.6.6</td> <td>(L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.7.1</td> <td>(L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.2</td> <td>(L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.3</td> <td>(BL) Ensure 'Interactive logon: Machine account lockout threshold' is set to '10 or fewer invalid logon attempts, but not 0'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.4</td> <td>(L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.5</td> <td>(L1) Configure 'Interactive logon: Message text for users attempting to log on'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.7.6</td> <td>(L1) Configure 'Interactive logon: Message title for users attempting to log on'</td> <td>Registry value is ''. Expected: pattern match .+</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.7</td> <td>(L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'</td> <td>Registry value is '10'. Expected: pattern match ^[43210]$</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.7.8</td> <td>(L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.7.9</td> <td>(L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher</td> <td>Registry value is '0'. Expected: pattern match ^(1|2|3)$</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.8.1</td> <td>(L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.8.2</td> <td>(L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.8.3</td> <td>(L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.9.1</td> <td>(L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.9.2</td> <td>(L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.9.3</td> <td>(L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.9.4</td> <td>(L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.9.5</td> <td>(L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.10.2</td> <td>(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.3</td> <td>(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.10.4</td> <td>(L1) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.10.5</td> <td>(L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.6</td> <td>(L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None'</td> <td>Registry value is ''. Expected: equals </td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.10.7</td> <td>(L1) Ensure 'Network access: Remotely accessible registry paths'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.8</td> <td>(L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.9</td> <td>(L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.10</td> <td>(L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.10.11</td> <td>(L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.10.12</td> <td>(L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.11.1</td> <td>(L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.2</td> <td>(L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.3</td> <td>(L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.4</td> <td>(L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'</td> <td>Registry key not found.
Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.5</td> <td>(L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.11.7</td> <td>(L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM&NTLM'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.8</td> <td>(L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.11.9</td> <td>(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td> <td>Registry value is '536870912'. Expected: equals 537395200</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.11.10</td> <td>(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</td> <td>Registry value is '536870912'. Expected: equals 537395200</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.14.1</td> <td>(L2) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.15.1</td> <td>(L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.15.2</td> <td>(L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.1</td> <td>(L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.17.2</td> <td>(L1) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.3</td> <td>(L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'</td> <td>Registry value is '5'. Expected: equals 2</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.17.4</td> <td>(L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'</td> <td>Registry value is '3'. Expected: equals 0</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.3.17.5</td> <td>(L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.6</td> <td>(L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.7</td> <td>(L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.8</td> <td>(L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.3.17.9</td> <td>(L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.1</td> <td>(L2) Ensure 'Bluetooth Handsfree Service (BthHFSrv)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.2</td> <td>(L2) Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.3</td> <td>(L1) Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.4</td> <td>(L2) Ensure 'Downloaded Maps Manager (MapsBroker)' is set to 'Disabled'</td> <td>Registry value is '2'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.5</td> <td>(L2) Ensure 'Geolocation Service (lfsvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.6</td> <td>(L1) Ensure 'HomeGroup Listener (HomeGroupListener)' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.7</td> <td>(L1) Ensure 'HomeGroup Provider (HomeGroupProvider)' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.8</td> <td>(L1) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.9</td> <td>(L1) Ensure 'Infrared monitor service (irmon)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.10</td> <td>(L1) Ensure 'Internet Connection Sharing (ICS) (SharedAccess) ' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.11</td> <td>(L2) Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.12</td> <td>(L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.13</td> <td>(L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.14</td> <td>(L2) Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.15</td> <td>(L2) Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.16</td> <td>(L2) Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.17</td> <td>(L2) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.18</td> <td>(L2) Ensure 'PNRP Machine Name Publication Service (PNRPAutoReg)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.19</td> <td>(L2) Ensure 'Problem Reports and Solutions Control Panel Support (wercplsupport)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.20</td> <td>(L2) Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.21</td> <td>(L2) Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.22</td> <td>(L2) Ensure 'Remote Desktop Services (TermService)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.23</td> <td>(L2) Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.24</td> <td>(L1) Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.25</td> <td>(L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.26</td> <td>(L1) Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.27</td> <td>(L2) Ensure 'Server (LanmanServer)' is set to 'Disabled'</td> <td>Registry value is '2'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.28</td> <td>(L1) Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.29</td> <td>(L2) Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.30</td> <td>(L1) Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.31</td> <td>(L1) Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.32</td> <td>(L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.33</td> <td>(L2) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.34</td> <td>(L2) Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.35</td> <td>(L1) Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled' or 'Not Installed'</td> <td>Registry value found.
Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.36</td> <td>(L1) Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.37</td> <td>(L2) Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'</td> <td>Registry value is '2'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.38</td> <td>(L2) Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.39</td> <td>(L2) Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.40</td> <td>(L2) Ensure 'Windows Store Install Service (InstallService)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.41</td> <td>(L1) Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>5.42</td> <td>(L1) Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.43</td> <td>(L1) Ensure 'Xbox Game Monitoring (xbgm)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.44</td> <td>(L1) Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.45</td> <td>(L1) Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>5.46</td> <td>(L1) Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'</td> <td>Registry value is '3'. Expected: equals 4</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.1.1.1</td> <td>(L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.1.1.2</td> <td>(L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.1.2.2</td> <td>(L1) Ensure 'Allow input personalization' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.1.3</td> <td>(L2) Ensure 'Allow Online Tips' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.1</td> <td>(L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed</td> <td>Registry key not found.
Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.2</td> <td>(L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.3</td> <td>(L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.4</td> <td>(L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.5</td> <td>(L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.2.6</td> <td>(L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.1</td> <td>(L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.2</td> <td>(L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.3</td> <td>(L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.4</td> <td>(L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.5</td> <td>(L1) Ensure 'Turn on Windows Defender protection against Potentially Unwanted Applications' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.3.6</td> <td>(L1) Ensure 'WDigest Authentication' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.1</td> <td>(L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>18.4.2</td> <td>(L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.3</td> <td>(L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.4</td> <td>(L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.5</td> <td>(L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.6</td> <td>(L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.7</td> <td>(L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.8</td> <td>(L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.9</td> <td>(L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.10</td> <td>(L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.11</td> <td>(L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.12</td> <td>(L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.4.13</td> <td>(L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.4.1</td> <td>(L1) Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)')</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.4.2</td> <td>(L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.5.1</td> <td>(L2) Ensure 'Enable Font Providers' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.8.1</td> <td>(L1) Ensure 'Enable insecure guest logons' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.9.1</td> <td>(L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.9.2</td> <td>(L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.10.2</td> <td>(L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'</td> <td>Registry value is '0'. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.11.2</td> <td>(L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.11.3</td> <td>(L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.11.4</td> <td>(L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.14.1</td> <td>(L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'</td> <td>Registry value is ''. Expected: pattern match [Rr]equire([Mm]utual[Aa]uthentication|[Ii]ntegrity)=1.*[Rr]equire([Mm]utual[Aa]uthentication|[Ii]ntegrity)=1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.19.2.1</td> <td>(L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.20.1</td> <td>(L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.20.2</td> <td>(L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.21.1</td> <td>(L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.21.2</td> <td>(L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.5.23.2.1</td> <td>(L1) Ensure 'Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.3.1</td> <td>(L1) Ensure 'Include command line in process creation events' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.4.1</td> <td>(L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.5.1</td> <td>(NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.5.2</td> <td>(NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot and DMA Protection'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.5.3</td> <td>(NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.5.4</td> <td>(NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.5.5</td> <td>(NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.1</td> <td>(BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.2</td> <td>(BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.3</td> <td>(BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked)</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.4</td> <td>(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.5</td> <td>(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup' is set to 'IEEE 1394 device setup classes'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.7.1.6</td> <td>(BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.14.1</td> <td>(L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.21.2</td> <td>(L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.21.3</td> <td>(L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.21.4</td> <td>(L1) Ensure 'Continue experiences on this device' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.21.5</td> <td>(L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'</td> <td>Compliant. Registry value not found.