| Property Name |
Type |
Display Name (ENU) |
Description (ENU) |
Key |
Max Length |
Min Length |
Case Sensitive |
| System.Entity: |
 DisplayName |
string |
Display Name |
Display name of monitoring object. |
false | 256 |
0 |
False |
| Microsoft.KnowledgeServices.SCM.Windows.Server.2008.R2.Security: |
| NetworkaccessLetEveryonepermissionsapplytoanonymoususers |
int |
Network access: Let Everyone permissions apply to anonymous users |
This policy setting determines what additional permissions are assigned for anonymous connections to the computer |
false | 256 |
0 |
|
| NetworkaccessSharingandsecuritymodelforlocalaccounts |
int |
Network access: Sharing and security model for local accounts |
This policy setting determines how network logons that use local accounts are authenticated. |
false | 256 |
0 |
|
| InteractivelogonDonotrequireCTRLALTDEL |
int |
Interactive logon: Do not require CTRL+ALT+DEL |
When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network. |
false | 256 |
0 |
|
| RecoveryconsoleAllowautomaticadministrativelogon |
int |
Recovery console: Allow automatic administrative logon |
This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup. |
false | 256 |
0 |
|
| NetworkaccessDonotallowanonymousenumerationofSAMaccounts |
int |
Network access: Do not allow anonymous enumeration of SAM accounts |
This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). |
false | 256 |
0 |
|
| ShutdownClearvirtualmemorypagefile |
int |
Shutdown: Clear virtual memory pagefile |
This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. |
false | 256 |
0 |
|
| SystemobjectsStrengthendefaultpermissionsofinternalsystemobjectsSymbolicLinks |
int |
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) |
This policy setting determines the strength of the default discretionary access control list (DACL) for objects. |
false | 256 |
0 |
|
| DomainmemberDigitallyencryptsecurechanneldatawhenpossible |
int |
Domain member: Digitally encrypt secure channel data (when possible) |
This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates. |
false | 256 |
0 |
|
| MicrosoftnetworkclientSendunencryptedpasswordtothirdpartySMBservers |
int |
Microsoft network client: Send unencrypted password to third-party SMB servers |
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. |
false | 256 |
0 |
|
| DomainmemberDigitallyencryptorsignsecurechanneldataalways |
int |
Domain member: Digitally encrypt or sign secure channel data (always) |
This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted. |
false | 256 |
0 |
|
| MicrosoftnetworkclientDigitallysigncommunicationsifserveragrees |
int |
Microsoft network client: Digitally sign communications (if server agrees) |
This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing. |
false | 256 |
0 |
|
| DomainmemberRequirestrongWindows2000orlatersessionkey |
int |
Domain member: Require strong (Windows 2000 or later) session key |
When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encrypting secure channel data with a strong (128-bit) session key. |
false | 256 |
0 |
|
| DomainmemberDigitallysignsecurechanneldatawhenpossible |
int |
Domain member: Digitally sign secure channel data (when possible) |
This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed. |
false | 256 |
0 |
|
| NetworksecurityLDAPclientsigningrequirements |
int |
Network security: LDAP client signing requirements |
This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests. |
false | 256 |
0 |
|
| NetworksecurityDonotstoreLANManagerhashvalueonnextpasswordchange |
int |
Network security: Do not store LAN Manager hash value on next password change |
This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. |
false | 256 |
0 |
|
| AuditShutdownsystemimmediatelyifunabletologsecurityaudits |
int |
Audit: Shut down system immediately if unable to log security audits |
This policy setting determines whether the system shuts down if it is unable to log Security events. |
false | 256 |
0 |
|
| UserAccountControlOnlyelevateUIAccessapplicationsthatareinstalledinsecurelocations |
int |
User Account Control: Only elevate UIAccess applications that are installed in secure locations |
This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. |
false | 256 |
0 |
|
| UserAccountControlBehavioroftheelevationpromptforstandardusers |
int |
User Account Control: Behavior of the elevation prompt for standard users |
This policy setting controls the behavior of the elevation prompt for standard users.
|
false | 256 |
0 |
|
| UserAccountControlSwitchtothesecuredesktopwhenpromptingforelevation |
int |
User Account Control: Switch to the secure desktop when prompting for elevation |
This policy setting controls whether the elevation request prompt is displayed on the interactive user's desktop or the secure desktop. |
false | 256 |
0 |
|
| UserAccountControlOnlyelevateexecutablesthataresignedandvalidated |
int |
User Account Control: Only elevate executables that are signed and validated |
This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid. |
false | 256 |
0 |
|
| UserAccountControlAllowUIAccessapplicationstopromptforelevationwithoutusingthesecuredesktop |
int |
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop |
This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user. |
false | 256 |
0 |
|
| UserAccountControlVirtualizefileandregistrywritefailurestoperuserlocations |
int |
User Account Control: Virtualize file and registry write failures to per-user locations |
This policy setting controls whether application write failures are redirected to defined registry and file system locations. |
false | 256 |
0 |
|
| UserAccountControlRunalladministratorsinAdminApprovalMode |
int |
User Account Control: Run all administrators in Admin Approval Mode |
This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC. |
false | 256 |
0 |
|
| UserAccountControlDetectapplicationinstallationsandpromptforelevation |
int |
User Account Control: Detect application installations and prompt for elevation |
This policy setting controls the behavior of application installation detection for the computer. |
false | 256 |
0 |
|
| UserAccountControlBehavioroftheelevationpromptforadministratorsinAdminApprovalMode |
int |
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode |
This policy setting controls the behavior of the elevation prompt for administrators.
|
false | 256 |
0 |
|
| DomainmemberDisablemachineaccountpasswordchanges |
int |
Domain member: Disable machine account password changes |
This policy setting determines whether a domain member can periodically change its computer account password. |
false | 256 |
0 |
|
| AccountsLimitlocalaccountuseofblankpasswordstoconsolelogononly |
int |
Accounts: Limit local account use of blank passwords to console logon only |
This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console |
false | 256 |
0 |
|
| MicrosoftnetworkserverDisconnectclientswhenlogonhoursexpire |
int |
Microsoft network server: Disconnect clients when logon hours expire |
This policy setting determines whether to disconnect users who are connected to the local computer outside their user account’s valid logon hours. It affects the SMB component. |
false | 256 |
0 |
|
Windows Server Security
Home
Show References: