| Access this computer from the network | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Accounts: Limit local account use of blank passwords to console logon only | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Allow active scripting | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Basic authentication - Service - AllowBasic | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Audit Kerberos Authentication Service | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Logon/Logoff Events | MSCT Windows Server v20H2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server v2004 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Back up files and directories | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Boot-Start Driver Initialization Policy | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure enhanced anti-spoofing | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow passwords to be saved | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Trusted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enumeration policy for external devices incompatible with Kernel DMA Protection | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Hardened UNC Paths - \\*\NETLOGON | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - (Reserved) | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - iexplore.exe | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - iexplore.exe | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - iexplore.exe | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_SECURITYBAND - explorer.exe | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - (Reserved) | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - explorer.exe | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Java permissions - Intranet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Lock pages in memory | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Navigate windows and frames across different domains - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent enabling lock screen camera | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen slide show | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Require secure RPC communication | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Reset account lockout counter after | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Run ActiveX controls and plugins | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Send file samples when further analysis is required | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Set client connection encryption level | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Set the default behavior for AutoRun | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Show security warning for potentially unsafe files - Restricted Sites Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Specify the maximum log file size (KB) - Application | MSCT Windows Server v2004 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn On Virtualization Based Security - EnableVirtualizationBasedSecurity | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| User Account Control: Behavior of the elevation prompt for standard users | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Userdata persistence - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
