Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Computer Configuration Software Settings Software installation Windows Settings Scripts (Startup/Shutdown) Security Settings Account Policies Password Policy Enforce password history Maximum password age Minimum password age Minimum password length Passwords must meet complexity requirements Store password using reversible encyrption for all users in the domain Account Lockout Policy Account lockout duration Account lockout threshold Reset account lockout counter after Kerberos Policy Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization Local Policies Audit Policy Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events User Rights Assignment
Act as part of the operating system (SeTcbPrivilege) Add workstations to domain (SeMachineAccountPrivilege) Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
Change the system time (SeSystemTimePrivilege) Create a pagefile (SeCreatePagefilePrivilege) Create a token object (SeCreateTokenPrivilege) Create global objects (SeCreateGlobalPrivilege) Create permanent shared objects (SeCreatePermanentPrivilege) Debug programs (SeDebugPrivilege) Deny access to this computer from the network (SeDenyNetworkLogonRight) Deny logon as a batch job (SeDenyBatchLogonRight)
Deny logon as a service (SeDenyBatchLogonRight) Deny logon locally (SeDenyInteractiveLogonRight) Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) Force shutdown from a remote system (SeRemoteShutdownPrivilege) Generate security audits (SeAuditPrivilege)
Impersonate a client after authentication (SeImpersonatePrivilege) Increase scheduling priority (SeIncreaseBasePriorityPrivilege) Load and unload device drivers (SeLoadDriverPrivilege) Lock pages in memory (SeLockMemoryPrivilege) Log on as a batch job (SeBatchLogonRight)
Log on as a service (SeServiceLogonRight) Manage auditing and security log (SeSecurityPrivilege) Modify firmware environment values (SeSystemEnvironmentPrivilege) Perform Volume Maintenance Tasks (SeManageVolumePrivilege) Profile single process (SeProfileSingleProcessPrivilege) Profile system performance (SeSystemProfilePrivilege) Remove computer from docking station (SeUndockPrivilege) Replace a process level token (SeAssignPrimaryTokenPrivilege)
Synchronize directory service data (SeSynchAgentPrivilege) Take ownership of files or other objects (SeTakeOwnershipPrivilege) Security Options Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account
Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Audit: Shut down system immediately if unable to log security audits DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements Domain controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Display user information when the session is locked Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card Interactive logon: Smart card removal behavior Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Allow anonymous SID/Name translation
Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously
Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile System cryptography: Force strong key protection for user keys stored on the computer System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing System objects: Default owner for objects created by members of the Administrators group System objects: Require case insensitivity for non-Windows subsystems System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) System settings: Optional subsystems System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended) MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended) MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)
MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (ActiveX Signed Controls) RunInvalidSignatures (RPC Endpoint Mapper) EnableAuthEpResolution (RPC Endpoint Mapper) RestrictRemoteClients (WebDAV Redirector) DisableBasicOverClearChannel (WebDAV Redirector) UseBasicAuth Event Log Settings for Event Logs Maximum application log size Maximum security log size Maximum system log size Restrict guest access to application log Restrict guest access to security log Restrict guest access to system log Retain application log Retain security log Retain system log Retention method for application log Retention method for security log Retention method for system log Restricted Groups System Services - See next worksheet, System Services Registry File System Public Key Policies Encrypted Data Recovery Agents Automatic Certificate Request Settings Trusted Root Certification Authorities Enterprise Trust IP Security Policies on Active Directory Client (Respond Only) Secure Server (Require Security) Server (Request Security) Administrative Templates
Windows Components NetMeeting Disable remote Desktop Sharing Internet Explorer Internet Control Panel Security Zones: Use only machine settings Security Zones: Do not allow users to change policies Security Zones: Do not allow users to add/delete sites Make proxy settings per-machine (rather than per-user) Disable Automatic Install of Internet Explorer components Disable Periodic Check for Internet Explorer software updates Disable software update shell notifications on program launch Turn off Crash Detection Do not allow users to enable or disable add-ons Allow software to run or install even if the signature is invalid Allow active content from CDs to run on user machines Allow third-party browser extensions (only under Windows 2003) Check for server certificate revocation (only under Windows 2003) Do not save encrypted pages to disk (only under Windows 2003) Empty Temporary Internet Files folder when browser is closed (only under Windows 2003) Security Features Security Page Advanced Page Binary Behavior Security Restriction Internet Explorer Processes Process List All Processes Admin-approved behaviors MK Protocol Security Restriction Internet Explorer Processes Process List All Processes Local Machine Zone Lockdown Security Internet Explorer Processes Process List All Processes Consistent MIME Handling Internet Explorer Processes Process List All Processes MIME Sniffing Safety Features Internet Explorer Processes Process List All Processes Protection From Zone Elevation Internet Explorer Processes Process List All Processes Restrict ActiveX Install
Internet Explorer Processes Process List All Processes Restrict File Download Internet Explorer Processes Process List All Processes Add-on Management Internet Explorer Processes Process List All Processes Network Protocol Lockdown Internet Explorer Processes Process List All Processes Restricted Protocols per Security Zone Internet Information Services Prevent IIS installation Terminal Services Deny log off of an administrator logged in to the console session Do not allow local administrators to customize permissions Sets rules for remote control of Terminal Services user sessions Client/Server data redirection Allow Time Zone Redirection Do not allow clipboard redirection Allow audio redirection Do not allow COM port redirection Do not allow client printer redirection Do not allow LPT port redirection Do not allow drive redirection Do not set default client printer to be default printer in a session Encryption and Security Always prompt client for password upon connection Set client connection encryption level RPC Security Policy Secure Server (Require Security) Sessions Set time limit for disconnected sessions Allow reconnection from original client only Windows Explorer Turn off shell protected mode Windows Messenger Do not allow Windows Messenger to be run Windows Update Configure Automatic Updates Specify intranet Microsoft update service location Reschedule Automatic Updates scheduled installations No auto-restart for scheduled Automatic Updates installations System
Display Shutdown Event Tracker Specify Windows installation file location Specify Windows Service Pack installation file location Remove Boot / Shutdown / Logon / Logoff status messages Verbose vs normal status messages Restrict these programs from being launched from Help Turn off Autoplay Do not automatically encrypt files moved to encrypted folders Download missing COM components User Profiles Do not check for user ownership of Roaming Profile Folders Delete cached copies of roaming profiles Do not detect slow network connections Slow network connection timeout for user profiles Wait for remote user profile Prompt user when slow link is detected Timeout for dialog boxes Log users off when roaming profile fails Maximum retries to unload and update user profile Add the Administrators security group to roaming user profiles Prevent Roaming Profile changes from propagating to the server Only allow local user profiles Scripts Turn off autoplay Logon Don't display the Getting Started welcome screen at logon Do not process the run once list Do not process the legacy run list Group Policy Registry policy processing Internet Explorer Maintenance policy processing Security policy processing IP Security policy processing Remote Assistance Solicited Remote Assistance Offer Remote Assistance Error Reporting Display Error Notification Report Errors Distributed COM Application Compatibility Settings Allow local activation security check exemptions Define Activation Security Check exemptions User Configuration Administrative Templates Windows Components Internet Explorer Disable Changing Advanced page settings
Disable Internet Connection Wizard Disable Changing Connection Settings Disable Changing Proxy Settings Disable Changing Automatic Configuration Se Disable Changing Certificate Settings Do not allow AutoComplete to save passwords Configure Outlook Express Internet Control Panel Disable the Security Page Disable the Advanced Page Offline Pages Disable adding channels Disable removing channels Disable adding schedules for offline pages Disable editing schedules for offline pages Disable removing schedules for offline pages Disable offline page hit logging Disable all scheduled offline pages Disable channel user interface completely Disable downloading of site subscription content Disable editing and creating of schedule groups Browser menus Disable Save this program to disk option Persistence Behavior File size limits for the Local Machine zone File size limits for the Intranet zone File size limits for the Trusted Sites zone File size limits for the Internet zone File size limits for the Restricted Sites zone Attachment Manager Default risk level for file attachments Inclusion list for high risk file types Inclusion list for moderate risk file types Inclusion list for low file types Trust logic for file attachments Do not preserve zone information in file attachments Hide mechanisms to remove zone information Notify antivirus programs when opening attachments Windows Explorer Remove Security tab Remove CD Burning features Control Panel Display Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout System
Prevent access to registry editing tools Power Management Prompt for password on resume from hibernate / suspend
24 passwords remembered 42 days 1 day 7 characters Enabled Disabled Not defined 0 invalid login attempts Not defined Enabled 600 minutes 10 hours 7 days 5 minutes
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
0 passwords remembered 42 days 0 days 0 characters Disabled Disabled Not applicable 0 invalid login attempts Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable
24 passwords remembered 42 days 1 day 7 characters Enabled Disabled Not defined 0 invalid login attempts Not defined Enabled 600 minutes 10 hours 7 days 5 minutes
24 passwords remembered 42 days 1 day 7 characters Enabled Disabled Not defined 0 invalid login attempts Not defined Not applicable Not applicable Not applicable Not applicable Not applicable
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined
Everyone, Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS, Pre-Windows 2000 Compatible Access No one Authenticated Users LOCAL SERVICE, NETWORK SERVICE, Administrators Administrators, Backup Operators, Account Operators, Server Operators, Print Operators Not defined
Everyone, Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS, Pre-Windows 2000 Compatible Access No one Authenticated Users LOCAL SERVICE, NETWORK SERVICE, Administrators Administrators, Backup Operators, Account Operators, Server Operators, Print Operators Administrators
Not defined Not defined LOCAL SERVICE, NETWORK SERVICE, Administrators Administrators, Users, Power Users, Backup Operators
Not defined Not defined Administrators, NETWORK SERVICE, LOCAL SERVICE Backup Operators, Power Users, Users, Administrators
Not defined
Not defined
Not defined
Not defined
Administrators, Remote Desktop Users Administrators, Administrators, Backup Operators, Backup Operators Server Operators Everyone, Everyone, Administrators, Administrators, Authenticated Users, Power Users, PreUsers, Backup Windows 2000 Operators Compatible Access Administrators, Server Operators Administrators No one Not defined No one Administrators, Power Users Administrators Not defined Administrators, SERVICE Not defined
Remote Desktop Users, Administrators Administrators, Backup Operators, Backup Operators, Administrators Server Operators Everyone, Backup Operators, Administrators, Power Users, Authenticated Users, Users, PreAdministrators, Windows 2000 Everyone Compatible Access Administrators, Server Operators Administrators No one SERVICE, Administrators No one Power Users, Administrators Administrators Not defined SERVICE, Administrators Not defined
Not defined Not defined Not defined Not defined Not defined
Administrators
Administrators
Administrators
Administrators
SUPPORT_388945 SUPPORT_388945 SUPPORT_388945 SUPPORT_388945 a0 a0 a0 a0 No one Not defined No one Not defined
Not defined Not defined Not defined Not defined Not defined Not defined
No one SUPPORT_388945 a0 Not defined Administrators Administrators, Server Operators LOCAL SERVICE, NETWORK SERVICE Administrators, SERVICE Administrators Administrators, Print Operators No one LOCAL SERVICE, SUPPORT_388945 a0 NETWORK SERVICE Administrators Administrators Not defined Administrators
Not defined SUPPORT_388945 a0 Not defined Not defined Administrators NETWORK SERVICE, LOCAL SERVICE SERVICE, Administrators Administrators Administrators Not defined SUPPORT_388945 a0 , LOCAL SERVICE NETWORK SERVICE Administrators Administrators Administrators Power Users, Administrators Administrators Power Users, Administrators NETWORK SERVICE, LOCAL SERVICE Backup Operators, Administrators Backup Operators, Power Users, Administrators, Users Not defined Administrators Enabled Disabled Enabled Administrator
Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined
Not defined
Not defined Not defined Not defined Not defined Not defined Not defined
Administrators, Server Operators LOCAL SERVICE, LOCAL SERVICE, NETWORK NETWORK SERVICE SERVICE Administrators, SERVICE, SERVICE Administrators Administrators Administrators Administrators Administrators, Print Operators Not defined No one LOCAL SERVICE, LOCAL SERVICE, SUPPORT_388945 SUPPORT_388945 a0 a0 NETWORK NETWORK SERVICE SERVICE Administrators Administrators Administrators Administrators Administrators Administrators Administrators, Administrators Power Users Administrators Administrators Administrators Administrators Administrators, Administrators Power Users LOCAL SERVICE, LOCAL SERVICE, LOCAL SERVICE, NETWORK NETWORK NETWORK SERVICE SERVICE SERVICE Administrators, Administrators, Administrators, Backup Operators, Backup Operators Backup Operators, Server Operators Server Operators Administrators, Administrators, Administrators, Backup Operators, Power Users, Backup Operators, Server Operators, Backup Operators, Server Operators, Print Operators Users Print Operators No one Not defined No one Administrators Administrators Administrators Not defined Not defined Not defined Not defined Enabled Disabled Enabled Administrator Enabled Disabled Enabled Administrator
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined None Not defined Enabled Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Enabled Enabled Not defined Not defined
Guest Disabled Disabled Disabled Not defined Not defined Enabled Administrators Enabled Disabled Disabled Warn but allow installation Not defined Not defined Not defined Enabled Enabled Enabled Disabled 30 days Disabled Not defined Disabled Disabled Not defined Not defined 10 logons 14 days Disabled Disabled No Action Disabled Enabled Disabled 15 minutes Enabled Enabled Enabled Disabled
Guest Disabled Disabled Disabled Not defined Not defined Enabled Administrators Enabled Disabled Disabled Warn but allow installation Not defined None Not defined Enabled Enabled Enabled Disabled 30 days Disabled Not defined Disabled Disabled Not defined Not defined 10 logons 14 days Disabled Disabled No Action Disabled Enabled Disabled 15 minutes Enabled Enabled Enabled Enabled
Guest Disabled Disabled Disabled Not defined Not defined Enabled Administrators Enabled Disabled Disabled Warn but allow installation Not defined Not defined Not defined Enabled Enabled Enabled Disabled 30 days Disabled Not defined Disabled Disabled Not defined Not defined 10 logons 14 days Disabled Disabled No Action Disabled Enabled Disabled 15 minutes Enabled Enabled Enabled Disabled
Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined
Enabled Disabled Disabled Disabled COMNAP,COMNO DE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR,TrkWks ,TrkSvr System\CurrentCon trolSet\Control\Prod uctOptions, System\CurrentCon trolSet\Control\Serv er Applications, Software\Microsoft\ Windows NT\CurrentVersion
Enabled Disabled Disabled Disabled COMNAP,COMNO DE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR,TrkWks ,TrkSvr System\CurrentCon trolSet\Control\Prod uctOptions, System\CurrentCon trolSet\Control\Serv er Applications, Software\Microsoft\ Windows NT\CurrentVersion
Enabled Disabled Disabled Disabled COMNAP,COMNO DE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR,TrkWks ,TrkSvr System\CurrentCon trolSet\Control\Prod uctOptions, System\CurrentCon trolSet\Control\Serv er Applications, Software\Microsoft\ Windows NT\CurrentVersion
Not defined
Not defined
Not defined
Not defined
System\CurrentCon trolSet\Control\Print \Printers, System\CurrentCon trolSet\Services\Ev entlog, Software\Microsoft\ OLAP Server, Software\Microsoft\ Windows NT\CurrentVersion\ Print, Software\Microsoft\ Windows NT\CurrentVersion\ Windows, System\CurrentCon trolSet\Control\Cont entIndex, System\CurrentCon trolSet\Control\Ter minal Server, System\CurrentCon trolSet\Control\Ter minal Server\UserConfig, System\CurrentCon trolSet\Control\Ter minal Server\DefaultUser Configuration, Software\Microsoft\ Windows Enabled COMCFG,DFS$ Classic - local users authenticate as themselves Disabled Disabled Send NTLM response only Negotiate signing No minimum No minimum Disabled Disabled Disabled
System\CurrentCon trolSet\Control\Print \Printers, System\CurrentCon trolSet\Services\Ev entlog, Software\Microsoft\ OLAP Server, Software\Microsoft\ Windows NT\CurrentVersion\ Print, Software\Microsoft\ Windows NT\CurrentVersion\ Windows, System\CurrentCon trolSet\Control\Cont entIndex, System\CurrentCon trolSet\Control\Ter minal Server, System\CurrentCon trolSet\Control\Ter minal Server\UserConfig, System\CurrentCon trolSet\Control\Ter minal Server\DefaultUser Configuration, Software\Microsoft\ Windows Enabled COMCFG,DFS$ Classic - local users authenticate as themselves Disabled Disabled Send NTLM response only Negotiate signing No minimum No minimum Disabled Disabled Disabled
System\CurrentCon trolSet\Control\Print \Printers, System\CurrentCon trolSet\Services\Ev entlog, Software\Microsoft\ OLAP Server, Software\Microsoft\ Windows NT\CurrentVersion\ Print, Software\Microsoft\ Windows NT\CurrentVersion\ Windows, System\CurrentCon trolSet\Control\Cont entIndex, System\CurrentCon trolSet\Control\Ter minal Server, System\CurrentCon trolSet\Control\Ter minal Server\UserConfig, System\CurrentCon trolSet\Control\Ter minal Server\DefaultUser Configuration, Software\Microsoft\ Windows Enabled COMCFG,DFS$ Classic - local users authenticate as themselves Disabled Disabled Send NTLM response only Negotiate signing No minimum No minimum Disabled Disabled Disabled
Not defined Disabled Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Send NTLM response only Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Disabled Not defined Disabled Administrators group Enabled Enabled Posix Disabled Disabled Enabled Enabled Medium, source routed packets are ignored when IP forwarding is enabled Disabled Enabled Enabled Disabled 7200000 Enabled Disabled Enabled Disabled 2 (enable only if DHCP sends the Perform Router Discovery option) Enabled 5 Enabled
Disabled Not defined Disabled Administrators group Enabled Enabled Posix Disabled Disabled Enabled Enabled Medium, source routed packets are ignored when IP forwarding is enabled Disabled Enabled Enabled Disabled 7200000 Enabled Disabled Enabled Disabled 2 (enable only if DHCP sends the Perform Router Discovery option) Enabled 5 Enabled
Disabled Not defined Disabled Administrators group Enabled Enabled Posix Disabled Disabled Enabled Enabled Medium, source routed packets are ignored when IP forwarding is enabled Disabled Enabled Enabled Disabled 7200000 Enabled Disabled Enabled Disabled 2 (enable only if DHCP sends the Perform Router Discovery option) Enabled 5 Enabled
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined
Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined
2 (3 & 6 seconds, half-open connections dropped after 21 seconds) 5 0 (not configured) Disabled Disabled 0 0 (Disabled) 0 (Disabled)
2 (3 & 6 seconds, half-open connections dropped after 21 seconds) 5 0 (not configured) Disabled Disabled 0 0 (Disabled) 0 (Disabled)
2 (3 & 6 seconds, half-open connections dropped after 21 seconds) 5 0 (not configured) Disabled Disabled 0 0 (Disabled) 0 (Disabled)
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
16384 KB 16384 KB 16384 KB Not defined Not defined Not defined Not defined Not defined Not defined Overwrite as needed Overwrite as needed Overwrite as needed
16384 KB 131072 KB 16384 KB Enabled Enabled Enabled Not defined Not defined Not defined Overwrite as needed Overwrite as needed Overwrite as needed
16384 KB 16384 KB 16384 KB Enabled Enabled Enabled Not defined Not defined Not defined Overwrite as needed Overwrite as needed Overwrite as needed
Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured
Service Name
Alerter Application Experience Lookup Service Application Layer Gateway Service Application Management ASP .NET State Service Automatic Updates Background Intelligent Transfer Service Certificate Services Client Service for NetWare ClipBook Cluster Service COM+Event System COM+ System Application Computer Browser Cyrptographic Services DCOM Server Process Launcher DHCP Client DHCP Server Distributed File System Distributed Link Tracking Client Distributed Link Tracking Server Distributed Transaction Coordinator DNS Client DNS Server Error Reporting Service Event Log Fax Service File Replication File Server for Macintosh
Alerter AELookupSvc
CertSvc NWCWorkstation ClipSrv ClusSvc EventSystem COMSysApp Browser CryptSvc DcomLaunch Dhcp DHCPServer Dfs TrkWks TrkSvr MSDTC
Not installed Not installed Disabled Not installed Manual Manual Automatic Automatic Automatic Automatic Automatic Automatic Automatic Disabled Automatic
Not installed Not installed Disabled Not installed Manual Manual Automatic Automatic Automatic Automatic Not installed Automatic Automatic Disabled Automatic
Automatic Not installed Automatic Automatic Not installed Manual Not installed
FTP Publishing Service Help and Support HTTP SSL Human Interface Device Access IAS Jet Database Access IIS Admin Service IMAPI CD-Burning COM Service Indexing Service Infrared Monitor Internet Authentication Service Intersite Messaging IP Version 6 Helper Service IPSec Policy Agent (IPSec Service) Kerberos Key Distribution Center License Logging Service Logical Disk Manager
MSFtpsvc helpsvc HTTPFilter HidServ IASJet IISADMIN ImapiService cisvc Irmon IAS
Not installed Automatic Manual Disabled Not installed Not installed Disabled Disabled Not installed Not installed
Not installed Automatic Manual Disabled Not installed Not installed Disabled Disabled Not installed Not installed
Machine Debug Manager Message Queuing Message Queuing Down Level Clients Message Queuing Triggers Messenger Microsoft POP3 Service Microsoft Software Shadow Copy Provider MSSQL$UDDI MSSQLServerADHelp er .NET Framework Support Service Netlogon
Not installed Not installed Not installed Not installed Disabled Not installed Manual
Not installed Not installed Not installed Not installed Disabled Not installed Manual
NetMeeting Remote mnmsrvc Desktop Sharing Network Connections Netman Network DDE Network DDE DSDM Network Location Awareness (NLA) Network Provisioning Service Network News Transfer Protocol (NNTP) NTLM Security Support Provider Performance Logs and Alerts Plug and Play Portable Media Serial Number Print Server for Macintosh Print Spooler Protected Storage QoS RSVP Service Remote Access Auto Connection Manager NetDDE NetDDEdsdm NLA xmlprov NntpSvc
Manual Manual Automatic Manual Not installed Automatic Automatic Not installed Manual
Manual Manual Automatic Manual Not installed Automatic Automatic Not installed Manual
