| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow binary and script behaviors | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow cut copy or paste operations from the clipboard via script - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow loading of XAML files - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow updates to status bar via script - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow user control over installs - EnableUserControl | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Audit Account Lockout | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanServer AuditInsecureGuestLogon | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanWorkstation AuditInsecureGuestLogon | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Process Creation | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security System Extension | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing - EnhancedAntiSpoofing | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure hash algorithms for certificate logon - KDC PKINITHashAlgorithmConfigurationEnabled | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - KDC PKINITSHA1 | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - KDC PKINITSHA256 | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure real-time protection and Security Intelligence Updates during OOBE | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure SMB v1 server - SMB1 | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure the 'Block at First Sight' feature | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure whether to report Dynamic Signature dropped events | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Create permanent shared objects | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Intranet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable insecure guest logons - AllowInsecureGuestAuth | MSCT Windows Server 2025 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enable remote mailslots - NetworkProvider EnableMailslots | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Encryption Oracle Remediation - AllowEncryptionOracle | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enumeration policy for external devices incompatible with Kernel DMA Protection - DeviceEnumerationPolicy | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Hardened UNC Paths - \\*\SYSVOL | MSCT Windows Server 2025 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Trusted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - (Reserved) | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - (Reserved) | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Logon options - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| NetBT NodeType configuration - NodeType | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Network access: Do not allow anonymous enumeration of SAM accounts - RestrictAnonymousSAM | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares - RestrictAnonymous | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict clients allowed to make remote calls to SAM | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Prevent bypassing SmartScreen Filter warnings | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent ignoring certificate errors | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
