CIS Windows Server 2012 R2 DC L2 v2.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Windows Server 2012 R2 DC L2 v2.5.0

Updated: 12/21/2022

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.2

Estimated Item Count: 56

File Details

Filename: CIS_DC_SERVER_2012_R2_Level_2_v2.5.0.audit

Size: 119 kB

MD5: e3a9ee0f1213f4c9c9b2a3c03dc6d381
SHA256: a5a52d3bb98b9dfeb1c1136975e566fe2594dbf8a8656f5a1b5b8f9f4af48029

Audit Items

DescriptionCategories
2.2.36 Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only)

ACCESS CONTROL

2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'

IDENTIFICATION AND AUTHENTICATION

18.4.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'

SYSTEM AND COMMUNICATIONS PROTECTION

18.4.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

18.4.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND COMMUNICATIONS PROTECTION

18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOndomain

CONFIGURATION MANAGEMENT

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNet

CONFIGURATION MANAGEMENT

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIO

CONFIGURATION MANAGEMENT

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - ProhibitLLTDIOOnPrivateNet

CONFIGURATION MANAGEMENT

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOndomain

CONFIGURATION MANAGEMENT

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnPublicNet

CONFIGURATION MANAGEMENT

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - EnableRspndr

CONFIGURATION MANAGEMENT

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - ProhibitRspndrOnPrivateNet

CONFIGURATION MANAGEMENT

18.5.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableFlashConfigRegistrar

CONFIGURATION MANAGEMENT

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableInBand802DOT11Registrar

CONFIGURATION MANAGEMENT

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableUPnPRegistrar

CONFIGURATION MANAGEMENT

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableWPDRegistrar

CONFIGURATION MANAGEMENT

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - EnableRegistrars

CONFIGURATION MANAGEMENT

18.5.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.7.1.1 Ensure 'Turn off notifications network usage' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.8.22.1.4 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.8 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.22.1.9 Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' - Enabled

CONFIGURATION MANAGEMENT

18.8.22.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' - Enabled

CONFIGURATION MANAGEMENT

18.8.22.1.11 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.22.1.12 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.13 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.8.27.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.47.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'

ACCESS CONTROL

18.8.49.1 Ensure 'Turn off the advertising ID' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.8.52.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.39.1.1 Ensure 'Turn off Windows Location Provider' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.39.2 Ensure 'Turn off location' is set to 'Enabled'

ACCESS CONTROL

18.9.45.3.2 Ensure 'Join Microsoft MAPS' is set to 'Disabled'

ACCESS CONTROL

18.9.45.10.1 Ensure 'Configure Watson events' is set to 'Disabled'

CONFIGURATION MANAGEMENT

18.9.63.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'

ACCESS CONTROL

18.9.63.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.63.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.63.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.63.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'

ACCESS CONTROL

18.9.63.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'

ACCESS CONTROL

18.9.65.3 Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info'

ACCESS CONTROL