Res.BaselineWindowsServer2008.xml (DeployableResource)
Element properties:
Source Code:
<DeployableResource ID="Res.BaselineWindowsServer2008.xml" Accessibility="Public" FileName="BaselineWindowsServer2008.xml"/>
File Content: BaselineWindowsServer2008.xml
<?xml version="1.0" encoding="utf-8"?>
<ArrayOfBaselineRuleset xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BaselineRuleset>
<Rules>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a2af3d33-4b92-4065-a6f4-303b6a916418</Id>
<OriginalId>b106bcb1-2b74-4287-8587-6cd92d337be8</OriginalId>
<CceId>CCE-1868-9</CceId>
<Name>Domain member: Digitally encrypt secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>sealsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>b4b001c2-fe3d-470f-908a-9c533de6b187</Id>
<OriginalId>9969a7db-5fd1-4713-9a26-9862c15359e9</OriginalId>
<CceId>CCE-1767-3</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinClientSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>92d5cce7-ac80-49a2-9537-6bf3282bbe5f</Id>
<OriginalId>17463ab9-ffc1-40ab-8b09-e8054ba4504c</OriginalId>
<CceId>CCE-2410-9</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinServerSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>0f3dddd6-b2e6-4680-9614-8c5589f124ba</Id>
<OriginalId>b1b4a762-3114-438b-92cf-90f021714790</OriginalId>
<CceId>CCE-2272-3</CceId>
<Name>Microsoft network client: Send unencrypted password to third-party SMB servers</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnablePlainTextPassword</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>414074bb-5bfc-478c-b8da-45e3a2480e33</Id>
<OriginalId>04b278da-3245-43ec-9d5a-a5a68805027b</OriginalId>
<CceId>CCE-2203-8</CceId>
<Name>Domain member: Digitally encrypt or sign secure channel data (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requiresignorseal</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>bb7cd560-a7f0-4726-b00a-d48f8cb89d7e</Id>
<OriginalId>c6c11e09-fbc2-408d-af70-3b47f2d2d1b8</OriginalId>
<CceId>CCE-2261-6</CceId>
<Name>System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy</KeyPath>
<ValueName>Enabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>2147d486-9ff8-4c4e-a568-ebd379f6a162</Id>
<OriginalId>7ab7ae06-f9bd-4252-a282-8fd3a06a73df</OriginalId>
<CceId>CCE-2362-2</CceId>
<Name>Domain member: Digitally sign secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>signsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>3a110324-8e34-4389-bd4d-2c62f4aacff6</Id>
<OriginalId>577a19bc-6d69-45f1-9806-b413d522b05a</OriginalId>
<CceId>CCE-1802-8</CceId>
<Name>Domain member: Require strong (Windows 2000 or later) session key</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requirestrongkey</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>febb863b-768e-475b-a89b-088d12e9666a</Id>
<OriginalId>502cd61a-fec9-42f0-a096-1ac097bbdf73</OriginalId>
<CceId>CCE-2381-2</CceId>
<Name>Microsoft network server: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>requiresecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>3d339c8e-8f58-48c8-a57f-a1972d978546</Id>
<OriginalId>817b2f4e-1f03-4bcc-927b-816ddd4777f9</OriginalId>
<CceId>CCE-2378-8</CceId>
<Name>Microsoft network client: Digitally sign communications (if server agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnableSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>461717eb-8b14-4043-b598-f6217d00aade</Id>
<OriginalId>ed734c3b-b27f-4515-9154-9f6f414e6564</OriginalId>
<CceId>CCE-2356-4</CceId>
<Name>Microsoft network client: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>RequireSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>7154ee50-d43a-4a20-ab7f-fc9068e01fe2</Id>
<OriginalId>1c96e719-94c8-4333-9165-6efb6a9c6210</OriginalId>
<CceId>CCE-2263-2</CceId>
<Name>Microsoft network server: Digitally sign communications (if client agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enablesecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>3b66c163-4073-4f71-be39-18f6e67e356a</Id>
<OriginalId>25c67f65-0d37-41d5-9e75-72707c97a290</OriginalId>
<CceId>CCE-2315-0</CceId>
<Name>Audit: Shut down system immediately if unable to log security audits</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>crashonauditfail</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>d1e38dcf-4e7a-4bea-8796-193d53496e12</Id>
<OriginalId>450b73e6-5bad-4c64-8d1f-abffea2f08d7</OriginalId>
<CceId>CCE-12163-2</CceId>
<Name>Retain old events</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Application</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>4f23f469-6225-4c49-bb06-6bce22801933</Id>
<OriginalId>e2e11f15-b46c-44f4-829d-5012808ca980</OriginalId>
<CceId>CCE-12284-6</CceId>
<Name>Retain old events</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\System</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>ac6d6d1b-1330-402c-9132-faa873fadbe4</Id>
<OriginalId>76e64466-6461-4950-95ae-dd69521f5b10</OriginalId>
<CceId>CCE-13594-7</CceId>
<Name>Retain old events</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Security</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>0155f055-d475-4fb9-8ff5-c3e8850204ab</Id>
<OriginalId>19a0c0e2-48ca-4a9f-9493-bd547b86d8ad</OriginalId>
<CceId>CCE-2442-2</CceId>
<Name>MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning</Name>
<Type>Registry</Type>
<ExpectedValue>90</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Services\Eventlog\Security</KeyPath>
<ValueName>WarningLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>5603d0dd-cb63-4c92-bf2b-6d6fc80c99b6</Id>
<OriginalId>5fbabdf6-6786-46f6-b959-596af69f2650</OriginalId>
<CceId>CCE-2302-8</CceId>
<Name>User Account Control: Admin Approval Mode for the Built-in Administrator account</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>FilterAdministratorToken</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>cafc6535-d6d1-498e-98f9-d46b219aa8cd</Id>
<OriginalId>444439f0-8c54-4a1f-9e91-03533d9a69fb</OriginalId>
<CceId>CCE-2434-9</CceId>
<Name>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableUIADesktopToggle</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>1476eb4e-e2cd-4d5f-84f5-6f9d9edba814</Id>
<OriginalId>f50c62f4-6c34-466b-b495-54c834820a24</OriginalId>
<CceId>CCE-2266-5</CceId>
<Name>User Account Control: Virtualize file and registry write failures to per-user locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableVirtualization</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>9aa1c065-6bcc-47e1-8259-1dac0c3607da</Id>
<OriginalId>92b9d876-9d87-460c-82ea-9e8bd94c21ad</OriginalId>
<CceId>CCE-2451-3</CceId>
<Name>System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>ProtectionMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>16cdf928-8fbd-4735-b9d2-5a7acdcef5e6</Id>
<OriginalId>0d380cb0-a162-4dbb-b54b-d41a2a7f9036</OriginalId>
<CceId>CCE-2473-7</CceId>
<Name>User Account Control: Only elevate UIAccess applications that are installed in secure locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableSecureUIAPaths</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>45c60995-12fa-4957-9e90-8ba79c396817</Id>
<OriginalId>7ff3401a-70b6-40fa-bb33-73024f591b93</OriginalId>
<CceId>CCE-2487-7</CceId>
<Name>User Account Control: Detect application installations and prompt for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableInstallerDetection</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>53dad052-9ef2-4656-a45e-b203edf747a0</Id>
<OriginalId>8ae83b84-b0fd-4b08-85a5-ff3f897a2db2</OriginalId>
<CceId>CCE-2331-7</CceId>
<Name>Interactive logon: Do not require CTRL+ALT+DEL</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableCAD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a4903a0a-6664-40c2-87ac-42c2ce89becf</Id>
<OriginalId>a86c0ecc-63e9-4725-9cc7-996d12ab3205</OriginalId>
<CceId>CCE-2474-5</CceId>
<Name>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorAdmin</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>0eaf2223-203c-406e-8ff1-08c76e095864</Id>
<OriginalId>ef509260-bd3a-450b-807d-16b454851c6f</OriginalId>
<CceId>CCE-2478-6</CceId>
<Name>User Account Control: Run all administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableLUA</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>85721c90-e9ee-48b4-b694-a3bbd9336f1d</Id>
<OriginalId>d3ebc555-daf1-451f-88a1-61b1b5ac71b5</OriginalId>
<CceId>CCE-2509-8</CceId>
<Name>User Account Control: Only elevate executables that are signed and validated</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ValidateAdminCodeSignatures</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>099fbdba-1eb1-45bd-a52e-95bb229b64ca</Id>
<OriginalId>a43ef40c-3543-4204-a431-0f01df930b63</OriginalId>
<CceId>CCE-2500-7</CceId>
<Name>User Account Control: Switch to the secure desktop when prompting for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>PromptOnSecureDesktop</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>b82d4b7b-3f4a-40a3-be83-3b9a5e075f40</Id>
<OriginalId>794f9728-56e1-4e5e-b697-7079757f4ac3</OriginalId>
<CceId>CCE-2304-4</CceId>
<Name>Network security: Do not store LAN Manager hash value on next password change</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>NoLMHash</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a4aed997-6bd8-4369-a1da-29fbbbfc3588</Id>
<OriginalId>051cdac6-2234-4eb7-85eb-db391c469557</OriginalId>
<CceId>CCE-2364-8</CceId>
<Name>Accounts: Limit local account use of blank passwords to console logon only</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LimitBlankPasswordUse</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>02719140-46ea-48bb-9f63-cbba7181e2e9</Id>
<OriginalId>b44fadd3-f7c2-45dc-98dd-5e9ba179d89d</OriginalId>
<CceId>CCE-2256-6</CceId>
<Name>Domain member: Disable machine account password changes</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>disablepasswordchange</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>37c858f6-28ce-45f6-b59d-b710dc394ad5</Id>
<OriginalId>74870acb-ad3d-4bec-a067-1b1895ce2621</OriginalId>
<CceId>CCE-2324-2</CceId>
<Name>Interactive logon: Prompt user to change password before expiration</Name>
<Type>Registry</Type>
<ExpectedValue>14</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>passwordexpirywarning</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>5c2fa3ab-c107-4513-a141-57f9e79fd6d8</Id>
<OriginalId>adfc53c0-573a-4b06-8a91-4dc91e830362</OriginalId>
<CceId>CCE-2297-0</CceId>
<Name>Interactive logon: Number of previous logons to cache (in case domain controller is not available)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>cachedlogonscount</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>30d694f3-69bb-45f6-8ac6-566dee9a0015</Id>
<OriginalId>096b92bd-142b-4c28-985f-f3ba1322265f</OriginalId>
<CceId>CCE-2346-5</CceId>
<Name>Interactive logon: Require Domain Controller authentication to unlock workstation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>ForceUnlockLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a6d15969-1f42-4358-a719-da35a77dd2c4</Id>
<OriginalId>402dc351-392a-4816-a26a-65a7bcc94087</OriginalId>
<CceId>CCE-1448-0</CceId>
<Name>Interactive logon: Smart card removal behavior</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>scremoveoption</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>9eadd1a7-eb8d-4a35-a30a-58194edcf657</Id>
<OriginalId>e197f79b-a454-407c-9307-7b3210313e61</OriginalId>
<CceId>CCE-1824-2</CceId>
<Name>Network access: Let Everyone permissions apply to anonymous users</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>EveryoneIncludesAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>5265a910-a048-4f7b-9994-910319363a0d</Id>
<OriginalId>ec468e43-6141-4bfe-970f-ca02d37d0ca7</OriginalId>
<CceId>CCE-2454-7</CceId>
<Name>Network security: LAN Manager authentication level</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LmCompatibilityLevel</ValueName>
</BaselineRegistryRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>ee6d3bae-3504-4bf8-a621-0017ee29580e</Id>
<OriginalId>8797b752-5346-436e-8502-cd5031cc77d5</OriginalId>
<CceId>CCE-1834-1</CceId>
<Name>Deny log on as a batch job</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyBatchLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6005c884-1e06-4e24-938d-981289eeba5a</Id>
<OriginalId>6630b24b-754a-49a5-9750-188ae53c13b9</OriginalId>
<CceId>CCE-1843-2</CceId>
<Name>Manage auditing and security log</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSecurityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>8b1e90b1-1c7b-438c-85e4-1347b40c133d</Id>
<OriginalId>c25cfa17-7dbb-4699-a9a9-f53962a70de9</OriginalId>
<CceId>CCE-2285-5</CceId>
<Name>Bypass traverse checking</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users, Backup Operators, Local Service, Network Service</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeChangeNotifyPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6952c233-1b6e-4ad2-9f8c-c80a4970949e</Id>
<OriginalId>c63e0099-758c-4b99-aecd-eb63df8559d8</OriginalId>
<CceId>CCE-2294-7</CceId>
<Name>Restore files and directories</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Backup Operators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRestorePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>eb1ca023-9394-4c9d-8826-b5d835be65e0</Id>
<OriginalId>a9411a96-e13f-4b37-ab31-b84a06d63460</OriginalId>
<CceId>CCE-2152-7</CceId>
<Name>Devices: Prevent users from installing printer drivers</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers</KeyPath>
<ValueName>AddPrinterDrivers</ValueName>
</BaselineRegistryRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>9c9da3a5-d9c9-45da-b84a-d963b4f27475</Id>
<OriginalId>63db26be-30f4-4428-9b60-ea0b0daeae0d</OriginalId>
<CceId>CCE-2257-4</CceId>
<Name>Modify firmware environment values</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemEnvironmentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>49b40e74-1b93-4320-afb8-6bc7c4651fec</Id>
<OriginalId>b77b9700-3212-4d5f-9547-dbe8ffd32574</OriginalId>
<CceId>CCE-2079-2</CceId>
<Name>Act as part of the operating system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No one</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTcbPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>bee93ffd-7a4c-4652-90eb-ab95ef1b0b93</Id>
<OriginalId>4f9435ef-d0a5-495f-a298-a08717ea1559</OriginalId>
<CceId>CCE-2102-2</CceId>
<Name>Deny log on through Terminal Services</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>b075650e-6574-4436-9a02-3e4058cf01a9</Id>
<OriginalId>23a1c3b4-4d38-4153-854a-e315ad699d9b</OriginalId>
<CceId>CCE-2286-3</CceId>
<Name>Allow log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>283119e3-2320-4912-b6a1-e615e04b58ee</Id>
<OriginalId>361edf21-5cc1-4a97-bef3-2421545e5175</OriginalId>
<CceId>CCE-2113-9</CceId>
<Name>Profile system performance</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemProfilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>af156b51-a3cd-4753-8084-f97bd13c69d2</Id>
<OriginalId>f540aa73-5550-4058-9209-e268908611d5</OriginalId>
<CceId>CCE-2506-4</CceId>
<Name>Take ownership of files or other objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTakeOwnershipPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>bea805dc-fe9e-4c30-ab66-322aa53edd1c</Id>
<OriginalId>591bd8ac-a5b3-41cc-8978-2bce50123a00</OriginalId>
<CceId>CCE-2310-1</CceId>
<Name>Debug programs</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDebugPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6d6bc1ab-f90f-4ec5-b1f1-9ac630125022</Id>
<OriginalId>b9af2cf2-1528-469c-b7e8-3787c4513479</OriginalId>
<CceId>CCE-2314-3</CceId>
<Name>Deny access to this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>8f24ee63-7398-4431-b999-925570b8180c</Id>
<OriginalId>f921fab5-cf36-4241-b474-276fd53263a5</OriginalId>
<CceId>CCE-2360-6</CceId>
<Name>Profile single process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeProfileSingleProcessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>0837d215-91c2-45f4-86f4-fe0d6a6c0756</Id>
<OriginalId>6870b1f9-8535-493c-9a30-889fd01900d7</OriginalId>
<CceId>CCE-1527-1</CceId>
<Name>Replace a process level token</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAssignPrimaryTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6e9b86d8-5e2c-4798-81b2-61e51f05aeda</Id>
<OriginalId>16e53e79-5879-477f-a7ea-2b4cd0fff5ba</OriginalId>
<CceId>CCE-1944-8</CceId>
<Name>Deny log on as a service</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No one</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyServiceLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>24e43853-eec7-419d-a94c-acf108abafbd</Id>
<OriginalId>2ec7a2d7-82f0-4b1e-900a-95c309c9344e</OriginalId>
<CceId>CCE-2308-5</CceId>
<Name>Allow log on through Terminal Services</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>510c7cbb-da5c-4348-a853-54963ed60fb1</Id>
<OriginalId>4b696c3e-dd2c-4d5e-bb0a-d7190de2c322</OriginalId>
<CceId>CCE-2004-0</CceId>
<Name>Adjust memory quotas for a process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseQuotaPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>07b77480-4da1-49a7-ac76-70bdfafb006e</Id>
<OriginalId>d2197a4c-19f4-4630-b15a-aaf85c813045</OriginalId>
<CceId>CCE-2296-2</CceId>
<Name>Deny log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>9150a310-d5d5-4294-acd5-2aaa9ce3d406</Id>
<OriginalId>8840018d-e63a-4e69-96a8-c06af7e963a8</OriginalId>
<CceId>CCE-1750-9</CceId>
<Name>Force shutdown from a remote system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>df7870c7-5d15-4d15-9315-e31dd4f0a44c</Id>
<OriginalId>44aa9ea0-873d-441e-9103-39a98f1704aa</OriginalId>
<CceId>CCE-2290-5</CceId>
<Name>Change the system time</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemTimePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>249ca4cc-effe-4a6a-97b6-db100847064e</Id>
<OriginalId>60859cb4-3ad7-4a2f-8564-fcfde3ee1768</OriginalId>
<CceId>CCE-2026-3</CceId>
<Name>Access Credential Manager as a trusted caller</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTrustedCredManAccessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>aafce735-9e96-45a2-847c-dbbd92458cf4</Id>
<OriginalId>48cf8aee-1c72-4c3e-9f2a-c6dfe8990219</OriginalId>
<CceId>CCE-2075-0</CceId>
<Name>Access this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>61c8d32a-a508-4c1c-939c-d5e3863f80e8</Id>
<OriginalId>9066c223-8261-4c0b-9cfc-6a396532dbbc</OriginalId>
<CceId>CCE-2171-7</CceId>
<Name>Change the time zone</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTimeZonePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>52bdecd8-0902-4a5f-b423-cf3bc6bf58a5</Id>
<OriginalId>52a9b265-75cb-45a0-ac23-3e5d4fa566c2</OriginalId>
<CceId>CCE-1328-4</CceId>
<Name>Create a pagefile</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePagefilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>3a008ef9-d61f-4ca2-9771-781b2fe43ec7</Id>
<OriginalId>8dcd558f-d276-493c-86e4-b259adab009b</OriginalId>
<CceId>CCE-2382-0</CceId>
<Name>Remove computer from docking station</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeUndockPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>07418221-1fc9-4214-b93f-e0b632f22395</Id>
<OriginalId>3ebdc510-830f-4520-9bce-2fe8f4f88b3f</OriginalId>
<CceId>CCE-2129-5</CceId>
<Name>Generate security audits</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAuditPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>40fd1252-1104-4916-b5b4-84bce22f971e</Id>
<OriginalId>204ff604-1cab-46c8-aa22-01e7d78925e4</OriginalId>
<CceId>CCE-2078-4</CceId>
<Name>Shut down the system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>43d20384-3a9d-4915-b577-0be92ae4e796</Id>
<OriginalId>902a957b-c9b3-4302-883a-394555087509</OriginalId>
<CceId>CCE-12706-8</CceId>
<Name>Windows Firewall: Public: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>4810cbe1-4607-46ef-be2d-0aeca90ce126</Id>
<OriginalId>2e65a105-5cb1-473d-b0ca-c933415d91be</OriginalId>
<CceId>CCE-12504-7</CceId>
<Name>Windows Firewall: Domain: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>c8cf3bdc-a291-4de3-9f62-67c0ac54ff72</Id>
<OriginalId>838a6c32-08ab-4aa1-9c18-540fb154de6a</OriginalId>
<CceId>CCE-2404-2</CceId>
<Name>MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\IPSEC</KeyPath>
<ValueName>NoDefaultExempt</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>f16bee45-c8f0-48db-a887-c17f55add65e</Id>
<OriginalId>968787a1-6a19-4c96-82dd-ca531f84666d</OriginalId>
<CceId>CCE-14139-0</CceId>
<Name>Windows Firewall: Public: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>3c027112-b304-4b2a-b0ee-f3b4968e7794</Id>
<OriginalId>21e5ee29-51b2-4719-b979-af03e47a128e</OriginalId>
<CceId>CCE-1826-7</CceId>
<Name>MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>f3c12841-1720-41bf-a922-3f0bb334d329</Id>
<OriginalId>db12a482-5822-44ba-b35d-e944d3ddd528</OriginalId>
<CceId>CCE-11888-5</CceId>
<Name>Windows Firewall: Domain: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>8fca2b60-af4c-4f7c-a2ac-0fd5bb2db3f8</Id>
<OriginalId>533bf252-df1b-4b5a-9320-8da18b19bcd2</OriginalId>
<CceId>CCE-13615-0</CceId>
<Name>Windows Firewall: Private: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>bac03514-3322-4440-b9e8-e7c796afbf29</Id>
<OriginalId>691c581a-3b42-408b-abbe-f0bea9de3156</OriginalId>
<CceId>CCE-12640-9</CceId>
<Name>Windows Firewall: Private: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>c6b73792-5b89-4fd0-b5f8-ed1aa99011ea</Id>
<OriginalId>849952c3-4163-4e4d-9320-138c4af87134</OriginalId>
<CceId>CCE-14271-1</CceId>
<Name>Windows Firewall: Public: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>8ec2c0d7-11a8-4a16-b88b-8ad224fac81a</Id>
<OriginalId>4d558e02-b2d3-44bf-928a-17fba6a3af45</OriginalId>
<CceId>CCE-2320-0</CceId>
<Name>MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netbt\Parameters</KeyPath>
<ValueName>NoNameReleaseOnDemand</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a8f4b61c-3990-46a5-8d0f-eae230cc8ed4</Id>
<OriginalId>27abca4f-4873-490c-87b6-e84d2533ba13</OriginalId>
<CceId>CCE-12973-4</CceId>
<Name>Windows Firewall: Domain: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>e3594e0c-16fe-491d-9251-c2ca768bd590</Id>
<OriginalId>f5513338-0fa1-484e-83fb-9a5bd3954d44</OriginalId>
<CceId>CCE-12739-9</CceId>
<Name>Windows Firewall: Private: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>22640382-40ce-449e-ad30-34e6ee244591</Id>
<OriginalId>21d226de-3201-414e-a16a-b626b6d0cc26</OriginalId>
<CceId>CCE-5229-0</CceId>
<Name>MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip6\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>ebb9d23e-02e7-4073-8173-c0b5dd4b42ed</Id>
<OriginalId>62c711b9-cd72-4fd2-8596-bb90387278da</OriginalId>
<CceId>CCE-13197-9</CceId>
<Name>Windows Firewall: Domain: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>4b2c65f3-ca39-4c81-9e87-8057dd4d19e2</Id>
<OriginalId>d23eb0d5-b330-4ad7-b489-bcb975e1e2d5</OriginalId>
<CceId>CCE-1470-4</CceId>
<Name>MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>EnableICMPRedirect</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>1b76fbbb-a352-4bb3-9cf9-e5e80c21a55d</Id>
<OriginalId>7f8c238a-8a21-44e0-8704-0dabc0e02ae5</OriginalId>
<CceId>CCE-1800-2</CceId>
<Name>MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>PerformRouterDiscovery</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>cc9567cb-174d-4b46-ad20-f4b6943116e3</Id>
<OriginalId>856f9866-0378-4952-a164-4d524770bb2a</OriginalId>
<CceId>CCE-12456-0</CceId>
<Name>Windows Firewall: Public: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6f439d76-894d-491b-a71d-a01b7b99975f</Id>
<OriginalId>0091ec7e-714b-4bb3-9a36-a73412c6c1f9</OriginalId>
<CceId>CCE-13230-8</CceId>
<Name>Windows Firewall: Private: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>94a0ed5a-0f00-42c3-b064-ea0fc9f0a71e</Id>
<OriginalId>01cfd956-48cc-4ad6-94ff-b8f7ca488a91</OriginalId>
<CceId>CCE-13049-2</CceId>
<Name>Windows Firewall: Public: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>e19c1e1d-9561-4620-8ba3-78388cbe6813</Id>
<OriginalId>6cd6ebda-aa2e-472a-8ea7-580e704c47d3</OriginalId>
<CceId>CCE-2399-4</CceId>
<Name>MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds</Name>
<Type>Registry</Type>
<ExpectedValue>300000</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>KeepAliveTime</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>cadb36ee-8158-4844-83d9-bbb8e11c7737</Id>
<OriginalId>d493f92b-2fe2-4489-a4e6-03fd2e3710cd</OriginalId>
<CceId>CCE-13454-4</CceId>
<Name>Windows Firewall: Private: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6fdb3c9d-24d9-42f0-9324-9bda1a77e19f</Id>
<OriginalId>4558d6d1-85c5-4c90-b09c-d263d9833e5e</OriginalId>
<CceId>CCE-5263-9</CceId>
<Name>MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip6\Parameters</KeyPath>