</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>18.8.22.1.1</td> <td>(L2) Ensure 'Turn off access to the Store' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.2</td> <td>(L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.3</td> <td>(L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.4</td> <td>(L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.5</td> <td>(L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.6</td> <td>(L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.7</td> <td>(L1) Ensure 'Turn off printing over HTTP' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.8</td> <td>(L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.9</td> <td>(L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.10</td> <td>(L2) Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.11</td> <td>(L2) Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.12</td> <td>(L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.13</td> <td>(L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.22.1.14</td> <td>(L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.25.1</td> <td>(L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.26.1</td> <td>(L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.1</td> <td>(L1) Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.2</td> <td>(L1) Ensure 'Do not display network selection UI' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.3</td> <td>(L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.4</td> <td>(L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.5</td> <td>(L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.6</td> <td>(L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.27.7</td> <td>(L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.1</td> <td>(L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.2</td> <td>(L1) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.3</td> <td>(BL) Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.4</td> <td>(BL) Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.5</td> <td>(L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.33.6.6</td> <td>(L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.35.1</td> <td>(L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.35.2</td> <td>(L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.36.1</td> <td>(L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.36.2</td> <td>(L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.44.5.1</td> <td>(L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.44.11.1</td> <td>(L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.46.1</td> <td>(L2) Ensure 'Turn off the advertising ID' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.49.1.1</td> <td>(L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.8.49.1.2</td> <td>(L2) Ensure 'Enable Windows NTP Server' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.4.1</td> <td>(L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.6.1</td> <td>(L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.6.2</td> <td>(L2) Ensure 'Block launching Windows Store apps with Windows Runtime API access from hosted content.' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.8.1</td> <td>(L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.8.2</td> <td>(L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.8.3</td> <td>(L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.10.1.1</td> <td>(L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.1</td> <td>(BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.2</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.3</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.4</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.5</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.6</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.7</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.8</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.9</td> <td>(BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.10</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.11</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.12</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.13</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for fixed data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.14</td> <td>(BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.15</td> <td>(BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.1.16</td> <td>(BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.1</td> <td>(BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.2</td> <td>(BL) Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.3</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.4</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.5</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.6</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.7</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.8</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.9</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Store recovery passwords and key packages'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.10</td> <td>(BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.11</td> <td>(BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.12</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.13</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.14</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.15</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for operating system drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.16</td> <td>(BL) Ensure 'Configure use of passwords for operating system drives' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.17</td> <td>(BL) Ensure 'Require additional authentication at startup' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.18</td> <td>(BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.19</td> <td>(BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.20</td> <td>(BL) Ensure 'Require additional authentication at startup: Configure TPM startup PIN:' is set to 'Enabled: Require startup PIN with TPM'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.21</td> <td>(BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.2.22</td> <td>(BL) Ensure 'Require additional authentication at startup: Configure TPM startup key and PIN:' is set to 'Enabled: Do not allow startup key and PIN with TPM'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.1</td> <td>(BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.2</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.3</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.4</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.5</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.6</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.7</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.8</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.9</td> <td>(BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.10</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.11</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Use BitLocker software-based encryption when hardware encryption is not available' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.12</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.13</td> <td>(BL) Ensure 'Configure use of hardware-based encryption for removable data drives: Restrict crypto algorithms or cipher suites to the following:' is set to 'Enabled: 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.14</td> <td>(BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.15</td> <td>(BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.16</td> <td>(BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.17</td> <td>(BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.3.18</td> <td>(BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.4</td> <td>(BL) Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)' is set to 'Enabled: XTS-AES 256-bit'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.11.5</td> <td>(BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.12.1</td> <td>(L2) Ensure 'Allow Use of Camera' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.13.1</td> <td>(L1) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.14.1</td> <td>(L1) Ensure 'Require pin for pairing' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.15.1</td> <td>(L1) Ensure 'Do not display the password reveal button' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.15.2</td> <td>(L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.16.1</td> <td>(L1) Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic'</td> <td>Registry value not found.
Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.16.2</td> <td>(L2) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.16.3</td> <td>(L1) Ensure 'Disable pre-release features or settings' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.16.4</td> <td>(L1) Ensure 'Do not show feedback notifications' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.16.5</td> <td>(L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.17.1</td> <td>(L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.1.1</td> <td>(L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.1.2</td> <td>(L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.2.1</td> <td>(L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.2.2</td> <td>(L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.3.1</td> <td>(L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.3.2</td> <td>(L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.4.1</td> <td>(L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.26.4.2</td> <td>(L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.30.2</td> <td>(L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.30.3</td> <td>(L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.30.4</td> <td>(L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.35.1</td> <td>(L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.39.2</td> <td>(L2) Ensure 'Turn off location' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.43.1</td> <td>(L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.44.1</td> <td>(L1) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.1</td> <td>(L2) Ensure 'Allow Address bar drop-down list suggestions' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.2</td> <td>(L2) Ensure 'Allow Adobe Flash' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.3</td> <td>(L2) Ensure 'Allow InPrivate Browsing' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.4</td> <td>(L1) Ensure 'Configure cookies' is set to 'Enabled: Block only 3rd-party cookies' or higher</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.5</td> <td>(L1) Ensure 'Configure Password Manager' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.6</td> <td>(L2) Ensure 'Configure Pop-up Blocker' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.7</td> <td>(L2) Ensure 'Configure search suggestions in Address bar' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.8</td> <td>(L1) Ensure 'Configure the Adobe Flash Click-to-Run setting' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.9</td> <td>(L2) Ensure 'Prevent access to the about:flags page in Microsoft Edge' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.45.10</td> <td>(L2) Ensure 'Prevent using Localhost IP address for WebRTC' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.52.1</td> <td>(L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.57.1</td> <td>(L2) Ensure 'Turn off Push To Install service' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.2.2</td> <td>(L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.2.1</td> <td>(L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.3.1</td> <td>(L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.3.2</td> <td>(L1) Ensure 'Do not allow drive redirection' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.3.3</td> <td>(L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.3.4</td> <td>(L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.9.1</td> <td>(L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.9.2</td> <td>(L1) Ensure 'Require secure RPC communication' is set to 'Enabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.9.3</td> <td>(L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.10.1</td> <td>(L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.10.2</td> <td>(L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.11.1</td> <td>(L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.58.3.11.2</td> <td>(L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.59.1</td> <td>(L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.60.2</td> <td>(L2) Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>18.9.60.3</td> <td>(L1) Ensure 'Allow Cortana' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.60.4</td> <td>(L1) Ensure 'Allow Cortana above lock screen' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.60.5</td> <td>(L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.60.6</td> <td>(L1) Ensure 'Allow search and Cortana to use location' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.65.1</td> <td>(L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.68.1</td> <td>(L2) Ensure 'Disable all apps from Windows Store' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.68.2</td> <td>(L1) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.68.3</td> <td>(L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.68.4</td> <td>(L2) Ensure 'Turn off the Store application' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.3.1</td> <td>(L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.3.2</td> <td>(L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>18.9.76.7.1</td> <td>(L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.9.1</td> <td>(L2) Ensure 'Configure Watson events' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.10.1</td> <td>(L1) Ensure 'Scan removable drives' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.10.2</td> <td>(L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.13.1.1</td> <td>(L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.13.1.2</td> <td>(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.13.3.1</td> <td>(L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.76.14</td> <td>(L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.77.1</td> <td>(NG) Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.77.2</td> <td>(NG) Ensure 'Allow data persistence for Windows Defender Application Guard' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.77.3</td> <td>(NG) Ensure 'Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.77.4</td> <td>(NG) Ensure 'Turn on Windows Defender Application Guard in Enterprise Mode' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.79.1.1</td> <td>(L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.80.1.1</td> <td>(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.80.2.1</td> <td>(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.80.2.2</td> <td>(L1) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for files' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.80.2.3</td> <td>(L1) Ensure 'Prevent bypassing Windows Defender SmartScreen prompts for sites' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.82.1</td> <td>(L1) Ensure 'Enables or disables Windows Game Recording and Broadcasting' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.84.1</td> <td>(L2) Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.84.2</td> <td>(L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On'</td> <td>Registry key not found.
Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.85.1</td> <td>(L1) Ensure 'Allow user control over installs' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.85.2</td> <td>(L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.85.3</td> <td>(L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.86.1</td> <td>(L1) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'</td> <td>Registry value not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.95.1</td> <td>(L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.95.2</td> <td>(L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.1.1</td> <td>(L1) Ensure 'Allow Basic authentication' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.1.2</td> <td>(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.1.3</td> <td>(L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.2.1</td> <td>(L1) Ensure 'Allow Basic authentication' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.2.2</td> <td>(L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.2.3</td> <td>(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.97.2.4</td> <td>(L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.98.1</td> <td>(L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.1.1</td> <td>(L1) Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.1.2</td> <td>(L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.1.3</td> <td>(L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.2</td> <td>(L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.3</td> <td>(L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>18.9.101.4</td> <td>(L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'</td> <td>Registry key not found.</td> <td><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section><h1 id="CIS-BenchmarksUser-Rights-Assignment"><span class="failed">User Rights Assignment</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>2.2.1</td> <td>(L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.2</td> <td>(L1) Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users'</td> <td>The following users have too many rights: Everyone, BUILTIN\Users, BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.3</td> <td>(L1) Ensure 'Act as part of the operating system' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.4</td> <td>(L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.5</td> <td>(L1) Ensure 'Allow log on locally' is set to 'Administrators, Users'</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest, BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.6</td> <td>(L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.7</td> <td>(L1) Ensure 'Back up files and directories' is set to 'Administrators'</td> <td>The following users have too many rights: BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.8</td> <td>(L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.9</td> <td>(L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.10</td> <td>(L1) Ensure 'Create a pagefile' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.11</td> <td>(L1) Ensure 'Create a token object' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.12</td> <td>(L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.13</td> <td>(L1) Ensure 'Create permanent shared objects' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.14</td> <td>(L1) Configure 'Create symbolic links'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.15</td> <td>(L1) Ensure 'Debug programs' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.16</td> <td>(L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account'</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.17</td> <td>(L1) Ensure 'Deny log on as a batch job' to include 'Guests'</td> <td>The following users have don't have the rights: </td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.18</td> <td>(L1) Ensure 'Deny log on as a service' to include 'Guests'</td> <td>The following users have don't have the rights: </td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.19</td> <td>(L1) Ensure 'Deny log on locally' to include 'Guests'</td> <td>The following users have too many rights: DESKTOP-VSBMIM9\Guest</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.20</td> <td>(L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'</td> <td>The following users have don't have the rights: </td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.21</td> <td>(L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.22</td> <td>(L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.23</td> <td>(L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.24</td> <td>(L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.25</td> <td>(L1) Ensure 'Increase scheduling priority' is set to 'Administrators'</td> <td>The following users have too many rights: Window Manager\Window Manager Group</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.26</td> <td>(L1) Ensure 'Load and unload device drivers' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.27</td> <td>(L1) Ensure 'Lock pages in memory' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.28</td> <td>(L2) Ensure 'Log on as a batch job' is set to 'Administrators'</td> <td>The following users have too many rights: BUILTIN\Backup Operators, BUILTIN\Performance Log Users</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.29</td> <td>(L2) Ensure 'Log on as a service' is set to 'No One'</td> <td>The following users have too many rights: NT SERVICE\ALL SERVICES</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.30</td> <td>(L1) Ensure 'Manage auditing and security log' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.31</td> <td>(L1) Ensure 'Modify an object label' is set to 'No One'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.32</td> <td>(L1) Ensure 'Modify firmware environment values' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.33</td> <td>(L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.34</td> <td>(L1) Ensure 'Profile single process' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.35</td> <td>(L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'</td> <td>The following users have too many rights: NT SERVICE\WdiServiceHost</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.36</td> <td>(L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>2.2.37</td> <td>(L1) Ensure 'Restore files and directories' is set to 'Administrators'</td> <td>The following users have too many rights: BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.38</td> <td>(L1) Ensure 'Shut down the system' is set to 'Administrators, Users'</td> <td>The following users have too many rights: BUILTIN\Backup Operators</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>2.2.39</td> <td>(L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section><h1 id="CIS-BenchmarksAccount-Policies"><span class="failed">Account Policies</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>1.1.1</td> <td>(L1) Ensure 'Enforce password history' is set to '24 or more password(s)'</td> <td>Currently set to: 0. Expected: greater than or equal 24</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.1.2</td> <td>(L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>1.1.3</td> <td>(L1) Ensure 'Minimum password age' is set to '1 or more day(s)'</td> <td>Currently set to: 0. Expected: greater than or equal 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.1.4</td> <td>(L1) Ensure 'Minimum password length' is set to '14 or more character(s)'</td> <td>Currently set to: 0. Expected: greater than or equal 14</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.1.5</td> <td>(L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'</td> <td>Currently set to: 0. Expected: equals 1</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.1.6</td> <td>(L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>1.2.1</td> <td>(L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'</td> <td>Currently not set.