Res.BaselineWindowsServer2012.xml (DeployableResource)
Element properties:
Source Code:
<DeployableResource ID="Res.BaselineWindowsServer2012.xml" Accessibility="Public" FileName="BaselineWindowsServer2012.xml"/>
File Content: BaselineWindowsServer2012.xml
<?xml version="1.0" encoding="utf-8"?>
<ArrayOfBaselineRuleset xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BaselineRuleset>
<Rules>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>cf0adcba-1b96-454e-b9ba-1ff530ab88cd</Id>
<OriginalId>7c6c01fd-5c0d-4398-9de0-0a8855c4cd95</OriginalId>
<CceId>CCE-22742-1</CceId>
<Name>Network access: Sharing and security model for local accounts</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>ForceGuest</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0ff4d472-6fbe-4fcd-bc3c-70900858a850</Id>
<OriginalId>92b9d876-9d87-460c-82ea-9e8bd94c21ad</OriginalId>
<CceId>CCE-24633-0</CceId>
<Name>System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>ProtectionMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>faf8a3f7-ddd7-4a6f-9ff0-008aca67aa7a</Id>
<OriginalId>21e5ee29-51b2-4719-b979-af03e47a128e</OriginalId>
<CceId>CCE-24968-0</CceId>
<Name>MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>72f4ad5c-a48d-4e42-84cf-a6bb1553e7fe</Id>
<OriginalId>f5513338-0fa1-484e-83fb-9a5bd3954d44</OriginalId>
<CceId>CCE-24738-7</CceId>
<Name>Windows Firewall: Private: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>63463f0a-0c75-4744-be3e-0ee3c8ac6b97</Id>
<OriginalId>0091ec7e-714b-4bb3-9a36-a73412c6c1f9</OriginalId>
<CceId>CCE-24907-8</CceId>
<Name>Windows Firewall: Private: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>baa43b53-078b-424f-9a4e-61ecb4840f24</Id>
<OriginalId>849952c3-4163-4e4d-9320-138c4af87134</OriginalId>
<CceId>CCE-22773-6</CceId>
<Name>Windows Firewall: Public: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>cbbbfe73-e3ac-498b-9e6f-cc3d3888d044</Id>
<OriginalId>856f9866-0378-4952-a164-4d524770bb2a</OriginalId>
<CceId>CCE-23894-9</CceId>
<Name>Windows Firewall: Public: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>24bfb853-f395-4216-a322-69413b06d16d</Id>
<OriginalId>2e65a105-5cb1-473d-b0ca-c933415d91be</OriginalId>
<CceId>CCE-25350-0</CceId>
<Name>Windows Firewall: Domain: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>892e01ee-63c0-4590-b82e-ab17f4fa1f4d</Id>
<OriginalId>533bf252-df1b-4b5a-9320-8da18b19bcd2</OriginalId>
<CceId>CCE-24663-7</CceId>
<Name>Windows Firewall: Private: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d8525aa3-86d2-4047-817e-60443fd1441d</Id>
<OriginalId>0a80cfc2-0dcd-4566-b4be-6d8224961f83</OriginalId>
<CceId>CCE-24639-7</CceId>
<Name>Windows Firewall: Domain: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>c2a546af-cc4b-4c64-b93f-0a91e79163d0</Id>
<OriginalId>3fe3c052-d096-4bc2-8d03-7ddb03f3b1f6</OriginalId>
<CceId>CCE-24624-9</CceId>
<Name>Windows Firewall: Private: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>c617a0e7-a8d4-4c1f-956e-c4264f4ad9eb</Id>
<OriginalId>968787a1-6a19-4c96-82dd-ca531f84666d</OriginalId>
<CceId>CCE-24810-4</CceId>
<Name>Windows Firewall: Public: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>a86a7a50-504a-4f89-8f78-2fb776db74c6</Id>
<OriginalId>01cfd956-48cc-4ad6-94ff-b8f7ca488a91</OriginalId>
<CceId>CCE-25111-6</CceId>
<Name>Windows Firewall: Public: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>5e5c0ed9-6ce7-448c-940b-ca69b0831fd9</Id>
<OriginalId>db12a482-5822-44ba-b35d-e944d3ddd528</OriginalId>
<CceId>CCE-25534-9</CceId>
<Name>Windows Firewall: Domain: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>156ba710-8bbd-40cf-976b-dccb4437dce5</Id>
<OriginalId>691c581a-3b42-408b-abbe-f0bea9de3156</OriginalId>
<CceId>CCE-25607-3</CceId>
<Name>Windows Firewall: Private: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d0f51829-a47d-4fb0-a40e-83846dfbec70</Id>
<OriginalId>62c711b9-cd72-4fd2-8596-bb90387278da</OriginalId>
<CceId>CCE-24936-7</CceId>
<Name>Windows Firewall: Domain: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3a53ddaf-7504-4942-943f-7a7c756bf7e2</Id>
<OriginalId>21d226de-3201-414e-a16a-b626b6d0cc26</OriginalId>
<CceId>CCE-24452-5</CceId>
<Name>MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip6\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>88d9d6c8-627c-4b40-a72a-398f4680ac36</Id>
<OriginalId>75208064-559a-4412-8ca6-5da2d0e10cfd</OriginalId>
<CceId>CCE-23892-3</CceId>
<Name>Windows Firewall: Public: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>e504e55a-cd37-4138-a8cf-4356eef6edea</Id>
<OriginalId>d493f92b-2fe2-4489-a4e6-03fd2e3710cd</OriginalId>
<CceId>CCE-23615-8</CceId>
<Name>Windows Firewall: Private: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>e2c64d43-f336-47f3-a4b7-0d40cabde229</Id>
<OriginalId>27abca4f-4873-490c-87b6-e84d2533ba13</OriginalId>
<CceId>CCE-25213-0</CceId>
<Name>Windows Firewall: Domain: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>c71d2258-ccf5-481c-aa03-32fffdade62c</Id>
<OriginalId>902a957b-c9b3-4302-883a-394555087509</OriginalId>
<CceId>CCE-23900-4</CceId>
<Name>Windows Firewall: Public: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f5bf05a2-e930-444e-885f-d7360d3b2e54</Id>
<OriginalId>567434c1-c73f-4a24-8553-eaf1fd70fc90</OriginalId>
<CceId>CCE-25359-1</CceId>
<Name>Windows Firewall: Domain: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f060b3ef-6a5c-4785-b86d-90c6da1bf3ec</Id>
<OriginalId>56d671e2-8ff8-47cd-adeb-82fb86067598</OriginalId>
<CceId>CCE-23955-8</CceId>
<Name>Audit Policy: Account Management: Security Group Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9237-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>b8c90377-5dd0-4adb-947a-59f9dc2b4854</Id>
<OriginalId>e54d7bef-4406-4689-813c-ba14b3fd3ef8</OriginalId>
<CceId>CCE-25178-5</CceId>
<Name>Audit Policy: System: Security State Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9210-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>22459f0a-5695-4c44-8c5a-5f00b9f85971</Id>
<OriginalId>2768f99a-87a1-4be6-bf44-efcfd1412dea</OriginalId>
<CceId>CCE-25674-3</CceId>
<Name>Audit Policy: Policy Change: Authentication Policy Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9230-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0570f5aa-899c-4785-b4f3-64491e11ac99</Id>
<OriginalId>b881554b-111f-46a8-9079-b9eeb9ea60f6</OriginalId>
<CceId>CCE-24252-9</CceId>
<Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>scenoapplylegacyauditpolicy</ValueName>
</BaselineRegistryRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>9dc3578a-7125-467e-bd67-effd0072d737</Id>
<OriginalId>a94d7f10-22ff-48e8-bd82-1dfc5ccb1cb4</OriginalId>
<CceId>CCE-23482-3</CceId>
<Name>Audit Policy: Account Management: Computer Account Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9236-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>798767b6-9b7a-4a37-a5ce-d3e37c7117d9</Id>
<OriginalId>b8fc1e7a-57fd-48a0-827e-f466b21663ae</OriginalId>
<CceId>CCE-25093-6</CceId>
<Name>Audit Policy: System: System Integrity</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9212-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>9886f276-ba8f-4ec9-8ffd-9548cc166cdf</Id>
<OriginalId>abcedd04-373e-493b-8fc4-610ca4e2c11e</OriginalId>
<CceId>CCE-23670-3</CceId>
<Name>Audit Policy: Logon-Logoff: Logon</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9215-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d5f09877-dcdd-4f22-9caf-3d0f4de8bcbd</Id>
<OriginalId>17bbd596-ee57-4506-b4eb-b8914b2d8b34</OriginalId>
<CceId>CCE-25123-1</CceId>
<Name>Audit Policy: Account Management: User Account Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9235-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>fe48038b-f73a-4264-b499-0ff9dfaab05c</Id>
<OriginalId>f3179229-59a3-4c89-8eb2-45cdf42660b1</OriginalId>
<CceId>CCE-24187-7</CceId>
<Name>Audit Policy: Logon-Logoff: Special Logon</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce921b-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>eeb900d7-0184-46ad-8e07-53ebff354279</Id>
<OriginalId>ebd86e7c-c2be-461a-9db9-c4f9fd79e32f</OriginalId>
<CceId>CCE-25088-6</CceId>
<Name>Audit Policy: Account Logon: Credential Validation</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce923f-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f626c3b2-a4f1-4333-bdef-07fdc9b77da7</Id>
<OriginalId>591401f2-3712-4434-ae22-e8633dcf2ad5</OriginalId>
<CceId>CCE-24691-8</CceId>
<Name>Audit Policy: Privilege Use: Sensitive Privilege Use</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9228-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>aeb06c1a-dfbe-4ec5-803e-4609dbef6ac3</Id>
<OriginalId>2ea0de1a-c71d-46c8-8350-a7dd4d447895</OriginalId>
<CceId>CCE-24588-6</CceId>
<Name>Audit Policy: Account Management: Other Account Management Events</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce923a-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>188f6825-e683-44de-bede-ef938d1cd3ff</Id>
<OriginalId>504f27d5-2540-48f2-9aa4-ee0eebc84728</OriginalId>
<CceId>CCE-25372-4</CceId>
<Name>Audit Policy: System: IPsec Driver</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9213-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f5f5f147-4eea-4cb6-84e8-8e7e35cbc782</Id>
<OriginalId>5bd3a1dc-6de8-4021-a1a7-f1cf51f51235</OriginalId>
<CceId>CCE-25527-3</CceId>
<Name>Audit Policy: System: Security System Extension</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9211-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3a8a31d6-1801-4850-b3a7-a5cc4d5c134f</Id>
<OriginalId>821af41f-7ff7-4dae-a841-c098b7112b0c</OriginalId>
<CceId>CCE-25035-7</CceId>
<Name>Audit Policy: Policy Change: Audit Policy Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce922f-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8f60a202-6c9a-412a-a7ff-f13e4fb21ac6</Id>
<OriginalId>6598ae0c-9227-4f87-b754-f68d2f5820fc</OriginalId>
<CceId>CCE-25461-5</CceId>
<Name>Audit Policy: Detailed Tracking: Process Creation</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce922b-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>29e4c2ee-b930-4d26-a56d-51c253a5d173</Id>
<OriginalId>9f28bf93-31ae-4a09-b064-a391772fe13d</OriginalId>
<CceId>CCE-24901-1</CceId>
<Name>Audit Policy: Logon-Logoff: Logoff</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9216-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>6eea049d-4524-4a5f-8ec0-83bf964f482c</Id>
<OriginalId>577a19bc-6d69-45f1-9806-b413d522b05a</OriginalId>
<CceId>CCE-25198-3</CceId>
<Name>Domain member: Require strong (Windows 2000 or later) session key</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requirestrongkey</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f535c820-b679-4773-b641-3235f20c62ef</Id>
<OriginalId>12e02fe8-cf46-415b-8e52-9b8472d8f303</OriginalId>
<CceId>CCE-24809-6</CceId>
<Name>Interactive logon: Machine account lockout threshold</Name>
<Type>Registry</Type>
<ExpectedValue>10</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>MaxDevicePasswordFailedAttempts</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d747fa2e-fd4b-4245-a5c6-74aa80b2b399</Id>
<OriginalId>402dc351-392a-4816-a26a-65a7bcc94087</OriginalId>
<CceId>CCE-24154-7</CceId>
<Name>Interactive logon: Smart card removal behavior</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>scremoveoption</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>e3a02a4a-7596-41f5-8715-e97394eab910</Id>
<OriginalId>d3fe2010-6fe1-401c-81e8-a635d540af09</OriginalId>
<CceId>CCE-24993-8</CceId>
<Name>MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>ScreenSaverGracePeriod</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8336eeaf-ee97-432b-8e33-b65c378bcbf7</Id>
<OriginalId>68c3ff44-f8a7-4059-81d7-56749f60665b</OriginalId>
<CceId>CCE-24148-9</CceId>
<Name>Microsoft network server: Disconnect clients when logon hours expire</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enableforcedlogoff</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>ea4a450f-7617-4a3a-aa2d-475f26f752d6</Id>
<OriginalId>6b285a31-21ae-4b0c-813c-a8cc812c694d</OriginalId>
<CceId>CCE-24748-6</CceId>
<Name>Interactive logon: Do not display last user name</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DontDisplayLastUserName</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>571fe4dc-8114-4ea6-a7c1-017165106cc9</Id>
<OriginalId>8f489e6b-a616-43ac-af90-2eba4099d43e</OriginalId>
<CceId>CCE-23043-3</CceId>
<Name>Interactive logon: Machine inactivity limit</Name>
<Type>Registry</Type>
<ExpectedValue>900</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>InactivityTimeoutSecs</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>a32766c5-1d24-4364-af3e-228aa1e82edd</Id>
<OriginalId>502cd61a-fec9-42f0-a096-1ac097bbdf73</OriginalId>
<CceId>CCE-23716-4</CceId>
<Name>Microsoft network server: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>requiresecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>ae798be3-e4da-4d17-98bc-de43a39cd394</Id>
<OriginalId>ed734c3b-b27f-4515-9154-9f6f414e6564</OriginalId>
<CceId>CCE-24969-8</CceId>
<Name>Microsoft network client: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>RequireSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>7119a53a-2f0b-4cb7-8e5b-f3ba34c59373</Id>
<OriginalId>7ab7ae06-f9bd-4252-a282-8fd3a06a73df</OriginalId>
<CceId>CCE-24812-0</CceId>
<Name>Domain member: Digitally sign secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>signsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0877d90c-f827-40e7-bfb3-287e73847ca2</Id>
<OriginalId>c6c11e09-fbc2-408d-af70-3b47f2d2d1b8</OriginalId>
<CceId>CCE-23921-0</CceId>
<Name>System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy</KeyPath>
<ValueName>Enabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>045d7610-50b8-45e2-96bd-b7b83536f3a8</Id>
<OriginalId>04b278da-3245-43ec-9d5a-a5a68805027b</OriginalId>
<CceId>CCE-24465-7</CceId>
<Name>Domain member: Digitally encrypt or sign secure channel data (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requiresignorseal</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0f99186f-5ec8-4072-b329-c69e28e0a36f</Id>
<OriginalId>17463ab9-ffc1-40ab-8b09-e8054ba4504c</OriginalId>
<CceId>CCE-25264-3</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinServerSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>56ea248e-e1be-4dc5-9b62-f4b544665ffc</Id>
<OriginalId>817b2f4e-1f03-4bcc-927b-816ddd4777f9</OriginalId>
<CceId>CCE-24740-3</CceId>
<Name>Microsoft network client: Digitally sign communications (if server agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnableSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>aa226912-e1bf-4bd4-9219-662063cec6d4</Id>
<OriginalId>b1b4a762-3114-438b-92cf-90f021714790</OriginalId>
<CceId>CCE-24751-0</CceId>
<Name>Microsoft network client: Send unencrypted password to third-party SMB servers</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnablePlainTextPassword</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3a85a63a-79f3-444d-ba3a-a59a773bcad0</Id>
<OriginalId>b106bcb1-2b74-4287-8587-6cd92d337be8</OriginalId>
<CceId>CCE-24414-5</CceId>
<Name>Domain member: Digitally encrypt secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>sealsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>29956f17-1587-4ec6-9cfb-adb66432ab5e</Id>
<OriginalId>9969a7db-5fd1-4713-9a26-9862c15359e9</OriginalId>
<CceId>CCE-24783-3</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinClientSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>4b3da9b9-37a4-44ef-b8c5-28c254cb6d46</Id>
<OriginalId>1c96e719-94c8-4333-9165-6efb6a9c6210</OriginalId>
<CceId>CCE-24354-3</CceId>
<Name>Microsoft network server: Digitally sign communications (if client agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enablesecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>5aaac499-1b51-441b-8287-575f5e2667ef</Id>
<OriginalId>c836e4ce-c2f0-410c-bbf2-2550e8d24ba8</OriginalId>
<CceId>CCE-23462-5</CceId>
<Name>MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>SafeDllSearchMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>4d60b5ac-e479-4975-a7bc-b3032d7ff250</Id>
<OriginalId>e44bb6b6-6bf3-417b-a329-cb9604cde378</OriginalId>
<CceId>CCE-25274-2</CceId>
<Name>Recovery console: Allow floppy copy and access to all drives and all folders</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>setcommand</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>9a219588-e758-4a5d-abc6-a3332d303c7d</Id>
<OriginalId>1b4d4248-73f1-4950-be5c-8c2fd6d47002</OriginalId>
<CceId>CCE-24470-7</CceId>
<Name>Recovery console: Allow automatic administrative logon</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>securitylevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>eb4eb885-e99c-46b3-a3bc-5bd5f4283f60</Id>
<OriginalId>71d6ee80-22f8-44e3-99ad-cbc707218ff8</OriginalId>
<CceId>CCE-25217-1</CceId>
<Name>Devices: Allowed to format and eject removable media</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AllocateDASD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>ecbda1c3-a8cf-4c0b-a7b6-dc1afa0a3d8e</Id>
<OriginalId>b1d27dc2-b5e3-4dc5-9d3b-d634e7a25353</OriginalId>
<CceId>CCE-24927-6</CceId>
<Name>MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AutoAdminLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>51047aff-86db-4541-a3ab-4a994379dafa</Id>
<OriginalId>6e47e304-7197-4791-b16d-9a6ad3306ad4</OriginalId>
<CceId>CCE-24939-1</CceId>
<Name>System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers</KeyPath>
<ValueName>AuthenticodeEnabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>cbbed9c8-9a55-45f2-a235-69b0d8ceceda</Id>
<OriginalId>3849d4a1-188c-43d8-ad75-c73a82a8e0fe</OriginalId>
<CceId>CCE-25100-9</CceId>
<Name>Shutdown: Allow system to be shut down without having to log on</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ShutdownWithoutLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>7d466b23-544c-4824-8317-5c1b4114207c</Id>
<OriginalId>c8c43367-6343-4ae7-9387-c4f24303b90d</OriginalId>
<CceId>CCE-25120-7</CceId>
<Name>Shutdown: Clear virtual memory pagefile</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Memory Management</KeyPath>
<ValueName>ClearPageFileAtShutdown</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>91f7ac57-6e15-45b6-9e84-0a8d530400aa</Id>
<OriginalId>fbfb6cc4-d294-4884-bc3d-7f74deeb6462</OriginalId>
<CceId>CCE-24774-2</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts and shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d5af015c-548a-4891-b9c8-0254cf0388b6</Id>
<OriginalId>7ab41c58-8c4a-4781-9cdd-a6dc5c40fc66</OriginalId>
<CceId>CCE-24870-8</CceId>
<Name>System objects: Require case insensitivity for non-Windows subsystems</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Kernel</KeyPath>
<ValueName>ObCaseInsensitive</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>50e81f56-6937-4a19-b6cf-2f8fd6b1f1a9</Id>
<OriginalId>0f319931-aa36-4313-9320-86311c0fa623</OriginalId>
<CceId>CCE-24564-7</CceId>
<Name>Network access: Restrict anonymous access to Named Pipes and Shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>restrictnullsessaccess</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>24fc02a6-28f5-4bfe-9d32-4fd46b578433</Id>
<OriginalId>8ae83b84-b0fd-4b08-85a5-ff3f897a2db2</OriginalId>
<CceId>CCE-25803-8</CceId>
<Name>Interactive logon: Do not require CTRL+ALT+DEL</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableCAD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8e0f6153-0bcd-497d-98e7-e8609207ea68</Id>
<OriginalId>c4f13e60-0fae-4766-bba1-00b4c33d54b7</OriginalId>
<CceId>CCE-23082-1</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymousSAM</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>1e05d25c-85e0-47c3-b29b-387abc4d1dcb</Id>
<OriginalId>e197f79b-a454-407c-9307-7b3210313e61</OriginalId>
<CceId>CCE-23807-1</CceId>
<Name>Network access: Let Everyone permissions apply to anonymous users</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>EveryoneIncludesAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>de3ebd41-53f3-4d33-8617-37bdeb3f6d34</Id>
<OriginalId>ec468e43-6141-4bfe-970f-ca02d37d0ca7</OriginalId>
<CceId>CCE-24650-4</CceId>
<Name>Network security: LAN Manager authentication level</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LmCompatibilityLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>1eee7a4b-4415-40b6-b479-d39b58db906c</Id>
<OriginalId>6e48c65a-e5dd-4d64-a6e9-dfd86742f91e</OriginalId>
<CceId>CCE-25245-2</CceId>
<Name>Network security: LDAP client signing requirements</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LDAP</KeyPath>
<ValueName>LDAPClientIntegrity</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>59d331d1-d975-4386-8323-749482c19d32</Id>
<OriginalId>794f9728-56e1-4e5e-b697-7079757f4ac3</OriginalId>
<CceId>CCE-24150-5</CceId>
<Name>Network security: Do not store LAN Manager hash value on next password change</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>NoLMHash</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>5e2dda3e-5769-4e50-961a-a4e690558757</Id>
<OriginalId>096b92bd-142b-4c28-985f-f3ba1322265f</OriginalId>
<CceId>CCE-25643-8</CceId>
<Name>Interactive logon: Require Domain Controller authentication to unlock workstation</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>ForceUnlockLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>89d96f9a-ae6d-473b-aa17-b52f82bac456</Id>
<OriginalId>adfc53c0-573a-4b06-8a91-4dc91e830362</OriginalId>
<CceId>CCE-24264-4</CceId>
<Name>Interactive logon: Number of previous logons to cache (in case domain controller is not available)</Name>
<Type>Registry</Type>
<ExpectedValue>4</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>cachedlogonscount</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>78ccb8bf-7b66-47ff-836b-dc4e2cf0b149</Id>
<OriginalId>a43ef40c-3543-4204-a431-0f01df930b63</OriginalId>
<CceId>CCE-23656-2</CceId>
<Name>User Account Control: Switch to the secure desktop when prompting for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>PromptOnSecureDesktop</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>fa527192-0a71-407a-9725-4dab0d7a9930</Id>
<OriginalId>0d380cb0-a162-4dbb-b54b-d41a2a7f9036</OriginalId>
<CceId>CCE-25471-4</CceId>
<Name>User Account Control: Only elevate UIAccess applications that are installed in secure locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableSecureUIAPaths</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>4ff628dd-ba06-448d-9d8b-bf0e55e963a2</Id>
<OriginalId>5a0c69d4-3f9a-4c0c-afe9-89a70342a2f7</OriginalId>
<CceId>CCE-24519-1</CceId>
<Name>User Account Control: Behavior of the elevation prompt for standard users</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorUser</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3db848dd-92b4-4b53-a63f-47517034b10d</Id>
<OriginalId>48974513-39ec-472c-9ee8-5cb8abf3cb64</OriginalId>
<CceId>CCE-23877-4</CceId>
<Name>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorAdmin</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>1a19dcc1-e305-4b39-a90a-cd4188d1c425</Id>
<OriginalId>444439f0-8c54-4a1f-9e91-03533d9a69fb</OriginalId>
<CceId>CCE-23295-9</CceId>
<Name>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableUIADesktopToggle</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>c1b552a0-46f2-4ed5-a925-9350cd58e5d4</Id>
<OriginalId>d3ebc555-daf1-451f-88a1-61b1b5ac71b5</OriginalId>
<CceId>CCE-23880-8</CceId>
<Name>User Account Control: Only elevate executables that are signed and validated</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ValidateAdminCodeSignatures</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>6dd848c7-9f13-4b54-95ed-871832e98e94</Id>
<OriginalId>7ff3401a-70b6-40fa-bb33-73024f591b93</OriginalId>
<CceId>CCE-24498-8</CceId>
<Name>User Account Control: Detect application installations and prompt for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableInstallerDetection</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>2660ffb1-9e87-48ac-a63d-28df7c93167f</Id>
<OriginalId>ef509260-bd3a-450b-807d-16b454851c6f</OriginalId>
<CceId>CCE-23653-9</CceId>
<Name>User Account Control: Run all administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableLUA</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>20120fb9-bf82-42d0-ba14-d5cf05fa6bb9</Id>
<OriginalId>5fbabdf6-6786-46f6-b959-596af69f2650</OriginalId>
<CceId>CCE-24134-9</CceId>
<Name>User Account Control: Admin Approval Mode for the Built-in Administrator account</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>FilterAdministratorToken</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>055d1e63-d19a-46b7-b62f-c8b0024f51fa</Id>
<OriginalId>f50c62f4-6c34-466b-b495-54c834820a24</OriginalId>
<CceId>CCE-24231-3</CceId>
<Name>User Account Control: Virtualize file and registry write failures to per-user locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableVirtualization</ValueName>
</BaselineRegistryRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d49598d6-d9d1-43a3-b9d7-caf9971bb623</Id>
<OriginalId>6630b24b-754a-49a5-9750-188ae53c13b9</OriginalId>
<CceId>CCE-23456-7</CceId>
<Name>Manage auditing and security log</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSecurityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>41004bcd-3804-41aa-b100-b168cbf69e45</Id>
<OriginalId>b61bd492-74b0-40f3-909d-36b9bf54e94c</OriginalId>
<CceId>CCE-24162-0</CceId>
<Name>Increase a process working set</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Local Service</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseWorkingSetPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>e3a4177b-88a4-4bca-bf12-353b4f18da97</Id>
<OriginalId>6870b1f9-8535-493c-9a30-889fd01900d7</OriginalId>
<CceId>CCE-24555-5</CceId>
<Name>Replace a process level token</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAssignPrimaryTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>50927412-8733-486e-afd5-9fd9388bf99d</Id>
<OriginalId>cb3e6c7f-6d9b-4577-95df-93791481f060</OriginalId>
<CceId>CCE-24682-7</CceId>
<Name>Modify an object label</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRelabelPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>55393dca-3286-4048-b6b3-697b7bfaab1f</Id>
<OriginalId>96bc8bd8-d3d6-4f89-8f91-4ea964f2db67</OriginalId>
<CceId>CCE-23939-2</CceId>
<Name>Create a token object</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>fc724035-f195-4da1-b763-dbffd2a73328</Id>
<OriginalId>60859cb4-3ad7-4a2f-8564-fcfde3ee1768</OriginalId>
<CceId>CCE-25683-4</CceId>
<Name>Access Credential Manager as a trusted caller</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTrustedCredManAccessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>04c824de-a93c-49cf-bb22-997cdff9e9fc</Id>
<OriginalId>78c974e6-940e-4fec-8697-73d0ed54943c</OriginalId>
<CceId>CCE-24406-1</CceId>
<Name>Allow log on through Remote Desktop Services</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0b8bd809-c6ee-4381-81b3-da2479e8961f</Id>
<OriginalId>52a9b265-75cb-45a0-ac23-3e5d4fa566c2</OriginalId>
<CceId>CCE-23972-3</CceId>
<Name>Create a pagefile</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePagefilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>24ce7f6b-3aa3-4a88-8d5f-c142a9850ed9</Id>
<OriginalId>8840018d-e63a-4e69-96a8-c06af7e963a8</OriginalId>
<CceId>CCE-24734-6</CceId>
<Name>Force shutdown from a remote system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>5e5b3284-68f9-4827-9760-bd8f255764b5</Id>
<OriginalId>d2197a4c-19f4-4630-b15a-aaf85c813045</OriginalId>
<CceId>CCE-24460-8</CceId>
<Name>Deny log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3bbfd9ce-5f03-4f28-bf33-0f9851947868</Id>
<OriginalId>eba90e79-8551-416f-9258-a48e1d9a60c7</OriginalId>
<CceId>CCE-24911-0</CceId>
<Name>Increase scheduling priority</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseBasePriorityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>17af582e-3fe2-4742-af94-f400ef9441b8</Id>
<OriginalId>a9411a96-e13f-4b37-ab31-b84a06d63460</OriginalId>
<CceId>CCE-25176-9</CceId>
<Name>Devices: Prevent users from installing printer drivers</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers</KeyPath>
<ValueName>AddPrinterDrivers</ValueName>
</BaselineRegistryRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>42e4e1bc-f2fd-4c7d-be97-131b59036cbb</Id>
<OriginalId>4e63307f-262d-4242-8210-c7753d029bef</OriginalId>
<CceId>CCE-24779-1</CceId>
<Name>Load and unload device drivers</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLoadDriverPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>1a0bbe11-bd49-4532-b7bc-571f36d91ce1</Id>
<OriginalId>c25cfa17-7dbb-4699-a9a9-f53962a70de9</OriginalId>
<CceId>CCE-25271-8</CceId>
<Name>Bypass traverse checking</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users, Backup Operators, Local Service, Network Service</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeChangeNotifyPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8cc38eed-c5ea-48a1-88b0-5db5e42c2a8a</Id>
<OriginalId>c63e0099-758c-4b99-aecd-eb63df8559d8</OriginalId>
<CceId>CCE-25518-2</CceId>
<Name>Restore files and directories</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRestorePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3532f782-2454-464e-a68f-8e935080862f</Id>
<OriginalId>44aa9ea0-873d-441e-9103-39a98f1704aa</OriginalId>
<CceId>CCE-24185-1</CceId>
<Name>Change the system time</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemTimePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>69edc909-748a-423f-9c75-f37fbbe47251</Id>
<OriginalId>c3a6cfaf-1504-4d55-ace8-1ebc971d9ebc</OriginalId>
<CceId>CCE-23850-1</CceId>
<Name>Create global objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateGlobalPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>ff1f9c84-2f68-47c5-93ca-e834aeaf1e33</Id>
<OriginalId>5e0f8e3b-f0fe-40be-b155-c4fd56f6c9e1</OriginalId>
<CceId>CCE-25070-4</CceId>
<Name>Perform volume maintenance tasks</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeManageVolumePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>04ee9465-ff0c-4222-9b00-bfe36407132f</Id>
<OriginalId>8dcd558f-d276-493c-86e4-b259adab009b</OriginalId>
<CceId>CCE-24550-6</CceId>
<Name>Remove computer from docking station</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeUndockPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>763d83da-c1a7-48a4-8c78-66b49e58787e</Id>
<OriginalId>8797b752-5346-436e-8502-cd5031cc77d5</OriginalId>
<CceId>CCE-25215-5</CceId>
<Name>Deny log on as a batch job</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyBatchLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>cbd08bfb-a685-4163-a3ca-55dce30e113c</Id>
<OriginalId>23a1c3b4-4d38-4153-854a-e315ad699d9b</OriginalId>
<CceId>CCE-25228-8</CceId>
<Name>Allow log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>a56723cc-b50f-4214-ab10-5c7f1aeb7ab7</Id>
<OriginalId>485ea1c9-091c-434b-b8e0-c9d8cbfde052</OriginalId>
<CceId>CCE-25270-0</CceId>
<Name>Enable computer and user accounts to be trusted for delegation</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeEnableDelegationPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0e496833-0a9f-4356-98e5-311760c25076</Id>
<OriginalId>dd1e688f-295d-4ee6-8f2f-5cdb83c0b4e1</OriginalId>
<CceId>CCE-23723-0</CceId>
<Name>Create permanent shared objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePermanentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>ce33fad0-a6f4-45a8-bf94-92fac4ee7fe2</Id>
<OriginalId>591bd8ac-a5b3-41cc-8978-2bce50123a00</OriginalId>
<CceId>CCE-23648-9</CceId>
<Name>Debug programs</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDebugPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>79bff0ee-1047-4f06-a416-3c023f33810b</Id>
<OriginalId>f921fab5-cf36-4241-b474-276fd53263a5</OriginalId>
<CceId>CCE-23844-4</CceId>
<Name>Profile single process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeProfileSingleProcessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>b4f75671-f27b-40b8-92f4-62fc621562fd</Id>
<OriginalId>1ce3bf70-68d8-419b-96ef-d293de427cff</OriginalId>
<CceId>CCE-25380-7</CceId>
<Name>Back up files and directories</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeBackupPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0e72fb56-c8cb-47b7-b09e-3f3ad4bb1ebf</Id>
<OriginalId>48cf8aee-1c72-4c3e-9f2a-c6dfe8990219</OriginalId>
<CceId>CCE-24938-3</CceId>
<Name>Access this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>2d25c8e4-0f3f-4443-9d77-9ee4f53d8b40</Id>
<OriginalId>4b696c3e-dd2c-4d5e-bb0a-d7190de2c322</OriginalId>
<CceId>CCE-25112-4</CceId>
<Name>Adjust memory quotas for a process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Local Service, Network Service</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseQuotaPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8646a568-160a-40b6-b965-197503ce304a</Id>
<OriginalId>204ff604-1cab-46c8-aa22-01e7d78925e4</OriginalId>
<CceId>CCE-23500-2</CceId>
<Name>Shut down the system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>a4a5561c-ff99-4640-b8f4-12c8649da3ef</Id>
<OriginalId>10afbff0-0f2c-41b7-8b66-68bda79b77bd</OriginalId>
<CceId>CCE-24549-8</CceId>
<Name>Create symbolic links</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateSymbolicLinkPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>f52f18ae-d456-4437-8c11-6b49bd66fa32</Id>
<OriginalId>9066c223-8261-4c0b-9cfc-6a396532dbbc</OriginalId>
<CceId>CCE-24632-2</CceId>
<Name>Change the time zone</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTimeZonePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>117f5361-4efa-403a-9094-61ed720bd3ef</Id>
<OriginalId>b9af2cf2-1528-469c-b7e8-3787c4513479</OriginalId>
<CceId>CCE-24188-5</CceId>
<Name>Deny access to this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>8992484e-2322-4f65-8ad7-f515e78c1abf</Id>
<OriginalId>87691f9f-e18e-42c3-ac3c-621c7b30bdda</OriginalId>
