| Allow loading of XAML files - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Always install with elevated privileges | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Audit Audit Policy Change | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Authentication Policy Change | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Computer Account Management | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Kerberos Authentication Service | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Object Access Events | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit PNP Activity | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Check for signatures on downloaded programs | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Attack Surface Reduction rules - 3b576869-a4ec-4529-8536-b80a7769e899 | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - 26190899-1602-49e8-8b27-eb1d0a1ce869 | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - ExploitGuard_ASR_Rules | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure registry policy processing - NoGPOListChanges | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure SMB v1 client driver | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disallow WinRM from storing RunAs credentials | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Domain member: Digitally encrypt secure channel data (when possible) | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download unsigned ActiveX controls - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enumeration policy for external devices incompatible with Kernel DMA Protection | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Initialize and script ActiveX controls not marked as safe - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Intranet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - (Reserved) | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - explorer.exe | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - (Reserved) | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Intranet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Password must meet complexity requirements | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Prevent downloading of enclosures | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent managing SmartScreen Filter | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Remote host allows delegation of non-exportable credentials | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Require secure RPC communication | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Scripting of Java applets | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Security Zones: Do not allow users to change policies | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify the maximum log file size (KB) - System | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn On Virtualization Based Security - EnableVirtualizationBasedSecurity | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - HVCIMATRequired | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
