Security Configuration Assessment Report
for windows2012r2

  • CIS-CAT Host IP Address: 10.0.0.4

CIS Microsoft Windows Server 2012 R2 Benchmark v2.2.0

  • Level 1 - Member Server
  • Monday, October 31 2016 20:12:19

Report generated by the Center for Internet Security's Configuration Assessment Tool (CIS-CAT) v3.0.29.

For further information, please visit The Center for Internet Security or send an e-mail to feedback@cisecurity.org.

Copyright ©2016, The Center for Internet Security

Summary

Description Tests Scoring
Pass Fail Error Unkn. Score Max Percent
1 Account Policies 6 1 0 2 6.0 9.0 67%
1.1 Password Policy 3 1 0 2 3.0 6.0 50%
1.2 Account Lockout Policy 3 0 0 0 3.0 3.0 100%
2 Local Policies 97 3 0 1 97.0 101.0 96%
2.1 Audit Policy 0 0 0 0 0.0 0.0 0%
2.2 User Rights Assignment 35 2 0 0 35.0 37.0 95%
2.3 Security Options 62 1 0 1 62.0 64.0 97%
2.3.1 Accounts 5 1 0 0 5.0 6.0 83%
2.3.2 Audit 2 0 0 0 2.0 2.0 100%
2.3.3 DCOM 0 0 0 0 0.0 0.0 0%
2.3.4 Devices 2 0 0 0 2.0 2.0 100%
2.3.5 Domain controller 0 0 0 0 0.0 0.0 0%
2.3.6 Domain member 6 0 0 0 6.0 6.0 100%
2.3.7 Interactive logon 8 0 0 0 8.0 8.0 100%
2.3.8 Microsoft network client 3 0 0 0 3.0 3.0 100%
2.3.9 Microsoft network server 5 0 0 0 5.0 5.0 100%
2.3.10 Network access 9 0 0 1 9.0 10.0 90%
2.3.11 Network security 10 0 0 0 10.0 10.0 100%
2.3.12 Recovery console 0 0 0 0 0.0 0.0 0%
2.3.13 Shutdown 1 0 0 0 1.0 1.0 100%
2.3.14 System cryptography 0 0 0 0 0.0 0.0 0%
2.3.15 System objects 2 0 0 0 2.0 2.0 100%
2.3.16 System settings 0 0 0 0 0.0 0.0 0%
2.3.17 User Account Control 9 0 0 0 9.0 9.0 100%
3 Event Log 0 0 0 0 0.0 0.0 0%
4 Restricted Groups 0 0 0 0 0.0 0.0 0%
5 System Services 0 0 0 0 0.0 0.0 0%
6 Registry 0 0 0 0 0.0 0.0 0%
7 File System 0 0 0 0 0.0 0.0 0%
8 Wired Network (IEEE 802.3) Policies 0 0 0 0 0.0 0.0 0%
9 Windows Firewall With Advanced Security 27 3 0 0 27.0 30.0 90%
9.1 Domain Profile 10 0 0 0 10.0 10.0 100%
9.2 Private Profile 10 0 0 0 10.0 10.0 100%
9.3 Public Profile 7 3 0 0 7.0 10.0 70%
10 Network List Manager Policies 0 0 0 0 0.0 0.0 0%
11 Wireless Network (IEEE 802.11) Policies 0 0 0 0 0.0 0.0 0%
12 Public Key Policies 0 0 0 0 0.0 0.0 0%
13 Software Restriction Policies 0 0 0 0 0.0 0.0 0%
14 Network Access Protection NAP Client Configuration 0 0 0 0 0.0 0.0 0%
15 Application Control Policies 0 0 0 0 0.0 0.0 0%
16 IP Security Policies 0 0 0 0 0.0 0.0 0%
17 Advanced Audit Policy Configuration 21 0 0 0 21.0 21.0 100%
17.1 Account Logon 1 0 0 0 1.0 1.0 100%
17.2 Account Management 5 0 0 0 5.0 5.0 100%
17.3 Detailed Tracking 1 0 0 0 1.0 1.0 100%
17.4 DS Access 0 0 0 0 0.0 0.0 0%
17.5 Logon/Logoff 5 0 0 0 5.0 5.0 100%
17.6 Object Access 1 0 0 0 1.0 1.0 100%
17.7 Policy Change 2 0 0 0 2.0 2.0 100%
17.8 Privilege Use 1 0 0 0 1.0 1.0 100%
17.9 System 5 0 0 0 5.0 5.0 100%
18 Administrative Templates (Computer) 88 1 0 0 88.0 89.0 99%
18.1 Control Panel 2 0 0 0 2.0 2.0 100%
18.1.1 Personalization 2 0 0 0 2.0 2.0 100%
18.2 LAPS 6 0 0 0 6.0 6.0 100%
18.3 MSS (Legacy) 8 0 0 0 8.0 8.0 100%
18.4 Network 4 0 0 0 4.0 4.0 100%
18.4.1 Background Intelligent Transfer Service (BITS) 0 0 0 0 0.0 0.0 0%
18.4.2 BranchCache 0 0 0 0 0.0 0.0 0%
18.4.3 DirectAccess Client Experience Settings 0 0 0 0 0.0 0.0 0%
18.4.4 DNS Client 0 0 0 0 0.0 0.0 0%
18.4.5 Hotspot Authentication 0 0 0 0 0.0 0.0 0%
18.4.6 Lanman Server 0 0 0 0 0.0 0.0 0%
18.4.7 Lanman Workstation 0 0 0 0 0.0 0.0 0%
18.4.8 Link-Layer Topology Discovery 0 0 0 0 0.0 0.0 0%
18.4.9 Microsoft Peer-to-Peer Networking Services 0 0 0 0 0.0 0.0 0%
18.4.9.1 Peer Name Resolution Protocol 0 0 0 0 0.0 0.0 0%
18.4.10 Network Connections 2 0 0 0 2.0 2.0 100%
18.4.10.1 Windows Firewall 0 0 0 0 0.0 0.0 0%
18.4.11 Network Connectivity Status Indicator 0 0 0 0 0.0 0.0 0%
18.4.12 Network Isolation 0 0 0 0 0.0 0.0 0%
18.4.13 Network Provider 1 0 0 0 1.0 1.0 100%
18.4.14 Offline Files 0 0 0 0 0.0 0.0 0%
18.4.15 QoS Packet Scheduler 0 0 0 0 0.0 0.0 0%
18.4.16 SNMP 0 0 0 0 0.0 0.0 0%
18.4.17 SSL Configuration Settings 0 0 0 0 0.0 0.0 0%
18.4.18 TCPIP Settings 0 0 0 0 0.0 0.0 0%
18.4.18.1 IPv6 Transition Technologies 0 0 0 0 0.0 0.0 0%
18.4.18.2 Parameters 0 0 0 0 0.0 0.0 0%
18.4.19 Windows Connect Now 0 0 0 0 0.0 0.0 0%
18.4.20 Windows Connection Manager 1 0 0 0 1.0 1.0 100%
18.5 Printers 0 0 0 0 0.0 0.0 0%
18.6 SCM: Pass the Hash Mitigations 2 0 0 0 2.0 2.0 100%
18.7 Start Menu and Taskbar 0 0 0 0 0.0 0.0 0%
18.8 System 13 0 0 0 13.0 13.0 100%
18.8.1 Access-Denied Assistance 0 0 0 0 0.0 0.0 0%
18.8.2 Audit Process Creation 1 0 0 0 1.0 1.0 100%
18.8.3 Credentials Delegation 0 0 0 0 0.0 0.0 0%
18.8.4 Device Guard 0 0 0 0 0.0 0.0 0%
18.8.5 Device Installation 0 0 0 0 0.0 0.0 0%
18.8.6 Device Redirection 0 0 0 0 0.0 0.0 0%
18.8.7 Disk NV Cache 0 0 0 0 0.0 0.0 0%
18.8.8 Disk Quotas 0 0 0 0 0.0 0.0 0%
18.8.9 Distributed COM 0 0 0 0 0.0 0.0 0%
18.8.10 Driver Installation 0 0 0 0 0.0 0.0 0%
18.8.11 Early Launch Antimalware 1 0 0 0 1.0 1.0 100%
18.8.12 Enhanced Storage Access 0 0 0 0 0.0 0.0 0%
18.8.13 File Classification Infrastructure 0 0 0 0 0.0 0.0 0%
18.8.14 File Share Shadow Copy Agent 0 0 0 0 0.0 0.0 0%
18.8.15 File Share Shadow Copy Provider 0 0 0 0 0.0 0.0 0%
18.8.16 Filesystem 0 0 0 0 0.0 0.0 0%
18.8.17 Folder Redirection 0 0 0 0 0.0 0.0 0%
18.8.18 Group Policy 3 0 0 0 3.0 3.0 100%
18.8.18.1 Logging and tracing 0 0 0 0 0.0 0.0 0%
18.8.19 Internet Communication Management 0 0 0 0 0.0 0.0 0%
18.8.19.1 Internet Communication settings 0 0 0 0 0.0 0.0 0%
18.8.20 iSCSI 0 0 0 0 0.0 0.0 0%
18.8.21 KDC 0 0 0 0 0.0 0.0 0%
18.8.22 Kerberos 0 0 0 0 0.0 0.0 0%
18.8.23 Locale Services 0 0 0 0 0.0 0.0 0%
18.8.24 Logon 5 0 0 0 5.0 5.0 100%
18.8.25 Mitigation Options 0 0 0 0 0.0 0.0 0%
18.8.26 Net Logon 0 0 0 0 0.0 0.0 0%
18.8.27 Performance Control Panel 0 0 0 0 0.0 0.0 0%
18.8.28 Power Management 0 0 0 0 0.0 0.0 0%
18.8.28.1 Button Settings 0 0 0 0 0.0 0.0 0%
18.8.28.2 Hard Disk Settings 0 0 0 0 0.0 0.0 0%
18.8.28.3 Notification Settings 0 0 0 0 0.0 0.0 0%
18.8.28.4 Sleep Settings 0 0 0 0 0.0 0.0 0%
18.8.29 Recovery 0 0 0 0 0.0 0.0 0%
18.8.30 Remote Assistance 2 0 0 0 2.0 2.0 100%
18.8.31 Remote Procedure Call 1 0 0 0 1.0 1.0 100%
18.8.32 Removable Storage Access 0 0 0 0 0.0 0.0 0%
18.8.33 Scripts 0 0 0 0 0.0 0.0 0%
18.8.34 Server Manager 0 0 0 0 0.0 0.0 0%
18.8.35 Shutdown 0 0 0 0 0.0 0.0 0%
18.8.36 Shutdown Options 0 0 0 0 0.0 0.0 0%
18.8.37 System Restore 0 0 0 0 0.0 0.0 0%
18.8.38 Troubleshooting and Diagnostics 0 0 0 0 0.0 0.0 0%
18.8.38.1 Application Compatibility Diagnostics 0 0 0 0 0.0 0.0 0%
18.8.38.2 Corrupted File Recovery 0 0 0 0 0.0 0.0 0%
18.8.38.3 Disk Diagnostic 0 0 0 0 0.0 0.0 0%
18.8.38.4 Fault Tolerant Heap 0 0 0 0 0.0 0.0 0%
18.8.38.5 Microsoft Support Diagnostic Tool 0 0 0 0 0.0 0.0 0%
18.8.38.6 MSI Corrupted File Recovery 0 0 0 0 0.0 0.0 0%
18.8.38.7 Scheduled Maintenance 0 0 0 0 0.0 0.0 0%
18.8.38.8 Scripted Diagnostics 0 0 0 0 0.0 0.0 0%
18.8.38.9 Windows Boot Performance Diagnostics 0 0 0 0 0.0 0.0 0%
18.8.38.10 Windows Memory Leak Diagnosis 0 0 0 0 0.0 0.0 0%
18.8.38.11 Windows Performance PerfTrack 0 0 0 0 0.0 0.0 0%
18.8.39 Trusted Platform Module Services 0 0 0 0 0.0 0.0 0%
18.8.40 User Profiles 0 0 0 0 0.0 0.0 0%
18.8.41 Windows File Protection 0 0 0 0 0.0 0.0 0%
18.8.42 Windows HotStart 0 0 0 0 0.0 0.0 0%
18.8.43 Windows Time Service 0 0 0 0 0.0 0.0 0%
18.8.43.1 Time Providers 0 0 0 0 0.0 0.0 0%
18.9 Windows Components 53 1 0 0 53.0 54.0 98%
18.9.1 Active Directory Federation Services 0 0 0 0 0.0 0.0 0%
18.9.2 ActiveX Installer Service 0 0 0 0 0.0 0.0 0%
18.9.3 Add features to Windows 8 / 8.1 / 10 0 0 0 0 0.0 0.0 0%
18.9.4 App Package Deployment 0 0 0 0 0.0 0.0 0%
18.9.5 App Privacy 0 0 0 0 0.0 0.0 0%
18.9.6 App runtime 1 0 0 0 1.0 1.0 100%
18.9.7 Application Compatibility 0 0 0 0 0.0 0.0 0%
18.9.8 AutoPlay Policies 3 0 0 0 3.0 3.0 100%
18.9.9 Backup 0 0 0 0 0.0 0.0 0%
18.9.10 Biometrics 0 0 0 0 0.0 0.0 0%
18.9.11 BitLocker Drive Encryption 0 0 0 0 0.0 0.0 0%
18.9.12 Cloud Content 0 0 0 0 0.0 0.0 0%
18.9.13 Credential User Interface 2 0 0 0 2.0 2.0 100%
18.9.14 Data Collection and Preview Builds 0 0 0 0 0.0 0.0 0%
18.9.15 Delivery Optimization 0 0 0 0 0.0 0.0 0%
18.9.16 Desktop Gadgets 0 0 0 0 0.0 0.0 0%
18.9.17 Desktop Window Manager 0 0 0 0 0.0 0.0 0%
18.9.18 Device and Driver Compatibility 0 0 0 0 0.0 0.0 0%
18.9.19 Device Registration (formerly Workplace Join) 0 0 0 0 0.0 0.0 0%
18.9.20 Digital Locker 0 0 0 0 0.0 0.0 0%
18.9.21 Edge UI 0 0 0 0 0.0 0.0 0%
18.9.22 EMET 8 0 0 0 8.0 8.0 100%
18.9.23 Event Forwarding 0 0 0 0 0.0 0.0 0%
18.9.24 Event Log Service 8 0 0 0 8.0 8.0 100%
18.9.24.1 Application 2 0 0 0 2.0 2.0 100%
18.9.24.2 Security 2 0 0 0 2.0 2.0 100%
18.9.24.3 Setup 2 0 0 0 2.0 2.0 100%
18.9.24.4 System 2 0 0 0 2.0 2.0 100%
18.9.25 Event Logging 0 0 0 0 0.0 0.0 0%
18.9.26 Event Viewer 0 0 0 0 0.0 0.0 0%
18.9.27 Family Safety 0 0 0 0 0.0 0.0 0%
18.9.28 File Explorer 4 0 0 0 4.0 4.0 100%
18.9.28.1 Previous Versions 0 0 0 0 0.0 0.0 0%
18.9.29 File History 0 0 0 0 0.0 0.0 0%
18.9.30 Game Explorer 0 0 0 0 0.0 0.0 0%
18.9.31 HomeGroup 0 0 0 0 0.0 0.0 0%
18.9.32 Import Video 0 0 0 0 0.0 0.0 0%
18.9.33 Internet Explorer 0 0 0 0 0.0 0.0 0%
18.9.34 Internet Information Services 0 0 0 0 0.0 0.0 0%
18.9.35 Location and Sensors 0 0 0 0 0.0 0.0 0%
18.9.36 Maintenance Scheduler 0 0 0 0 0.0 0.0 0%
18.9.37 Maps 0 0 0 0 0.0 0.0 0%
18.9.38 Microsoft Edge 0 0 0 0 0.0 0.0 0%
18.9.39 Microsoft Passport for Work 0 0 0 0 0.0 0.0 0%
18.9.40 NetMeeting 0 0 0 0 0.0 0.0 0%
18.9.41 Network Access Protection 0 0 0 0 0.0 0.0 0%
18.9.42 Network Projector 0 0 0 0 0.0 0.0 0%
18.9.43 OneDrive 0 0 0 0 0.0 0.0 0%
18.9.44 Online Assistance 0 0 0 0 0.0 0.0 0%
18.9.45 Password Synchronization 0 0 0 0 0.0 0.0 0%
18.9.46 Portable Operating System 0 0 0 0 0.0 0.0 0%
18.9.47 Presentation Settings 0 0 0 0 0.0 0.0 0%
18.9.48 Remote Desktop Services (formerly Terminal Services) 6 1 0 0 6.0 7.0 86%
18.9.48.1 RD Licensing 0 0 0 0 0.0 0.0 0%
18.9.48.2 Remote Desktop Connection Client 1 0 0 0 1.0 1.0 100%
18.9.48.2.1 RemoteFX USB Device Redirection 0 0 0 0 0.0 0.0 0%
18.9.48.3 Remote Desktop Session Host 5 1 0 0 5.0 6.0 83%
18.9.48.3.1 Application Compatibility 0 0 0 0 0.0 0.0 0%
18.9.48.3.2 Connections 0 0 0 0 0.0 0.0 0%
18.9.48.3.3 Device and Resource Redirection 0 1 0 0 0.0 1.0 0%
18.9.48.3.4 Licensing 0 0 0 0 0.0 0.0 0%
18.9.48.3.5 Printer Redirection 0 0 0 0 0.0 0.0 0%
18.9.48.3.6 Profiles 0 0 0 0 0.0 0.0 0%
18.9.48.3.7 RD Connection Broker 0 0 0 0 0.0 0.0 0%
18.9.48.3.8 Remote Session Environment 0 0 0 0 0.0 0.0 0%
18.9.48.3.9 Security 3 0 0 0 3.0 3.0 100%
18.9.48.3.10 Session Time Limits 0 0 0 0 0.0 0.0 0%
18.9.48.3.11 Temporary folders 2 0 0 0 2.0 2.0 100%
18.9.49 RSS Feeds 1 0 0 0 1.0 1.0 100%
18.9.50 Search 1 0 0 0 1.0 1.0 100%
18.9.50.1 OCR 0 0 0 0 0.0 0.0 0%
18.9.51 Security Center 0 0 0 0 0.0 0.0 0%
18.9.52 Server for NIS 0 0 0 0 0.0 0.0 0%
18.9.53 Shutdown Options 0 0 0 0 0.0 0.0 0%
18.9.54 SkyDrive 1 0 0 0 1.0 1.0 100%
18.9.55 Smart Card 0 0 0 0 0.0 0.0 0%
18.9.56 Software Protection Platform 0 0 0 0 0.0 0.0 0%
18.9.57 Sound Recorder 0 0 0 0 0.0 0.0 0%
18.9.58 Store 2 0 0 0 2.0 2.0 100%
18.9.59 Sync your settings 0 0 0 0 0.0 0.0 0%
18.9.60 Tablet PC 0 0 0 0 0.0 0.0 0%
18.9.61 Task Scheduler 0 0 0 0 0.0 0.0 0%
18.9.62 Text Input 0 0 0 0 0.0 0.0 0%
18.9.63 Windows Calendar 0 0 0 0 0.0 0.0 0%
18.9.64 Windows Color System 0 0 0 0 0.0 0.0 0%
18.9.65 Windows Customer Experience Improvement Program 0 0 0 0 0.0 0.0 0%
18.9.66 Windows Defender 0 0 0 0 0.0 0.0 0%
18.9.66.1 Client Interface 0 0 0 0 0.0 0.0 0%
18.9.66.2 Exclusions 0 0 0 0 0.0 0.0 0%
18.9.66.3 MAPS 0 0 0 0 0.0 0.0 0%
18.9.67 Windows Error Reporting 2 0 0 0 2.0 2.0 100%
18.9.67.1 Advanced Error Reporting Settings 0 0 0 0 0.0 0.0 0%
18.9.67.2 Consent 1 0 0 0 1.0 1.0 100%
18.9.68 Windows Game Recording and Broadcasting 0 0 0 0 0.0 0.0 0%
18.9.69 Windows Installer 2 0 0 0 2.0 2.0 100%
18.9.70 Windows Logon Options 1 0 0 0 1.0 1.0 100%
18.9.71 Windows Mail 0 0 0 0 0.0 0.0 0%
18.9.72 Windows Media Center 0 0 0 0 0.0 0.0 0%
18.9.73 Windows Media Digital Rights Management 0 0 0 0 0.0 0.0 0%
18.9.74 Windows Media Player 0 0 0 0 0.0 0.0 0%
18.9.75 Windows Meeting Space 0 0 0 0 0.0 0.0 0%
18.9.76 Windows Messenger 0 0 0 0 0.0 0.0 0%
18.9.77 Windows Mobility Center 0 0 0 0 0.0 0.0 0%
18.9.78 Windows Movie Maker 0 0 0 0 0.0 0.0 0%
18.9.79 Windows PowerShell 2 0 0 0 2.0 2.0 100%
18.9.80 Windows Reliability Analysis 0 0 0 0 0.0 0.0 0%
18.9.81 Windows Remote Management (WinRM) 6 0 0 0 6.0 6.0 100%
18.9.81.1 WinRM Client 3 0 0 0 3.0 3.0 100%
18.9.81.2 WinRM Service 3 0 0 0 3.0 3.0 100%
18.9.82 Windows Remote Shell 0 0 0 0 0.0 0.0 0%
18.9.83 Windows SideShow 0 0 0 0 0.0 0.0 0%
18.9.84 Windows System Resource Manager 0 0 0 0 0.0 0.0 0%
18.9.85 Windows Update 3 0 0 0 3.0 3.0 100%
19 Administrative Templates (User) 9 0 0 0 9.0 9.0 100%
19.1 Control Panel 4 0 0 0 4.0 4.0 100%
19.1.1 Add or Remove Programs 0 0 0 0 0.0 0.0 0%
19.1.2 Display 0 0 0 0 0.0 0.0 0%
19.1.3 Personalization 4 0 0 0 4.0 4.0 100%
19.2 Desktop 0 0 0 0 0.0 0.0 0%
19.3 Network 0 0 0 0 0.0 0.0 0%
19.4 Shared Folders 0 0 0 0 0.0 0.0 0%
19.5 Start Menu and Taskbar 1 0 0 0 1.0 1.0 100%
19.5.1 Notifications 1 0 0 0 1.0 1.0 100%
19.6 System 0 0 0 0 0.0 0.0 0%
19.6.1 Ctrl+Alt+Del Options 0 0 0 0 0.0 0.0 0%
19.6.2 Driver Installation 0 0 0 0 0.0 0.0 0%
19.6.3 Folder Redirection 0 0 0 0 0.0 0.0 0%
19.6.4 Group Policy 0 0 0 0 0.0 0.0 0%
19.6.5 Internet Communication Management 0 0 0 0 0.0 0.0 0%
19.6.5.1 Internet Communication settings 0 0 0 0 0.0 0.0 0%
19.7 Windows Components 4 0 0 0 4.0 4.0 100%
19.7.1 Add features to Windows 8 / 8.1 / 10 0 0 0 0 0.0 0.0 0%
19.7.2 App runtime 0 0 0 0 0.0 0.0 0%
19.7.3 Application Compatibility 0 0 0 0 0.0 0.0 0%
19.7.4 Attachment Manager 2 0 0 0 2.0 2.0 100%
19.7.5 AutoPlay Policies 0 0 0 0 0.0 0.0 0%
19.7.6 Backup 0 0 0 0 0.0 0.0 0%
19.7.7 Credential User Interface 0 0 0 0 0.0 0.0 0%
19.7.8 Desktop Gadgets 0 0 0 0 0.0 0.0 0%
19.7.9 Desktop Windows Manager 0 0 0 0 0.0 0.0 0%
19.7.10 Digital Locker 0 0 0 0 0.0 0.0 0%
19.7.11 Edge UI 0 0 0 0 0.0 0.0 0%
19.7.12 EMET 0 0 0 0 0.0 0.0 0%
19.7.13 File Explorer 0 0 0 0 0.0 0.0 0%
19.7.14 File Revocation 0 0 0 0 0.0 0.0 0%
19.7.15 IME 0 0 0 0 0.0 0.0 0%
19.7.16 Import Video 0 0 0 0 0.0 0.0 0%
19.7.17 Instant Search 0 0 0 0 0.0 0.0 0%
19.7.18 Internet Explorer 0 0 0 0 0.0 0.0 0%
19.7.19 Location and Sensors 0 0 0 0 0.0 0.0 0%
19.7.20 Microsoft Edge 0 0 0 0 0.0 0.0 0%
19.7.21 Microsoft Management Console 0 0 0 0 0.0 0.0 0%
19.7.22 Microsoft Passport for Work 0 0 0 0 0.0 0.0 0%
19.7.23 NetMeeting 0 0 0 0 0.0 0.0 0%
19.7.24 Network Projector 0 0 0 0 0.0 0.0 0%
19.7.25 Network Sharing 1 0 0 0 1.0 1.0 100%
19.7.26 Presentation Settings 0 0 0 0 0.0 0.0 0%
19.7.27 Remote Desktop Services 0 0 0 0 0.0 0.0 0%
19.7.28 RSS Feeds 0 0 0 0 0.0 0.0 0%
19.7.29 Search 0 0 0 0 0.0 0.0 0%
19.7.30 Sound Recorder 0 0 0 0 0.0 0.0 0%
19.7.31 Store 0 0 0 0 0.0 0.0 0%
19.7.32 Tablet PC 0 0 0 0 0.0 0.0 0%
19.7.33 Task Scheduler 0 0 0 0 0.0 0.0 0%
19.7.34 Windows Calendar 0 0 0 0 0.0 0.0 0%
19.7.35 Windows Color System 0 0 0 0 0.0 0.0 0%
19.7.36 Windows Error Reporting 0 0 0 0 0.0 0.0 0%
19.7.37 Windows Installer 1 0 0 0 1.0 1.0 100%
19.7.38 Windows Logon Options 0 0 0 0 0.0 0.0 0%
19.7.39 Windows Mail 0 0 0 0 0.0 0.0 0%
19.7.40 Windows Media Center 0 0 0 0 0.0 0.0 0%
19.7.41 Windows Media Player 0 0 0 0 0.0 0.0 0%
19.7.41.1 Networking 0 0 0 0 0.0 0.0 0%
19.7.41.2 Playback 0 0 0 0 0.0 0.0 0%
Total 248 8 0 3 248.0 259.0 96%

Note: Actual scores are subject to rounding errors. The sum of these values may not result in the exact overall score.

Profiles

This benchmark contains 4 profiles.The Level 1 - Member Server profile was used for this assessment.

Title Description
Level 1 - Domain Controller

Items in this profile apply to Domain Controllers and intend to:

  • be practical and prudent;
  • provide a clear security benefit; and
  • not inhibit the utility of the technology beyond acceptable means.
Show Profile XML
<Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         id="xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Domain_Controller">
   <title xml:lang="en">Level 1 - Domain Controller</title>
   <description xml:lang="en">
      <p xmlns="http://www.w3.org/1999/xhtml">Items in this profile apply to Domain Controllers and intend to:</p>
      <ul xmlns="http://www.w3.org/1999/xhtml">
         <li>be practical and prudent;</li>
         <li>provide a clear security benefit; and</li>
         <li>not inhibit the utility of the technology beyond acceptable means.</li>
      </ul>
   </description>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1_L1_Ensure_Enforce_password_history_is_set_to_24_or_more_passwords"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_L1_Ensure_Maximum_password_age_is_set_to_60_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_L1_Ensure_Minimum_password_age_is_set_to_1_or_more_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_L1_Ensure_Minimum_password_length_is_set_to_14_or_more_characters"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_L1_Ensure_Password_must_meet_complexity_requirements_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_L1_Ensure_Store_passwords_using_reversible_encryption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_L1_Ensure_Account_lockout_duration_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_L1_Ensure_Account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.3_L1_Ensure_Reset_account_lockout_counter_after_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1_L1_Ensure_Access_Credential_Manager_as_a_trusted_caller_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_L1_Ensure_Act_as_part_of_the_operating_system_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_L1_Ensure_Add_workstations_to_domain_is_set_to_Administrators_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_L1_Ensure_Adjust_memory_quotas_for_a_process_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_L1_Ensure_Back_up_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_L1_Ensure_Change_the_system_time_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_L1_Ensure_Change_the_time_zone_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_L1_Ensure_Create_a_pagefile_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_L1_Ensure_Create_a_token_object_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_L1_Ensure_Create_global_objects_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_L1_Ensure_Create_permanent_shared_objects_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_L1_Configure_Create_symbolic_links"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_L1_Ensure_Debug_programs_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.18_L1_Ensure_Deny_log_on_as_a_batch_job_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.19_L1_Ensure_Deny_log_on_as_a_service_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.20_L1_Ensure_Deny_log_on_locally_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.21_L1_Ensure_Deny_log_on_through_Remote_Desktop_Services_to_include_Guests_Local_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.23_L1_Ensure_Force_shutdown_from_a_remote_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.24_L1_Ensure_Generate_security_audits_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.26_L1_Ensure_Increase_scheduling_priority_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.27_L1_Ensure_Load_and_unload_device_drivers_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.28_L1_Ensure_Lock_pages_in_memory_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.30_L1_Configure_Manage_auditing_and_security_log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.31_L1_Ensure_Modify_an_object_label_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.32_L1_Ensure_Modify_firmware_environment_values_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.33_L1_Ensure_Perform_volume_maintenance_tasks_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.34_L1_Ensure_Profile_single_process_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.35_L1_Ensure_Profile_system_performance_is_set_to_Administrators_NT_SERVICEWdiServiceHost"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.36_L1_Ensure_Replace_a_process_level_token_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.37_L1_Ensure_Restore_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.38_L1_Ensure_Shut_down_the_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.39_L1_Ensure_Synchronize_directory_service_data_is_set_to_No_One_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.40_L1_Ensure_Take_ownership_of_files_or_other_objects_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.1_L1_Ensure_Accounts_Administrator_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.2_L1_Ensure_Accounts_Block_Microsoft_accounts_is_set_to_Users_cant_add_or_log_on_with_Microsoft_accounts"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.3_L1_Ensure_Accounts_Guest_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.4_L1_Ensure_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.5_L1_Configure_Accounts_Rename_administrator_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.6_L1_Configure_Accounts_Rename_guest_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.1_L1_Ensure_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.2_L1_Ensure_Audit_Shut_down_system_immediately_if_unable_to_log_security_audits_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.1_L1_Ensure_Devices_Allowed_to_format_and_eject_removable_media_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.2_L1_Ensure_Devices_Prevent_users_from_installing_printer_drivers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.1_L1_Ensure_Domain_controller_Allow_server_operators_to_schedule_tasks_is_set_to_Disabled_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.2_L1_Ensure_Domain_controller_LDAP_server_signing_requirements_is_set_to_Require_signing_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.3_L1_Ensure_Domain_controller_Refuse_machine_account_password_changes_is_set_to_Disabled_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.1_L1_Ensure_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.2_L1_Ensure_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.3_L1_Ensure_Domain_member_Digitally_sign_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.4_L1_Ensure_Domain_member_Disable_machine_account_password_changes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.5_L1_Ensure_Domain_member_Maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.6_L1_Ensure_Domain_member_Require_strong_Windows_2000_or_later_session_key_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.1_L1_Ensure_Interactive_logon_Do_not_display_last_user_name_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.2_L1_Ensure_Interactive_logon_Do_not_require_CTRLALTDEL_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.3_L1_Ensure_Interactive_logon_Machine_inactivity_limit_is_set_to_900_or_fewer_seconds_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.4_L1_Configure_Interactive_logon_Message_text_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.5_L1_Configure_Interactive_logon_Message_title_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.7_L1_Ensure_Interactive_logon_Prompt_user_to_change_password_before_expiration_is_set_to_between_5_and_14_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.9_L1_Ensure_Interactive_logon_Smart_card_removal_behavior_is_set_to_Lock_Workstation_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.1_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.2_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.3_L1_Ensure_Microsoft_network_client_Send_unencrypted_password_to_third-party_SMB_servers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.1_L1_Ensure_Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session_is_set_to_15_or_fewer_minutes_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.2_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.3_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.4_L1_Ensure_Microsoft_network_server_Disconnect_clients_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.5_L1_Ensure_Microsoft_network_server_Server_SPN_target_name_validation_level_is_set_to_Accept_if_provided_by_client_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.1_L1_Ensure_Network_access_Allow_anonymous_SIDName_translation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.2_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.3_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.5_L1_Ensure_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.7_L1_Ensure_Network_access_Remotely_accessible_registry_paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.8_L1_Ensure_Network_access_Remotely_accessible_registry_paths_and_sub-paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.9_L1_Ensure_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.10_L1_Ensure_Network_access_Shares_that_can_be_accessed_anonymously_is_set_to_None"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.11_L1_Ensure_Network_access_Sharing_and_security_model_for_local_accounts_is_set_to_Classic_-_local_users_authenticate_as_themselves"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.1_L1_Ensure_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.2_L1_Ensure_Network_security_Allow_LocalSystem_NULL_session_fallback_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.3_L1_Ensure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.4_L1_Ensure_Network_Security_Configure_encryption_types_allowed_for_Kerberos_is_set_to_RC4_HMAC_MD5_AES128_HMAC_SHA1_AES256_HMAC_SHA1_Future_encryption_types"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.5_L1_Ensure_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.6_L1_Ensure_Network_security_Force_logoff_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.7_L1_Ensure_Network_security_LAN_Manager_authentication_level_is_set_to_Send_NTLMv2_response_only._Refuse_LM__NTLM"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.8_L1_Ensure_Network_security_LDAP_client_signing_requirements_is_set_to_Negotiate_signing_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.9_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.10_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.13.1_L1_Ensure_Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.1_L1_Ensure_System_objects_Require_case_insensitivity_for_non-Windows_subsystems_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.2_L1_Ensure_System_objects_Strengthen_default_permissions_of_internal_system_objects_e.g._Symbolic_Links_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.1_L1_Ensure_User_Account_Control_Admin_Approval_Mode_for_the_Built-in_Administrator_account_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.2_L1_Ensure_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.3_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_is_set_to_Prompt_for_consent_on_the_secure_desktop"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.4_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_is_set_to_Automatically_deny_elevation_requests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.5_L1_Ensure_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.6_L1_Ensure_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.7_L1_Ensure_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.8_L1_Ensure_User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.9_L1_Ensure_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per-user_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.1_L1_Ensure_Windows_Firewall_Domain_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.2_L1_Ensure_Windows_Firewall_Domain_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.3_L1_Ensure_Windows_Firewall_Domain_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.4_L1_Ensure_Windows_Firewall_Domain_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.5_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.6_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.7_L1_Ensure_Windows_Firewall_Domain_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewalldomainfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.8_L1_Ensure_Windows_Firewall_Domain_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.9_L1_Ensure_Windows_Firewall_Domain_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.10_L1_Ensure_Windows_Firewall_Domain_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.1_L1_Ensure_Windows_Firewall_Private_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.2_L1_Ensure_Windows_Firewall_Private_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.3_L1_Ensure_Windows_Firewall_Private_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.4_L1_Ensure_Windows_Firewall_Private_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.5_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.6_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.7_L1_Ensure_Windows_Firewall_Private_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallprivatefw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.8_L1_Ensure_Windows_Firewall_Private_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.9_L1_Ensure_Windows_Firewall_Private_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.10_L1_Ensure_Windows_Firewall_Private_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.1_L1_Ensure_Windows_Firewall_Public_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.2_L1_Ensure_Windows_Firewall_Public_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.3_L1_Ensure_Windows_Firewall_Public_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.4_L1_Ensure_Windows_Firewall_Public_Settings_Display_a_notification_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.5_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_firewall_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.6_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_connection_security_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.7_L1_Ensure_Windows_