Item Search

Name	Audit Name	Plugin	Category
1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
1.2.2 (L1) Ensure 'Account lockout threshold' is set to '5 or fewer invalid logon attempt(s), but not 0'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.10 (L1) Ensure 'Back up files and directories' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.17 (L1) Ensure 'Create symbolic links' is set to 'Administrators' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.23 (L1) Ensure 'Deny log on locally' to include 'Guests'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.32 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.2.45 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.1.3 (L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.1.5 (L1) Configure 'Accounts: Rename guest account'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	IDENTIFICATION AND AUTHENTICATION
2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
2.3.10.11 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, MEDIA PROTECTION
2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
17.1.3 (L1) Ensure 'Audit Kerberos Service Ticket Operations' is set to 'Success and Failure' (DC Only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
17.2.3 (L1) Ensure 'Audit Distribution Group Management' is set to include 'Success' (DC only)	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.3.7 (L1) Ensure 'Limits print driver installation to Administrators' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.5.4.2 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.6.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL
18.6.19.2.1 (L1) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Windows Server 2012 R2 DC L2 v3.0.0	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2019 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2016 v4.0.0 L2 DC	Windows	CONFIGURATION MANAGEMENT
18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')	CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS	Windows	CONFIGURATION MANAGEMENT
18.8.7.1 (L1) Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	MEDIA PROTECTION
18.8.21.2 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.8.22.1.1 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.27.3.2 (L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.27.4.1 (L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.27.4.2 (L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	AUDIT AND ACCOUNTABILITY
18.9.47.15 (L1) Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND INFORMATION INTEGRITY
18.9.65.3.3.2 (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.65.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
18.9.65.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.67.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
18.9.90.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	CONFIGURATION MANAGEMENT
18.9.108.1.1 (L1) Ensure 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.9.108.1.2 (L1) Ensure 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' is set to 'Disabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.9.108.2.1 (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY
18.9.108.2.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1	Windows	RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

Item Search