| Audit client does not support signing - AuditClientDoesNotSupportSigning | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanWorkstation AuditInsecureGuestLogon | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Check for signatures on downloaded programs | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Attack Surface Reduction rules - d3e037e1-3eb8-44c8-a917-57927947596d | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure hash algorithms for certificate logon - KDC PKINITSHA512 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure Windows Defender SmartScreen - ShellSmartScreenLevel | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Don't run antimalware programs against ActiveX controls - Trusted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable authentication rate limiter - EnableAuthRateLimiter | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Include local path when user is uploading files to a server - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Include local path when user is uploading files to a server - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Initialize and script ActiveX controls not marked as safe - Intranet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Interactive logon: Machine account lockout threshold | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - (Reserved) | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - explorer.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - (Reserved) | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - iexplore.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_SECURITYBAND - iexplore.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Java permissions - Locked-Down Intranet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Load and unload device drivers | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MSS: (DisableIPSourceRouting) IP source routing protection level - DisableIPSourceRouting | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes - EnableICMPRedirect | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers - NoNameReleaseOnDemand | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network security: LAN Manager authentication level - LmCompatibilityLevel | MSCT Windows Server 2025 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - NTLMMinServerSec | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent managing SmartScreen Filter | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restore files and directories | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Run ActiveX controls and plugins | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Security Zones: Do not allow users to add/delete sites | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Set authentication rate limiter delay (milliseconds) - InvalidAuthenticationDelayTimeInMs | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Specify the maximum log file size (KB) - Application | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Specify the maximum log file size (KB) - Security | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Specify the maximum log file size (KB) - System | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Turn on Cross-Site Scripting Filter - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on Enhanced Protected Mode | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on script scanning | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest Passwords | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest PW Ask | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn On Virtualization Based Security - MachineIdentityIsolation | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - RequirePlatformSecurityFeatures | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Windows Defender Firewall: Protect all network connections - Domain Profile | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
