Detections
Analytics

Item Search

NameAudit NamePluginCategory
2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.31 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.1.5 (L1) Configure 'Accounts: Rename guest account'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.5.2 (L1) Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.5 (L1) Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.7.4 (L1) Configure 'Interactive logon: Message text for users attempting to log on'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higherCIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.17.3 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.2.4 (L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.3.5 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.3.6 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'CIS Windows Server 2012 DC L2 v3.0.0Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

18.6.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.9.50.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

AUDIT AND ACCOUNTABILITY

18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

SECURITY ASSESSMENT AND AUTHORIZATION

18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.57.3.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'CIS Windows Server 2012 DC L2 v3.0.0Windows

ACCESS CONTROL

18.10.90.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

19.6.6.1.1 (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

Allow log on locallyMSCT Windows Server 2012 R2 DC v1.0.0Windows

ACCESS CONTROL

Always install with elevated privilegesMSCT Windows Server 2012 R2 DC v1.0.0Windows

ACCESS CONTROL

Audit Authentication Policy ChangeMSCT Windows Server 2012 R2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Directory Service ChangesMSCT Windows Server 2012 R2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Audit Special LogonMSCT Windows Server 2012 R2 DC v1.0.0Windows

AUDIT AND ACCOUNTABILITY

Change the system timeMSCT Windows Server 2012 R2 DC v1.0.0Windows

ACCESS CONTROL

Change the time zoneMSCT Windows Server 2012 R2 DC v1.0.0Windows

ACCESS CONTROL

Create Symbolic LinksMSCT Windows Server 2012 R2 DC v1.0.0Windows

ACCESS CONTROL

Default Protections for Popular Software - ChromeMSCT Windows Server 2012 R2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Default Protections for Popular Software - FirefoxPluginContainerMSCT Windows Server 2012 R2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Default Protections for Popular Software - GoogleTalkMSCT Windows Server 2012 R2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Default Protections for Popular Software - OperaMSCT Windows Server 2012 R2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT

Default Protections for Popular Software - SafariMSCT Windows Server 2012 R2 DC v1.0.0Windows

CONFIGURATION MANAGEMENT