1 # OSSEC Linux Audit - (C) 2018
3 # Released under the same license as OSSEC.
4 # More details at the LICENSE file included with OSSEC or online
5 # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
7 # [Application name] [any or all] [reference]
11 # - f (for file or directory)
12 # - r (registry entry)
13 # - p (process running)
16 # For the registry and for directories, use "->" to look for a specific entry and another
17 # "->" to look for the value.
18 # Also, use " -> r:^\. -> ..." to search all files in a directory
19 # For files, use "->" to look for a specific value in the file.
21 # Values can be preceeded by: =: (for equal) - default
22 # r: (for ossec regexes)
23 # >: (for strcmp greater)
24 # <: (for strcmp lower)
25 # Multiple patterns can be specified by using " && " between them.
26 # (All of them must match for it to return true).
28 # CIS Checks for Windows Server 2016 Member Server L2
29 # Based on Center for Internet Security Benchmark v1.0.0 for Microsoft Windows Server 2016 (https://workbench.cisecurity.org/benchmarks/515)
33 #2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'
34 [CIS - Microsoft Windows Server 2016 - 2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'] [any] [https://workbench.cisecurity.org/benchmarks/515]
35 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> !4;
36 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> !CachedLogonsCount;
39 #2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'
40 [CIS - Microsoft Windows Server 2016 - 2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
41 r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> DisableDomainCreds -> !1;
42 r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !DisableDomainCreds;
45 #18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'
46 [CIS - Microsoft Windows Server 2016 - 18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'] [any] [https://workbench.cisecurity.org/benchmarks/515]
47 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> KeepAliveTime -> !493e0;
48 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !KeepAliveTime;
51 #18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'
52 [CIS - Microsoft Windows Server 2016 - 18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
53 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> PerformRouterDiscovery -> !0;
54 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !PerformRouterDiscovery;
57 #18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
58 [CIS - Microsoft Windows Server 2016 - 18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/515]
59 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> TcpMaxDataRetransmissions -> !3;
60 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !TcpMaxDataRetransmissions;
63 #18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
64 [CIS - Microsoft Windows Server 2016 - 18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/515]
65 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> TcpMaxDataRetransmissions -> !3;
66 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !TcpMaxDataRetransmissions;
69 #18.4.5.1 Ensure 'Enable Font Providers' is set to 'Disabled'
70 [CIS - Microsoft Windows Server 2016 - 18.4.5.1 Ensure 'Enable Font Providers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
71 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnableFontProviders -> !0;
72 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnableFontProviders;
75 #18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'
76 [CIS - Microsoft Windows Server 2016 - 18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
77 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnDomain -> !0;
78 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnPublicNet -> !0;
79 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableLLTDIO -> !0;
80 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitLLTDIOOnPrivateNet -> !0;
83 #18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'
84 [CIS - Microsoft Windows Server 2016 - 18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
85 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnDomain -> !0;
86 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnPublicNet -> !0;
87 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableRspndr -> !0;
88 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitRspndrOnPrivateNet -> !0;
91 #18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'
92 [CIS - Microsoft Windows Server 2016 - 18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
93 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> Disabled -> !1;
94 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> !Disabled;
97 #18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')
98 [CIS - Microsoft Windows Server 2016 - 18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')] [any] [https://workbench.cisecurity.org/benchmarks/515]
99 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> DisabledComponents -> !ff;
100 r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !DisabledComponents;
103 #18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'
104 [CIS - Microsoft Windows Server 2016 - 18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
105 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> EnableRegistrars -> !0;
106 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !EnableRegistrars;
107 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableUPnPRegistrar -> !0;
108 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableUPnPRegistrar;
109 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableInBand802DOT11Registrar -> !0;
110 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableInBand802DOT11Registrar;
111 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableFlashConfigRegistrar -> !0;
112 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableFlashConfigRegistrar;
113 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableWPDRegistrar -> !0;
114 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableWPDRegistrar;
117 #18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'
118 [CIS - Microsoft Windows Server 2016 - 18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
119 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> DisableWcnUi -> !1;
120 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> !DisableWcnUi;
123 #18.4.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'
124 [CIS - Microsoft Windows Server 2016 - 18.4.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
125 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fBlockNonDomain -> !1;
126 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> !fBlockNonDomain;
129 #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled'
130 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
