Detections
Analytics

MSCM V1.0 Windows 7 EC Desktop

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: MSCM V1.0 Windows 7 EC Desktop

Updated: 4/2/2021

Authority: MSCM

Plugin: Windows

Revision: 1.4

Estimated Item Count: 170

Audit Items

DescriptionCategories
CCE-8475-6:Perform volume maintenance tasks
CCE-8487-1:Interactive logon: Number of previous logons to cache (in case domain controller is not available)
CCE-8583-7:Debug programs
CCE-8591-0:MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
CCE-8612-4:Change the system time
CCE-8732-0:Replace a process level token
CCE-8806-2:Network security: LAN Manager authentication level
CCE-8807-0:Recovery console: Allow automatic administrative logon
CCE-8811-2:User Account Control: Admin Approval Mode for the Built-in Administrator account
CCE-8813-8:User Account Control: Behavior of the elevation prompt for standard users
CCE-8817-9:User Account Control: Virtualize file and registry write failures to per-user locations
CCE-8818-7:Interactive logon: Require Domain Controller authentication to unlock workstation
CCE-8822-9:Audit Policy: Account Management: Application Group Management
CCE-8825-2:Microsoft network server: Digitally sign communications (if client agrees)
CCE-8853-4:Audit Policy: Logon-Logoff: Account Lockout
CCE-8856-7:Audit Policy: Logon-Logoff: Logoff
CCE-8868-2:Devices: Allowed to format and eject removable media
CCE-8870-8:Windows Firewall: Private: Outbound connections
CCE-8884-9:Windows Firewall: Private: Display a notification
CCE-8936-7:Network access: Let Everyone permissions apply to anonymous users
CCE-8937-5:Network security: Do not store LAN Manager hash value on next password change
CCE-8956-5:Audit Policy: Logon-Logoff: IPsec Main Mode
CCE-8958-1:User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
CCE-8974-8:Domain member: Digitally encrypt or sign secure channel data (always)
CCE-8999-5:Increase scheduling priority
CCE-9007-6:Windows Firewall: Public: Inbound connections
CCE-9014-2:Shut down the system
CCE-9021-7:User Account Control: Only elevate executables that are signed and validated
CCE-9026-6:Devices: Prevent users from installing printer drivers
CCE-9040-7:Microsoft network server: Digitally sign communications (always)
CCE-9067-0:Interactive logon: Smart card removal behavior
CCE-9069-6:Windows Firewall: Domain: Allow unicast response
CCE-9133-0:Audit Policy: Object Access: Filtering Platform Packet Drop
CCE-9135-5:Load and unload device drivers
CCE-9153-8:Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change
CCE-9156-1:Network access: Do not allow anonymous enumeration of SAM accounts and shares
CCE-9185-0:Create a pagefile
CCE-9189-2:User Account Control: Run all administrators in Admin Approval Mode
CCE-9190-0:Audit Policy: Privilege Use: Non Sensitive Privilege Use
CCE-9191-8:System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)
CCE-9195-9:Turn off downloading of print drivers over HTTP
CCE-9217-1:Audit Policy: Object Access: File System
CCE-9222-1:Shutdown: Clear virtual memory pagefile
CCE-9223-9:Manage auditing and security log
CCE-9226-2:Generate security audits
CCE-9227-0:Audit Policy: Detailed Tracking: Process Termination
CCE-9239-5:Deny log on locally
CCE-9244-5:Deny access to this computer from the network
CCE-9249-4:Network access: Do not allow anonymous enumeration of SAM accounts
CCE-9251-0:Domain member: Digitally encrypt secure channel data (when possible)