CIS Microsoft Windows Server 2008 Member Server Level 2 v3.2.0

Audit Details

Name: CIS Microsoft Windows Server 2008 Member Server Level 2 v3.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Windows

Revision: 1.5

Estimated Item Count: 51

File Details

Filename: CIS_MS_Windows_Server_2008_v3.2.0_MS_L2.audit

Size: 123 kB

MD5: a4e65e10b7a86a48c2111fa004bf0365
SHA256: e0d0c14ea9c6619ba43d412add974e5c1efcee988df678d044df33d342d2e89b

Audit Items

DescriptionCategories
2.3.7.5 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' (MS only)

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'

IDENTIFICATION AND AUTHENTICATION

18.4.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'

SYSTEM AND INFORMATION INTEGRITY

18.4.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.4.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND INFORMATION INTEGRITY

18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (AllowLLTDIOOnDomain)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (AllowLLTDIOOnPublicNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (EnableLLTDIO)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - Disabled (ProhibitLLTDIOOnPrivateNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (AllowRspndrOnDomain)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (AllowRspndrOnPublicNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (EnableRspndr)

SYSTEM AND INFORMATION INTEGRITY

18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - Disabled (ProhibitRspndrOnPrivateNet)

SYSTEM AND INFORMATION INTEGRITY

18.5.10.1 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.5.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')

SYSTEM AND INFORMATION INTEGRITY

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableFlashConfigRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableInBand802DOT11Registrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableUPnPRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (DisableWPDRegistrar)

ACCESS CONTROL

18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - Disabled (EnableRegistrars)

ACCESS CONTROL

18.5.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.2 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.3 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.5 Ensure 'Turn off Internet File Association service' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'

ACCESS CONTROL

18.8.22.1.8 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.9 Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' - Enabled

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' - Enabled

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.11 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.12 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.22.1.13 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

18.8.37.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' (MS only)

SYSTEM AND INFORMATION INTEGRITY

18.8.47.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.8.52.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)

SYSTEM AND INFORMATION INTEGRITY

18.9.59.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

18.9.59.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.59.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.59.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.59.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'

ACCESS CONTROL

18.9.59.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'

ACCESS CONTROL

18.9.77.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled'

SECURITY ASSESSMENT AND AUTHORIZATION

18.9.85.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

18.9.97.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

18.9.98.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'

SECURITY ASSESSMENT AND AUTHORIZATION

19.7.45.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled'

CONFIGURATION MANAGEMENT