</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.2.2</td> <td>(L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'</td> <td>Currently set to: 0. Expected: greater than 0</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>1.2.3</td> <td>(L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'</td> <td>Currently not set.</td> <td><span class="auditstatus failed">False</span></td></tr></tbody></table></section><section><h1 id="CIS-BenchmarksWindows-Firewall-with-Advanced-Security"><span class="failed">Windows Firewall with Advanced Security</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>17.1.1</td> <td>(L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.1</td> <td>(L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.2</td> <td>(L1) Ensure 'Audit Computer Account Management' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.3</td> <td>(L1) Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.4</td> <td>(L1) Ensure 'Audit Security Group Management' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.5</td> <td>(L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.3.1</td> <td>(L1) Ensure 'Audit PNP Activity' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.3.2</td> <td>(L1) Ensure 'Audit Process Creation' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.1</td> <td>(L1) Ensure 'Audit Account Lockout' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.2</td> <td>(L1) Ensure 'Audit Group Membership' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.3</td> <td>(L1) Ensure 'Audit Logoff' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.5.4</td> <td>(L1) Ensure 'Audit Logon' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.5.5</td> <td>(L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.6</td> <td>(L1) Ensure 'Audit Special Logon' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.6.1</td> <td>(L1) Ensure 'Audit File Share' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.6.2</td> <td>(L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.6.3</td> <td>(L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.7.1</td> <td>(L1) Ensure 'Audit Audit Policy Change' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.7.2</td> <td>(L1) Ensure 'Audit Authentication Policy Change' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.7.3</td> <td>(L1) Ensure 'Audit Authorization Policy Change' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.8.1</td> <td>(L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.1</td> <td>(L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.2</td> <td>(L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.9.3</td> <td>(L1) Ensure 'Audit Security State Change' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.9.4</td> <td>(L1) Ensure 'Audit Security System Extension' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.5</td> <td>(L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section><section><h1 id="CIS-BenchmarksAdvanced-Audit-Policy-Configuration"><span class="failed">Advanced Audit Policy Configuration</span><a href="#" class="totop">^</a></h1><table class="audit-info"><tbody><tr><th>Id</th> <th>Task</th> <th>Message</th> <th>Audit</th></tr><tr><td>17.1.1</td> <td>(L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.1</td> <td>(L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.2</td> <td>(L1) Ensure 'Audit Computer Account Management' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.3</td> <td>(L1) Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.4</td> <td>(L1) Ensure 'Audit Security Group Management' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.2.5</td> <td>(L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.3.1</td> <td>(L1) Ensure 'Audit PNP Activity' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.3.2</td> <td>(L1) Ensure 'Audit Process Creation' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.1</td> <td>(L1) Ensure 'Audit Account Lockout' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.2</td> <td>(L1) Ensure 'Audit Group Membership' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.3</td> <td>(L1) Ensure 'Audit Logoff' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.5.4</td> <td>(L1) Ensure 'Audit Logon' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.5.5</td> <td>(L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.5.6</td> <td>(L1) Ensure 'Audit Special Logon' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.6.1</td> <td>(L1) Ensure 'Audit File Share' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.6.2</td> <td>(L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.6.3</td> <td>(L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.7.1</td> <td>(L1) Ensure 'Audit Audit Policy Change' is set to 'Success and Failure'</td> <td>Set to: Success</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.7.2</td> <td>(L1) Ensure 'Audit Authentication Policy Change' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.7.3</td> <td>(L1) Ensure 'Audit Authorization Policy Change' is set to 'Success'</td> <td>Set to: No Auditing
Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.8.1</td> <td>(L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.1</td> <td>(L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.2</td> <td>(L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.9.3</td> <td>(L1) Ensure 'Audit Security State Change' is set to 'Success'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr> <tr><td>17.9.4</td> <td>(L1) Ensure 'Audit Security System Extension' is set to 'Success and Failure'</td> <td>Set to: No Auditing</td> <td><span class="auditstatus failed">False</span></td></tr> <tr><td>17.9.5</td> <td>(L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'</td> <td>Compliant</td> <td><span class="auditstatus passed">True</span></td></tr></tbody></table></section></section></div></body></html>
Reference in New Issue View Git Blame Copy Permalink