Res.BaselineWindowsServer2012R2.xml (DeployableResource)
Element properties:
Source Code:
<DeployableResource ID="Res.BaselineWindowsServer2012R2.xml" Accessibility="Public" FileName="BaselineWindowsServer2012R2.xml"/>
File Content: BaselineWindowsServer2012R2.xml
<?xml version="1.0" encoding="utf-8"?>
<ArrayOfBaselineRuleset xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BaselineRuleset>
<Rules>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d82136e2-16cc-4fb8-b6ca-559b11c08029</Id>
<OriginalId>ec468e43-6141-4bfe-970f-ca02d37d0ca7</OriginalId>
<CceId>CCE-36173-3</CceId>
<Name>Network security: LAN Manager authentication level</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LmCompatibilityLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>97ca378a-4ba3-4e4a-9dd7-fa3777102a1a</Id>
<OriginalId>763c80f9-f87a-4246-ab22-d0817891d5d3</OriginalId>
<CceId>CCE-37035-3</CceId>
<Name>Network security: Allow LocalSystem NULL session fallback</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>allownullsessionfallback</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>95ba349a-7f09-4f12-8b9b-1f92d85594ff</Id>
<OriginalId>b1b4a762-3114-438b-92cf-90f021714790</OriginalId>
<CceId>CCE-37863-8</CceId>
<Name>Microsoft network client: Send unencrypted password to third-party SMB servers</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnablePlainTextPassword</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d54aab9e-4ccb-41d2-a9c7-5cbb97dbf327</Id>
<OriginalId>f4a2c795-7dc3-4deb-b76f-ef54c49da0d9</OriginalId>
<CceId>CCE-38341-4</CceId>
<Name>Network security: Allow Local System to use computer identity for NTLM</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>UseMachineId</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c09401f6-00f2-488d-ab5b-936c1b19206a</Id>
<OriginalId>794f9728-56e1-4e5e-b697-7079757f4ac3</OriginalId>
<CceId>CCE-36326-7</CceId>
<Name>Network security: Do not store LAN Manager hash value on next password change</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>NoLMHash</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>3eb53013-936e-405d-9a95-401dd026ab0b</Id>
<OriginalId>17463ab9-ffc1-40ab-8b09-e8054ba4504c</OriginalId>
<CceId>CCE-37835-6</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinServerSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b2a792ce-f9c2-43b4-a244-952fb4674b9f</Id>
<OriginalId>402dc351-392a-4816-a26a-65a7bcc94087</OriginalId>
<CceId>CCE-38333-1</CceId>
<Name>Interactive logon: Smart card removal behavior</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>scremoveoption</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ed1c0841-b58b-4179-8573-e5748aae66fa</Id>
<OriginalId>9969a7db-5fd1-4713-9a26-9862c15359e9</OriginalId>
<CceId>CCE-37553-5</CceId>
<Name>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinClientSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>e214578e-2387-4899-894f-2ffc99b86cc3</Id>
<OriginalId>adfc53c0-573a-4b06-8a91-4dc91e830362</OriginalId>
<CceId>CCE-37439-7</CceId>
<Name>Interactive logon: Number of previous logons to cache (in case domain controller is not available)</Name>
<Type>Registry</Type>
<ExpectedValue>4</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>cachedlogonscount</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>da87147e-54c1-4fa4-8a88-8e48fbaf4e47</Id>
<OriginalId>e197f79b-a454-407c-9307-7b3210313e61</OriginalId>
<CceId>CCE-36148-5</CceId>
<Name>Network access: Let Everyone permissions apply to anonymous users</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>EveryoneIncludesAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>63006b09-c981-434c-b77d-07191efe3c87</Id>
<OriginalId>fbfb6cc4-d294-4884-bc3d-7f74deeb6462</OriginalId>
<CceId>CCE-36077-6</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts and shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>5983527c-f84a-4a69-bdaf-21cdceff37d9</Id>
<OriginalId>c4f13e60-0fae-4766-bba1-00b4c33d54b7</OriginalId>
<CceId>CCE-36316-8</CceId>
<Name>Network access: Do not allow anonymous enumeration of SAM accounts</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymousSAM</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>cd8e0aad-d3c3-4c71-a1aa-5726f6307b8e</Id>
<OriginalId>c8c43367-6343-4ae7-9387-c4f24303b90d</OriginalId>
<CceId>CCE-38335-6</CceId>
<Name>Shutdown: Clear virtual memory pagefile</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Memory Management</KeyPath>
<ValueName>ClearPageFileAtShutdown</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>8a92a3c6-30e1-46c3-9af0-d359f2d9811c</Id>
<OriginalId>3849d4a1-188c-43d8-ad75-c73a82a8e0fe</OriginalId>
<CceId>CCE-36788-8</CceId>
<Name>Shutdown: Allow system to be shut down without having to log on</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ShutdownWithoutLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a6b659e0-a942-408b-b72e-34900002ae49</Id>
<OriginalId>7ab41c58-8c4a-4781-9cdd-a6dc5c40fc66</OriginalId>
<CceId>CCE-37885-1</CceId>
<Name>System objects: Require case insensitivity for non-Windows subsystems</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Kernel</KeyPath>
<ValueName>ObCaseInsensitive</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d168a0da-385c-42ef-841a-4b2bdb347746</Id>
<OriginalId>7c6c01fd-5c0d-4398-9de0-0a8855c4cd95</OriginalId>
<CceId>CCE-37623-6</CceId>
<Name>Network access: Sharing and security model for local accounts</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>ForceGuest</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>8d93d233-07e3-4ab5-881f-388844069274</Id>
<OriginalId>8ae83b84-b0fd-4b08-85a5-ff3f897a2db2</OriginalId>
<CceId>CCE-37637-6</CceId>
<Name>Interactive logon: Do not require CTRL+ALT+DEL</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableCAD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>924f5851-efcf-4fe2-8fb3-1bfd8153516f</Id>
<OriginalId>71d6ee80-22f8-44e3-99ad-cbc707218ff8</OriginalId>
<CceId>CCE-37701-0</CceId>
<Name>Devices: Allowed to format and eject removable media</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AllocateDASD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>9be3e136-3b43-4a91-8277-c854efb80327</Id>
<OriginalId>6e47e304-7197-4791-b16d-9a6ad3306ad4</OriginalId>
<CceId>CCE-37172-4</CceId>
<Name>System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers</KeyPath>
<ValueName>AuthenticodeEnabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1728e7f5-addc-41e2-9455-ae4d0a39d5f8</Id>
<OriginalId>b1d27dc2-b5e3-4dc5-9d3b-d634e7a25353</OriginalId>
<CceId>CCE-37067-6</CceId>
<Name>MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AutoAdminLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>17e433c2-be93-477c-90d3-ebfc256dcaa8</Id>
<OriginalId>c836e4ce-c2f0-410c-bbf2-2550e8d24ba8</OriginalId>
<CceId>CCE-36351-5</CceId>
<Name>MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>SafeDllSearchMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1e913999-77c9-4cc0-960e-c7ce9d7507cd</Id>
<OriginalId>1b4d4248-73f1-4950-be5c-8c2fd6d47002</OriginalId>
<CceId>CCE-37624-4</CceId>
<Name>Recovery console: Allow automatic administrative logon</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>securitylevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>72dd6b79-12f7-4255-bdf6-79a2095563c9</Id>
<OriginalId>0f319931-aa36-4313-9320-86311c0fa623</OriginalId>
<CceId>CCE-36021-4</CceId>
<Name>Network access: Restrict anonymous access to Named Pipes and Shares</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>restrictnullsessaccess</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>f447923e-f8fb-4116-8aea-7caa4b911175</Id>
<OriginalId>e44bb6b6-6bf3-417b-a329-cb9604cde378</OriginalId>
<CceId>CCE-37307-6</CceId>
<Name>Recovery console: Allow floppy copy and access to all drives and all folders</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>setcommand</ValueName>
</BaselineRegistryRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>107b8424-7ee8-4b6a-a859-b5256aa6596e</Id>
<OriginalId>504f27d5-2540-48f2-9aa4-ee0eebc84728</OriginalId>
<CceId>CCE-37853-9</CceId>
<Name>Audit Policy: System: IPsec Driver</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9213-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>bda94d3b-0526-494c-9e33-c6bd0d9a0ac8</Id>
<OriginalId>5bd3a1dc-6de8-4021-a1a7-f1cf51f51235</OriginalId>
<CceId>CCE-36144-4</CceId>
<Name>Audit Policy: System: Security System Extension</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9211-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d6bca841-8cbc-4e0b-a7cc-0d267033cf46</Id>
<OriginalId>56d671e2-8ff8-47cd-adeb-82fb86067598</OriginalId>
<CceId>CCE-38034-5</CceId>
<Name>Audit Policy: Account Management: Security Group Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9237-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>abb6eb2b-b785-4a43-975a-47ac1c93ea76</Id>
<OriginalId>b881554b-111f-46a8-9079-b9eeb9ea60f6</OriginalId>
<CceId>CCE-37850-5</CceId>
<Name>Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>scenoapplylegacyauditpolicy</ValueName>
</BaselineRegistryRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>bfbcf6a4-5918-43d6-b227-3eb743c42fc6</Id>
<OriginalId>2ea0de1a-c71d-46c8-8350-a7dd4d447895</OriginalId>
<CceId>CCE-37855-4</CceId>
<Name>Audit Policy: Account Management: Other Account Management Events</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce923a-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>9381b3b7-5bde-4ecd-af97-a944766690db</Id>
<OriginalId>e54d7bef-4406-4689-813c-ba14b3fd3ef8</OriginalId>
<CceId>CCE-38114-5</CceId>
<Name>Audit Policy: System: Security State Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9210-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b566ed34-277a-420f-9070-1a004fceea77</Id>
<OriginalId>6598ae0c-9227-4f87-b754-f68d2f5820fc</OriginalId>
<CceId>CCE-36059-4</CceId>
<Name>Audit Policy: Detailed Tracking: Process Creation</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce922b-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>632ec8bb-afbc-4b95-ae0c-4c47955e25fb</Id>
<OriginalId>aad1ad34-9f4f-4c86-b29a-c6710169687c</OriginalId>
<CceId>CCE-38030-3</CceId>
<Name>Audit Policy: System: Other System Events</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9214-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ebad0dce-6521-48a5-b940-e83a03f237f6</Id>
<OriginalId>a28ddc45-464d-4cee-a675-9a3dfe0c07c7</OriginalId>
<CceId>CCE-37133-6</CceId>
<Name>Audit Policy: Logon-Logoff: Account Lockout</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9217-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>101eaf81-3dd3-4867-8871-f649131a06a9</Id>
<OriginalId>821af41f-7ff7-4dae-a841-c098b7112b0c</OriginalId>
<CceId>CCE-38028-7</CceId>
<Name>Audit Policy: Policy Change: Audit Policy Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce922f-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>3872d203-c556-4001-b2f6-b6ee0bd926c4</Id>
<OriginalId>f3179229-59a3-4c89-8eb2-45cdf42660b1</OriginalId>
<CceId>CCE-36266-5</CceId>
<Name>Audit Policy: Logon-Logoff: Special Logon</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce921b-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d07a36dc-de05-4842-9a11-22d2b3411127</Id>
<OriginalId>17bbd596-ee57-4506-b4eb-b8914b2d8b34</OriginalId>
<CceId>CCE-37856-2</CceId>
<Name>Audit Policy: Account Management: User Account Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9235-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a41cbeed-d66b-4020-8a10-9a78a135b523</Id>
<OriginalId>ebd86e7c-c2be-461a-9db9-c4f9fd79e32f</OriginalId>
<CceId>CCE-37741-6</CceId>
<Name>Audit Policy: Account Logon: Credential Validation</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce923f-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>213b1b6e-523a-4a42-bc8f-1f4276ef59c7</Id>
<OriginalId>abcedd04-373e-493b-8fc4-610ca4e2c11e</OriginalId>
<CceId>CCE-38036-0</CceId>
<Name>Audit Policy: Logon-Logoff: Logon</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9215-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>8b61459e-2b27-4675-b5d1-00f8f1f1529d</Id>
<OriginalId>a94d7f10-22ff-48e8-bd82-1dfc5ccb1cb4</OriginalId>
<CceId>CCE-38004-8</CceId>
<Name>Audit Policy: Account Management: Computer Account Management</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9236-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>8d0d6832-fdb5-46f1-b225-cf224ff8d3c9</Id>
<OriginalId>591401f2-3712-4434-ae22-e8633dcf2ad5</OriginalId>
<CceId>CCE-36267-3</CceId>
<Name>Audit Policy: Privilege Use: Sensitive Privilege Use</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9228-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>41f6a2e9-03b1-4d32-a026-91ef6899024f</Id>
<OriginalId>9f28bf93-31ae-4a09-b064-a391772fe13d</OriginalId>
<CceId>CCE-38237-4</CceId>
<Name>Audit Policy: Logon-Logoff: Logoff</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9216-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>aa0ca1a0-d22f-4f98-9084-7de0dc6e05da</Id>
<OriginalId>2768f99a-87a1-4be6-bf44-efcfd1412dea</OriginalId>
<CceId>CCE-38327-3</CceId>
<Name>Audit Policy: Policy Change: Authentication Policy Change</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9230-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>2a94b2d5-fd25-45de-a576-8e5b7497262f</Id>
<OriginalId>b8fc1e7a-57fd-48a0-827e-f466b21663ae</OriginalId>
<CceId>CCE-37132-8</CceId>
<Name>Audit Policy: System: System Integrity</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0cce9212-69ae-11d9-bed3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>11b49c17-741d-4884-b5d6-bd5083950697</Id>
<OriginalId>d3fe2010-6fe1-401c-81e8-a635d540af09</OriginalId>
<CceId>CCE-37993-3</CceId>
<Name>MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>ScreenSaverGracePeriod</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>582a4f50-aab8-4cba-bba5-28eff6603436</Id>
<OriginalId>8f489e6b-a616-43ac-af90-2eba4099d43e</OriginalId>
<CceId>CCE-38235-8</CceId>
<Name>Interactive logon: Machine inactivity limit</Name>
<Type>Registry</Type>
<ExpectedValue>900</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>InactivityTimeoutSecs</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>92355bf7-0d7f-4263-99d3-333183dd22e5</Id>
<OriginalId>68c3ff44-f8a7-4059-81d7-56749f60665b</OriginalId>
<CceId>CCE-37972-7</CceId>
<Name>Microsoft network server: Disconnect clients when logon hours expire</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enableforcedlogoff</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1c449a3c-20c5-40e6-9742-d90052f1f60c</Id>
<OriginalId>6b285a31-21ae-4b0c-813c-a8cc812c694d</OriginalId>
<CceId>CCE-36056-0</CceId>
<Name>Interactive logon: Do not display last user name</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DontDisplayLastUserName</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>0196ee31-5772-4783-b28d-4481af0d7ad1</Id>
<OriginalId>12e02fe8-cf46-415b-8e52-9b8472d8f303</OriginalId>
<CceId>CCE-36264-0</CceId>
<Name>Interactive logon: Machine account lockout threshold</Name>
<Type>Registry</Type>
<ExpectedValue>10</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>MaxDevicePasswordFailedAttempts</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>53f493fb-f11a-44e9-9adb-3069d66a9844</Id>
<OriginalId>a9411a96-e13f-4b37-ab31-b84a06d63460</OriginalId>
<CceId>CCE-37942-0</CceId>
<Name>Devices: Prevent users from installing printer drivers</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers</KeyPath>
<ValueName>AddPrinterDrivers</ValueName>
</BaselineRegistryRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a01142fd-5529-4f95-b55b-73d04adb9919</Id>
<OriginalId>c3a6cfaf-1504-4d55-ace8-1ebc971d9ebc</OriginalId>
<CceId>CCE-37453-8</CceId>
<Name>Create global objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateGlobalPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>33f6db2d-3816-47e5-af11-f3e014bdaad6</Id>
<OriginalId>48cf8aee-1c72-4c3e-9f2a-c6dfe8990219</OriginalId>
<CceId>CCE-35818-4</CceId>
<Name>Access this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1dc534a7-f6c1-4977-bd74-037e6b5159bf</Id>
<OriginalId>cb3e6c7f-6d9b-4577-95df-93791481f060</OriginalId>
<CceId>CCE-36054-5</CceId>
<Name>Modify an object label</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRelabelPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c0178641-dfd3-4937-b32a-a661f4b3b36a</Id>
<OriginalId>3ebdc510-830f-4520-9bce-2fe8f4f88b3f</OriginalId>
<CceId>CCE-37639-2</CceId>
<Name>Generate security audits</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Local Service, Network Service</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAuditPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>22e60f42-b881-41a9-a773-1dd57677d07c</Id>
<OriginalId>eba90e79-8551-416f-9258-a48e1d9a60c7</OriginalId>
<CceId>CCE-38326-5</CceId>
<Name>Increase scheduling priority</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseBasePriorityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>cc36c1ba-77d8-4317-9a52-c57862f9bee1</Id>
<OriginalId>8840018d-e63a-4e69-96a8-c06af7e963a8</OriginalId>
<CceId>CCE-37877-8</CceId>
<Name>Force shutdown from a remote system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>31a81fcc-b81f-4c87-afe5-a6f422da365f</Id>
<OriginalId>78c974e6-940e-4fec-8697-73d0ed54943c</OriginalId>
<CceId>CCE-37072-6</CceId>
<Name>Allow log on through Remote Desktop Services</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>79ccc4e0-2306-4ac8-a492-7d36287c9adb</Id>
<OriginalId>44aa9ea0-873d-441e-9103-39a98f1704aa</OriginalId>
<CceId>CCE-37452-0</CceId>
<Name>Change the system time</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemTimePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b02be7bd-d30f-4d9e-8df4-7a5b01a1364d</Id>
<OriginalId>52a9b265-75cb-45a0-ac23-3e5d4fa566c2</OriginalId>
<CceId>CCE-35821-8</CceId>
<Name>Create a pagefile</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePagefilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b239649c-499c-479a-b1a1-29ca9dc66fb1</Id>
<OriginalId>f921fab5-cf36-4241-b474-276fd53263a5</OriginalId>
<CceId>CCE-37131-0</CceId>
<Name>Profile single process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeProfileSingleProcessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>406f0e13-8709-4ac1-87aa-779f2a3e554b</Id>
<OriginalId>8797b752-5346-436e-8502-cd5031cc77d5</OriginalId>
<CceId>CCE-36923-1</CceId>
<Name>Deny log on as a batch job</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyBatchLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1eb18791-2d15-4e6a-9280-6cb868fc0162</Id>
<OriginalId>b77b9700-3212-4d5f-9547-dbe8ffd32574</OriginalId>
<CceId>CCE-36876-1</CceId>
<Name>Act as part of the operating system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTcbPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>6fb65585-1b82-40dd-8449-32f91ac7ef21</Id>
<OriginalId>9066c223-8261-4c0b-9cfc-6a396532dbbc</OriginalId>
<CceId>CCE-37700-2</CceId>
<Name>Change the time zone</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTimeZonePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c7282bdc-e040-4e22-bb4a-f5977d8f59f8</Id>
<OriginalId>38165ccc-d675-481c-8881-231a5c2032f9</OriginalId>
<CceId>CCE-36495-0</CceId>
<Name>Lock pages in memory</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLockMemoryPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a723aa73-7a8e-46b6-8624-d086b27772fc</Id>
<OriginalId>60859cb4-3ad7-4a2f-8564-fcfde3ee1768</OriginalId>
<CceId>CCE-37056-9</CceId>
<Name>Access Credential Manager as a trusted caller</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTrustedCredManAccessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ec508621-1384-40f9-8cee-defd90934808</Id>
<OriginalId>96bc8bd8-d3d6-4f89-8f91-4ea964f2db67</OriginalId>
<CceId>CCE-36861-3</CceId>
<Name>Create a token object</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>005bfd95-40be-4719-83e9-9769a70dcd9c</Id>
<OriginalId>591bd8ac-a5b3-41cc-8978-2bce50123a00</OriginalId>
<CceId>CCE-37075-9</CceId>
<Name>Debug programs</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDebugPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>6c2c0627-54b0-4dc0-8077-be7f3ea838e8</Id>
<OriginalId>16e53e79-5879-477f-a7ea-2b4cd0fff5ba</OriginalId>
<CceId>CCE-36877-9</CceId>
<Name>Deny log on as a service</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyServiceLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>4c940ec2-5e0e-431b-906b-5c1b4a82c326</Id>
<OriginalId>b9af2cf2-1528-469c-b7e8-3787c4513479</OriginalId>
<CceId>CCE-37954-5</CceId>
<Name>Deny access to this computer from the network</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests, NT AUTHORITY\Local account and member of Administrators group</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>32b97116-c800-4107-a1b7-8e15253508a8</Id>
<OriginalId>1ce3bf70-68d8-419b-96ef-d293de427cff</OriginalId>
<CceId>CCE-35912-5</CceId>
<Name>Back up files and directories</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeBackupPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>2c6609e1-4393-43b1-a77c-7a6dd15ccf94</Id>
<OriginalId>204ff604-1cab-46c8-aa22-01e7d78925e4</OriginalId>
<CceId>CCE-38328-1</CceId>
<Name>Shut down the system</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b179628e-7260-461e-9c1d-5638a78dac97</Id>
<OriginalId>d2197a4c-19f4-4630-b15a-aaf85c813045</OriginalId>
<CceId>CCE-37146-8</CceId>
<Name>Deny log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>fcfd01ef-29c0-470c-8669-131f6f3347f6</Id>
<OriginalId>6870b1f9-8535-493c-9a30-889fd01900d7</OriginalId>
<CceId>CCE-37430-6</CceId>
<Name>Replace a process level token</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>LOCAL SERVICE, NETWORK SERVICE</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAssignPrimaryTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>49b31ab3-ba8d-44f7-92b1-850c105752d5</Id>
<OriginalId>49862b02-e96e-4ebc-8cac-129f07b1298e</OriginalId>
<CceId>CCE-36867-0</CceId>
<Name>Deny log on through Remote Desktop Services</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests, NT AUTHORITY\Local Account</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>49a2d248-907e-41dc-9f09-e91f60069c12</Id>
<OriginalId>63db26be-30f4-4428-9b60-ea0b0daeae0d</OriginalId>
<CceId>CCE-38113-7</CceId>
<Name>Modify firmware environment values</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemEnvironmentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>dd2d1504-9d49-4d16-8937-eb9e7d5f4a40</Id>
<OriginalId>23a1c3b4-4d38-4153-854a-e315ad699d9b</OriginalId>
<CceId>CCE-37659-0</CceId>
<Name>Allow log on locally</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>048dd516-4793-44e1-8e5d-444a54113628</Id>
<OriginalId>c63e0099-758c-4b99-aecd-eb63df8559d8</OriginalId>
<CceId>CCE-37613-7</CceId>
<Name>Restore files and directories</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRestorePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>dadaf9fd-114b-47b1-abc4-b95a8fc62426</Id>
<OriginalId>5e0f8e3b-f0fe-40be-b155-c4fd56f6c9e1</OriginalId>
<CceId>CCE-36143-6</CceId>
<Name>Perform volume maintenance tasks</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeManageVolumePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>0f5f6960-8122-47cb-a1f5-b1d174d4b8d7</Id>
<OriginalId>6630b24b-754a-49a5-9750-188ae53c13b9</OriginalId>
<CceId>CCE-35906-7</CceId>
<Name>Manage auditing and security log</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSecurityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>3edf66ca-eef2-4a11-9b5f-0e9f66d0c485</Id>
<OriginalId>485ea1c9-091c-434b-b8e0-c9d8cbfde052</OriginalId>
<CceId>CCE-36860-5</CceId>
<Name>Enable computer and user accounts to be trusted for delegation</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeEnableDelegationPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>4907ba1a-3aa6-45d1-addf-bb3b93a3db43</Id>
<OriginalId>87691f9f-e18e-42c3-ac3c-621c7b30bdda</OriginalId>
<CceId>CCE-37106-2</CceId>
<Name>Impersonate a client after authentication</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, SERVICE, Local Service, Network Service</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeImpersonatePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>f1bd228c-0d50-4f76-9b3e-a18536d56a29</Id>
<OriginalId>4e63307f-262d-4242-8210-c7753d029bef</OriginalId>
<CceId>CCE-36318-4</CceId>
<Name>Load and unload device drivers</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLoadDriverPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a0c45b19-b0e3-4a8a-801e-f0c0ee992d12</Id>
<OriginalId>f540aa73-5550-4058-9209-e268908611d5</OriginalId>
<CceId>CCE-38325-7</CceId>
<Name>Take ownership of files or other objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTakeOwnershipPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>71683de8-8d1f-4e3e-b0bf-932b5d9a30db</Id>
<OriginalId>4b696c3e-dd2c-4d5e-bb0a-d7190de2c322</OriginalId>
<CceId>CCE-37071-8</CceId>
<Name>Adjust memory quotas for a process</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Local Service, Network Service</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseQuotaPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a7ff021c-f476-48af-82fc-9173919b6720</Id>
<OriginalId>10afbff0-0f2c-41b7-8b66-68bda79b77bd</OriginalId>
<CceId>CCE-35823-4</CceId>
<Name>Create symbolic links</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateSymbolicLinkPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>15caeba9-6294-4223-8145-c57e523bbe3d</Id>
<OriginalId>dd1e688f-295d-4ee6-8f2f-5cdb83c0b4e1</OriginalId>
<CceId>CCE-36532-0</CceId>
<Name>Create permanent shared objects</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>No One</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePermanentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>29a1e869-c0c9-4af8-a962-dfc56940496b</Id>
<OriginalId>577a19bc-6d69-45f1-9806-b413d522b05a</OriginalId>
<CceId>CCE-37614-5</CceId>
<Name>Domain member: Require strong (Windows 2000 or later) session key</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requirestrongkey</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1347db54-edff-4589-b69b-37d4d2254ec0</Id>
<OriginalId>567434c1-c73f-4a24-8553-eaf1fd70fc90</OriginalId>
<CceId>CCE-37859-6</CceId>
<Name>Windows Firewall: Domain: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b184d7c3-98b4-41b2-b0eb-f339ea09eb80</Id>
<OriginalId>0a80cfc2-0dcd-4566-b4be-6d8224961f83</OriginalId>
<CceId>CCE-37860-4</CceId>
<Name>Windows Firewall: Domain: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>52c38897-671e-4e6d-a678-b939626a078a</Id>
<OriginalId>d493f92b-2fe2-4489-a4e6-03fd2e3710cd</OriginalId>
<CceId>CCE-38239-0</CceId>
<Name>Windows Firewall: Private: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>09f5958c-7373-47b8-b3ee-ed1fdb66bc26</Id>
<OriginalId>21d226de-3201-414e-a16a-b626b6d0cc26</OriginalId>
<CceId>CCE-36871-2</CceId>
<Name>MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip6\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>4369ece9-cb45-45c3-81d5-ff1b000cfee9</Id>
<OriginalId>f5513338-0fa1-484e-83fb-9a5bd3954d44</OriginalId>
<CceId>CCE-36063-6</CceId>
<Name>Windows Firewall: Private: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>eca3c424-296a-4f30-9a0d-b864c79d7496</Id>
<OriginalId>3fe3c052-d096-4bc2-8d03-7ddb03f3b1f6</OriginalId>
<CceId>CCE-37134-4</CceId>
<Name>Windows Firewall: Private: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>213245bc-f46a-4015-83af-4811a20d6f3d</Id>
<OriginalId>968787a1-6a19-4c96-82dd-ca531f84666d</OriginalId>
<CceId>CCE-37861-2</CceId>
<Name>Windows Firewall: Public: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>613d4370-3623-49b3-b8a7-e70d2887ce7d</Id>
<OriginalId>849952c3-4163-4e4d-9320-138c4af87134</OriginalId>
<CceId>CCE-36268-1</CceId>
<Name>Windows Firewall: Public: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>895eb34a-7e3f-4ea1-a246-7b83a6c1fed8</Id>
<OriginalId>856f9866-0378-4952-a164-4d524770bb2a</OriginalId>
<CceId>CCE-37862-0</CceId>
<Name>Windows Firewall: Public: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b48391da-4d8e-4ade-8649-6623f2ee2a8c</Id>
<OriginalId>691c581a-3b42-408b-abbe-f0bea9de3156</OriginalId>
<CceId>CCE-38332-3</CceId>
<Name>Windows Firewall: Private: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>052284a8-7e89-4814-879c-7cfe253054ba</Id>
<OriginalId>62c711b9-cd72-4fd2-8596-bb90387278da</OriginalId>
<CceId>CCE-36146-9</CceId>
<Name>Windows Firewall: Domain: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>fdec9505-d189-4598-85cd-9bda510be673</Id>
<OriginalId>2e65a105-5cb1-473d-b0ca-c933415d91be</OriginalId>
<CceId>CCE-36062-8</CceId>
<Name>Windows Firewall: Domain: Firewall state</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>2c88ed3a-ec64-4c63-8591-f5f1fc5354bd</Id>
