Detections
Analytics

MSCM V1.0 Windows 2008 R2 EC Member Server

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: MSCM V1.0 Windows 2008 R2 EC Member Server

Updated: 4/2/2021

Authority: MSCM

Plugin: Windows

Revision: 1.5

Estimated Item Count: 135

Audit Items

DescriptionCategories
CCE-9937-4:Create a pagefile
CCE-9992-9:Accounts: Limit local account use of blank passwords to console logon only
CCE-10009-9:Domain member: Digitally sign secure channel data (when possible)
CCE-10019-8:MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
CCE-10027-1:Network access: Do not allow anonymous enumeration of SAM accounts
CCE-10035-4:Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
CCE-10040-4:Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
CCE-10086-7:Access this computer from the network
CCE-10109-7:User Account Control: Switch to the secure desktop when prompting for elevation
CCE-10112-1:Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
CCE-10113-9:Windows Firewall: Domain: Outbound connections
CCE-10123-8:Windows Firewall: Private: Outbound connections
CCE-10127-9:Windows Firewall: Private: Allow unicast response
CCE-10131-1:Windows Firewall: Private: Apply local firewall rules
CCE-10171-7:Windows Firewall: Public: Inbound connections
CCE-10188-1:Windows Firewall: Public: Apply local firewall rules
CCE-10192-3:Audit Policy: Account Logon: Credential Validation
CCE-10196-4:Audit Policy: Account Logon: Kerberos Service Ticket Operations
CCE-10201-2:Audit Policy: Account Management: Distribution Group Management
CCE-10203-8:Audit Policy: Account Management: User Account Management
CCE-10206-1:Audit Policy: DS Access: Directory Service Replication
CCE-10216-0:Audit Policy: Object Access: Certification Services
CCE-10220-2:Audit Policy: Object Access: Kernel Object
CCE-10224-4:Audit Policy: Object Access: Registry
CCE-10232-7:Act as part of the operating system
CCE-10263-2:Audit Policy: Object Access: File System
CCE-10274-9:Generate security audits
CCE-10285-5:Audit Policy: Object Access: Filtering Platform Connection
CCE-10297-0:Network access: Let Everyone permissions apply to anonymous users
CCE-10362-2:Microsoft network server: Amount of idle time required before suspending session
CCE-10369-7:Bypass traverse checking
CCE-10370-5:Recovery console: Allow automatic administrative logon
CCE-10385-3:Audit Policy: Policy Change: Audit Policy Change
CCE-10390-3:Audit Policy: System: IPsec Driver
CCE-10445-5:Audit Policy: Account Logon: Other Account Logon Events
CCE-10481-0:Windows Firewall: Public: Outbound connections
CCE-10482-8:Windows Firewall: Domain: Firewall state
CCE-10491-9:Audit Policy: Object Access: SAM
CCE-10514-8:Audit Policy: Detailed Tracking: Process Creation
CCE-10526-2:Audit Policy: Policy Change: Filtering Platform Policy Change
CCE-10529-6:Windows Firewall: Public: Apply local connection security rules
CCE-10530-4:Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change
CCE-10534-6:User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
CCE-10541-1:Domain member: Require strong (Windows 2000 or later) session key
CCE-10557-7:Network access: Do not allow anonymous enumeration of SAM accounts and shares
CCE-10570-0:User Account Control: Only elevate UIAccess applications that are installed in secure locations
CCE-10573-4:Interactive logon: Smart card removal behavior
CCE-10593-2:Audit Policy: Privilege Use: Other Privilege Use Events
CCE-10614-6:Network security: LDAP client signing requirements
CCE-10631-0:Windows Firewall: Private: Display a notification