| 2.2.36 Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | ACCESS CONTROL |
| 2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' | IDENTIFICATION AND AUTHENTICATION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | SYSTEM AND INFORMATION INTEGRITY |
| 18.6.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.6.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.6.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CONFIGURATION MANAGEMENT |
| 18.6.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.6.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.8.1.1 Ensure 'Turn off notifications network usage' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.8 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.9 Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.11 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.12 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.20.1.13 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.26.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.9.46.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.9.46.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.9.50.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 18.10.37.1.1 Ensure 'Turn off Windows Location Provider' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.37.2 Ensure 'Turn off location' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.43.5.2 Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.10.43.12.1 Ensure 'Configure Watson events' is set to 'Disabled' | SECURITY ASSESSMENT AND AUTHORIZATION |
| 18.10.57.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 18.10.57.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)' | ACCESS CONTROL |
| 18.10.57.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' | ACCESS CONTROL |
| 18.10.81.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.10.89.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 18.10.90.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 19.7.42.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | |
