Item Search

Name	Audit Name	Plugin	Category
2.2.5 (L1) Ensure 'Add workstations to domain' is set to 'Administrators' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.12 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.20 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.22 (L1) Ensure 'Deny log on as a batch job' to include 'Guests'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.23 (L1) Ensure 'Deny log on as a service' to include 'Guests'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.27 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only)	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.34 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.35 (L1) Ensure 'Lock pages in memory' is set to 'No One'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.43 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.2.45 (L1) Ensure 'Restore files and directories' is set to 'Administrators'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
2.3.11.1 (L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.11.4 (L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
2.3.17.2 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' or higher	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION
18.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.5.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.6.4.1 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.9.19.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
18.9.27.4 (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.24.7 (L1) Ensure 'System DEP' is set to 'Enabled: Application Opt-Out'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.26.2.1 (L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.10.26.2.2 (L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	AUDIT AND ACCOUNTABILITY
18.10.43.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.43.13.1 (L1) Ensure 'Scan removable drives' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY
18.10.43.16 (L1) Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND INFORMATION INTEGRITY
18.10.51.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.57.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL
18.10.57.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.10.57.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.57.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.10.77.2.1 (L1) Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.10.89.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.89.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
18.10.93.2.1 (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
19.5.1.1 (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'	CIS Windows Server 2012 R2 DC L1 v3.0.0	Windows	ACCESS CONTROL

Detections

Analytics

Item Search