- Page 1 and 2: CIS Microsoft Windows 10 Enterprise
- Page 3 and 4: Table of Contents Table of Contents
- Page 5 and 6: 2.2.21 (L1) Set 'Enable computer an
- Page 7 and 8: 2.3.7.3 (BL) Set 'Interactive logon
- Page 9 and 10: 2.3.11.5 (L1) Set 'Network security
- Page 11 and 12: 9.1.6 (L1) Set 'Windows Firewall: D
- Page 13 and 14: 14 Network Access Protection NAP Cl
- Page 15 and 16: 18.2.5 (L1) Set 'Password Settings:
- Page 17 and 18: 18.6.1 (L1) Set 'Apply UAC restrict
- Page 19 and 20: 18.8.24.2 (L1) Set 'Do not enumerat
- Page 21 and 22: 18.9.11.1.10 (BL) Set 'Configure us
- Page 23 and 24: 18.9.11.2.19 (BL) Set 'Require addi
- Page 25 and 26: 18.9.13.3 (L2) Set 'Require trusted
- Page 27 and 28: 18.9.48.3.9.3 (L1) Set 'Set client
- Page 29 and 30: 19.7 Windows Components ...........
- Page 31 and 32: Typographical Conventions The follo
- Page 33 and 34: Acknowledgements This benchmark exe
- Page 35 and 36: Rationale: The longer a user uses t
- Page 37 and 38: 1.1.2 (L1) Set 'Maximum password ag
- Page 39: 1.1.3 (L1) Set 'Minimum password ag
- Page 43 and 44: 1.1.5 (L1) Set 'Password must meet
- Page 45 and 46: References: 1. CCE-33777-4 44 | P a
- Page 47 and 48: Default Value: Disabled References:
- Page 49 and 50: Remediation: To establish the recom
- Page 51 and 52: Impact: If this policy setting is e
- Page 53 and 54: Remediation: To establish the recom
- Page 55 and 56: Remediation: To establish the recom
- Page 57 and 58: Impact: If you remove the Access th
- Page 59 and 60: 2.2.4 (L1) Set 'Adjust memory quota
- Page 61 and 62: 2.2.5 (L1) Set 'Allow log on locall
- Page 63 and 64: 2.2.6 (L1) Set 'Allow log on throug
- Page 65 and 66: 2.2.7 (L1) Set 'Back up files and d
- Page 67 and 68: 2.2.8 (L1) Set 'Change the system t
- Page 69 and 70: Impact: There should be no impact,
- Page 71 and 72: 2.2.10 (L1) Set 'Create a pagefile'
- Page 73 and 74: Default Value: No one References: 1
- Page 75 and 76: Default Value: Administrators, LOCA
- Page 77 and 78: 2.2.14 (L1) Set 'Create symbolic li
- Page 79 and 80: 2.2.15 (L1) Set 'Debug programs' to
- Page 81 and 82: 2.2.16 (L1) Set 'Deny access to thi
- Page 83 and 84: 2.2.17 (L1) Set 'Deny log on as a b
- Page 85 and 86: Rationale: Accounts that can log on
- Page 87 and 88: Default Value: Guest References: 1.
- Page 89 and 90: Impact: If you assign the Deny log
- Page 91 and 92:
References: 1. CCE-33778-2 90 | P a
- Page 93 and 94:
Default Value: Administrators Refer
- Page 95 and 96:
References: 1. CCE-35363-1 94 | P a
- Page 97 and 98:
Audit: Navigate to the UI Path arti
- Page 99 and 100:
References: 1. CCE-35178-3 98 | P a
- Page 101 and 102:
Default Value: Administrators Refer
- Page 103 and 104:
2.2.28 (L1) Set 'Manage auditing an
- Page 105 and 106:
2.2.30 (L1) Set 'Modify firmware en
- Page 107 and 108:
2.2.31 (L1) Set 'Perform volume mai
- Page 109 and 110:
Impact: If you remove the Profile s
- Page 111 and 112:
References: 1. CCE-35001-7 110 | P
- Page 113 and 114:
Default Value: LOCAL SERVICE, NETWO
- Page 115 and 116:
Impact: If you remove the Restore f
- Page 117 and 118:
Impact: The impact of removing thes
- Page 119 and 120:
References: 1. CCE-35009-0 118 | P
- Page 121 and 122:
Audit: Navigate to the UI Path arti
- Page 123 and 124:
Remediation: To establish the recom
- Page 125 and 126:
Impact: All network users will need
- Page 127 and 128:
Impact: None. This is the default c
- Page 129 and 130:
Impact: You will have to inform use
- Page 131 and 132:
2.3.2 Audit This section contains r
- Page 133 and 134:
2.3.2.2 (L1) Set 'Audit: Shut down
- Page 135 and 136:
2.3.3 DCOM This section is intentio
- Page 137 and 138:
Impact: None - the default value is
- Page 139 and 140:
2.3.6 Domain member This section co
- Page 141 and 142:
Digital encryption and signing of t
- Page 143 and 144:
Remediation: To establish the recom
- Page 145 and 146:
Remediation: To establish the recom
- Page 147 and 148:
Impact: None. This is the default c
- Page 149 and 150:
Impact: None. This is the default c
- Page 151 and 152:
Remediation: To establish the recom
- Page 153 and 154:
Impact: Users will not see their us
- Page 155 and 156:
Impact: Unless they use a smart car
- Page 157 and 158:
Rationale: This policy setting dete
- Page 159 and 160:
2.3.7.4 (L1) Set 'Interactive logon
- Page 161 and 162:
2.3.7.5 (L1) Configure 'Interactive
- Page 163 and 164:
2.3.7.6 (L1) Configure 'Interactive
- Page 165 and 166:
2.3.7.7 (L1) Set 'Interactive logon
- Page 167 and 168:
2.3.7.8 (L1) Set 'Interactive logon
- Page 169 and 170:
2.3.7.9 (L1) Set 'Interactive logon
- Page 171 and 172:
2.3.8 Microsoft network client This
- Page 173 and 174:
Impact: The Windows 2000 Server, Wi
- Page 175 and 176:
Remediation: To establish the recom
- Page 177 and 178:
Default Value: Disabled References:
- Page 179 and 180:
Computer Configuration\Policies\Win
- Page 181 and 182:
Remediation: To establish the recom
- Page 183 and 184:
Remediation: To establish the recom
- Page 185 and 186:
Remediation: To establish the recom
- Page 187 and 188:
Remediation: To establish the recom
- Page 189 and 190:
Impact: Disabled is the default con
- Page 191 and 192:
Impact: It will be impossible to es
- Page 193 and 194:
Impact: It will be impossible to gr
- Page 195 and 196:
Impact: Users will be forced to ent
- Page 197 and 198:
Default Value: Disabled References:
- Page 199 and 200:
Default Value: None References: 1.
- Page 201 and 202:
Audit: Navigate to the UI Path arti
- Page 203 and 204:
Audit: Navigate to the UI Path arti
- Page 205 and 206:
2.3.10.9 (L1) Set 'Network access:
- Page 207 and 208:
2.3.10.10 (L1) Set 'Network access:
- Page 209 and 210:
2.3.10.11 (L1) Set 'Network access:
- Page 211 and 212:
2.3.11 Network security This sectio
- Page 213 and 214:
2.3.11.2 (L1) Set 'Network security
- Page 215 and 216:
2.3.11.3 (L1) Set 'Network Security
- Page 217 and 218:
2.3.11.4 (L1) Set 'Network Security
- Page 219 and 220:
2.3.11.5 (L1) Set 'Network security
- Page 221 and 222:
2.3.11.6 (L1) Set 'Network security
- Page 223 and 224:
2.3.11.7 (L1) Set 'Network security
- Page 225 and 226:
Rationale: In Windows Vista, this s
- Page 227 and 228:
2.3.11.8 (L1) Set 'Network security
- Page 229 and 230:
2.3.11.9 (L1) Set 'Network security
- Page 231 and 232:
2.3.11.10 (L1) Set 'Network securit
- Page 233 and 234:
2.3.12 Recovery console This sectio
- Page 235 and 236:
2.3.12.2 (L1) Set 'Recovery console
- Page 237 and 238:
2.3.13 Shutdown This section is int
- Page 239 and 240:
Remediation: To establish the recom
- Page 241 and 242:
Remediation: To establish the recom
- Page 243 and 244:
Impact: None. This is the default c
- Page 245 and 246:
2.3.17 User Account Control This se
- Page 247 and 248:
References: 1. CCE-35338-3 246 | P
- Page 249 and 250:
Remediation: To establish the recom
- Page 251 and 252:
Rationale: One of the risks that th
- Page 253 and 254:
Audit: Navigate to the UI Path arti
- Page 255 and 256:
Remediation: To establish the recom
- Page 257 and 258:
Rationale: UIAccess Integrity allow
- Page 259 and 260:
Impact: Users and administrators wi
- Page 261 and 262:
Default Value: Enabled References:
- Page 263 and 264:
Impact: None. This is the default c
- Page 265 and 266:
9 Windows Firewall With Advanced Se
- Page 267 and 268:
9.1.2 (L1) Set 'Windows Firewall: D
- Page 269 and 270:
9.1.3 (L1) Set 'Windows Firewall: D
- Page 271 and 272:
9.1.4 (L1) Set 'Windows Firewall: D
- Page 273 and 274:
9.1.5 (L1) Set 'Windows Firewall: D
- Page 275 and 276:
9.1.6 (L1) Set 'Windows Firewall: D
- Page 277 and 278:
9.1.7 (L1) Set 'Windows Firewall: D
- Page 279 and 280:
9.1.8 (L1) Set 'Windows Firewall: D
- Page 281 and 282:
9.1.9 (L1) Set 'Windows Firewall: D
- Page 283 and 284:
9.1.10 (L1) Set 'Windows Firewall:
- Page 285 and 286:
9.1.11 (L1) Set 'Windows Firewall:
- Page 287 and 288:
9.2 Private Profile This section co
- Page 289 and 290:
9.2.2 (L1) Set 'Windows Firewall: P
- Page 291 and 292:
9.2.3 (L1) Set 'Windows Firewall: P
- Page 293 and 294:
9.2.4 (L1) Set 'Windows Firewall: P
- Page 295 and 296:
9.2.5 (L1) Set 'Windows Firewall: P
- Page 297 and 298:
9.2.6 (L1) Set 'Windows Firewall: P
- Page 299 and 300:
9.2.7 (L1) Set 'Windows Firewall: P
- Page 301 and 302:
9.2.8 (L1) Set 'Windows Firewall: P
- Page 303 and 304:
9.2.9 (L1) Set 'Windows Firewall: P
- Page 305 and 306:
9.2.10 (L1) Set 'Windows Firewall:
- Page 307 and 308:
9.2.11 (L1) Set 'Windows Firewall:
- Page 309 and 310:
9.3 Public Profile This section con
- Page 311 and 312:
9.3.2 (L1) Set 'Windows Firewall: P
- Page 313 and 314:
9.3.3 (L1) Set 'Windows Firewall: P
- Page 315 and 316:
9.3.4 (L1) Set 'Windows Firewall: P
- Page 317 and 318:
9.3.5 (L1) Set 'Windows Firewall: P
- Page 319 and 320:
9.3.6 (L1) Set 'Windows Firewall: P
- Page 321 and 322:
9.3.7 (L1) Set 'Windows Firewall: P
- Page 323 and 324:
9.3.8 (L1) Set 'Windows Firewall: P
- Page 325 and 326:
9.3.9 (L1) Set 'Windows Firewall: P
- Page 327 and 328:
9.3.10 (L1) Set 'Windows Firewall:
- Page 329 and 330:
9.3.11 (L1) Set 'Windows Firewall:
- Page 331 and 332:
10 Network List Manager Policies Th
- Page 333 and 334:
Remediation: To establish the recom
- Page 335 and 336:
Remediation: To establish the recom
- Page 337 and 338:
Impact: If no audit settings are co
- Page 339 and 340:
Impact: If no audit settings are co
- Page 341 and 342:
Remediation: To establish the recom
- Page 343 and 344:
Remediation: To establish the recom
- Page 345 and 346:
Impact: If no audit settings are co
- Page 347 and 348:
Impact: If no audit settings are co
- Page 349 and 350:
17.5 Logon/Logoff This section cont
- Page 351 and 352:
17.5.2 (L1) Set 'Audit Group Member
- Page 353 and 354:
17.5.3 (L1) Set 'Audit Logoff' to '
- Page 355 and 356:
17.5.4 (L1) Set 'Audit Logon' to 'S
- Page 357 and 358:
17.5.5 (L1) Set 'Audit Other Logon/
- Page 359 and 360:
17.5.6 (L1) Set 'Audit Special Logo
- Page 361 and 362:
17.6 Object Access This section con
- Page 363 and 364:
17.7 Policy Change This section con
- Page 365 and 366:
17.7.2 (L1) Set 'Audit Authenticati
- Page 367 and 368:
17.8 Privilege Use This section con
- Page 369 and 370:
17.9 System This section contains r
- Page 371 and 372:
17.9.2 (L1) Set 'Audit Other System
- Page 373 and 374:
17.9.3 (L1) Set 'Audit Security Sta
- Page 375 and 376:
17.9.4 (L1) Set 'Audit Security Sys
- Page 377 and 378:
17.9.5 (L1) Set 'Audit System Integ
- Page 379 and 380:
18 Administrative Templates (Comput
- Page 381 and 382:
18.1.1.2 (L1) Set 'Prevent enabling
- Page 383 and 384:
18.1.2 Regional and Language Option
- Page 385 and 386:
18.2 LAPS This section contains rec
- Page 387 and 388:
18.2.2 (L1) Set 'Do not allow passw
- Page 389 and 390:
18.2.3 (L1) Set 'Enable Local Admin
- Page 391 and 392:
18.2.4 (L1) Set 'Password Settings:
- Page 393 and 394:
18.2.5 (L1) Set 'Password Settings:
- Page 395 and 396:
18.2.6 (L1) Set 'Password Settings:
- Page 397 and 398:
18.3 MSS (Legacy) This section cont
- Page 399 and 400:
18.3.2 (L1) Set 'MSS: (DisableIPSou
- Page 401 and 402:
18.3.3 (L1) Set 'MSS: (DisableIPSou
- Page 403 and 404:
18.3.4 (L2) Set 'MSS: (DisableSaveP
- Page 405 and 406:
18.3.5 (L1) Set 'MSS: (EnableICMPRe
- Page 407 and 408:
18.3.6 (L2) Set 'MSS: (KeepAliveTim
- Page 409 and 410:
18.3.7 (L1) Set 'MSS: (NoNameReleas
- Page 411 and 412:
18.3.8 (L2) Set 'MSS: (PerformRoute
- Page 413 and 414:
18.3.9 (L1) Set 'MSS: (SafeDllSearc
- Page 415 and 416:
18.3.10 (L1) Set 'MSS: (ScreenSaver
- Page 417 and 418:
18.3.11 (L2) Set 'MSS: (TcpMaxDataR
- Page 419 and 420:
18.3.12 (L2) Set 'MSS: (TcpMaxDataR
- Page 421 and 422:
18.3.13 (L1) Set 'MSS: (WarningLeve
- Page 423 and 424:
18.4 Network This section contains
- Page 425 and 426:
18.4.8 Link-Layer Topology Discover
- Page 427 and 428:
18.4.8.2 (L2) Set 'Turn on Responde
- Page 429 and 430:
18.4.9 Microsoft Peer-to-Peer Netwo
- Page 431 and 432:
18.4.10 Network Connections This se
- Page 433 and 434:
18.4.10.3 (L1) Set 'Require domain
- Page 435 and 436:
18.4.11 Network Connectivity Status
- Page 437 and 438:
Rationale: In February 2015, Micros
- Page 439 and 440:
18.4.14 Offline Files This section
- Page 441 and 442:
Audit: Navigate to the Registry pat
- Page 443 and 444:
Remediation: To establish the recom
- Page 445 and 446:
Default Value: The default for this
- Page 447 and 448:
Impact: If this policy setting is e
- Page 449 and 450:
18.4.22 WLAN Service This section c
- Page 451 and 452:
Audit: Navigate to the UI Path arti
- Page 453 and 454:
18.6 SCM: Pass the Hash Mitigations
- Page 455 and 456:
18.6.2 (L1) Set 'WDigest Authentica
- Page 457 and 458:
18.7 Start Menu and Taskbar This se
- Page 459 and 460:
Remediation: To establish the recom
- Page 461 and 462:
18.8.5 Device Installation This sec
- Page 463 and 464:
18.8.5.1.2 (BL) Set 'Prevent instal
- Page 465 and 466:
18.8.5.1.3 (BL) Set 'Prevent instal
- Page 467 and 468:
18.8.5.1.4 (BL) Set 'Prevent instal
- Page 469 and 470:
18.8.5.1.5 (BL) Set 'Prevent instal
- Page 471 and 472:
18.8.5.1.6 (BL) Set 'Prevent instal
- Page 473 and 474:
18.8.6 Device Redirection This sect
- Page 475 and 476:
Rationale: This policy setting help
- Page 477 and 478:
18.8.18 Group Policy This section c
- Page 479 and 480:
18.8.18.3 (L1) Set 'Configure regis
- Page 481 and 482:
Impact: None - this is the default
- Page 483 and 484:
Impact: This policy setting does no
- Page 485 and 486:
18.8.19.1.3 (L2) Set 'Turn off hand
- Page 487 and 488:
18.8.19.1.4 (L2) Set 'Turn off Inte
- Page 489 and 490:
18.8.19.1.5 (L2) Set 'Turn off Inte
- Page 491 and 492:
18.8.19.1.6 (L2) Set 'Turn off prin
- Page 493 and 494:
18.8.19.1.7 (L2) Set 'Turn off Regi
- Page 495 and 496:
18.8.19.1.8 (L2) Set 'Turn off Sear
- Page 497 and 498:
18.8.19.1.9 (L2) Set 'Turn off the
- Page 499 and 500:
18.8.19.1.10 (L2) Set 'Turn off the
- Page 501 and 502:
18.8.19.1.11 (L2) Set 'Turn off the
- Page 503 and 504:
18.8.19.1.12 (L2) Set 'Turn off Win
- Page 505 and 506:
18.8.19.1.13 (L2) Set 'Turn off Win
- Page 507 and 508:
18.8.20 iSCSI This section is inten
- Page 509 and 510:
Impact: Device will attempt to auth
- Page 511 and 512:
Default Value: Not Configured. If t
- Page 513 and 514:
Impact: If you enable this policy s
- Page 515 and 516:
Impact: The Logon UI will not enume
- Page 517 and 518:
Default Value: Not configured Refer
- Page 519 and 520:
Default Value: Not configured Refer
- Page 521 and 522:
Default Value: Not configured Refer
- Page 523 and 524:
Impact: Fonts not located in the %w
- Page 525 and 526:
18.8.28 Power Management This secti
- Page 527 and 528:
18.8.28.4.2 (BL) Set 'Allow standby
- Page 529 and 530:
18.8.28.4.3 (L1) Set 'Require a pas
- Page 531 and 532:
18.8.28.4.4 (L1) Set 'Require a pas
- Page 533 and 534:
18.8.29 Recovery This section is in
- Page 535 and 536:
If you enable this policy setting,
- Page 537 and 538:
18.8.30.2 (L1) Set 'Configure Solic
- Page 539 and 540:
18.8.31 Remote Procedure Call This
- Page 541 and 542:
18.8.31.2 (L1) Set 'Restrict Unauth
- Page 543 and 544:
18.8.32 Removable Storage Access Th
- Page 545 and 546:
The Group Policy settings contained
- Page 547 and 548:
Default Value: If you do not config
- Page 549 and 550:
18.8.43 Windows Time Service This s
- Page 551 and 552:
18.8.43.1.2 (L2) Set 'Enable Window
- Page 553 and 554:
18.9.4 App Package Deployment This
- Page 555 and 556:
18.9.5 App Privacy This section is
- Page 557 and 558:
Remediation: To establish the recom
- Page 559 and 560:
Default Value: Not Configured Refer
- Page 561 and 562:
18.9.8 AutoPlay Policies This secti
- Page 563 and 564:
18.9.8.2 (L1) Set 'Set the default
- Page 565 and 566:
18.9.8.3 (L1) Set 'Turn off Autopla
- Page 567 and 568:
18.9.9 Backup This section is inten
- Page 569 and 570:
If this policy setting is disabled,
- Page 571 and 572:
Note: If the "Do not enable BitLock
- Page 573 and 574:
18.9.11.1.3 (BL) Set 'Choose how Bi
- Page 575 and 576:
References: 1. CCE-33072-0 574 | P
- Page 577 and 578:
Select the "Do not enable BitLocker
- Page 579 and 580:
18.9.11.1.5 (BL) Set 'Choose how Bi
- Page 581 and 582:
Impact: To use BitLocker, a Data Re
- Page 583 and 584:
Select the "Do not enable BitLocker
- Page 585 and 586:
18.9.11.1.7 (BL) Set 'Choose how Bi
- Page 587 and 588:
Impact: To use BitLocker, a Data Re
- Page 589 and 590:
Select the "Do not enable BitLocker
- Page 591 and 592:
18.9.11.1.9 (BL) Set 'Choose how Bi
- Page 593 and 594:
Impact: To use BitLocker, a Data Re
- Page 595 and 596:
Rationale: From a strict security p
- Page 597 and 598:
Encryption algorithms are specified
- Page 599 and 600:
Encryption algorithms are specified
- Page 601 and 602:
Encryption algorithms are specified
- Page 603 and 604:
If you do not configure this policy
- Page 605 and 606:
Remediation: To establish the recom
- Page 607 and 608:
Remediation: To establish the recom
- Page 609 and 610:
Audit: Navigate to the UI Path arti
- Page 611 and 612:
Audit: Navigate to the UI Path arti
- Page 613 and 614:
Note: If the "Do not enable BitLock
- Page 615 and 616:
18.9.11.2.4 (BL) Set 'Choose how Bi
- Page 617 and 618:
Impact: Users will need to be domai
- Page 619 and 620:
Select the "Do not enable BitLocker
- Page 621 and 622:
18.9.11.2.6 (BL) Set 'Choose how Bi
- Page 623 and 624:
Impact: Users will need to be domai
- Page 625 and 626:
Select the "Do not enable BitLocker
- Page 627 and 628:
18.9.11.2.8 (BL) Set 'Choose how Bi
- Page 629 and 630:
Impact: Users will need to be domai
- Page 631 and 632:
Select the "Do not enable BitLocker
- Page 633 and 634:
18.9.11.2.10 (BL) Set 'Choose how B
- Page 635 and 636:
Impact: Users will need to be domai
- Page 637 and 638:
Remediation: To establish the recom
- Page 639 and 640:
Rationale: From a strict security p
- Page 641 and 642:
Encryption algorithms are specified
- Page 643 and 644:
Encryption algorithms are specified
- Page 645 and 646:
Encryption algorithms are specified
- Page 647 and 648:
Note: Passwords cannot be used if F
- Page 649 and 650:
Rationale: TPM without use of a PIN
- Page 651 and 652:
Rationale: TPM without use of a PIN
- Page 653 and 654:
Rationale: TPM without use of a PIN
- Page 655 and 656:
Note: If you want to require the us
- Page 657 and 658:
Note: If you want to require the us
- Page 659 and 660:
Note: If you want to require the us
- Page 661 and 662:
If this policy setting is disabled,
- Page 663 and 664:
Note: If the "Do not enable BitLock
- Page 665 and 666:
18.9.11.3.3 (BL) Set 'Choose how Bi
- Page 667 and 668:
18.9.11.3.4 (BL) Set 'Choose how Bi
- Page 669 and 670:
18.9.11.3.5 (BL) Set 'Choose how Bi
- Page 671 and 672:
18.9.11.3.6 (BL) Set 'Choose how Bi
- Page 673 and 674:
18.9.11.3.7 (BL) Set 'Choose how Bi
- Page 675 and 676:
18.9.11.3.8 (BL) Set 'Choose how Bi
- Page 677 and 678:
Impact: To use BitLocker a Data Rec
- Page 679 and 680:
Note: If the "Do not enable BitLock
- Page 681 and 682:
Rationale: From a strict security p
- Page 683 and 684:
Encryption algorithms are specified
- Page 685 and 686:
Encryption algorithms are specified
- Page 687 and 688:
Encryption algorithms are specified
- Page 689 and 690:
Remediation: To establish the recom
- Page 691 and 692:
Note: Passwords cannot be used if F
- Page 693 and 694:
If you do not configure this policy
- Page 695 and 696:
Remediation: To establish the recom
- Page 697 and 698:
Remediation: To establish the recom
- Page 699 and 700:
Remediation: To establish the recom
- Page 701 and 702:
18.9.13 Credential User Interface T
- Page 703 and 704:
18.9.13.2 (L1) Set 'Enumerate admin
- Page 705 and 706:
18.9.13.3 (L2) Set 'Require trusted
- Page 707 and 708:
18.9.14 Data Collection and Preview
- Page 709 and 710:
18.9.14.2 (L1) Set 'Disable pre-rel
- Page 711 and 712:
18.9.14.3 (L1) Set 'Toggle user con
- Page 713 and 714:
18.9.15 Delivery Optimization The G
- Page 715 and 716:
18.9.16 Desktop Gadgets This sectio
- Page 717 and 718:
18.9.22.2 (L1) Set 'Default Protect
- Page 719 and 720:
18.9.22.4 (L1) Set 'Default Protect
- Page 721 and 722:
18.9.22.6 (L1) Set 'System DEP' to
- Page 723 and 724:
References: 1. CCE-35485-2 722 | P
- Page 725 and 726:
18.9.24 Event Log Service This sect
- Page 727 and 728:
18.9.24.1.2 (L1) Set 'Application:
- Page 729 and 730:
18.9.24.2 Security This section con
- Page 731 and 732:
18.9.24.2.2 (L1) Set 'Security: Spe
- Page 733 and 734:
18.9.24.3 Setup This section contai
- Page 735 and 736:
18.9.24.3.2 (L1) Set 'Setup: Specif
- Page 737 and 738:
18.9.24.4 System This section conta
- Page 739 and 740:
18.9.24.4.2 (L1) Set 'System: Speci
- Page 741 and 742:
18.9.25 Event Logging This section
- Page 743 and 744:
Rationale: Windows SmartScreen help
- Page 745 and 746:
References: 1. CCE-33608-1 744 | P
- Page 747 and 748:
References: 1. CCE-33745-1 746 | P
- Page 749 and 750:
Impact: If you enable this policy s
- Page 751 and 752:
18.9.31 HomeGroup This section cont
- Page 753 and 754:
18.9.32 Import Video This section i
- Page 755 and 756:
18.9.43 OneDrive (formerly SkyDrive
- Page 757 and 758:
18.9.44 Online Assistance This sect
- Page 759 and 760:
Remediation: To establish the recom
- Page 761 and 762:
Note: You can limit which clients a
- Page 763 and 764:
18.9.48.3.3 Device and Resource Red
- Page 765 and 766:
18.9.48.3.3.2 (L1) Set 'Do not allo
- Page 767 and 768:
18.9.48.3.3.3 (L2) Set 'Do not allo
- Page 769 and 770:
18.9.48.3.3.4 (L2) Set 'Do not allo
- Page 771 and 772:
18.9.48.3.4 Licensing This section
- Page 773 and 774:
Remediation: To establish the recom
- Page 775 and 776:
Default Value: Not Configured. If y
- Page 777 and 778:
Default Value: Not configured Refer
- Page 779 and 780:
Remediation: To establish the recom
- Page 781 and 782:
Impact: If you enable this policy s
- Page 783 and 784:
Remediation: To establish the recom
- Page 785 and 786:
18.9.50 Search This section contain
