| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow cut, copy or paste operations from the clipboard via script - Internet Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow cut, copy or paste operations from the clipboard via script - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow file downloads | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow indexing of encrypted files | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow software to run or install even if the signature is invalid | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow VBScript to run in Internet Explorer - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Audit Computer Account Management | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Detailed File Share | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit MPSSVC Rule-Level Policy Change | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Check for server certificate revocation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Configure Attack Surface Reduction rules - 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - d3e037e1-3eb8-44c8-a917-57927947596d | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure SMB v1 server | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Create a pagefile | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create global objects | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Domain member: Digitally encrypt secure channel data (when possible) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Digitally sign secure channel data (when possible) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Require strong (Windows 2000 or later) session key | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Intranet Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption Oracle Remediation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Load and unload device drivers | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| NetBT NodeType configuration | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network security: LAN Manager authentication level | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: LDAP client signing requirements | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Sign-in and lock last interactive user automatically after a restart | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Turn off Crash Detection | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off multicast name resolution | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off the Security Settings Check feature | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on Cross-Site Scripting Filter - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on Protected Mode - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Protected Mode - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Use Pop-up Blocker - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