<ValueName>TcpMaxDataRetransmissions</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>23a381ab-3dd3-49bb-babf-928d6ff3baee</Id>
<OriginalId>0a80cfc2-0dcd-4566-b4be-6d8224961f83</OriginalId>
<CceId>CCE-12473-5</CceId>
<Name>Windows Firewall: Domain: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>7ac5a04e-be71-44c4-90ec-40a9ba231752</Id>
<OriginalId>567434c1-c73f-4a24-8553-eaf1fd70fc90</OriginalId>
<CceId>CCE-13823-0</CceId>
<Name>Windows Firewall: Domain: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>f87aa797-f3ea-4869-a293-af9e7deecfc6</Id>
<OriginalId>75208064-559a-4412-8ca6-5da2d0e10cfd</OriginalId>
<CceId>CCE-12990-8</CceId>
<Name>Windows Firewall: Public: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>717a89b6-e5a3-4d65-b706-56df8a1f8327</Id>
<OriginalId>3fe3c052-d096-4bc2-8d03-7ddb03f3b1f6</OriginalId>
<CceId>CCE-12562-5</CceId>
<Name>Windows Firewall: Private: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>a9221b7f-ba27-4a63-bc55-8b4605237991</Id>
<OriginalId>8998a3ee-1763-4627-9251-e473ec7e4c41</OriginalId>
<CceId>CCE-2424-0</CceId>
<Name>MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>TcpMaxDataRetransmissions</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>6d449ccd-f4c7-4222-ba8b-f09be6d816b1</Id>
<OriginalId>b881554b-111f-46a8-9079-b9eeb9ea60f6</OriginalId>
<CceId>CCE-2276-4</CceId>
<Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>scenoapplylegacyauditpolicy</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>5564e5f5-c31a-4308-b264-462fbfad09d9</Id>
<OriginalId>1b4d4248-73f1-4950-be5c-8c2fd6d47002</OriginalId>
<CceId>CCE-2309-3</CceId>
<Name>Recovery console: Allow automatic administrative logon</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>securitylevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>bc3c1ef5-c0ff-4e90-b5ae-dffddb984e98</Id>
<OriginalId>6e47e304-7197-4791-b16d-9a6ad3306ad4</OriginalId>
<CceId>CCE-2421-6</CceId>
<Name>System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers</KeyPath>
<ValueName>AuthenticodeEnabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>7bfac817-ef89-4ddd-8ef5-a65794611b9c</Id>
<OriginalId>b1d27dc2-b5e3-4dc5-9d3b-d634e7a25353</OriginalId>
<CceId>CCE-2307-7</CceId>
<Name>MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AutoAdminLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>12c0c372-d233-484f-8a19-02c0c9874b15</Id>
<OriginalId>fbfb6cc4-d294-4884-bc3d-7f74deeb6462</OriginalId>
<CceId>CCE-2340-8</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts and shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>2637e6f5-43c6-46d4-8fdd-f031d51c3b1f</Id>
<OriginalId>7c6c01fd-5c0d-4398-9de0-0a8855c4cd95</OriginalId>
<CceId>CCE-2406-7</CceId>
<Name>Network access: Sharing and security model for local accounts</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>ForceGuest</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>9929a8a4-5778-4a8b-a024-3b1cc2c5763e</Id>
<OriginalId>e44bb6b6-6bf3-417b-a329-cb9604cde378</OriginalId>
<CceId>CCE-1553-7</CceId>
<Name>Recovery console: Allow floppy copy and access to all drives and all folders</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>setcommand</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>ccb7f4c4-ba37-4926-968d-3cf84d6340f0</Id>
<OriginalId>c8c43367-6343-4ae7-9387-c4f24303b90d</OriginalId>
<CceId>CCE-2416-6</CceId>
<Name>Shutdown: Clear virtual memory pagefile</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Memory Management</KeyPath>
<ValueName>ClearPageFileAtShutdown</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>98781114-967c-4b3f-90cd-25e0ab5f5fc0</Id>
<OriginalId>3849d4a1-188c-43d8-ad75-c73a82a8e0fe</OriginalId>
<CceId>CCE-2403-4</CceId>
<Name>Shutdown: Allow system to be shut down without having to log on</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ShutdownWithoutLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>07a153d2-5d90-43e0-9e79-f1777fc2d818</Id>
<OriginalId>c836e4ce-c2f0-410c-bbf2-2550e8d24ba8</OriginalId>
<CceId>CCE-2447-1</CceId>
<Name>MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>SafeDllSearchMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>39f5d9a3-6581-4757-ac5a-64ab158e2f4a</Id>