131 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1;
132 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith;
135 #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
136 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
137 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1;
138 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload;
141 #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'
142 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
143 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1;
144 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing;
147 #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'
148 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
149 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1;
150 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports;
153 #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'
154 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
155 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1;
156 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW;
159 #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'
160 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
161 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1;
162 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices;
165 #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled'
166 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
167 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1;
168 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting;
171 #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'
172 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
173 r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1;
174 r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration;
177 #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'
178 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
179 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1;
180 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates;
183 #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'
184 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
185 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1;
186 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard;
189 #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'
190 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
191 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1;
192 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard;
195 #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'
196 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
197 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> 1;
198 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP;
201 #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'
202 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
203 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0;
204 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable;
207 #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'
208 [CIS - Microsoft Windows Server 2016 - 18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
209 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !0;
210 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled;
211 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting -> DoReport -> !1;
212 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting -> !DoReport;
215 #18.8.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'
216 [CIS - Microsoft Windows Server 2016 - 18.8.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'] [any] [https://workbench.cisecurity.org/benchmarks/515]
217 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters -> DevicePKInitBehavior -> !0;
218 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\kerberos\parameters -> DevicePKInitEnabled -> !1;
221 #18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'
222 [CIS - Microsoft Windows Server 2016 - 18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
223 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> BlockUserInputMethodsForSignIn -> !1;
224 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> !BlockUserInputMethodsForSignIn;
227 #18.8.29.5.1 Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'
228 [CIS - Microsoft Windows Server 2016 - 18.8.29.5.1 Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
229 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9 -> DCSettingIndex -> !0;
230 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9 -> !DCSettingIndex;
233 #18.8.29.5.2 Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'
234 [CIS - Microsoft Windows Server 2016 - 18.8.29.5.2 Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
235 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9 -> ACSettingIndex -> !0;
236 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9 -> !ACSettingIndex;
239 #18.8.29.5.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'
240 [CIS - Microsoft Windows Server 2016 - 18.8.29.5.3 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
241 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> !1;
244 #18.8.29.5.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'
245 [CIS - Microsoft Windows Server 2016 - 18.8.29.5.4 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
246 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> !1;
249 #18.8.32.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'
250 [CIS - Microsoft Windows Server 2016 - 18.8.32.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'] [any] [https://workbench.cisecurity.org/benchmarks/515]
251 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> RestrictRemoteClients -> !1;
252 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> !RestrictRemoteClients;
255 #18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'
256 [CIS - Microsoft Windows Server 2016 - 18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
257 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> DisableQueryRemoteServer -> !0;
258 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> !DisableQueryRemoteServer;
261 #18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'
262 [CIS - Microsoft Windows Server 2016 - 18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
263 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> ScenarioExecutionEnabled -> !0;
264 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> !ScenarioExecutionEnabled;
267 #18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled'
268 [CIS - Microsoft Windows Server 2016 - 18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
269 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy -> !1;
270 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> !DisabledByGroupPolicy;
273 #18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'
274 [CIS - Microsoft Windows Server 2016 - 18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
275 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> Enabled -> !1;
276 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> !Enabled;
279 #18.8.44.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled'
280 [CIS - Microsoft Windows Server 2016 - 18.8.44.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
281 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpServer -> Enabled -> !0;
284 #18.9.4.1 Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'
285 [CIS - Microsoft Windows Server 2016 - 18.9.4.1 Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
286 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager -> AllowSharedLocalAppData -> !0;
289 #18.9.5.1 Ensure 'Let Windows apps *' is set to 'Enabled: Force Deny'
290 [CIS - Microsoft Windows Server 2016 - 18.9.5.1 Ensure 'Let Windows apps *' is set to 'Enabled: Force Deny'] [any] [https://workbench.cisecurity.org/benchmarks/515]
291 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessAccountInfo -> !2;
292 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessAccountInfo;
293 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessCallHistory -> !2;
294 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessCallHistory;
295 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessContacts -> !2;
296 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessContacts;
297 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessEmail -> !2;
298 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessEmail;
299 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessLocation -> !2;
300 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessLocation;
301 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessMessaging -> !2;
302 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessMessaging;
303 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessMotion -> !2;
304 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessMotion;
305 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessCalendar -> !2;
306 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessCalendar;
307 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessCamera -> !2;
308 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessCamera;
309 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessMicrophone -> !2;
310 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessMicrophone;
311 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessTrustedDevices -> !2;
312 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessTrustedDevices;
313 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessRadios -> !2;
314 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessRadios;
315 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsSyncWithDevices -> !2;
316 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsSyncWithDevices;
317 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessPhone -> !2;
318 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessPhone;
319 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> LetAppsAccessNotifications -> !2;
320 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy -> !LetAppsAccessNotifications;
323 #18.9.6.2 Ensure 'Block launching Windows Store apps with Windows Runtime API access from hosted content.' is set to 'Enabled'
324 [CIS - Microsoft Windows Server 2016 - 18.9.6.2 Ensure 'Block launching Windows Store apps with Windows Runtime API access from hosted content.' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
325 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> BlockHostedAppAccessWinRT -> !1;
326 r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !BlockHostedAppAccessWinRT;
329 #18.9.12.1 Ensure 'Allow Use of Camera' is set to 'Disabled'
330 [CIS - Microsoft Windows Server 2016 - 18.9.12.1 Ensure 'Allow Use of Camera' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
331 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Camera -> AllowCamera -> !0;
332 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Camera -> !AllowCamera;
335 #18.9.37.2 Ensure 'Turn off location' is set to 'Enabled'
336 [CIS - Microsoft Windows Server 2016 - 18.9.37.2 Ensure 'Turn off location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
337 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> DisableLocation -> !1;
338 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> !DisableLocation;
341 #18.9.41.1 Ensure 'Allow Extensions' is set to 'Disabled'
342 [CIS - Microsoft Windows Server 2016 - 18.9.41.1 Ensure 'Allow Extensions' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
343 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Extensions -> ExtensionsEnabled -> !0;
344 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Extensions -> !ExtensionsEnabled;
347 #18.9.41.2 Ensure 'Allow InPrivate Browsing' is set to 'Disabled'
348 [CIS - Microsoft Windows Server 2016 - 18.9.41.2 Ensure 'Allow InPrivate Browsing' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
349 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> AllowInPrivate -> !0;
350 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> !AllowInPrivate;
353 #18.9.41.5 Ensure 'Configure Pop-up Blocker' is set to 'Enabled'
354 [CIS - Microsoft Windows Server 2016 - 18.9.41.5 Ensure 'Configure Pop-up Blocker' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
355 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> AllowPopups -> !r:yes;
358 #18.9.41.8 Ensure 'Prevent access to the about:flags page in Microsoft Edge' is set to 'Enabled'
359 [CIS - Microsoft Windows Server 2016 - 18.9.41.8 Ensure 'Prevent access to the about:flags page in Microsoft Edge' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
360 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> PreventAccessToAboutFlagsInMicrosoftEdge -> !1;
361 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> !PreventAccessToAboutFlagsInMicrosoftEdge;
364 #18.9.41.9 Ensure 'Prevent bypassing SmartScreen prompts for files' is set to 'Enabled'
365 [CIS - Microsoft Windows Server 2016 - 18.9.41.9 Ensure 'Prevent bypassing SmartScreen prompts for files' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
366 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter -> PreventOverrideAppRepUnknown -> !1;
367 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter -> !PreventOverrideAppRepUnknown;
370 #18.9.41.10 Ensure 'Prevent bypassing SmartScreen prompts for sites' is set to 'Enabled'
371 [CIS - Microsoft Windows Server 2016 - 18.9.41.10 Ensure 'Prevent bypassing SmartScreen prompts for sites' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
372 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter -> PreventOverride -> !1;
