2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | ACCESS CONTROL |
2.3.10.4 (L2) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' | IDENTIFICATION AND AUTHENTICATION |
18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | SYSTEM AND COMMUNICATIONS PROTECTION |
18.5.7 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CONFIGURATION MANAGEMENT |
18.6.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
18.6.10.2 (L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CONFIGURATION MANAGEMENT |
18.6.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.6.20.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.3 (L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.4 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.6 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.8 (L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.10 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.20.1.13 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.26.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.9.46.5.1 (L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.9.46.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.9.50.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
18.10.37.1.1 (L2) Ensure 'Turn off Windows Location Provider' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.43.5.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled' | SECURITY ASSESSMENT AND AUTHORIZATION |
18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.57.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.57.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.57.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
18.10.57.3.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)' | ACCESS CONTROL |
18.10.57.3.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' | ACCESS CONTROL |
18.10.81.3 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.10.89.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
18.10.90.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
19.7.42.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | |