Res.BaselineWindowsServer2016.xml (DeployableResource)
Element properties:
Source Code:
<DeployableResource ID="Res.BaselineWindowsServer2016.xml" Accessibility="Public" FileName="BaselineWindowsServer2016.xml"/>
File Content: BaselineWindowsServer2016.xml
<?xml version="1.0" encoding="UTF-8"?>
<ArrayOfBaselineRuleset xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<BaselineRuleset>
<Rules>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3715ec67-6cd4-49c0-8c82-27001a0e332b</Id>
<OriginalId>e745b4e7-6c95-414c-89ab-34f3bb0bed85</OriginalId>
<CceId>CCE-37615-2</CceId>
<Name>Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LimitBlankPasswordUse</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>abb1bcab-f4da-4a9c-be63-7564a0bca7b8</Id>
<OriginalId>16709536-9d0e-4d03-9509-d58509da4771</OriginalId>
<CceId>CCE-36254-1</CceId>
<Name>Ensure 'Allow Basic authentication' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\WinRM\Client</KeyPath>
<ValueName>AllowBasic</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5e9b5330-eaa0-42f0-825f-e6cc64386ee3</Id>
<OriginalId>9b7106e1-bf6e-4d71-8cdf-88d4677849da</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Allow Cortana above lock screen' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Windows Search</KeyPath>
<ValueName>AllowCortanaAboveLock</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d905e536-fba7-4b02-a68e-52916171b4bc</Id>
<OriginalId>e4d91650-e08a-4457-9280-cc08434b28fd</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Allow Cortana' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Windows Search</KeyPath>
<ValueName>AllowCortana</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>484c747f-1418-4c27-a944-c3b1e1690b33</Id>
<OriginalId>c7140516-84ef-4147-8631-519c377e4dee</OriginalId>
<CceId>CCE-38277-0</CceId>
<Name>Ensure 'Allow indexing of encrypted files' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Windows Search</KeyPath>
<ValueName>AllowIndexingEncryptedStoresOrItems</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>11ca2201-2673-4f04-bad3-3265e1a53a5b</Id>
<OriginalId>2161e451-7d86-49d3-b88c-9b524290e262</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Allow Input Personalization' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\InputPersonalization</KeyPath>
<ValueName>AllowInputPersonalization</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a366ff17-cf5f-4135-b6ec-2d37717c7f67</Id>
<OriginalId>5be1a0b5-9c70-4d4e-a504-40943cd56519</OriginalId>
<CceId>CCE-38354-7</CceId>
<Name>Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>MSAOptional</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>be2e769f-5232-4cac-9c6d-ece77760a586</Id>
<OriginalId>d6903893-3f60-435b-a61a-de8c4b7244f5</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Allow search and Cortana to use location' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Windows Search</KeyPath>
<ValueName>AllowSearchToUseLocation</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>14afe28a-6199-49ff-9789-dabb89ed714e</Id>
<OriginalId>1d0a1399-e7c5-436b-aad7-5046d679b3ba</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]'</Name>
<Type>Registry</Type>
<ExpectedValue>2</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection</KeyPath>
<ValueName>AllowTelemetry</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2785f384-9901-4c9d-8dca-8ff2b5068fde</Id>
<OriginalId>f7226132-6458-4a1b-8ee1-eb08305b5720</OriginalId>
<CceId>CCE-38223-4</CceId>
<Name>Ensure 'Allow unencrypted traffic' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\WinRM\Client</KeyPath>
<ValueName>AllowUnencryptedTraffic</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5d42c180-4350-49ec-9bb6-e51e1258022c</Id>
<OriginalId>351cf667-6a9f-4492-848d-1b5be88e942a</OriginalId>
<CceId>CCE-36400-0</CceId>
<Name>Ensure 'Allow user control over installs' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Installer</KeyPath>
<ValueName>EnableUserControl</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2eda113a-0fb7-446c-856a-83e010d36671</Id>
<OriginalId>5c08eaa1-081b-4d5b-a881-6ad57a098e60</OriginalId>
<CceId>CCE-37490-0</CceId>
<Name>Ensure 'Always install with elevated privileges' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Installer</KeyPath>
<ValueName>AlwaysInstallElevated</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>302fb8a6-1f0f-43ed-8cf0-a80e0b3ecb59</Id>
<OriginalId>4fe0abc8-d90c-4bdb-8864-7af11a6cfcb2</OriginalId>
<CceId>CCE-37929-7</CceId>
<Name>Ensure 'Always prompt for password upon connection' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>fPromptForPassword</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>94d7f364-b06b-41f0-9aa0-a4e312f54257</Id>
<OriginalId>873b54d7-573b-4168-aa61-b1dab5542166</OriginalId>
<CceId>CCE-37775-4</CceId>
<Name>Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Exists</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Application</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9bfc7d4d-9a09-49f1-95eb-1132648b17ea</Id>
<OriginalId>df4d4d4d-27f5-4552-bdeb-ec13997297a6</OriginalId>
<CceId>CCE-37948-7</CceId>
<Name>Ensure 'Application: Specify the maximum log file size ' is set to 'Enabled: 32,768 or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>32768</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Application</KeyPath>
<ValueName>MaxSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ddae822b-46de-4a8d-a1f8-365d1d3e1b2e</Id>
<OriginalId>b52383fa-88ef-4555-b2e3-8ad3eaec061a</OriginalId>
<CceId>CCE-37850-5</CceId>
<Name>Ensure 'Audit: Force audit policy subcategory settings to override audit policy category settings' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>SCENoApplyLegacyAuditPolicy</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6907b165-e70a-4b88-b624-3e32a15c93b1</Id>
<OriginalId>d235a207-90f6-4e51-a9c7-44f9b7bb6627</OriginalId>
<CceId>CCE-35907-5</CceId>
<Name>Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>CrashOnAuditFail</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>55a65255-e81d-45b4-87cf-3a280c52c747</Id>
<OriginalId>c78edadf-fcd9-4cd2-bac0-8dbdac95772b</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>BlockUserFromShowingAccountDetailsOnSignin</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0a372ff2-8bbd-4db7-8dd0-9ed98c9cfd32</Id>
<OriginalId>750d0d1c-6d1e-4145-a52c-b24adf027e05</OriginalId>
<CceId>CCE-37912-3</CceId>
<Name>Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Policies\EarlyLaunch</KeyPath>
<ValueName>DriverLoadPolicy</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7450d70c-391d-4932-be4a-3f3bfecc0eb5</Id>
<OriginalId>d29aab6b-5251-41c0-8358-c3d7455e7104</OriginalId>
<CceId>CCE-36388-7</CceId>
<Name>Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>fAllowUnsolicited</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>99cd4fc9-bcf1-4def-8ce6-5a3c4ea8f8c9</Id>
<OriginalId>b67bcb8c-dc01-4d58-8a96-17a1a33cbf93</OriginalId>
<CceId>CCE-36169-1</CceId>
<Name>Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}</KeyPath>
<ValueName>NoBackgroundPolicy</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b2e8d5f9-3d4e-4b8b-b6a1-ddcd60f437b9</Id>
<OriginalId>fc9daada-0a41-4e79-9f10-f22b31114fa7</OriginalId>
<CceId>CCE-36169-1</CceId>
<Name>Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}</KeyPath>
<ValueName>NoGPOListChanges</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b17eabc0-5d73-4861-acc8-d5b97bc53f12</Id>
<OriginalId>879a343c-a164-441f-bc48-14699bed6fbc</OriginalId>
<CceId>CCE-37281-3</CceId>
<Name>Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>fAllowToGetHelp</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d96fc986-1df9-4366-927b-b106d47c5b60</Id>
<OriginalId>a10b86b6-e34c-4f09-8c08-f2149617a35d</OriginalId>
<CceId>CCE-35859-8</CceId>
<Name>Ensure 'Configure Windows SmartScreen' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>EnableSmartScreen</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e588914e-fbb8-4926-9ccf-8ea781b07610</Id>
<OriginalId>2605820e-bb84-40e0-9c2d-8af1f27d266c</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Continue experiences on this device' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>EnableCdp</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>75f064fd-dd71-42b4-8b92-682070365b99</Id>
<OriginalId>c817e3a5-b051-448b-96bf-540cd7644b37</OriginalId>
<CceId>CCE-37701-0</CceId>
<Name>Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Winlogon</KeyPath>