373 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter -> !PreventOverride;
376 #18.9.41.11 Ensure 'Prevent using Localhost IP address for WebRTC' is set to 'Enabled'
377 [CIS - Microsoft Windows Server 2016 - 18.9.41.11 Ensure 'Prevent using Localhost IP address for WebRTC' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
378 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> HideLocalHostIP -> !1;
379 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main -> !HideLocalHostIP;
382 #18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'
383 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
384 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fSingleSessionPerUser -> !1;
385 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fSingleSessionPerUser;
388 #18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'
389 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
390 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCcm -> !1;
391 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCcm;
394 #18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'
395 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
396 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableLPT -> !1;
397 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableLPT;
400 #18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'
401 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
402 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisablePNPRedir -> !1;
403 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisablePNPRedir;
406 #18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'
407 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'] [any] [https://workbench.cisecurity.org/benchmarks/515]
408 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba1;
409 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba2;
410 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba3;
411 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba4;
412 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba5;
413 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba6;
414 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba7;
415 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba8;
416 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba9;
417 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba\D;
418 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbb\w;
419 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbc\w;
420 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbd\w;
421 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbe\w;
422 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbf\w;
423 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbc\w\w;
424 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbd\w\w;
425 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbe\w\w;
426 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbf\w\w;
427 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dc\w\w\w;
428 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dd\w\w\w;
429 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:de\w\w\w;
430 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:df\w\w\w;
431 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:e\w\w\w\w;
432 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:f\w\w\w\w;
433 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:\w\w\w\w\w\w;
434 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxIdleTime;
437 #18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'
438 [CIS - Microsoft Windows Server 2016 - 18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'] [any] [https://workbench.cisecurity.org/benchmarks/515]
439 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxDisconnectionTime -> !EA60;
440 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxDisconnectionTime;
443 #18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'
444 [CIS - Microsoft Windows Server 2016 - 18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
445 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> NoGenTicket -> !1;
446 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> !NoGenTicket;
449 #18.9.61.1 Ensure 'Disable all apps from Windows Store' is set to 'Enabled'
450 [CIS - Microsoft Windows Server 2016 - 18.9.61.1 Ensure 'Disable all apps from Windows Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
451 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> DisableStoreApps -> !1;
452 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !DisableStoreApps;
455 #18.9.61.4 Ensure 'Turn off the Store application' is set to 'Enabled'
456 [CIS - Microsoft Windows Server 2016 - 18.9.61.4 Ensure 'Turn off the Store application' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
457 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> RemoveWindowsStore -> !1;
458 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !RemoveWindowsStore;
461 #18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled'
462 [CIS - Microsoft Windows Server 2016 - 18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
463 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet -> SpynetReporting -> !0;
466 #18.9.69.8.1 Ensure 'Configure Watson events' is set to 'Disabled'
467 [CIS - Microsoft Windows Server 2016 - 18.9.69.8 Ensure 'Configure Watson events' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
468 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting -> DisableGenericRePorts -> !1;
469 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting -> !DisableGenericRePorts;
472 #18.9.73.1 Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'
473 [CIS - Microsoft Windows Server 2016 - 18.9.73.1 Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
474 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace -> AllowSuggestedAppsInWindowsInkWorkspace -> !0;
475 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsInkWorkspace -> !AllowSuggestedAppsInWindowsInkWorkspace;
478 #18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'
479 [CIS - Microsoft Windows Server 2016 - 18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
480 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> SafeForScripting -> !0;
483 #18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'
484 [CIS - Microsoft Windows Server 2016 - 18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
485 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowAutoConfig -> !0;
488 #18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled'
489 [CIS - Microsoft Windows Server 2016 - 18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/515]
490 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> AllowRemoteShellAccess -> !0;
491 r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> !AllowRemoteShellAccess;
projects / ossec-hids.git / blob