| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Service - AllowBasic | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow binary and script behaviors | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Custom SSPs and APs to be loaded into LSASS - AllowCustomSSPsAPs | MSCT Windows Server 2025 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Allow cut copy or paste operations from the clipboard via script - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow drag and drop or copy and paste files - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow META REFRESH | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow user control over installs - EnableUserControl | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Audit Detailed File Share | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Directory Service Changes | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Group Membership | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Special Logon | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Configure Attack Surface Reduction rules - 5beb7efe-fd9a-4556-801d-275e5ffc04cc | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - c1db55ab-c21a-4637-bb3f-a12568109d35 | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure hash algorithms for certificate logon - KDC PKINITSHA256 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - Kerberos PKInitSHA1 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure RPC listener settings - RpcProtocols | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control whether or not exclusions are visible to Local Admins | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Create a pagefile | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Domain member: Digitally encrypt or sign secure channel data (always) - requiresignorseal | MSCT Windows Server 2025 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Require strong (Windows 2000 or later) session key - requirestrongkey | MSCT Windows Server 2025 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Internet Explorer Processes - Protection From Zone Elevation - explorer.exe | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - Restrict ActiveX Install - explorer.exe | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - Restrict ActiveX Install - iexplore.exe | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - Restrict File Download - (Reserved) | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - Restrict File Download - explorer.exe | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Intranet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Restricted Sites Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Launching applications and files in an IFRAME - Restricted Sites Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Logon options - Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network client: Send unencrypted password to third-party SMB servers | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Minimum password age | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Password must meet complexity requirements | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Scan removable drives | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Security Zones: Do not allow users to change policies | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Send file samples when further analysis is required | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Specify the maximum log file size (KB) - Security | MSCT Windows Server 2019 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Turn off blocking of outdated ActiveX controls for Internet Explorer | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Crash Detection | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on PowerShell Script Block Logging - EnableScriptBlockLogging | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - HypervisorEnforcedCodeIntegrity | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for standard users | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