<ValueName>AllocateDASD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5502808d-7049-4378-b9f7-038b70777483</Id>
<OriginalId>b9a0d446-b9a4-40b5-862a-6bb225730abc</OriginalId>
<CceId>CCE-37942-0</CceId>
<Name>Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers</KeyPath>
<ValueName>AddPrinterDrivers</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0064d34c-72a7-40d6-a5c4-63ec0a6f0734</Id>
<OriginalId>53426f41-4599-4fc6-9b08-a50d82df3022</OriginalId>
<CceId>CCE-37636-8</CceId>
<Name>Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Explorer</KeyPath>
<ValueName>NoAutoplayfornonVolume</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>34edb7eb-697c-4be9-8830-5aa5b031372e</Id>
<OriginalId>aec23288-5ea3-459b-add0-f42f153a6042</OriginalId>
<CceId>CCE-38318-2</CceId>
<Name>Ensure 'Disallow Digest authentication' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\WinRM\Client</KeyPath>
<ValueName>AllowDigest</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>72ada94c-816f-47f3-bb3c-e39a95809dc7</Id>
<OriginalId>5af7e719-564d-4170-9888-9c7d1ebab8f2</OriginalId>
<CceId>CCE-36000-8</CceId>
<Name>Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\WinRM\Service</KeyPath>
<ValueName>DisableRunAs</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e4f9fd80-da75-4efc-b066-7822855e1401</Id>
<OriginalId>f4694df4-a02c-4ff8-aff1-bcd95c0867ec</OriginalId>
<CceId>CCE-36223-6</CceId>
<Name>Ensure 'Do not allow passwords to be saved' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>DisablePasswordSaving</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>da2119bb-0e0b-4f03-b9b6-8afe0aff0a81</Id>
<OriginalId>6f09901e-8ddd-4f4e-b301-255e6e4ac65a</OriginalId>
<CceId>CCE-38353-9</CceId>
<Name>Ensure 'Do not display network selection UI' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>DontDisplayNetworkSelectionUI</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>371b5184-db5f-46c1-808f-859c5fb9de1c</Id>
<OriginalId>0862a87f-b672-4b0f-959e-a835f1fa17e6</OriginalId>
<CceId>CCE-37534-5</CceId>
<Name>Ensure 'Do not display the password reveal button' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\CredUI</KeyPath>
<ValueName>DisablePasswordReveal</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a3344272-491e-4846-a1a6-02f63dac669b</Id>
<OriginalId>356c7cc0-3b81-4475-911a-85cfaed41a17</OriginalId>
<CceId>CCE-37838-0</CceId>
<Name>Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>DontEnumerateConnectedUsers</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a6359168-496f-42b4-9707-e292e4de5b7d</Id>
<OriginalId>703069d4-ded9-46cd-b8ff-2d2721675c0a</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Do not show feedback notifications' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\DataCollection</KeyPath>
<ValueName>DoNotShowFeedbackNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b714af81-d389-48f1-a638-dca23ac2c8a5</Id>
<OriginalId>db2bc968-3d46-4856-bcc5-270087634b51</OriginalId>
<CceId>CCE-38180-6</CceId>
<Name>Ensure 'Do not use temporary folders per session' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>PerSessionTempDir</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c4f9f8b2-f121-484e-b4cc-607b3ec90e12</Id>
<OriginalId>fe36f0f5-3ced-4acf-ae06-16986bfb4693</OriginalId>
<CceId>CCE-36142-8</CceId>
<Name>Ensure 'Domain member: Digitally encrypt or sign secure channel data ' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>RequireSignOrSeal</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>323b4edc-7c72-478a-868e-0e3de03db2ac</Id>
<OriginalId>76ec0321-2be3-420a-8a92-9a3b525db34d</OriginalId>
<CceId>CCE-37130-2</CceId>
<Name>Ensure 'Domain member: Digitally encrypt secure channel data ' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>SealSecureChannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b399c529-eeec-48dd-92e5-f1b2e14f12c9</Id>
<OriginalId>532bda35-c66d-48be-a34f-5d03e2a2c46f</OriginalId>
<CceId>CCE-37222-7</CceId>
<Name>Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>SignSecureChannel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>cb4110e4-23c8-46ab-9202-497a70efd077</Id>
<OriginalId>a427e30b-66d2-4498-b432-a015f9c286c9</OriginalId>
<CceId>CCE-37508-9</CceId>
<Name>Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>DisablePasswordChange</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e30d6758-fb3c-4e9d-8493-f717cd504cf4</Id>
<OriginalId>617e9a31-3b65-4a6f-b537-eda73a927c78</OriginalId>
<CceId>CCE-37431-4</CceId>
<Name>Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'</Name>
<Type>Registry</Type>
<ExpectedValue>30</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>MaximumPasswordAge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>16296b8f-639f-4c46-b659-a753fe7158d1</Id>
<OriginalId>1eb327dd-c75c-4df5-8e60-ca52b454009b</OriginalId>
<CceId>CCE-37614-5</CceId>
<Name>Ensure 'Domain member: Require strong session key' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Netlogon\Parameters</KeyPath>
<ValueName>RequireStrongKey</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>09ed81b2-8dba-4009-84f9-dcfd6009ed0d</Id>
<OriginalId>d0069fdb-72c9-49d8-bd03-a8f13061418c</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Enable insecure guest logons' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\LanmanWorkstation</KeyPath>
<ValueName>AllowInsecureGuestAuth</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>59a6637e-7fb4-450d-b054-23803aa9466d</Id>
<OriginalId>49b00f20-aeb3-46e0-bc03-2d3c14d89642</OriginalId>
<CceId>CCE-37346-4</CceId>
<Name>Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Rpc</KeyPath>
<ValueName>EnableAuthEpResolution</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e6eab28a-1dc8-4fb5-b88b-4e10f239e67c</Id>
<OriginalId>7261c146-b44b-48f1-a211-2002e2871afb</OriginalId>
<CceId>CCE-36512-2</CceId>
<Name>Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\CredUI</KeyPath>
<ValueName>EnumerateAdministrators</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>59a97e33-0055-4209-bdee-78e4510625b1</Id>
<OriginalId>c4747897-2d72-452d-8050-e39dae5f3dbd</OriginalId>
<CceId>CCE-35894-5</CceId>
<Name>Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>EnumerateLocalUsers</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9e11215f-9b0b-4ca6-ad5b-d1a0c989af36</Id>
<OriginalId>7ebbb98f-ef70-4c58-9b45-8b19d8020e05</OriginalId>
<CceId>CCE-36056-0</CceId>
<Name>Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DontDisplayLastUserName</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c2e85522-5e4f-4295-8111-5b2ab815af32</Id>
<OriginalId>1a394963-b4c4-475b-981d-de57eebc7694</OriginalId>
<CceId>CCE-37637-6</CceId>
<Name>Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableCAD</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>41a8be7d-69bd-48f4-ae77-9568cf7b15d1</Id>
<OriginalId>96dff70b-af95-4704-8851-9294250e757f</OriginalId>
<CceId>CCE-36325-9</CceId>
<Name>Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>RequireSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>342046f5-c7d3-46b7-96db-7e4be82542d3</Id>
<OriginalId>ce415f57-3943-48ca-aabe-a0995f152e3a</OriginalId>
<CceId>CCE-36269-9</CceId>
<Name>Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnableSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a14a2808-588b-4233-b342-9dc1cecf2b0a</Id>
<OriginalId>b1b4a762-3114-438b-92cf-90f021714790</OriginalId>
<CceId>CCE-37863-8</CceId>
<Name>Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation\Parameters</KeyPath>
<ValueName>EnablePlainTextPassword</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4383c5e5-ea15-4e94-a170-fd61b3fda9f1</Id>
<OriginalId>483c6f7f-e857-4e0c-8d79-7a20e5520f96</OriginalId>
<CceId>CCE-38046-9</CceId>
<Name>Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute, but not 0'</Name>
<Type>Registry</Type>
<ExpectedValue>15</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>AutoDisconnect</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>032b5976-1c4b-4c68-bc5d-0c65e35306b2</Id>
<OriginalId>b49f5c20-2e4a-45db-b24d-77f3d8637711</OriginalId>
<CceId>CCE-37864-6</CceId>
<Name>Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>RequireSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b625a003-d015-436e-89fb-fb2dfe71ae0f</Id>
<OriginalId>ad2ec4fb-6a32-49c5-8f37-fbb132af8d9f</OriginalId>
<CceId>CCE-35988-5</CceId>
<Name>Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>EnableSecuritySignature</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>32899900-6b73-4cdd-906d-702e00bae698</Id>