<OriginalId>01cfd956-48cc-4ad6-94ff-b8f7ca488a91</OriginalId>
<CceId>CCE-36324-2</CceId>
<Name>Windows Firewall: Public: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>56a5bfb9-41d8-48d9-85bd-41ef1ee622a7</Id>
<OriginalId>db12a482-5822-44ba-b35d-e944d3ddd528</OriginalId>
<CceId>CCE-38040-2</CceId>
<Name>Windows Firewall: Domain: Apply local connection security rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c6128934-d4ff-4437-ad3b-ef56c40585b1</Id>
<OriginalId>0091ec7e-714b-4bb3-9a36-a73412c6c1f9</OriginalId>
<CceId>CCE-37621-0</CceId>
<Name>Windows Firewall: Private: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>842f1fe1-17d8-4461-a3fd-358df93aa4ca</Id>
<OriginalId>21e5ee29-51b2-4719-b979-af03e47a128e</OriginalId>
<CceId>CCE-36535-3</CceId>
<Name>MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Tcpip\Parameters</KeyPath>
<ValueName>DisableIPSourceRouting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>39a665ad-cde0-4e47-b9a1-6aab4b3bb8ae</Id>
<OriginalId>27abca4f-4873-490c-87b6-e84d2533ba13</OriginalId>
<CceId>CCE-38041-0</CceId>
<Name>Windows Firewall: Domain: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c3ead565-6501-43c6-a8b6-f721d8a2bc30</Id>
<OriginalId>902a957b-c9b3-4302-883a-394555087509</OriginalId>
<CceId>CCE-38043-6</CceId>
<Name>Windows Firewall: Public: Display a notification</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>e95dcf65-a945-4dea-a264-70f9111d2c63</Id>
<OriginalId>75208064-559a-4412-8ca6-5da2d0e10cfd</OriginalId>
<CceId>CCE-37434-8</CceId>
<Name>Windows Firewall: Public: Outbound connections</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>7c5e28d9-7ac0-4ae8-9aea-5aae596d7c78</Id>
<OriginalId>533bf252-df1b-4b5a-9320-8da18b19bcd2</OriginalId>
<CceId>CCE-37438-9</CceId>
<Name>Windows Firewall: Private: Apply local firewall rules</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>050cca7d-3bd4-4e04-a700-11e8a9787602</Id>
<OriginalId>5fbabdf6-6786-46f6-b959-596af69f2650</OriginalId>
<CceId>CCE-36494-3</CceId>
<Name>User Account Control: Admin Approval Mode for the Built-in Administrator account</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>FilterAdministratorToken</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>f10e52c4-b6cb-478a-a0c2-4ab238e8be43</Id>
<OriginalId>0d380cb0-a162-4dbb-b54b-d41a2a7f9036</OriginalId>
<CceId>CCE-37057-7</CceId>
<Name>User Account Control: Only elevate UIAccess applications that are installed in secure locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableSecureUIAPaths</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>f4b16962-1063-4dad-ad43-815005345072</Id>
<OriginalId>48974513-39ec-472c-9ee8-5cb8abf3cb64</OriginalId>
<CceId>CCE-37029-6</CceId>
<Name>User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorAdmin</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>10213290-9da5-4802-a9ed-019b0e1aee6b</Id>
<OriginalId>444439f0-8c54-4a1f-9e91-03533d9a69fb</OriginalId>
<CceId>CCE-36863-9</CceId>
<Name>User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableUIADesktopToggle</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>1a433676-2364-48e2-81f5-c962ef31c7e2</Id>
<OriginalId>f50c62f4-6c34-466b-b495-54c834820a24</OriginalId>
<CceId>CCE-37064-3</CceId>
<Name>User Account Control: Virtualize file and registry write failures to per-user locations</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableVirtualization</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>d8f63848-f2a4-43e3-9588-82121871536d</Id>
<OriginalId>a43ef40c-3543-4204-a431-0f01df930b63</OriginalId>
<CceId>CCE-36866-2</CceId>
<Name>User Account Control: Switch to the secure desktop when prompting for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>PromptOnSecureDesktop</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>c2c67b6f-5b67-4ad2-81a9-40ef68ed1f29</Id>
<OriginalId>ef509260-bd3a-450b-807d-16b454851c6f</OriginalId>
<CceId>CCE-36869-6</CceId>
<Name>User Account Control: Run all administrators in Admin Approval Mode</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableLUA</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>6ea3a26d-9b8d-4fcc-b96a-f8e0379b2f35</Id>
<OriginalId>5a0c69d4-3f9a-4c0c-afe9-89a70342a2f7</OriginalId>
<CceId>CCE-36864-7</CceId>
<Name>User Account Control: Behavior of the elevation prompt for standard users</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorUser</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>cd4a65f0-735a-491e-91f1-992eac63b2e3</Id>
<OriginalId>92b9d876-9d87-460c-82ea-9e8bd94c21ad</OriginalId>
<CceId>CCE-37644-2</CceId>
<Name>System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>ProtectionMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>aec71019-bad6-48e5-a371-c8b92fcf3f51</Id>
<OriginalId>7ff3401a-70b6-40fa-bb33-73024f591b93</OriginalId>
<CceId>CCE-36533-8</CceId>
