| 2.2.12 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.17 Ensure 'Deny log on as a batch job' to include 'Guests' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.17 Ensure 'Deny log on as a batch job' to include 'Guests' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.19 Ensure 'Deny log on locally' to include 'Guests' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.22 Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.23 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.24 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.37 Ensure 'Restore files and directories' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.39 Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Access this computer from the network | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create a pagefile | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create a pagefile | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create global objects | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create Symbolic Links | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create Symbolic Links | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Debug programs | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on as a batch job | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on as a batch job | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on locally | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Generate security audits | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Increase scheduling priority | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Lock pages in memory | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Modify an object label | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Profile system performance | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Restore files and directories | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Take ownership of files or other objects | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Take ownership of files or other objects | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
