Item Search

NameAudit NamePluginCategory
2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.31 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.1.5 (L1) Configure 'Accounts: Rename guest account'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.5.2 (L1) Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.5.5 (L1) Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' (DC only)CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.7.4 (L1) Configure 'Interactive logon: Message text for users attempting to log on'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higherCIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.17.3 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.2.4 (L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.3.5 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

9.3.6 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.5.12 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'CIS Windows Server 2012 DC L1 v3.0.0Windows

AUDIT AND ACCOUNTABILITY

18.6.4.2 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'CIS Windows Server 2012 DC L1 v3.0.0Windows

IDENTIFICATION AND AUTHENTICATION

18.6.21.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

18.7.4 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.7.5 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.9.4.1 (L1) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'CIS Windows Server 2012 DC L1 v3.0.0Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.20.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.9.27.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.9.32.6.2 (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.9.34.1 (L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.7.1 (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

MEDIA PROTECTION

18.10.29.3 (L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.43.10.2 (L1) Ensure 'Turn off real-time protection' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'CIS Windows Server 2012 DC L2 v3.0.0Windows

SECURITY ASSESSMENT AND AUTHORIZATION

18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.10.57.3.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'CIS Windows Server 2012 DC L2 v3.0.0Windows

ACCESS CONTROL

18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

CONFIGURATION MANAGEMENT

18.10.81.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.10.87.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

ACCESS CONTROL

18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

18.10.93.2.1 (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'CIS Windows Server 2012 DC L1 v3.0.0Windows

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY