Item Search

Name	Audit Name	Plugin	Category
2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.2.12 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.37 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' and (when Exchange is running in the environment) 'Exchange Servers' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.48 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.10.6 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only)	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.10.8 (L1) Configure 'Network access: Remotely accessible registry paths' is configured	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.10 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.12 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.16.1 (L1) Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.1 (L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.5 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.2 (L1) Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION
18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
18.6.20.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.7.4 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.20.1.10 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.27.1 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.37.1.1 (L2) Ensure 'Turn off Windows Location Provider' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.89.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
19.7.25.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'	CIS Windows Server 2012 DC L1 v3.0.0	Windows	ACCESS CONTROL, MEDIA PROTECTION
19.7.42.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled'	CIS Windows Server 2012 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
Access Credential Manager as a trusted caller	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	ACCESS CONTROL
Access this computer from the network	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	ACCESS CONTROL
Account lockout threshold	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	ACCESS CONTROL
Accounts: Limit local account use of blank passwords to console logon only	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Allow Microsoft accounts to be optional	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
Audit directory service access	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Audit Process Creation	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Audit Security System Extension	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY
Audit Sensitive Privilege Use	MSCT Windows Server 2012 R2 DC v1.0.0	Windows	AUDIT AND ACCOUNTABILITY

Detections

Analytics

Item Search