| 3.5.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)' is set to 'Enabled' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.6.8.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.6.8.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.6.17.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.6.17.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.1 (L2) Ensure 'Turn off access to the Store' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.3 (L2) Ensure 'Turn off Help Experience Improvement Program (User)' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.4 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.6 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.8 (L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.10 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.20.1.13 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.10.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.10.24.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' | ACCESS CONTROL |
| 3.10.38.5.1 (L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.11.3.2 (L2) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.28.3.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.11.28.10.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled' | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.11.35.1 (L2) Ensure 'Turn off Push To Install service' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.36.4.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.11.36.4.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.36.4.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.36.4.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.36.4.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)' | ACCESS CONTROL |
| 3.11.36.4.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' | ACCESS CONTROL |
| 3.11.42.2 (L2) Ensure 'Turn off the Store application' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 3.11.49.1 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.11.52.1.1 (L2) Ensure 'Prevent Codec Download (User)' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11.55.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 3.11.56.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 11.1 (L2) Ensure 'Allow Camera' is set to 'Not allowed' | CONFIGURATION MANAGEMENT |
| 21.8 (L2) Ensure 'Enable File Hash Computation' is set to 'Enable' | SYSTEM AND INFORMATION INTEGRITY |
| 30.3 (L2) Ensure 'Allow Windows Spotlight (User)' is set to 'Block' | CONFIGURATION MANAGEMENT |
| 43.1 (L2) Ensure 'Disallow KMS Client Online AVS Validation' is set to 'Allow' | SYSTEM AND INFORMATION INTEGRITY |
| 45.6 (L2) Ensure 'Devices: Prevent users from installing printer drivers when connecting to shared printers' is set to 'Enable' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 48.3 (L2) Ensure 'Disable Store Originated Apps' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 58.1 (L2) Ensure 'Allow Cross Device Clipboard' is set to 'Block' | CONFIGURATION MANAGEMENT |
| 58.3 (L2) Ensure 'Disable Advertising ID' is set to 'Enabled' | CONFIGURATION MANAGEMENT |
| 58.5 (L2) Ensure 'Upload User Activities' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 60.1 (L2) Ensure 'Allow Cloud Search' is set to 'Not allowed' | CONFIGURATION MANAGEMENT |
| 60.4 (L2) Ensure 'Allow search highlights' is set to '0' | CONFIGURATION MANAGEMENT |
| 62.1 (L2) Ensure 'Allow Online Tips' is set to 'Block' | SYSTEM AND INFORMATION INTEGRITY |
