| 1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.15 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.17 (L1) Ensure 'Create symbolic links' is set to 'Administrators' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.20 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.24 (L1) Ensure 'Deny log on locally' to include 'Guests' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.33 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.35 (L1) Ensure 'Lock pages in memory' is set to 'No One' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.3 (L1) Ensure 'Audit Distribution Group Management' is set to include 'Success' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.4 (L1) Ensure 'Audit Other Account Management Events' is set to include 'Success' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.2 (L1) Ensure 'Audit File Share' is set to 'Success and Failure' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 17.7.2 (L1) Ensure 'Audit Authentication Policy Change' is set to include 'Success' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.5 (L1) Ensure 'Audit Other Policy Change Events' is set to include 'Failure' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.4.6 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.6 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.3 (L1) Ensure 'Limits print driver installation to Administrators' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.19.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.9.34.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.7.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | MEDIA PROTECTION |
| 18.10.24.8 (L1) Ensure 'System SEHOP' is set to 'Enabled: Application Opt-Out' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.26.4.2 (L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.43.10.3 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.16 (L1) Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.51.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 18.10.57.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.58.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.81.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.89.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 19.7.25.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| Interactive logon: Prompt user to change password before expiration | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Minimum password age | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Allow Local System to use computer identity for NTLM | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Allow LocalSystem NULL session fallback | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Force logoff when logon hours expire | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Prevent enabling lock screen slide show | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| System ASLR | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| System DEP | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Run all administrators in Admin Approval Mode | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Virtualize file and registry write failures to per-user locations | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Firewall: Prohibit notifications | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
