| WN12-00-000004 - Users with administrative privilege must be documented. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000015 - User-level information must be backed up in accordance with local recovery time and recovery point objectives. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - LanManWorkstation | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AC-000003 - The reset period for the account lockout counter must be configured to 15 minutes or greater on Windows 2012. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000001-DC - Active Directory data files must have proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000005-DC - Domain created Active Directory Organizational Unit (OU) objects must have proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Roles | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000010-DC - Windows services that are critical for directory server operation must be configured for automatic startup | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AD-000011-DC - Separate, NSA-approved (Type 1) cryptography must be used to protect the directory data-in-transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data - Type 1 cryptography must be used to protect the directory data-in-transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000012-DC - Anonymous access to the root DSE of a non-public directory must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AD-000015-DC - The password for the krbtgt account on a domain must be reset at least every 180 days. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AU-000047 - The system must be configured to audit Logon/Logoff - Logon successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000107 - The system must be configured to audit System - Security State Change successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000200 - Audit data must be reviewed on a regular basis. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AU-000211-DC - The Active Directory AdminSDHolder object must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000212-DC - The Active Directory RID Manager$ object must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000213 - Event Viewer must be protected from unauthorized modification and deletion. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000012 - The configuration of wireless devices using Windows Connect Now must be disabled | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000018 - Optional component installation and component repair must be prevented from using Windows Update. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000024 - Device driver searches using Windows Update must be prevented. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000032 - Downloading print driver packages over HTTP must be prevented. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000038 - The Internet File Association service must be turned off. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000045 - The Windows Customer Experience Improvement Program must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000058 - The system must be configured to prevent unsolicited remote assistance offers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000042 - IPSec Exemptions must be limited. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000054 - The system must be configured to prevent anonymous users from having the same rights as the Everyone group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000061 - Services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity vs. authenticating anonymously. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000066 - The system must be configured to force users to log off when their allowed logon hours expire. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000074 - The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000081 - Windows must elevate all applications in User Account Control, not just signed ones. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000082 - User Account Control must only elevate UIAccess applications that are installed in secure locations. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000084 - User Account Control must switch to the secure desktop when prompting for elevation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000085 - User Account Control must virtualize file and registry write failures to per-user locations. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000088 - Optional Subsystems must not be permitted to operate on the system. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000090-DC - Domain controllers must require LDAP access signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SV-000104 - The Simple TCP/IP Services service must be disabled if installed. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000105 - The Telnet service must be disabled if installed. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000001 - A screen saver must be enabled on the system. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UC-000010 - Mechanisms for removing zone information from file attachments must be hidden. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000011 - The system must notify antivirus when file attachments are opened. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000012 - Users must be prevented from sharing files in their profiles. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UR-000001 - The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000006-DC - The Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000007 - The Back up files and directories user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000014 - The Create permanent shared objects user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000029 - The Lock pages in memory user right must not be assigned to any groups or accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
