DISA Windows Server 2012 and 2012 R2 DC STIG v3r4

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Windows Server 2012 and 2012 R2 DC STIG v3r4

Updated: 3/8/2023

Authority: Operating Systems and Applications

Plugin: Windows

Revision: 1.6

Estimated Item Count: 396

Audit Changelog

 
Revision 1.6

Mar 8, 2023

Functional Update
  • WN12-CC-000071 - The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
  • WN12-SO-000067 - The LanMan authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM.
Revision 1.5

Feb 27, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.4

Dec 19, 2022

Functional Update
  • WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled.
Miscellaneous
  • Variables updated.
Revision 1.3

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.2

Sep 23, 2022

Functional Update
  • WN12-AD-000002-DC - The Active Directory SYSVOL directory must have the proper access control permissions.
Revision 1.1

Aug 11, 2022

Functional Update
  • WN12-00-000009-01 - Members of the Backup Operators group must be documented.
  • WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
  • WN12-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2012 / 2012 R2.
  • WN12-FW-000001 - A host-based firewall must be installed and enabled on the system.
  • WN12-GE-000010 - The system must not boot into multiple operating systems (dual-boot).
  • WN12-GE-000012 - Nonadministrative user accounts or groups must only have print permissions on printer shares.
  • WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled.
  • WN12-GE-000056 - Windows 2012 / 2012 R2 must automatically remove or disable temporary user accounts after 72 hours.
  • WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
Informational Update
  • WN12-00-000009-01 - Members of the Backup Operators group must be documented.
  • WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
  • WN12-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2012 / 2012 R2.
  • WN12-FW-000001 - A host-based firewall must be installed and enabled on the system.
  • WN12-GE-000010 - The system must not boot into multiple operating systems (dual-boot).
  • WN12-GE-000012 - Nonadministrative user accounts or groups must only have print permissions on printer shares.
  • WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled.
  • WN12-GE-000056 - Windows 2012 / 2012 R2 must automatically remove or disable temporary user accounts after 72 hours.
  • WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
Miscellaneous
  • References updated.
Revision 1.0

Jun 28, 2022

Miscellaneous
  • Metadata updated.