Revision 1.8

Dec 8, 2023
Functional Update
  • 18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
  • 18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
  • 18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'
  • 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'
  • 18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'
  • 18.3.3 Ensure 'Configure SMB v1 server' is set to 'Disabled'
  • 18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
  • 18.3.5 Ensure 'WDigest Authentication' is set to 'Disabled'
  • 18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'
  • 18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'
  • 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
  • 18.5.21.1 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'
  • 18.8.22.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
  • 18.8.22.1.4 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'
  • 18.8.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled'
  • 18.8.28.4 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'
  • 18.8.28.5 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'
  • 18.8.28.6 Ensure 'Turn off picture password sign-in' is set to 'Enabled'
  • 18.8.28.7 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'
  • 18.8.34.6.5 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'
  • 18.8.34.6.6 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'
  • 18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'
  • 18.8.36.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'
  • 18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'
  • 18.8.4.1 Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'
  • 18.9.102.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'
  • 18.9.102.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'
  • 18.9.102.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'
  • 18.9.102.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'
  • 18.9.102.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'
  • 18.9.102.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'
  • 18.9.16.1 Ensure 'Do not display the password reveal button' is set to 'Enabled'
  • 18.9.16.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'
  • 18.9.31.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'
  • 18.9.31.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'
  • 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'
  • 18.9.65.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'
  • 18.9.66.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'
  • 18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'
  • 18.9.91.1 Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled'
  • 19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'