- Page 787 and 788:
18.9.50.3 (L1) Set 'Allow indexing
- Page 789 and 790:
18.9.50.4 (L1) Set 'Allow search an
- Page 791 and 792:
18.9.50.5 (L2) Set 'Set what inform
- Page 793 and 794:
18.9.51 Security Center This sectio
- Page 795 and 796:
Remediation: To establish the recom
- Page 797 and 798:
18.9.62 Windows Calendar This secti
- Page 799 and 800:
Audit: Navigate to the UI Path arti
- Page 801 and 802:
18.9.67 Windows Game Recording and
- Page 803 and 804:
18.9.68 Windows Installer This sect
- Page 805 and 806:
18.9.68.2 (L1) Set 'Always install
- Page 807 and 808:
18.9.68.3 (L2) Set 'Prevent Interne
- Page 809 and 810:
18.9.69 Windows Logon Options This
- Page 811 and 812:
18.9.70 Windows Mail This section i
- Page 813 and 814:
18.9.78 Windows PowerShell This sec
- Page 815 and 816:
18.9.78.2 (L1) Set 'Turn on PowerSh
- Page 817 and 818:
18.9.79 Windows Reliability Analysi
- Page 819 and 820:
Remediation: To establish the recom
- Page 821 and 822:
Default Value: Not configured Refer
- Page 823 and 824:
References: 1. CCE-34778-1 822 | P
- Page 825 and 826:
Impact: None - this is the default
- Page 827 and 828:
Default Value: Not configured Refer
- Page 829 and 830:
Remediation: To establish the recom
- Page 831 and 832:
18.9.84 Windows Update This section
- Page 833 and 834:
18.9.84.2 (L1) Set 'Configure Autom
- Page 835 and 836:
18.9.84.3 (L1) Set 'Defer Upgrade'
- Page 837 and 838:
18.9.84.4 (L1) Set 'No auto-restart
- Page 839 and 840:
19 Administrative Templates (User)
- Page 841 and 842:
Impact: The screen saver will autom
- Page 843 and 844:
Impact: The screen saver will autom
- Page 845 and 846:
References: 1. CCE-32938-3 844 | P
- Page 847 and 848:
Default Value: Not Configured Refer
- Page 849 and 850:
19.5 Start Menu and Taskbar This se
- Page 851 and 852:
19.6 System This section contains r
- Page 853 and 854:
Impact: If you enable this policy s
- Page 855 and 856:
19.7.4 Attachment Manager This sect
- Page 857 and 858:
19.7.4.2 (L1) Set 'Notify antivirus
- Page 859 and 860:
19.7.5 AutoPlay Policies This secti
- Page 861 and 862:
19.7.18 Internet Explorer This sect
- Page 863 and 864:
19.7.25 Network Sharing This sectio
- Page 865 and 866:
19.7.26 Presentation Settings This
- Page 867 and 868:
19.7.37 Windows Installer This sect
- Page 869 and 870:
19.7.38 Windows Logon Options This
- Page 871 and 872:
Remediation: To establish the recom
- Page 873 and 874:
Control Set Correctly Yes No 2.2.11
- Page 875 and 876:
Control 2.3.7.1 (L1) Set 'Interacti
- Page 877 and 878:
Control session security, Require 1
- Page 879 and 880:
Control notification' to 'No' (Scor
- Page 881 and 882:
Control 17.8 Privilege Use 17.8.1 (
- Page 883 and 884:
Control 18.4.8.2 (L2) Set 'Turn on
- Page 885 and 886:
Control 18.8.7 Disk NV Cache 18.8.8
- Page 887 and 888:
Control 18.8.28. Notification Setti
- Page 889 and 890:
Control Set Correctly Yes No 18.9.8
- Page 891 and 892:
18.9.11.2 .10 18.9.11.2 .11 18.9.11
- Page 893 and 894:
Control Set Correctly Yes No 18.9.1
- Page 895 and 896:
Control approval from an administra
- Page 897 and 898:
Control Set Correctly Yes No .10.2
- Page 899 and 900:
.2 18.9.80.2 .3 Control Set Correct
- Page 901 and 902:
Control 19.7.34 Windows Calendar 19