<Name>User Account Control: Detect application installations and prompt for elevation</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableInstallerDetection</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>307d7a86-7830-48da-81b4-455f77a76294</Id>
<OriginalId>817b2f4e-1f03-4bcc-927b-816ddd4777f9</OriginalId>
<CceId>CCE-36269-9</CceId>
<Name>Microsoft network client: Digitally sign communications (if server agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnableSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ee5328da-98d4-4ea6-8832-7827d5623334</Id>
<OriginalId>6e48c65a-e5dd-4d64-a6e9-dfd86742f91e</OriginalId>
<CceId>CCE-36858-9</CceId>
<Name>Network security: LDAP client signing requirements</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LDAP</KeyPath>
<ValueName>LDAPClientIntegrity</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>0d4ab9c2-cbb8-491a-848f-75692b5c4054</Id>
<OriginalId>ed734c3b-b27f-4515-9154-9f6f414e6564</OriginalId>
<CceId>CCE-36325-9</CceId>
<Name>Microsoft network client: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>RequireSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>bef8c442-25ca-4a30-8762-19e992c7a996</Id>
<OriginalId>502cd61a-fec9-42f0-a096-1ac097bbdf73</OriginalId>
<CceId>CCE-37864-6</CceId>
<Name>Microsoft network server: Digitally sign communications (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>requiresecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ee9368a1-f2f7-40f9-8358-1e15c43464c1</Id>
<OriginalId>7ab7ae06-f9bd-4252-a282-8fd3a06a73df</OriginalId>
<CceId>CCE-37222-7</CceId>
<Name>Domain member: Digitally sign secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>signsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>b9022c31-695d-4a31-8cdf-0fc767e085fb</Id>
<OriginalId>04b278da-3245-43ec-9d5a-a5a68805027b</OriginalId>
<CceId>CCE-36142-8</CceId>
<Name>Domain member: Digitally encrypt or sign secure channel data (always)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>requiresignorseal</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>8094f554-990c-4422-8086-a5eaf8fa7073</Id>
<OriginalId>1c96e719-94c8-4333-9165-6efb6a9c6210</OriginalId>
<CceId>CCE-35988-5</CceId>
<Name>Microsoft network server: Digitally sign communications (if client agrees)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>enablesecuritysignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>dba534fe-4e4b-4016-86b1-cbb538c4bae1</Id>
<OriginalId>b106bcb1-2b74-4287-8587-6cd92d337be8</OriginalId>
<CceId>CCE-37130-2</CceId>
<Name>Domain member: Digitally encrypt secure channel data (when possible)</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>sealsecurechannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>ad883480-4920-4984-8372-19c1814dc468</Id>
<OriginalId>19a0c0e2-48ca-4a9f-9493-bd547b86d8ad</OriginalId>
<CceId>CCE-36880-3</CceId>
<Name>MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning</Name>
<Type>Registry</Type>
<ExpectedValue>90</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>SYSTEM\CurrentControlSet\Services\Eventlog\Security</KeyPath>
<ValueName>WarningLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>dbab07cc-682a-40c1-9c18-7706c068f45d</Id>
<OriginalId>25c67f65-0d37-41d5-9e75-72707c97a290</OriginalId>
<CceId>CCE-35907-5</CceId>
<Name>Audit: Shut down system immediately if unable to log security audits</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>crashonauditfail</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>385cc232-e49c-4ce1-bd8c-4c835968c46a</Id>
<OriginalId>051cdac6-2234-4eb7-85eb-db391c469557</OriginalId>
<CceId>CCE-37615-2</CceId>
<Name>Accounts: Limit local account use of blank passwords to console logon only</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LimitBlankPasswordUse</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>5935e38e-c0cd-47de-a5e2-a86f93db2310</Id>
<OriginalId>b44fadd3-f7c2-45dc-98dd-5e9ba179d89d</OriginalId>
<CceId>CCE-37508-9</CceId>
<Name>Domain member: Disable machine account password changes</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>disablepasswordchange</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>6ba1ce80-e4e5-4b8a-bc88-257612e72185</BaselineId>
<Id>a7749991-3eba-4e69-9e31-6f6b6999d6c9</Id>
<OriginalId>74870acb-ad3d-4bec-a067-1b1895ce2621</OriginalId>
<CceId>CCE-37622-8</CceId>
<Name>Interactive logon: Prompt user to change password before expiration</Name>
<Type>Registry</Type>
<ExpectedValue>14</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>NotEquals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>passwordexpirywarning</ValueName>
</BaselineRegistryRule>
</Rules>
<Id>6ba1ce80-e4e5-4b8a-bc88-257612e72185</Id>
<Name>WS2012R2 Member Server Security Compliance</Name>
<Type>WindowsOS</Type>
</BaselineRuleset>
</ArrayOfBaselineRuleset>
Home
