CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.2.0

Audit Details

Name: CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.5

Estimated Item Count: 49

File Details

Filename: CIS_MS_Windows_Server_2008_v3.2.0_DC_L2.audit

Size: 113 kB

MD5: 883283f19774b2afd63a736349b28a6a
SHA256: 9b7b0be6af5dc4b00b6e0ea0d068b1652db092879ced8f97361ccd3bde527216

Audit Items

DescriptionCategories
2.2.36 Ensure 'Log on as a batch job' is set to 'Administrators' (DC only)

ACCESS CONTROL

2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'

IDENTIFICATION AND AUTHENTICATION

18.4.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'

SYSTEM AND INFORMATION INTEGRITY

18.4.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.4.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND INFORMATION INTEGRITY

18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (AllowLLTDIOOnDomain)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (AllowLLTDIOOnPublicNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (EnableLLTDIO)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (ProhibitLLTDIOOnPrivateNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (AllowRspndrOnDomain)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (AllowRspndrOnPublicNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (EnableRspndr)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (ProhibitRspndrOnPrivateNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.10.1 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')

SYSTEM AND INFORMATION INTEGRITY

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableFlashConfigRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableInBand802DOT11Registrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableUPnPRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableWPDRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (EnableRegistrars)

ACCESS CONTROL

18.5.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.2 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.3 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.5 Ensure 'Turn off Internet File Association service' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.8 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.9 Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.11 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.12 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.13 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.47.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'

ACCESS CONTROL

18.8.52.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'

ACCESS CONTROL

18.9.59.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.59.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.59.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'

CONFIGURATION MANAGEMENT

18.9.59.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'

ACCESS CONTROL

18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'

ACCESS CONTROL

18.9.77.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled'

ACCESS CONTROL

18.9.85.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.98.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'

ACCESS CONTROL

19.7.45.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

CIS_MS_Windows_Server_2008_v3.2.0_L2_DC.audit from CIS MS Windows Server 2008 non-R2 Benchmark v3.2.0