<OriginalId>9cd04269-695a-4e37-8c82-42b24f091270</OriginalId>
<CceId>CCE-37972-7</CceId>
<Name>Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>EnableForcedLogoff</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9bef9cbf-d063-4808-a9cf-5ca8130f256e</Id>
<OriginalId>26f323a7-2480-45d8-a539-52a314246848</OriginalId>
<CceId>CCE-38338-0</CceId>
<Name>Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy</KeyPath>
<ValueName>fMinimizeConnections</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>87822480-3af9-4cf1-b0d2-93ceb957b129</Id>
<OriginalId>9dd54953-d597-4ff2-a8fc-95e63ee4bf48</OriginalId>
<CceId>CCE-36077-6</CceId>
<Name>Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9503a7be-372f-4591-9dcd-f7de48b7f7e8</Id>
<OriginalId>80e720cd-4b05-4f6a-8498-c30ae8588455</OriginalId>
<CceId>CCE-36316-8</CceId>
<Name>Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictAnonymousSAM</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f97fe90f-c009-4139-8562-9893e9c49b44</Id>
<OriginalId>4680637c-9c20-4667-b86f-1df8bfa63aaa</OriginalId>
<CceId>CCE-36148-5</CceId>
<Name>Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>EveryoneIncludesAnonymous</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f55109a7-2248-4c55-a7b0-bebdcb9530d5</Id>
<OriginalId>fa71a628-cc24-4299-bfa3-21b711eff1e3</OriginalId>
<CceId>CCE-36021-4</CceId>
<Name>Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>RestrictNullSessAccess</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3568359e-3ea4-417f-be20-4a630f15ab31</Id>
<OriginalId>a2084565-a424-4329-bce9-43caa3fa5b75</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow'</Name>
<Type>Registry</Type>
<ExpectedValue>O:BAG:BAD:(A;;RC;;;BA)</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>RestrictRemoteSAM</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>383ddfeb-b22d-4206-b8b3-67d4e0c6dfe7</Id>
<OriginalId>96d85ae6-766d-41a5-81e9-9f2442f6cf02</OriginalId>
<CceId>CCE-38095-6</CceId>
<Name>Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanManServer\Parameters</KeyPath>
<ValueName>NullSessionShares</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3e42b5fc-08b2-4a9a-ad80-dafe9033cbc3</Id>
<OriginalId>58fa702a-ad45-46ab-a81e-44b0ab407c86</OriginalId>
<CceId>CCE-37623-6</CceId>
<Name>Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>ForceGuest</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4e591431-5e05-49c9-ac32-8f38f7b3b8b9</Id>
<OriginalId>1ebdc617-162e-4f8b-9e6b-f969189949df</OriginalId>
<CceId>CCE-38341-4</CceId>
<Name>Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>UseMachineId</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0b2803c7-33ac-4407-80f0-f09940bbe940</Id>
<OriginalId>fded210f-2fdc-48e8-b61b-5eda2e0a39ec</OriginalId>
<CceId>CCE-37035-3</CceId>
<Name>Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>AllowNullSessionFallback</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8ad78d25-6140-4899-9565-e053ce7d9a66</Id>
<OriginalId>1e1de530-e9c6-4dc1-b6b9-22a57fd7ad98</OriginalId>
<CceId>CCE-38047-7</CceId>
<Name>Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\pku2u</KeyPath>
<ValueName>AllowOnlineID</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8e3d1487-c753-4b20-aad2-1f660a52b3ea</Id>
<OriginalId>7b8ccf71-f582-47ec-b155-706223d5924c</OriginalId>
<CceId>CCE-37755-6</CceId>
<Name>Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'</Name>
<Type>Registry</Type>
<ExpectedValue>2147483644</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters</KeyPath>
<ValueName>SupportedEncryptionTypes</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9170cd13-5ab9-4c68-8904-a88756b36c6e</Id>
<OriginalId>635cb195-e9f8-4eb6-a813-07a42e185d44</OriginalId>
<CceId>CCE-36326-7</CceId>
<Name>Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>NoLMHash</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a8c46077-3e25-4d87-a6d6-0d3b182707ac</Id>
<OriginalId>832a5866-745a-4585-a97c-f96a52279e82</OriginalId>
<CceId>CCE-36173-3</CceId>
<Name>Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa</KeyPath>
<ValueName>LmCompatibilityLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4ff2ed85-48d7-4e38-bdb8-6c7df3286882</Id>
<OriginalId>0ec76d0e-715e-4766-b1f8-3715fc514ce8</OriginalId>
<CceId>CCE-36858-9</CceId>
<Name>Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LDAP</KeyPath>
<ValueName>LDAPClientIntegrity</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2a074d39-eee4-4bfe-b1e7-4132c033a762</Id>
<OriginalId>3ae7827a-1973-4038-83f9-6999c76af65b</OriginalId>
<CceId>CCE-37553-5</CceId>
<Name>Ensure 'Network security: Minimum session security for NTLM SSP based clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinClientSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6ed9ad58-c9de-4a8b-9512-8fe5421ac8a7</Id>
<OriginalId>6e7fcfeb-0deb-4c0d-b196-312b7c91303e</OriginalId>
<CceId>CCE-37835-6</CceId>
<Name>Ensure 'Network security: Minimum session security for NTLM SSP based servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'</Name>
<Type>Registry</Type>
<ExpectedValue>537395200</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Lsa\MSV1_0</KeyPath>
<ValueName>NTLMMinServerSec</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6cf80dc6-94aa-4ba2-bc4c-1abf9ddd5416</Id>
<OriginalId>d7a38ec4-c966-4a3a-88a0-84292813ead2</OriginalId>
<CceId>CCE-37126-0</CceId>
<Name>Ensure 'Prevent downloading of enclosures' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Internet Explorer\Feeds</KeyPath>
<ValueName>DisableEnclosureDownload</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3b8e222d-52de-40f3-b044-dfd85848381f</Id>
<OriginalId>40b4e56d-293b-4693-8576-50e05426b192</OriginalId>
<CceId>CCE-38347-1</CceId>
<Name>Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Personalization</KeyPath>
<ValueName>NoLockScreenCamera</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e5271997-913c-42f5-ab0b-0c753442b42c</Id>
<OriginalId>d73019f1-f1c2-4668-88fb-9889b38d74c3</OriginalId>
<CceId>CCE-38348-9</CceId>
<Name>Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Personalization</KeyPath>
<ValueName>NoLockScreenSlideshow</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>357272d2-2018-455e-935c-8777473661dd</Id>
<OriginalId>b25ee3d2-7fe5-47b3-8b45-8d80244abdb1</OriginalId>
<CceId>CCE-38002-2</CceId>
<Name>Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Network Connections</KeyPath>
<ValueName>NC_AllowNetBridge_NLA</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4b2ea54f-7c16-4490-8687-cc52c3135b7e</Id>
<OriginalId>3789054d-06ba-4b41-85aa-b98641f7b284</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Network Connections</KeyPath>
<ValueName>NC_PersonalFirewallConfig</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2ab1a9a3-b98d-4f7f-acf4-8757f8a9cce6</Id>
<OriginalId>3b1e9331-9657-422a-a1a6-f9aaff1d9f97</OriginalId>
<CceId>CCE-38188-9</CceId>
<Name>Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Network Connections</KeyPath>
<ValueName>NC_StdDomainUserSetLocation</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>bbf3c5d9-7956-4cd8-917e-4a87c8a607ac</Id>
<OriginalId>66d06bc1-0a27-4328-b4a3-6356e59a7272</OriginalId>
<CceId>CCE-37567-5</CceId>
<Name>Ensure 'Require secure RPC communication' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>fEncryptRPCTraffic</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>185f52cc-add3-4591-91a6-624efa791351</Id>
<OriginalId>80c43299-77a5-4a5f-bb9d-4e994678d0de</OriginalId>
<CceId>CCE-37145-0</CceId>
<Name>Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Security</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ff11e3ae-788e-4c90-98c8-0c93b2814441</Id>
<OriginalId>75c230ea-7ab6-46e0-a4f7-be75a84e704a</OriginalId>
<CceId>CCE-37695-4</CceId>
<Name>Ensure 'Security: Specify the maximum log file size ' is set to 'Enabled: 196,608 or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>196608</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Security</KeyPath>
<ValueName>MaxSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>49a576df-151d-4f47-9ac9-36ebcc1f3cf1</Id>
<OriginalId>c7c0b8d6-e2fb-4b27-8cd5-02250cbe2f33</OriginalId>
<CceId>CCE-36627-8</CceId>
<Name>Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'</Name>
<Type>Registry</Type>
<ExpectedValue>3</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>MinEncryptionLevel</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4e301a3a-be21-4517-a1f0-db228449f22f</Id>
<OriginalId>205d6790-0079-453c-b719-0b0c0e31df96</OriginalId>
<CceId>CCE-38217-6</CceId>
<Name>Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</KeyPath>
<ValueName>NoAutorun</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>12990b19-424e-404b-b9b5-80f201ac9192</Id>
<OriginalId>923100f2-5a8d-4d13-8243-9fcd2a1e6ec3</OriginalId>
<CceId>CCE-38276-2</CceId>
<Name>Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Setup</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9f401c82-d8b9-4008-acec-ec4996748454</Id>
<OriginalId>81ab0cd9-ca6e-4e35-a65b-cf80ccaf3ce4</OriginalId>
<CceId>CCE-37526-1</CceId>
<Name>Ensure 'Setup: Specify the maximum log file size ' is set to 'Enabled: 32,768 or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>32768</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\Setup</KeyPath>
<ValueName>MaxSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>fa4d7c0b-987e-47f6-bf8b-f38f49e7c00b</Id>
<OriginalId>781f09f7-904b-4eb4-8e56-4ad3eeeef128</OriginalId>
<CceId>CCE-36788-8</CceId>
<Name>Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ShutdownWithoutLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b784a87e-4aa2-4f61-8b3f-38abff6dac22</Id>
<OriginalId>e5a0fa7a-69bd-43fa-a636-be5ae36a6234</OriginalId>
<CceId>CCE-36977-7</CceId>
<Name>Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableAutomaticRestartSignOn</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0be33574-5e6c-4cfe-8b84-18819338eb6e</Id>
<OriginalId>bf01cdf5-6629-4911-9d14-00c7ad15af3c</OriginalId>
<CceId>CCE-37885-1</CceId>
<Name>Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Kernel</KeyPath>
<ValueName>ObCaseInsensitive</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8db231ff-6c9a-46f8-84de-ebea4507ffe9</Id>
<OriginalId>7a4ca1f6-12ee-4b74-bf38-b7db67f6d853</OriginalId>
<CceId>CCE-37644-2</CceId>
<Name>Ensure 'System objects: Strengthen default permissions of internal system objects ' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager</KeyPath>
<ValueName>ProtectionMode</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>76c60dec-b92f-42d1-b7c5-cf0d2e1d3796</Id>
<OriginalId>fc83ef42-de75-475c-939b-5365f3437a2e</OriginalId>
<CceId>CCE-35921-6</CceId>
<Name>Ensure 'System settings: Optional subsystems' is set to 'Defined: '</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\SubSYSTEMs</KeyPath>
<ValueName>Optional</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f5e7b762-f33c-43f9-8e66-a9f672806fb4</Id>
<OriginalId>81496d40-96f1-4688-a16f-a6578fe03649</OriginalId>
<CceId>CCE-36160-0</CceId>
<Name>Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>String</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\System</KeyPath>
<ValueName>Retention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>30e1ecb2-1a1a-4fc7-9c6e-5e30c7da423c</Id>
<OriginalId>135002b1-1121-48a9-a6ef-10e1daefd880</OriginalId>
<CceId>CCE-36092-5</CceId>
<Name>Ensure 'System: Specify the maximum log file size ' is set to 'Enabled: 32,768 or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>32768</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\EventLog\System</KeyPath>
<ValueName>MaxSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d959279e-7168-4669-94d6-1e199baa12c8</Id>
<OriginalId>8593af04-5b4c-42a7-8c32-f47458d4d31d</OriginalId>
<CceId>CCE-35893-7</CceId>
<Name>Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>DisableLockScreenAppNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6fff0416-2a91-457d-af64-6bbae63fe254</Id>
<OriginalId>29bd2f50-ee4b-4dd1-add5-7cd7e8e40bc9</OriginalId>
<CceId>CCE-36875-3</CceId>
<Name>Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'</Name>
<Type>Registry</Type>
<ExpectedValue>255</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</KeyPath>
<ValueName>NoDriveTypeAutoRun</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>486e0b14-6ea8-439e-b8e0-334de4ed9116</Id>
<OriginalId>eab1f073-1bde-46e5-9733-46ccbee58d05</OriginalId>
<CceId>CCE-37712-7</CceId>
<Name>Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>FALSE</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Exists</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>DisableBkGndGroupPolicy</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b2538b69-4020-4d50-9f63-581b673a014c</Id>
<OriginalId>29e3ad3f-e1c5-49e0-bd50-42a4cc37afc5</OriginalId>
<CceId>CCE-37809-1</CceId>
<Name>Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Explorer</KeyPath>
<ValueName>NoDataExecutionPrevention</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a76d6552-cd22-4a2c-adc1-50f8705cad17</Id>
<OriginalId>2e207212-d1bf-42f4-bcf0-db6a443bf629</OriginalId>
<CceId>CCE-36660-9</CceId>
<Name>Ensure 'Turn off heap termination on corruption' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Explorer</KeyPath>
<ValueName>NoHeapTerminationOnCorruption</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>909ea9ca-4e36-4835-8b03-6769474d9463</Id>
<OriginalId>c7ef9a81-9618-4d19-9495-8dbbf36deac5</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\CloudContent</KeyPath>
<ValueName>DisableWindowsConsumerFeatures</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3db2e10f-898c-49a1-b8a7-01c0778123f4</Id>
<OriginalId>0968948e-248b-400c-9896-c37da21d36d2</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Turn off multicast name resolution' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\DNSClient</KeyPath>
<ValueName>EnableMulticast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>94cc076f-0e88-4398-ac29-d0dc7170303f</Id>
<OriginalId>cd65820f-030a-4a40-82e4-8e097e76aec0</OriginalId>
<CceId>CCE-36809-2</CceId>
<Name>Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\Explorer</KeyPath>
<ValueName>PreXPSP2ShellProtocolBehavior</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>37e5e1d9-b9d2-454b-bf3f-124682309155</Id>
<OriginalId>b3bcf899-12f1-4e35-9c69-91a94d2055cc</OriginalId>
<CceId>CCE-37528-7</CceId>
<Name>Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\System</KeyPath>
<ValueName>AllowDomainPINLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>967531f7-69cd-4a38-a517-3ebf4e5284cd</Id>
<OriginalId>8dc0ee11-0742-4531-acc9-041613d3dbde</OriginalId>
<CceId>CCE-36494-3</CceId>
<Name>Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>FilterAdministratorToken</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>467c29d0-b1be-4113-937c-65583cedf2f0</Id>
<OriginalId>c688a62d-ecef-499b-a7f2-c1d7490481ab</OriginalId>
<CceId>CCE-36863-9</CceId>
<Name>Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableUIADesktopToggle</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>fc8a4401-ff7a-4a6d-add4-758acce6b76c</Id>
<OriginalId>d9f26de5-fe1a-4f7c-b7c4-ed4c96ed0a67</OriginalId>
<CceId>CCE-37029-6</CceId>
<Name>Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'</Name>
<Type>Registry</Type>
<ExpectedValue>5</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorAdmin</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ea132d56-9c29-4d2a-bc92-fc81f616e540</Id>
<OriginalId>2590db8b-c1a1-4e9d-9fb8-a0028f4ba6af</OriginalId>
<CceId>CCE-36864-7</CceId>
<Name>Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>ConsentPromptBehaviorUser</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>19a185ff-1009-4079-937a-dace5e3c2f50</Id>
<OriginalId>0bd0a83c-ab24-4154-90c8-86f15a5ad23e</OriginalId>
<CceId>CCE-36533-8</CceId>
<Name>Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableInstallerDetection</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>600ea254-773b-43b5-be89-ca8221e96279</Id>
<OriginalId>f6e345e9-4e9c-44df-8382-95e78fc67874</OriginalId>
<CceId>CCE-37057-7</CceId>
<Name>Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableSecureUIAPaths</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>1d099cbe-a327-42cd-9562-9896389c4263</Id>
<OriginalId>c07aa7e6-1631-47fd-aaf4-5c7efa8165a9</OriginalId>
<CceId>CCE-36869-6</CceId>
<Name>Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableLUA</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>21a9a771-ef63-419c-bee4-8619f19a77ff</Id>
<OriginalId>3d0e5e33-7e6f-4769-bf1d-db4f4605de91</OriginalId>
<CceId>CCE-36866-2</CceId>
<Name>Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>PromptOnSecureDesktop</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>61f7469c-c76a-4265-b84f-d838adb06436</Id>
<OriginalId>67dcd0aa-46b5-4acb-9977-a866856dc2f4</OriginalId>
<CceId>CCE-37064-3</CceId>
<Name>Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>EnableVirtualization</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6e3e2a4c-8b17-43c7-97b5-91f766b1f4b5</Id>
<OriginalId>76b4951c-6834-43a9-bc27-37a7fde529f7</OriginalId>
<CceId>CCE-36062-8</CceId>
<Name>Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>1a255888-b52e-4a96-8912-a04eb9dd9592</Id>
<OriginalId>1bfea1a9-9881-4090-b878-1345d9a0088c</OriginalId>
<CceId>CCE-38117-8</CceId>
<Name>Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DefaultInboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>98e44da9-3fcd-4554-88bf-3e9ac4124659</Id>
<OriginalId>60742061-02fb-4014-97c7-b85568923588</OriginalId>
<CceId>CCE-37523-8</CceId>
<Name>Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</KeyPath>
<ValueName>LogDroppedPackets</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b7fcffaa-6ad7-4d94-b205-b3ac9ee055bb</Id>
<OriginalId>6561f789-4b23-45c5-a106-bf1662bb912d</OriginalId>
<CceId>CCE-36393-7</CceId>
<Name>Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</KeyPath>
<ValueName>LogSuccessfulConnections</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f8f8c654-1363-49de-bba0-414da15635f9</Id>
<OriginalId>f6554057-0d3b-471b-80d9-899b5487300f</OriginalId>
<CceId>CCE-36088-3</CceId>
<Name>Ensure 'Windows Firewall: Domain: Logging: Size limit ' is set to '16,384 KB or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>16384</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</KeyPath>
<ValueName>LogFileSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>9100f5b7-ef9b-4548-8de1-569a4ef054f9</Id>
<OriginalId>002623bd-f6d6-4cee-af36-3d6e37c0a800</OriginalId>
<CceId>CCE-36146-9</CceId>
<Name>Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow '</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a9910260-9499-4feb-b205-ff55a1ae9d5c</Id>
<OriginalId>39b4f2f9-8ad8-41ff-91a2-e7a184f927d0</OriginalId>
<CceId>CCE-38040-2</CceId>
<Name>Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>24bc5048-393d-4025-aad5-1ac2569f488e</Id>
<OriginalId>89844928-d141-4cf5-a872-8d486b750d16</OriginalId>
<CceId>CCE-37860-4</CceId>
<Name>Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6c05ace0-f279-4374-bb12-674c7ce9bc41</Id>
<OriginalId>a5d62bf6-f790-47b4-b52c-d25c1caa263c</OriginalId>
<CceId>CCE-38041-0</CceId>
<Name>Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2bbc2598-0aa7-4523-9a7a-14b7fe7ab6d6</Id>
<OriginalId>fa38729b-af89-4b12-bb0b-518da3c33acf</OriginalId>
<CceId>CCE-38239-0</CceId>
<Name>Ensure 'Windows Firewall: Private: Firewall state' is set to 'On '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>28a91af1-b065-4922-a559-5fc6872aba54</Id>
<OriginalId>d5cd7fb9-eae9-46f0-b32b-f7a4f12a2727</OriginalId>
<CceId>CCE-38042-8</CceId>
<Name>Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DefaultInboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c3f2236c-d366-41d4-973c-037bf027e93c</Id>
<OriginalId>16fc88c9-a64e-4d94-aced-28666027c0ef</OriginalId>
<CceId>CCE-35972-9</CceId>
<Name>Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</KeyPath>
<ValueName>LogDroppedPackets</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e8027bbd-8d27-4cf0-beb9-18ba794c604e</Id>
<OriginalId>daf57c48-097d-43ab-b241-b75d1eb694d7</OriginalId>
<CceId>CCE-37387-8</CceId>
<Name>Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</KeyPath>
<ValueName>LogSuccessfulConnections</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>19072db7-c34c-49e0-bf60-1d7a143ac863</Id>
<OriginalId>e9142629-c2ec-4a49-ac28-7378fec3acb1</OriginalId>
<CceId>CCE-38178-0</CceId>
<Name>Ensure 'Windows Firewall: Private: Logging: Size limit ' is set to '16,384 KB or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>16384</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</KeyPath>
<ValueName>LogFileSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>1ab84684-1fda-4b61-bd0b-57133c937325</Id>
<OriginalId>5d1f65b7-c5f9-4a02-a9c3-29eaed9c6842</OriginalId>
<CceId>CCE-38332-3</CceId>
<Name>Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow '</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0aa128fb-82cb-4f92-8699-d481303b3c70</Id>
<OriginalId>8fed6497-cbe3-47c4-8504-a987e7aa045c</OriginalId>
<CceId>CCE-36063-6</CceId>
<Name>Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a33414cd-2a8c-45ca-9a45-b3419fe6d376</Id>
<OriginalId>2a6dd96d-268f-4452-9518-18790bfda9b2</OriginalId>
<CceId>CCE-37438-9</CceId>
<Name>Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7ccd213f-0b13-47a0-88c4-851e3794b792</Id>
<OriginalId>6f7a5058-429a-4716-a187-591d445e61f0</OriginalId>
<CceId>CCE-37621-0</CceId>
<Name>Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>97706788-0bff-48e3-9306-c13b09e152ae</Id>
<OriginalId>21db7ed0-11d0-45fd-b323-df0db15f88d6</OriginalId>
<CceId>CCE-37862-0</CceId>
<Name>Ensure 'Windows Firewall: Public: Firewall state' is set to 'On '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>EnableFirewall</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>161e1f93-76a6-465c-a7ad-53d8021c8e1a</Id>
<OriginalId>c31abf91-8c8c-4909-acdd-447216479c33</OriginalId>
<CceId>CCE-36057-8</CceId>
<Name>Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block '</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DefaultInboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>778237d9-1128-438c-acc5-50319b0a5976</Id>
<OriginalId>a2284d8e-d316-4ae1-b386-543694cf6a0c</OriginalId>
<CceId>CCE-37265-6</CceId>
<Name>Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</KeyPath>
<ValueName>LogDroppedPackets</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c831929d-4eb2-46c6-9c87-bbad3bbf6393</Id>
<OriginalId>05294964-b1c8-4607-b1a4-a7c987b7a77a</OriginalId>
<CceId>CCE-36394-5</CceId>
<Name>Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</KeyPath>
<ValueName>LogSuccessfulConnections</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6d1ced5e-da9b-4be8-9e1a-1a21d08bf7d5</Id>
<OriginalId>62f88739-aa06-4911-88bf-feb9b53f9898</OriginalId>
<CceId>CCE-36395-2</CceId>
<Name>Ensure 'Windows Firewall: Public: Logging: Size limit ' is set to '16,384 KB or greater'</Name>
<Type>Registry</Type>
<ExpectedValue>16384</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</KeyPath>
<ValueName>LogFileSize</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>de19bc12-6ce4-4136-a020-bdf14dd70378</Id>
<OriginalId>8622fdd2-32b7-418e-889c-09dbd70de33d</OriginalId>
<CceId>CCE-37434-8</CceId>
<Name>Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow '</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DefaultOutboundAction</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3327d724-1d62-40ee-98c9-e86f47e1b00a</Id>
<OriginalId>c95bb55a-0ce3-43ed-b8ba-59a773b104a8</OriginalId>
<CceId>CCE-36268-1</CceId>
<Name>Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalIPsecPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7c415b47-d883-4d2e-ab62-0248bea2eceb</Id>
<OriginalId>5a8e98df-9659-44fa-b248-dcee1d790da4</OriginalId>
<CceId>CCE-37861-2</CceId>
<Name>Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>AllowLocalPolicyMerge</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ada20e2c-9425-4697-959e-8166644eb237</Id>
<OriginalId>f22717d6-0483-4d5e-8f66-c0ea5e050f92</OriginalId>
<CceId>CCE-38043-6</CceId>
<Name>Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableNotifications</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>377eb125-8fda-4323-bcbe-74839e89c890</Id>
<OriginalId>58094548-9f2c-4ca2-a06c-f33a4ea23f87</OriginalId>
<CceId>CCE-37843-0</CceId>
<Name>Ensure 'Enable Windows NTP Client' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient</KeyPath>
<ValueName>Enabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e793cf69-f69a-4896-8d78-b77e92ef4ef2</Id>
<OriginalId>13e8a8a4-2dc4-4b5b-81c2-ee31b66dd663</OriginalId>
<CceId>CCE-36625-2</CceId>
<Name>Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Printers</KeyPath>
<ValueName>DisableWebPnPDownload</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6a4c3373-ef4d-4c81-a513-8e7803cc669e</Id>
<OriginalId>fe8e7377-6875-4c7c-ab23-68e415fc888c</OriginalId>
<CceId>CCE-37163-3</CceId>
<Name>Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Internet Connection Wizard</KeyPath>
<ValueName>ExitOnMSICW</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6c808881-a6c2-4162-81f5-1aa5044c8fd7</Id>
<OriginalId>195191ba-701f-4015-8b48-1109d9792183</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Devices: Allow undock without having to log on</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Informational</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\CurrentVersion\Policies\System</KeyPath>
<ValueName>UndockWithoutLogon</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f3117bf3-e54a-496a-9976-74b1caca3105</Id>
<OriginalId>9a9fa109-e6f0-4568-92cb-8844d04aa68b</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Disable 'Configure local setting override for reporting to Microsoft MAPS'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows Defender\SpyNet</KeyPath>
<ValueName>LocalSettingOverrideSpynetReporting</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>daf622b2-7693-40e1-a2c2-98d62e8687b6</Id>
<OriginalId>858dc11d-40ae-4b37-a5ae-afa241029c55</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Disable SMB v1 client</Name>
<Type>Registry</Type>
<ExpectedValue>Bowser|#|MRxSmb20|#|NSI</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>MultipleString</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanWorkstation</KeyPath>
<ValueName>DependOnService</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a002b800-92a4-45cb-bbee-76c91739ddff</Id>
<OriginalId>1cfea2df-ad4f-44a5-8d8f-60f3092ff2a5</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Disable SMB v1 server</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\LanmanServer\Parameters</KeyPath>
<ValueName>SMB1</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>843079e3-4803-4b52-8b36-c554c4623204</Id>
<OriginalId>80c6b239-598e-48cf-98c9-a030aabf5f63</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Disable Windows Search Service</Name>
<Type>Registry</Type>
<ExpectedValue>4</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Services\Wsearch</KeyPath>
<ValueName>Start</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>081da702-ce92-480f-aa68-af49bf5b94db</Id>
<OriginalId>72a23501-5526-489c-8e48-d584d4c442e3</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Enable 'Scan removable drives' by setting DisableRemovableDriveScanning to 0</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows Defender\Scan</KeyPath>
<ValueName>DisableRemovableDriveScanning</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a1f16cc1-ac53-4321-9caf-2cee780ef7b8</Id>
<OriginalId>78f392bb-211a-436a-9bdc-71a1afaa67fb</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Enable 'Send file samples when further analysis is required' for 'Send Safe Samples'</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows Defender\SpyNet</KeyPath>
<ValueName>SubmitSamplesConsent</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a917e66c-e3e4-4a7b-8f72-e8163994aabc</Id>
<OriginalId>c6a0ad1c-6068-4b34-b423-0f6d40da27cf</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Enable 'Turn on behavior monitoring'</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows Defender\Real-Time Protection</KeyPath>
<ValueName>DisableBehaviorMonitoring</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d4477c4c-cee5-445a-9a1f-01cdbe672484</Id>
<OriginalId>44a210b8-6f81-4579-bdf1-baa50f61d03c</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Enable Windows Error Reporting</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows\Windows Error Reporting</KeyPath>
<ValueName>Disabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f930f193-62e5-42f8-95b7-3bcda57a2d77</Id>
<OriginalId>4e2af52c-e4aa-47b3-80ac-fb76c6255cb9</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Recovery console: Allow floppy copy and access to all drives and all folders</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole</KeyPath>
<ValueName>setcommand</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7036a0c0-de4b-4689-973a-d1011452dc5d</Id>
<OriginalId>265035ec-442d-4175-abba-ae3f19d80a8f</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Require user authentication for remote connections by using Network Level Authentication</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows NT\Terminal Services</KeyPath>
<ValueName>UserAuthentication</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7470f80e-a3d3-4ca9-84e8-7a97a317b2e1</Id>
<OriginalId>7a7923bc-3e12-4224-9fbf-abec22705156</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Shutdown: Clear virtual memory pagefile</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>System\CurrentControlSet\Control\Session Manager\Memory Management</KeyPath>
<ValueName>ClearPageFileAtShutdown</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2019ec72-6852-40ed-8d48-aa7a33e24b14</Id>
<OriginalId>848898d7-98da-4cf0-b63f-15181d5c3463</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Specify the interval to check for definition updates</Name>
<Type>Registry</Type>
<ExpectedValue>8</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Microsoft Antimalware\Signature Updates</KeyPath>
<ValueName>SignatureUpdateInterval</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>95ed0c0e-e244-49c2-94d0-3370ba390b4e</Id>
<OriginalId>3038bbe2-3e8c-41f3-90f3-3fd766609edb</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers</KeyPath>
<ValueName>AuthenticodeEnabled</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>f48a38a8-cf82-4124-b05a-635698975f4b</Id>
<OriginalId>b314d5a4-0a35-41d4-b1bb-0059e24b9828</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Windows Firewall: Domain: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\DomainProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>2786770d-a6c7-4937-8386-b73e997894af</Id>
<OriginalId>925c77f9-db71-42d9-b387-9def8753eb70</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Windows Firewall: Private: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PrivateProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineRegistryRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ae06e152-3f73-4002-a57a-40d93ea9a0fd</Id>
<OriginalId>83c77ee1-2930-4fa0-85a3-b303e4eecf84</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Windows Firewall: Public: Allow unicast response</Name>
<Type>Registry</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<Hive>LocalMachine</Hive>
<RegValueType>Int</RegValueType>
<KeyPath>Software\Policies\Microsoft\WindowsFirewall\PublicProfile</KeyPath>
<ValueName>DisableUnicastResponsesToMulticastBroadcast</ValueName>
</BaselineRegistryRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>cdad2863-96de-407f-8f8c-6e0c6dd8b86c</Id>
<OriginalId>ceccb5d6-44b0-4acb-bc70-8ad508610e22</OriginalId>
<CceId>CCE-38329-9</CceId>
<Name>Ensure 'Audit Application Group Management' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9239-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d351179d-a4b7-4375-8a3e-5f20ed7bcc82</Id>
<OriginalId>20ca7f70-55ad-4c84-a535-9e84b2ff2bf8</OriginalId>
<CceId>CCE-38004-8</CceId>
<Name>Ensure 'Audit Computer Account Management' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9236-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>4f8fd732-facf-4184-a29c-61fdd40db89d</Id>
<OriginalId>f5f65d4a-4b6a-4f9f-9a62-e57f4f29b244</OriginalId>
<CceId>CCE-37741-6</CceId>
<Name>Ensure 'Audit Credential Validation' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE923F-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>0d91b0ae-add2-4211-9702-54f8f6313f5a</Id>
<OriginalId>92538794-c27f-4284-be83-722446c6f98b</OriginalId>
<CceId>CCE-36265-7</CceId>
<Name>Ensure 'Audit Distribution Group Management' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9238-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e1174067-f117-4d7f-9584-fd93eedd566f</Id>
<OriginalId>93743c22-6d44-4bc5-865b-5dd1dadfd51c</OriginalId>
<CceId>CCE-38237-4</CceId>
<Name>Ensure 'Audit Logoff' is set to 'Success'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9216-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5b5ac074-b108-4acf-aeca-5baabc276538</Id>
<OriginalId>c64b1a93-1bca-4c54-a5b0-1e7a162e4667</OriginalId>
<CceId>CCE-38036-0</CceId>
<Name>Ensure 'Audit Logon' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9215-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>904dd87b-780c-4ec8-aa33-1ba3a250d356</Id>
<OriginalId>53ff6420-c9c7-4484-9a2a-07954ebac4ba</OriginalId>
<CceId>CCE-37855-4</CceId>
<Name>Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE923A-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5046d960-670d-4fef-973a-cf242a97147e</Id>
<OriginalId>c883373f-b3f0-4e98-88b4-815a07ee7ce9</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Ensure 'Audit PNP Activity' is set to 'Success'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9248-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6b3dc518-61f4-4a47-920c-0411674596a0</Id>