Remote Access RasMan Connection Manager Remote SrvcSurg Administration Service Remote Desktop Help RDSessMgr Session Manager Remote Installation Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Remote Registry Service Remote Server Manager Remote Server Monitor Remote Storage Notification BINLSVC RpcSs RpcLocator RemoteRegistry AppMgr Appmon Remote_Storage_User_Link
Manual
Manual
Not installed Automatic Automatic Automatic Not installed Not installed Not installed
Not installed Automatic Manual Automatic Not installed Not installed Not installed
Remote Storage Server Removable Storage Resultant Set of Policy Provider Routing and Remote Access SAP Agent Secondary Logon Security Accounts Manager Server Shell Hardware Detection Simple Mail Transport Protocol (SMTP) Simple TCP/IP Services Single Instance Storage Groveler Smart Card SNMP Service SNMP Trap Service Special Administration Console Helper SQLAgent$* (* UDDI or WebDB) System Event Notification Task Scheduler TCP/IP NetBIOS Helper Service TCP/IP Print Server Telephony Telnet Terminal Services Terminal Services Licensing Terminal Services Session Directory Themes Trivial FTP Daemon Uninterruptible Power Supply Upload Manager Virtual Disk Service Volume Shadow Copy
Remote_Storage_Server NtmsSvc RSoPProv RemoteAccess nwsapagent seclogon SamSs lanmanserver ShellHWDetection SMTPSVC
Not installed Manual Manual Disabled Not installed Automatic Automatic Automatic Automatic Not installed
Not installed Manual Manual Disabled Not installed Automatic Automatic Automatic Automatic Not installed
Not installed Not installed Manual Not installed Not installed Manual
Not installed Not installed Manual Not installed Not installed Manual
SQLAgent$WEBDB SENS Schedule LMHosts LPDSVC TapiSrv TlntSvr TermService TermServLicensing Tssdis Themes tftpd UPS Uploadmgr VDS VSS
Not installed Automatic Automatic Automatic Not installed Manual Disabled Manual Not installed Disabled Disabled Not installed Manual Manual Manual Manual
Not installed Automatic Automatic Automatic Not installed Manual Disabled Manual Not installed Disabled Disabled Not installed Manual Manual Manual Manual
WebClient Web Element Manager Windows Audio Windows Firewall (WF)/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Installer Windows Internet Name Service (WINS) Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Windows Media Services Windows System Resource Manager Windows Time WinHTTP Web Proxy Auto-Discovery Service Wireless Configuration WMI Performance Adapter Workstation World Wide Web Publishing Service
winmgmt
Automatic
Automatic
Wmi
Manual
Manual
Logon As
Not installed Not installed Disabled Not installed Manual Manual Automatic Automatic Automatic Automatic Not installed Automatic Automatic Disabled Automatic Local System Local System Local System Local System Local System Local System Network Service Local System Local System Local System Network Service Network Service
Automatic Not installed Automatic Automatic Not installed Manual Not installed
Local System Local System Local System Local System Local System
Not installed Automatic Manual Disabled Not installed Not installed Disabled Disabled Not installed Not installed Local System Local System Local System
Local System
Local System Local System Network Service Local System Local System
Not installed Not installed Not installed Not installed Disabled Not installed Manual Local System
Local System
Local System Local System Local System Local System Local System Local System
Manual Manual Automatic Manual Not installed Automatic Automatic Not installed Manual
Local System
Manual
Local System
Not installed Automatic Manual Automatic Not installed Not installed Not installed
Not installed Manual Manual Disabled Not installed Automatic Automatic Automatic Automatic Not installed Local System Local System Local System
Not installed Not installed Manual Not installed Not installed Manual Local Service
Local System
Not installed Automatic Automatic Automatic Not installed Manual Disabled Manual Not installed Disabled Disabled Not installed Manual Manual Manual Manual Local System Local System Local Service
Local System Local System Local Service Local System Local System Local System
Local Service
Automatic
Local System
Manual
Local System
Not installed Not installed Automatic Manual Local System Local Service
Act as part of the operating system (SeTcbPrivilege) Add workstations to domain (SeMachineAccountPrivilege) Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
Allow logon Through Terminal Services (SeRemoteInteractiveLogonRight) Back up files and directories (SeBackupPrivilege) Bypass traverse checking (SeChangeNotifyPrivilege)
Change the system time (SeSystemTimePrivilege) Create a pagefile (SeCreatePagefilePrivilege) Create a token object (SeCreateTokenPrivilege) Create global objects (SeCreateGlobalPrivilege) Create permanent shared objects (SeCreatePermanentPrivilege) Debug programs (SeDebugPrivilege) Deny access to this computer from the network (SeDenyNetworkLogonRight) Deny logon as a batch job (SeDenyBatchLogonRight) Deny logon as a service (SeDenyBatchLogonRight) Deny logon locally (SeDenyInteractiveLogonRight) Deny log on Through Terminal Services (SeDenyRemoteInteractiveLogonRight) Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) Force shutdown from a remote system (SeRemoteShutdownPrivilege) Generate security audits (SeAuditPrivilege) Increase scheduling priority (SeIncreaseBasePriorityPrivilege) Load and unload device drivers (SeLoadDriverPrivilege) Lock pages in memory (SeLockMemoryPrivilege) Log on as a batch job (SeBatchLogonRight) Log on as a service (SeServiceLogonRight) Log on locally (SeInteractiveLogonRight)
Manage auditing and security log (SeSecurityPrivilege) Modify firmware environment values (SeSystemEnvironmentPrivilege) Perform Volume Maintenance Tasks (SeManageVolumePrivilege) Profile single process (SeProfileSingleProcessPrivilege) Profile system performance (SeSystemProfilePrivilege) Remove computer from docking station (SeUndockPrivilege) Replace a process level token (SeAssignPrimaryTokenPrivilege) Restore files and directories (SeRestorePrivilege)
Synchronize directory service data (SeSynchAgentPrivilege) Take ownership of files or other objects (SeTakeOwnershipPrivilege) Security Options Accounts: Administrator account status Accounts: Guest account status Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Audit: Shut down system immediately if unable to log security audits DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements Domain controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible) Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock workstation Interactive logon: Require smart card Interactive logon: Smart card removal behavior Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Allow anonymous SID/Name translation Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication
Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously
Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network security: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level Network security: LDAP client signing requirements Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing System objects: Default owner for objects created by members of the Administrators group System objects: Require case insensitivity for non-Windows subsystems System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended) MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmittions when a connection request is not acknowledged MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (ActiveX Signed Controls) RunInvalidSignatures (RPC Endpoint Mapper) EnableAuthEpResolution (RPC Endpoint Mapper) Restrict Remote Clients (Security Center) AntiVirusDisableNotify (Security Center) FirewallDisableNotify (Security Center) UpdatesDisableNotify (StorageDevicePolicies) WriteProtect
Event Log Settings for Event Logs Maximum application log size Maximum security log size Maximum system log size Restrict guest access to application log Restrict guest access to security log Restrict guest access to system log Retain application log Retain security log Retain system log Retention method for application log Retention method for security log Retention method for system log Restricted Groups System Services - See next worksheet, System Services Registry File System Public Key Policies Encrypted Data Recovery Agents
Automatic Certificate Request Settings Trusted Root Certification Authorities Enterprise Trust IP Security Policies on Active Directory Client (Respond Only) Secure Server (Require Security) Server (Request Security) Administrative Templates Windows Components NetMeeting Disable remote Desktop Sharing Internet Explorer Internet Control Panel Security Zones: Use only machine settings Security Zones: Do not allow users to change policies Security Zones: Do not allow users to add/delete sites Make proxy settings per-machine (rather than per-user) Disable Automatic Install of Internet Explorer components Disable Periodic Check for Internet Explorer software updates Disable software update shell notifications on program launch Turn off Crash Detection Do not allow users to enable or disable add-ons Allow software to run or install even if the signature is invalid Allow active content from CDs to run on user machines Security Features Security Page Advanced Page Binary Behavior Security Restriction Internet Explorer Processes Process List All Processes Admin-approved behaviors MK Protocol Security Restriction Internet Explorer Processes Process List All Processes Local Machine Zone Lockdown Security Internet Explorer Processes Process List All Processes Consistent MIME Handling Internet Explorer Processes Process List All Processes MIME Sniffing Safety Features Internet Explorer Processes Process List All Processes Protection From Zone Elevation Internet Explorer Processes
Process List All Processes Restrict ActiveX Install Internet Explorer Processes Process List All Processes Restrict File Download Internet Explorer Processes Process List All Processes Add-on Management Internet Explorer Processes Process List All Processes Network Protocol Lockdown Internet Explorer Processes Process List All Processes Restricted Protocols per Security Zone Terminal Services Deny log off of an administrator logged in to the console session Do not allow local administrators to customize permissions Sets rules for remote control of Terminal Services user sessions Client/Server data redirection Allow Time Zone Redirection Do not allow clipboard redirection Allow audio redirection Do not allow COM port redirection Do not allow client printer redirection Do not allow LPT port redirection Do not allow drive redirection Do not set default client printer to be default printer in a session Encryption and Security Always prompt client for password upon connection Set client connection encryption level RPC Security Policy Secure Server (Require Security) Sessions Set time limit for disconnected sessions Allow reconnection from original client only Windows Explorer Turn off shell protected mode Windows Messenger Do not allow Windows Messenger to be run Windows Update Configure Automatic Updates Specify intranet Microsoft update service location Reschedule Automatic Updates scheduled installations No auto-restart for scheduled Automatic Updates installations
System Display Shutdown Event Tracker Specify Windows installation file location Specify Windows Service Pack installation file location Remove Boot / Shutdown / Logon / Logoff status messages Verbose vs normal status messages Restrict these programs from being launched from Help Turn off Autoplay Do not automatically encrypt files moved to encrypted folders Download missing COM components User Profiles Do not check for user ownership of Roaming Profile Folders Delete cached copies of roaming profiles Do not detect slow network connections Slow network connection timeout for user profiles Wait for remote user profile Prompt user when slow link is detected Timeout for dialog boxes Log users off when roaming profile fails Maximum retries to unload and update user profile Add the Administrators security group to roaming user profiles Prevent Roaming Profile changes from propagating to the server Only allow local user profiles Scripts Turn off autoplay Logon Don't display the Getting Started welcome screen at logon Do not process the run once list Do not process the legacy run list Group Policy Registry policy processing Internet Explorer Maintenance policy processing Security policy processing IP Security policy processing Remote Assistance Solicited Remote Assistance Offer Remote Assistance Error Reporting Display Error Notification Report Errors Distributed COM Application Compatibility Settings Allow local activation security check exemptions Define Activation Security Check exemptions User Configuration Administrative Templates Windows Components Internet Explorer
Disable Changing Advanced page settings Disable Internet Connection Wizard Disable Changing Connection Settings Disable Changing Proxy Settings Disable Changing Automatic Configuration Se Disable Changing Certificate Settings Do not allow AutoComplete to save passwords Configure Outlook Express Internet Control Panel Disable the Security Page Disable the Advanced Page Offline Pages Disable adding channels Disable removing channels Disable adding schedules for offline pages Disable editing schedules for offline pages Disable removing schedules for offline pages Disable offline page hit logging Disable all scheduled offline pages Disable channel user interface completely Disable downloading of site subscription content Disable editing and creating of schedule groups Browser menus Disable Save this program to disk option Persistence Behavior File size limits for the Local Machine zone File size limits for the Intranet zone File size limits for the Trusted Sites zone File size limits for the Internet zone File size limits for the Restricted Sites zone Attachment Manager Default risk level for file attachments Inclusion list for high risk file types Inclusion list for moderate risk file types Inclusion list for low file types Trust logic for file attachments Do not preserve zone information in file attachments Hide mechanisms to remove zone information Notify antivirus programs when opening attachments Windows Explorer Remove Security tab Remove CD Burning features Control Panel Display Hide Screen Saver tab Screen Saver Screen Saver executable name Password protect the screen saver Screen Saver timeout
System Prevent access to registry editing tools Power Management Prompt for password on resume from hibernate / suspend
24 passwords remembered 42 days 1 days 7 characters Enabled Disabled Not defined 0 invalid login attempts Not defined Enabled 600 minutes 10 hours 7 days 5 minutes
0 passwords remembered 42 days 0 days 0 characters Disabled Disabled Not applicable 0 invalid login attempts Not applicable Not applicable Not applicable Not applicable Not applicable Not applicable
24 passwords remembered 42 days 1 days 7 characters Enabled Disabled Not defined 0 invalid login attempts Not defined Not applicable Not applicable Not applicable Not applicable Not applicable
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
No auditing No auditing No auditing No auditing No auditing No auditing No auditing No auditing No auditing Everyone, Administrators, Users, Power Users, Backup Operators Not defined Not defined LOCAL SERVICE, NETWORK SERVICE, Administrators
No auditing No auditing No auditing No auditing No auditing No auditing No auditing No auditing No auditing Backup Operators, Power Users, Users, Administrators, Everyone Not defined Not defined LOCAL SERVICE, NETWORK SERVICE, Administrators
Not defined Not defined Not defined Not defined Not defined
Administrators, Remote Desktop Users Administrators, Backup Operators Everyone, Administrators, Users, Power Users, Backup Operators Administrators, Power Users Administrators Not defined Not Applicable Not defined
Administrators, Remote Desktop Users Administrators, Backup Operators Everyone, Administrators, Users, Power Users, Backup Operators Administrators, Power Users Administrators Not defined Not Applicable Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Administrators Support_xxxxxxxx, Guest Not defined Not defined Support_xxxxxxxx, Guest Not defined Not defined Administrators LOCAL SERVICE, NETWORK SERVICE Administrators Administrators Not defined Support_xxxxxxxx NETWORK SERVICE Administrators, Users, Power Users, Backup Operators Administrators Administrators Administrators Administrators, Power Users
Administrators Support_xxxxxxxx, Guest Not defined Not defined Support_xxxxxxxx, Guest Not defined Not defined Administrators LOCAL SERVICE, NETWORK SERVICE Administrators Administrators Not defined Support_xxxxxxxx NETWORK SERVICE Administrators, Users, Power Users, Backup Operators Administrators Administrators Administrators Administrators, Power Users
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Administrators Administrators Administrators, Power Users Administrators, Power Users LOCAL SERVICE, NETWORK SERVICE Administrators, Backup Operators LOCAL SERVICE, NETWORK SERVICE Administrators, Backup Operators
Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Administrators, Power Users, Backup Operators, Users Not defined Administrators Enabled Disabled Enabled Administrator Guest Disabled Disabled Disabled Not defined Not defined Enabled Administrators Disabled Disabled Disabled Warn but allow installation Not defined Not defined Not defined Enabled Enabled
Administrators, Power Users, Backup Operators, Users Not defined Administrators Enabled Disabled Enabled Administrator Guest Disabled Disabled Disabled Not defined Not defined Enabled Administrators Disabled Disabled Disabled Warn but allow installation Not defined Not defined Not defined Enabled Enabled
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Enabled Disabled 30 days Disabled Disabled Not defined Not defined Not defined 10 logons 14 days Disabled Not defined No Action Disabled Enabled Disabled 15 minutes Disabled Disabled Enabled Disabled Enabled Disabled Disabled
Enabled Disabled 30 days Disabled Disabled Not defined Not defined Not defined 10 logons 14 days Disabled Not defined No Action Disabled Enabled Disabled 15 minutes Disabled Disabled Enabled Disabled Enabled Disabled Disabled
Disabled COMNAP,COMNODE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR,TrkWks,TrkSvr System\CurrentControlSet\C ontrol\Print\Printers, System\CurrentControlSet\S ervices\Eventlog, Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion\Print, Software\Microsoft\Windows NT\CurrentVersion\Windows , System\CurrentControlSet\C ontrol\ContentIndex, System\CurrentControlSet\C ontrol\Terminal Server, System\CurrentControlSet\C ontrol\Terminal Server\UserConfig, System\CurrentControlSet\C ontrol\Terminal Server\DefaultUserConfigura tion, Software\Microsoft\Windows NT\CurrentVersion\Perflib, System\CurrentControlSet\S ervices\SysmonLog
Disabled COMNAP,COMNODE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR,TrkWks,TrkSvr System\CurrentControlSet\C ontrol\Print\Printers, System\CurrentControlSet\S ervices\Eventlog, Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion\Print, Software\Microsoft\Windows NT\CurrentVersion\Windows , System\CurrentControlSet\C ontrol\ContentIndex, System\CurrentControlSet\C ontrol\Terminal Server, System\CurrentControlSet\C ontrol\Terminal Server\UserConfig, System\CurrentControlSet\C ontrol\Terminal Server\DefaultUserConfigur ation, Software\Microsoft\Windows NT\CurrentVersion\Perflib, System\CurrentControlSet\S ervices\SysmonLog
Not defined
Not defined Not defined Not defined Disabled Not defined Not defined Not defined Not defined
Send LM & NTLM responses Send LM & NTLM responses Negotiate signing Negotiate signing No minimum No minimum No minimum No minimum
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Disabled Disabled Enabled Disabled Disabled Object creator Enabled Enabled Disabled Enabled Enabled Medium, source routed packets are ignored when IP forwarding is enabled Disabled Enabled Enabled Disabled 7200000 Enabled Disabled Enabled Disabled 2 (enable only if DHCP sends the Perform Router Discovery option) Disabled
Disabled Disabled Enabled Disabled Disabled Object creator Enabled Enabled Disabled Enabled Enabled Medium, source routed packets are ignored when IP forwarding is enabled Disabled Enabled Enabled Disabled 7200000 Enabled Disabled Enabled Disabled 2 (enable only if DHCP sends the Perform Router Discovery option) Disabled
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined
5 Disabled 2 (3 & 6 seconds, half-open connections dropped after 21 seconds) 5 0 (not configured) Disabled Disabled 1 0 0 0 0
5 Disabled 2 (3 & 6 seconds, half-open connections dropped after 21 seconds) 5 0 (not configured) Disabled Disabled 1 0 0 0 0
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined Not defined
512 KB 512 KB 512 KB Enabled Enabled Enabled 7 days 7 days 7 days Overwrite events as needed
512 KB 512 KB 512 KB Enabled Enabled Enabled 7 days 7 days 7 days Overwrite events as needed
Overwrite events as needed Overwrite events as needed Overwrite events as needed Overwrite events as needed
Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured
Not configured Not configured Not configured Not configured Not configured
Service Name
Alerter Application Layer Gateway Service Application Management Automatic Updates Background Intelligent Transfer Service ClipBook COM+Event System COM+ System Application Computer Browser Cyrptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Fast User Switching Compatibility Help and Support Human Interface Device Access IMAPI CD-Burning COM Service Indexing Service Infrared Monitor Internet Connection Sharing IPSec Services Logical Disk Manager
Domain Member Windows XP Startup Type Manual Manual Manual Automatic Manual
Automatic Automatic Automatic Manual Automatic Disabled Manual Manual Not installed
Automatic Automatic Automatic Manual Automatic Disabled Manual Manual Not installed Automatic Automatic Manual
PolicyAgent dmserver
Machine Debug Manager Message Queuing Message Queuing Down Level Clients Message Queuing Triggers Messenger Microsoft Software Shadow Copy Provider Netlogon NetMeeting Remote Desktop Sharing Network Connections Network DDE Network DDE DSDM Network Location Awareness (NLA) Network Provisioning Service NTLM Security Support Provider Performance Logs and Alerts Plug and Play Portable Media Serial Number Print Spooler Protected Storage QoS RSVP Remote Access Auto Connection Manager
Not installed Not installed Not installed Not installed Automatic Manual
Not installed Not installed Not installed Not installed Automatic Manual
Netlogon mnmsrvc Netman NetDDE NetDDEdsdm NLA xmlprov NtLmSsp SysmonLog PlugPlay WmdmPmSN Spooler ProtectedStorage RSVP RasAuto
Automatic Manual Manual Manual Manual Manual Manual Manual Manual Automatic Automatic Automatic Automatic Manual Manual
Manual Manual Manual Manual Manual Manual Manual Manual Manual Automatic Automatic Automatic Automatic Manual Manual
Remote Access RasMan Connection Manager Remote Desktop Help RDSessMgr Session Manager Remote Procedure Call (RPC) Remote Procedure Call (RPC) Locator Remote Registry Service Removable Storage Routing and Remote Access Secondary Logon RpcSs RpcLocator RemoteRegistry NtmsSvc RemoteAccess seclogon
Manual Manual
Manual Manual
Security Accounts Manager Security Center Server Shell Hardware Detection Smart Card SSDP Discovery Service System Event Notification System Restore Service Task Scheduler TCP/IP NetBIOS Helper Service Telephony Telnet Terminal Services Themes Uninterruptible Power Supply Upload Manager Universal Plug and Play Device Host Volume Shadow Copy
SamSs wscsvc lanmanserver ShellHWDetection SCardSvr SSDPSRV SENS sr Schedule LMHosts TapiSrv TlntSvr TermService Themes UPS Uploadmgr upnphost VSS
Automatic Automatic Automatic Automatic Automatic Manual Automatic Automatic Automatic Automatic Manual Disabled Manual Automatic Manual Manual Manual Manual Automatic Automatic Manual
Automatic Automatic Automatic Automatic Automatic Manual Automatic Automatic Automatic Automatic Manual Disabled Manual Automatic Manual Manual Manual Manual Automatic Automatic Automatic
WebClient WebClient Windows Audio AudioSrv Windows Connection SharedAccess Firewall (WF)/Internet Connection Sharing (ICS) Windows Image Acquisition (WIA) Windows Installer Windows Management Instrumentation Windows Management Instrumentation Driver Extensions Windows Time Wireless Zero Configuration WMI Performance Adapter Workstation StiSvc MSIServer winmgmt
Wmi
Automatic
Manual
Logon As
Local Service Local Service Local System Local System Network Service
Local System Local System Local System Local System Local System Local System Network Service Local System Network Service
Network Service Local System Local System Local System Local System Local System Local System Local System Local System Local System Local System Local System
Local System Local System Local System Local System Local System Local System Local System Local System Network Service Local System Local System Local System Local System Local System Local System
Local System Network Service Local Service Local System Local System Local System
Local System Local System Local System Local System Local Service Local Service Local System Local System Local System Local Service Local System Local System Local System Local System Local Service Local System Local System Local System Local Service Local System Local System
Local System