<OriginalId>c4f13e60-0fae-4766-bba1-00b4c33d54b7</OriginalId>
<CceId>CCE-1962-0</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymousSAM</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>50b196ee-7251-4339-a369-9324343aef85</Id>
<OriginalId>d5d37567-6f6c-4b86-a13a-d10b708432dc</OriginalId>
<CceId>CCE-2249-1</CceId>
<Name>Devices: Allow undock without having to log on</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>undockwithoutlogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>23e15b04-812e-485e-89a6-fd594382ca9a</Id>
<OriginalId>c067da7d-80a9-4b00-9414-d98d37139490</OriginalId>
<CceId>CCE-2507-2</CceId>
<Name>Network access: Shares that can be accessed anonymously</Name>
<Type>Registry</Type>
<ExpectedValue />
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>NullSessionShares</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>65b30a24-7e9f-4335-b203-80d54ac81573</Id>
<OriginalId>c448dca7-3cd1-4f0c-a917-97359a612b72</OriginalId>
<CceId>CCE-1598-2</CceId>
<Name>System settings: Optional subsystems</Name>
<Type>Registry</Type>
<ExpectedValue />
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\SubSystems</KeyPath>
<ValueName>optional</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>74f3129e-911e-43eb-abba-4b6509aa9e67</Id>
<OriginalId>71d6ee80-22f8-44e3-99ad-cbc707218ff8</OriginalId>
<CceId>CCE-2377-0</CceId>
<Name>Devices: Allowed to format and eject removable media</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AllocateDASD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>43e29cc8-bc98-4f25-b1ca-a2902bbdd083</Id>
<OriginalId>7ab41c58-8c4a-4781-9cdd-a6dc5c40fc66</OriginalId>
<CceId>CCE-2429-9</CceId>
<Name>System objects: Require case insensitivity for non-Windows subsystems</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Kernel</KeyPath>
<ValueName>ObCaseInsensitive</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>995db503-150c-4353-b1fc-8f52d6930b11</Id>
<OriginalId>576fb5ee-178c-4117-a4fe-ef3cbe30ce64</OriginalId>
<CceId>CCE-2089-1</CceId>
<Name>Network access: Named Pipes that can be accessed anonymously</Name>
<Type>Registry</Type>
<ExpectedValue>browser</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>NullSessionPipes</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>41f8cd7c-f877-4212-9632-2a054305a86e</Id>
<OriginalId>0f319931-aa36-4313-9320-86311c0fa623</OriginalId>
<CceId>CCE-2361-4</CceId>
<Name>Network access: Restrict anonymous access to Named Pipes and Shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>restrictnullsessaccess</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>0d07684d-0939-4e08-afbe-3c3ff63c73f7</Id>
<OriginalId>6b285a31-21ae-4b0c-813c-a8cc812c694d</OriginalId>
<CceId>CCE-2199-8</CceId>
<Name>Interactive logon: Do not display last user name</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DontDisplayLastUserName</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>ce066a68-e4e8-4ec7-ad88-d02f84792bf1</Id>
<OriginalId>68c3ff44-f8a7-4059-81d7-56749f60665b</OriginalId>
<CceId>CCE-2029-7</CceId>
<Name>Microsoft network server: Disconnect clients when logon hours expire</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enableforcedlogoff</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>30fdd489-7636-4dab-97b3-6ff01e442f86</Id>
<OriginalId>d3fe2010-6fe1-401c-81e8-a635d540af09</OriginalId>
<CceId>CCE-2183-2</CceId>
<Name>MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>ScreenSaverGracePeriod</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>b65666d9-2769-4930-8929-95f39a08d1db</BaselineId>
<Id>b55bd8db-784b-4c70-ac75-d87dea9e78e6</Id>
<OriginalId>6e48c65a-e5dd-4d64-a6e9-dfd86742f91e</OriginalId>
<CceId>CCE-2327-5</CceId>
<Name>Network security: LDAP client signing requirements</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LDAP</KeyPath>
<ValueName>LDAPClientIntegrity</ValueName>
</BaselineRegistryRule>
</Rules>
<Id>b65666d9-2769-4930-8929-95f39a08d1db</Id>
<Name>WS2008SP2 Member Server Security Compliance</Name>
<Type>WindowsOS</Type>
</BaselineRuleset>
</ArrayOfBaselineRuleset>
Home