<OriginalId>159fd8d0-9e5f-46ad-a460-3faade5ed821</OriginalId>
<CceId>CCE-36059-4</CceId>
<Name>Ensure 'Audit Process Creation' is set to 'Success'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE922B-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b88b1d85-5f3c-4235-91ab-6d8b5e767311</Id>
<OriginalId>7bd9827f-3000-422f-803d-a4510198fec5</OriginalId>
<CceId>CCE-37617-8</CceId>
<Name>Ensure 'Audit Removable Storage' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9245-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>515db7da-c244-445b-b093-cf3c09ad8970</Id>
<OriginalId>43814637-4b6f-496e-a127-8a39c5185c62</OriginalId>
<CceId>CCE-38034-5</CceId>
<Name>Ensure 'Audit Security Group Management' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9237-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8ee0776b-3b84-47bf-9594-e14e29fcc8ff</Id>
<OriginalId>7c00b9f2-817a-420c-9817-97a2ea57920c</OriginalId>
<CceId>CCE-36266-5</CceId>
<Name>Ensure 'Audit Special Logon' is set to 'Success'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE921B-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>7e4d9fe1-eb3f-49ac-bb5b-d417df7e6d6c</Id>
<OriginalId>265541dc-27f6-4156-a716-a6f2b28d92a7</OriginalId>
<CceId>CCE-37856-2</CceId>
<Name>Ensure 'Audit User Account Management' is set to 'Success and Failure'</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>Success and Failure</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9235-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5a5940e1-4326-4319-85b9-5b9a0833f2fd</Id>
<OriginalId>a9802d26-dae0-4128-b111-036929f61974</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Audit Kerberos Authentication Service</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9242-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>086c0548-536d-4c5b-8879-a72bfd1078c4</Id>
<OriginalId>bdc3c17e-f94a-44c1-8e45-406603ccd459</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Audit Kerberos Service Ticket Operations</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9240-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineAuditPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>32308a39-87da-4a19-a068-43e94912b0be</Id>
<OriginalId>4578ab08-643d-48ca-88dc-d7d59a9290e2</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Audit Non Sensitive Privilege Use</Name>
<Type>AuditPolicy</Type>
<ExpectedValue>No Auditing</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<AuditPolicyId>0CCE9229-69AE-11D9-BED3-505054503030</AuditPolicyId>
</BaselineAuditPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3f2d92c2-5850-4f2d-b245-f5089aa975dd</Id>
<OriginalId>9d05a4b2-843b-4b63-a82c-2c030200b25f</OriginalId>
<CceId>CCE-35818-4</CceId>
<Name>Configure 'Access this computer from the network'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>574f0e8d-83ca-4a46-a6cd-8dd062ab32dd</Id>
<OriginalId>839a6e89-6a10-45d8-84cc-7551b33f7026</OriginalId>
<CceId>CCE-37072-6</CceId>
<Name>Configure 'Allow log on through Remote Desktop Services'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Remote Desktop Users</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e97bdde4-ccec-42e6-a17f-7993cb03a0d6</Id>
<OriginalId>d66f7155-69b8-4c99-85a6-b85669af4bb1</OriginalId>
<CceId>CCE-35823-4</CceId>
<Name>Configure 'Create symbolic links'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateSymbolicLinkPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>fbe348fd-0402-4e31-8482-66ae9ae82ea2</Id>
<OriginalId>cdd99ef1-2354-485e-976c-930484e534f9</OriginalId>
<CceId>CCE-37954-5</CceId>
<Name>Configure 'Deny access to this computer from the network'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests, Local Account</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyNetworkLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>045634b9-61c9-414f-ad91-74dcfee9c076</Id>
<OriginalId>4e32d36a-0512-47b3-8dac-1bf910e19734</OriginalId>
<CceId>CCE-36860-5</CceId>
<Name>Configure 'Enable computer and user accounts to be trusted for delegation'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeEnableDelegationPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>5d72b92f-e6b0-4898-b24a-49241c3a70a4</Id>
<OriginalId>18f01422-5ca8-4d24-85c7-23949712a334</OriginalId>
<CceId>CCE-35906-7</CceId>
<Name>Configure 'Manage auditing and security log'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSecurityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>131ecdaf-4a45-44ef-8d8e-eb7f4acf2fa6</Id>
<OriginalId>d49744f1-2311-41c2-b192-a7db34c04358</OriginalId>
<CceId>CCE-37056-9</CceId>
<Name>Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTrustedCredManAccessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d3d9ac7b-8bcc-42e8-8752-29902eda04dd</Id>
<OriginalId>8da079e3-66ea-4c25-a9db-5b71752080c2</OriginalId>
<CceId>CCE-37432-2</CceId>
<Name>Ensure 'Accounts: Guest account status' is set to 'Disabled'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>EnableGuestAccount</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c7f8ee96-6b8e-47e8-80b1-2e0985edeafd</Id>
<OriginalId>ff969ae7-f032-4378-a2ca-ea18d4a28c3c</OriginalId>
<CceId>CCE-36876-1</CceId>
<Name>Ensure 'Act as part of the operating system' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTcbPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>877cfb8a-1504-4641-9caf-405768ff91f4</Id>
<OriginalId>28083ba4-c9bc-43dd-8eb4-9f4e94d4642f</OriginalId>
<CceId>CCE-35912-5</CceId>
<Name>Ensure 'Back up files and directories' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,Backup Operators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeBackupPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8b6f479f-13a9-40d1-a2d6-bd9c27d2b7dc</Id>
<OriginalId>804984aa-f5d6-45de-8028-a975c5113e46</OriginalId>
<CceId>CCE-37452-0</CceId>
<Name>Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,LOCAL SERVICE</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemtimePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>8ed0c2c5-af57-4434-9ae8-fe93bc39bfd0</Id>
<OriginalId>f6329cb5-3a32-4b35-91ff-ab7174aa16a7</OriginalId>
<CceId>CCE-37700-2</CceId>
<Name>Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,LOCAL SERVICE</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTimeZonePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>04251e82-4442-4923-ac77-992891a5042b</Id>
<OriginalId>27811f96-aa8a-4ee2-ba48-17a601d64210</OriginalId>
<CceId>CCE-35821-8</CceId>
<Name>Ensure 'Create a pagefile' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePagefilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d3f866fb-8adf-4ec6-adc7-93bb9ebcccdd</Id>
<OriginalId>74c21723-489e-458e-97ef-334c5d247984</OriginalId>
<CceId>CCE-36861-3</CceId>
<Name>Ensure 'Create a token object' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>c0a4a0ed-1585-4857-8e2b-30b1bb48c6ea</Id>
<OriginalId>f182adcc-498b-4c58-9371-a40e148c22cc</OriginalId>
<CceId>CCE-37453-8</CceId>
<Name>Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,SERVICE,LOCAL SERVICE,NETWORK SERVICE</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreateGlobalPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>03766d3c-81c2-438e-8192-91787f2ae69a</Id>
<OriginalId>72b3e7a7-6163-4dad-843d-7a824757a418</OriginalId>
<CceId>CCE-36532-0</CceId>
<Name>Ensure 'Create permanent shared objects' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeCreatePermanentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>49258884-b2f0-4a4e-b66a-6954bb8473bf</Id>
<OriginalId>4ab8637b-e793-409a-8bd7-0ff181f379ab</OriginalId>
<CceId>CCE-36923-1</CceId>
<Name>Ensure 'Deny log on as a batch job' to include 'Guests'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyBatchLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3b993f8f-245d-4f4e-9e8b-f94cbc71c3f6</Id>
<OriginalId>660b496e-9ded-4254-adaa-08bbc848e3aa</OriginalId>
<CceId>CCE-36877-9</CceId>
<Name>Ensure 'Deny log on as a service' to include 'Guests'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyServiceLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b7432fc2-51ba-4ddf-83dd-ca7f92e670c1</Id>
<OriginalId>deb2f940-1578-4bed-87e3-6f1de1a8be31</OriginalId>
<CceId>CCE-37146-8</CceId>
<Name>Ensure 'Deny log on locally' to include 'Guests'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>60e0c2c9-0b14-44fe-83d6-2b7095e06674</Id>
<OriginalId>92d3ea06-d88e-4925-9664-1dfce38c8bca</OriginalId>
<CceId>CCE-36867-0</CceId>
<Name>Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Guests</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeDenyRemoteInteractiveLogonRight</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>dad8097d-db46-4df3-9839-a8504e60c878</Id>
<OriginalId>c3ff094a-3c2c-43aa-a7db-342b62c84c2d</OriginalId>
<CceId>CCE-37166-6</CceId>
<Name>Ensure 'Enforce password history' is set to '24 or more password'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>24</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>PasswordHistorySize</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>3531261f-1644-4d10-9242-8e35ef386a83</Id>
<OriginalId>c673b01f-9f67-418f-89bc-1ec4fac9b3f1</OriginalId>
<CceId>CCE-37877-8</CceId>
<Name>Ensure 'Force shutdown from a remote system' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRemoteShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>46e66c68-266e-4bdc-9ebe-4c5164c0acfe</Id>
<OriginalId>9a5e31c4-c730-4341-8af8-2b60fd797de6</OriginalId>
<CceId>CCE-37639-2</CceId>
<Name>Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Local Service,Network Service,IIS APPPOOL\\DefaultAppPool</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAuditPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>98372fa4-c0dc-499a-a218-abc96fc04684</Id>
<OriginalId>425302e9-1f1e-4a94-a44f-846d2b7e0f18</OriginalId>
<CceId>CCE-38326-5</CceId>
<Name>Ensure 'Increase scheduling priority' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseBasePriorityPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>50f4447d-0bdd-4e8c-ba06-2e0b22ec5d04</Id>
<OriginalId>6b82c134-3712-447b-94c3-66cfb3b18fa4</OriginalId>
<CceId>CCE-36318-4</CceId>
<Name>Ensure 'Load and unload device drivers' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLoadDriverPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>6e635d8c-3496-4c66-b734-c46ebccc5d38</Id>
<OriginalId>174c44d3-fe8a-478c-9887-8a77e5fa1cfa</OriginalId>
<CceId>CCE-36495-0</CceId>
<Name>Ensure 'Lock pages in memory' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeLockMemoryPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>d43b43ec-abd0-4420-ba8c-d4e53b057205</Id>
<OriginalId>f337b362-61bd-4214-8c1e-bb5993cdc04f</OriginalId>
<CceId>CCE-37167-4</CceId>
<Name>Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>70</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>MaximumPasswordAge</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>45bdfbf8-155f-41f8-b9cf-72f1ba26c5be</Id>
<OriginalId>60f80a83-c878-47c2-811c-80934b9dbd13</OriginalId>
<CceId>CCE-37073-4</CceId>
<Name>Ensure 'Minimum password age' is set to '1 or more day'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>MinimumPasswordAge</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>bc9d4fef-9e33-48fc-bcbd-b53e60caf4a2</Id>
<OriginalId>b420305c-1404-4c70-9362-a00ae7484018</OriginalId>
<CceId>CCE-36534-6</CceId>
<Name>Ensure 'Minimum password length' is set to '14 or more character'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>14</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>MinimumPasswordLength</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>25c07385-c03d-4f61-b4d2-13852635abb7</Id>
<OriginalId>26e4d358-9003-4057-9704-ed3f75b44690</OriginalId>
<CceId>CCE-36054-5</CceId>
<Name>Ensure 'Modify an object label' is set to 'No One'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRelabelPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>910405d5-3ee9-427c-baf1-77c69c7c209d</Id>
<OriginalId>86fb3b1c-a2d2-4939-9f3b-f0cf29477bef</OriginalId>
<CceId>CCE-38113-7</CceId>
<Name>Ensure 'Modify firmware environment values' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemEnvironmentPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>299d1595-5ab2-4ef5-b287-6477c0df5178</Id>
<OriginalId>16bea549-2a66-4251-8668-ae4b90964cd0</OriginalId>
<CceId>CCE-37063-5</CceId>
<Name>Ensure 'Password must meet complexity requirements' is set to 'Enabled'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>1</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>PasswordComplexity</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>506fa45a-f043-46b0-bca9-da87e2f2618b</Id>
<OriginalId>702761ee-7de5-40eb-ba82-d8ba1335e076</OriginalId>
<CceId>CCE-36143-6</CceId>
<Name>Ensure 'Perform volume maintenance tasks' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeManageVolumePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>aec3dc3b-3625-47ea-8e11-fef4b1be8adb</Id>
<OriginalId>3ddb1ac9-f5a4-4874-b677-38466f4edc7d</OriginalId>
<CceId>CCE-37131-0</CceId>
<Name>Ensure 'Profile single process' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeProfileSingleProcessPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>e61c2d81-389a-4e59-bf19-2a6db7a0dc0b</Id>
<OriginalId>e32381ee-8fd0-4166-b433-b16ef4a46274</OriginalId>
<CceId>CCE-36052-9</CceId>
<Name>Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,WdiServiceHost</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeSystemProfilePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>08a4b141-c737-404e-8617-9830268e8bfa</Id>
<OriginalId>e43b8f7a-1065-48e1-8461-7ce474a38204</OriginalId>
<CceId>CCE-37430-6</CceId>
<Name>Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators,WdiServiceHost</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeAssignPrimaryTokenPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>1baa8699-ca1c-466b-b17c-f8eab728b0ee</Id>
<OriginalId>04a5a2c9-0e2c-4930-a48a-9c30aea39379</OriginalId>
<CceId>CCE-37613-7</CceId>
<Name>Ensure 'Restore files and directories' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Backup Operators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeRestorePrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>ef0eefbb-e845-47f3-af9a-3409296d3264</Id>
<OriginalId>4415006a-1d48-4074-ae3c-8b990c339a9a</OriginalId>
<CceId>CCE-38328-1</CceId>
<Name>Ensure 'Shut down the system' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeShutdownPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>adb052b7-c17e-4b8c-86b8-d81b6a89af20</Id>
<OriginalId>8d501cfb-cd9f-4161-9796-b9c16ff70b9c</OriginalId>
<CceId>CCE-36286-3</CceId>
<Name>Ensure 'Store passwords using reversible encryption' is set to 'Disabled'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>0</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>System Access</SectionName>
<SettingName>ClearTextPassword</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>b8841a6a-97b1-485b-9f3c-e5ccef30d2e6</Id>
<OriginalId>f58f76a7-e9b9-4d75-b929-3e480d639fbc</OriginalId>
<CceId>CCE-38325-7</CceId>
<Name>Ensure 'Take ownership of files or other objects' is set to 'Administrators'</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeTakeOwnershipPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>a30f6d7d-f3dc-442c-8a1f-921123c6250c</Id>
<OriginalId>3a83c2ba-6e22-4967-81ce-ef26d2f4707d</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Bypass traverse checking</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Authenticated Users, Backup Operators, Local Service, Network Service</ExpectedValue>
<Severity>Critical</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeChangeNotifyPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>23d0f843-e7bf-40e9-82cb-6299b35e52ab</Id>
<OriginalId>82a140e2-f30f-4def-bb88-daeef3d8b0b0</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Increase a process working set</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators, Local Service</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeIncreaseWorkingSetPrivilege</SettingName>
</BaselineSecurityPolicyRule>
<BaselineSecurityPolicyRule>
<BaselineId>221cdf46-aef5-4120-bb00-fdc70afd7432</BaselineId>
<Id>97315b05-4737-40db-b511-4334b4023812</Id>
<OriginalId>dab43723-07d7-4b36-b5ec-0d8642ea118b</OriginalId>
<CceId>NOT_ASSIGNED</CceId>
<Name>Remove computer from docking station</Name>
<Type>SecurityPolicy</Type>
<ExpectedValue>Administrators</ExpectedValue>
<Severity>Warning</Severity>
<AnalyzeOperation>Equals</AnalyzeOperation>
<Enabled>true</Enabled>
<SectionName>Privilege Rights</SectionName>
<SettingName>SeUndockPrivilege</SettingName>
</BaselineSecurityPolicyRule>
</Rules>
<Id>221cdf46-aef5-4120-bb00-fdc70afd7432</Id>
<Name>WS2016 Member Server Security Compliance</Name>
<Type>WindowsOS</Type>
</BaselineRuleset>
</ArrayOfBaselineRuleset>
Home