Item Search

Name	Audit Name	Plugin	Category
1.1.3.11.13 Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain'	CIS Windows 8 L1 v1.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.2.8 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.21 (L1) Ensure 'Deny log on as a batch job' to include 'Guests'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.26 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.29 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
2.2.38 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.39 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.42 (L1) Ensure 'Restore files and directories' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.4.2 (L1) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.5.3 (L1) Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.3.7.4 (L1) Configure 'Interactive logon: Message title for users attempting to log on'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.10.9 (L1) Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.10.10 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.11.3 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'	CIS Microsoft Windows 8.1 v2.4.1 L1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.11.4 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.6 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.11.7 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.17.6 (L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.3 (L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.2.8 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
9.3.1 (L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.4 (L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 DC	Windows	ACCESS CONTROL
18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 v4.0.0 L1 MS	Windows	ACCESS CONTROL
18.6.11.4 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller	Windows	ACCESS CONTROL
18.6.11.4 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller	Windows	ACCESS CONTROL
18.8.22.1.5 (L2) Ensure 'Turn off Internet File Association service' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.65.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.65.3.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.1	Windows	ACCESS CONTROL
18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL	Windows	ACCESS CONTROL
18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Stand-alone v3.0.0 BL	Windows	ACCESS CONTROL
18.10.10.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	ACCESS CONTROL
18.10.10.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled'	CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL	Windows	ACCESS CONTROL

Detections

Analytics

Item Search