<CceId>CCE-24477-2</CceId>
<Name>Impersonate a client after authentication</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, SERVICE, Local Service, Network Service</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeImpersonatePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>66999743-370b-4693-9ab9-690014d3beeb</Id>
<OriginalId>63db26be-30f4-4428-9b60-ea0b0daeae0d</OriginalId>
<CceId>CCE-25533-1</CceId>
<Name>Modify firmware environment values</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemEnvironmentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>64925919-0ef4-45a3-9816-539599d93c18</Id>
<OriginalId>38165ccc-d675-481c-8881-231a5c2032f9</OriginalId>
<CceId>CCE-23829-5</CceId>
<Name>Lock pages in memory</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLockMemoryPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>c1d6730c-712a-48bf-a198-fa96f4a105db</Id>
<OriginalId>b77b9700-3212-4d5f-9547-dbe8ffd32574</OriginalId>
<CceId>CCE-25043-1</CceId>
<Name>Act as part of the operating system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTcbPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3c0e2942-a03c-4020-a42f-9d8fcff407ea</Id>
<OriginalId>3ebdc510-830f-4520-9bce-2fe8f4f88b3f</OriginalId>
<CceId>CCE-24048-1</CceId>
<Name>Generate security audits</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Local Service, Network Service</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAuditPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>6f322fbc-0c13-4d40-8b89-8eb2f245b21e</Id>
<OriginalId>f540aa73-5550-4058-9209-e268908611d5</OriginalId>
<CceId>CCE-25585-1</CceId>
<Name>Take ownership of files or other objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTakeOwnershipPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>3b58e6c4-96f6-4d75-b8d4-b2c2a8800894</Id>
<OriginalId>b44fadd3-f7c2-45dc-98dd-5e9ba179d89d</OriginalId>
<CceId>CCE-24243-8</CceId>
<Name>Domain member: Disable machine account password changes</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>disablepasswordchange</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>6ad6edc3-97aa-4ca3-bcf5-241d6a8c4336</Id>
<OriginalId>74870acb-ad3d-4bec-a067-1b1895ce2621</OriginalId>
<CceId>CCE-23704-0</CceId>
<Name>Interactive logon: Prompt user to change password before expiration</Name>
<Type>Registry</Type>
<ExpectedValue>14</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>passwordexpirywarning</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>d3a30e93-16ca-4251-b400-34adc090f11c</Id>
<OriginalId>051cdac6-2234-4eb7-85eb-db391c469557</OriginalId>
<CceId>CCE-25589-3</CceId>
<Name>Accounts: Limit local account use of blank passwords to console logon only</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LimitBlankPasswordUse</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>0f03ded2-2fef-44c3-bd49-82a15b558283</Id>
<OriginalId>536280a6-5020-4e53-890b-3d056c700b31</OriginalId>
<CceId>CCE-23782-6</CceId>
<Name>Control Event Log behavior when the log file reaches its maximum size</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\System</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>cf8d54bd-4e0a-422e-9128-1c214fa38551</Id>
<OriginalId>cb132c19-30cf-42c5-a72b-08f9b3a844eb</OriginalId>
<CceId>CCE-23646-3</CceId>
<Name>Control Event Log behavior when the log file reaches its maximum size</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Application</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>9fda54c8-ef3b-4729-8b7c-8aa8f6ae43c6</Id>
<OriginalId>25c67f65-0d37-41d5-9e75-72707c97a290</OriginalId>
<CceId>CCE-23988-9</CceId>
<Name>Audit: Shut down system immediately if unable to log security audits</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>crashonauditfail</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>748e67cc-2821-43cb-b46b-f571f37e3554</Id>
<OriginalId>19a0c0e2-48ca-4a9f-9493-bd547b86d8ad</OriginalId>
<CceId>CCE-25110-8</CceId>
<Name>MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning</Name>
<Type>Registry</Type>
<ExpectedValue>90</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Services\Eventlog\Security</KeyPath>
<ValueName>WarningLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>51e9a436-6790-4ea7-9ddd-c07b789fe228</BaselineId>
<Id>a3a46408-6446-48b6-9683-3707fe412358</Id>
<OriginalId>69ba6491-22e9-49f2-8ffc-9d83658cbd3c</OriginalId>
<CceId>CCE-24583-7</CceId>
<Name>Control Event Log behavior when the log file reaches its maximum size</Name>
<Type>Registry</Type>
<ExpectedValue>Disabled</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Security</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
</Rules>
<Id>51e9a436-6790-4ea7-9ddd-c07b789fe228</Id>
<Name>WS2012 Member Server Security Compliance</Name>
<Type>WindowsOS</Type>
</BaselineRuleset>
</ArrayOfBaselineRuleset>
Home