Firewall_Public_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallpublicfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.8_L1_Ensure_Windows_Firewall_Public_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.9_L1_Ensure_Windows_Firewall_Public_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.10_L1_Ensure_Windows_Firewall_Public_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.1.1_L1_Ensure_Audit_Credential_Validation_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.1_L1_Ensure_Audit_Application_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.2_L1_Ensure_Audit_Computer_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.3_L1_Ensure_Audit_Distribution_Group_Management_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.4_L1_Ensure_Audit_Other_Account_Management_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.5_L1_Ensure_Audit_Security_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.6_L1_Ensure_Audit_User_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.3.1_L1_Ensure_Audit_Process_Creation_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.4.1_L1_Ensure_Audit_Directory_Service_Access_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.4.2_L1_Ensure_Audit_Directory_Service_Changes_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.1_L1_Ensure_Audit_Account_Lockout_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.2_L1_Ensure_Audit_Logoff_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.3_L1_Ensure_Audit_Logon_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.4_L1_Ensure_Audit_Other_LogonLogoff_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.5_L1_Ensure_Audit_Special_Logon_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.6.1_L1_Ensure_Audit_Removable_Storage_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.1_L1_Ensure_Audit_Audit_Policy_Change_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.2_L1_Ensure_Audit_Authentication_Policy_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.8.1_L1_Ensure_Audit_Sensitive_Privilege_Use_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.1_L1_Ensure_Audit_IPsec_Driver_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.2_L1_Ensure_Audit_Other_System_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.3_L1_Ensure_Audit_Security_State_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.4_L1_Ensure_Audit_Security_System_Extension_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.5_L1_Ensure_Audit_System_Integrity_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.1_L1_Ensure_Prevent_enabling_lock_screen_camera_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.2_L1_Ensure_Prevent_enabling_lock_screen_slide_show_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.1_L1_Ensure_MSS_AutoAdminLogon_Enable_Automatic_Logon_not_recommended_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.2_L1_Ensure_MSS_DisableIPSourceRouting_IPv6_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.3_L1_Ensure_MSS_DisableIPSourceRouting_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.4_L1_Ensure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.6_L1_Ensure_MSS_NoNameReleaseOnDemand_Allow_the_computer_to_ignore_NetBIOS_name_release_requests_except_from_WINS_servers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.8_L1_Ensure_MSS_SafeDllSearchMode_Enable_Safe_DLL_search_mode_recommended_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.9_L1_Ensure_MSS_ScreenSaverGracePeriod_The_time_in_seconds_before_the_screen_saver_grace_period_expires_0_recommended_is_set_to_Enabled_5_or_fewer_seconds"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.12_L1_Ensure_MSS_WarningLevel_Percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning_is_set_to_Enabled_90_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.2_L1_Ensure_Prohibit_installation_and_configuration_of_Network_Bridge_on_your_DNS_domain_network_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.3_L1_Ensure_Require_domain_users_to_elevate_when_setting_a_networks_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.13.1_L1_Ensure_Hardened_UNC_Paths_is_set_to_Enabled_with_Require_Mutual_Authentication_and_Require_Integrity_set_for_all_NETLOGON_and_SYSVOL_shares"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.20.1_L1_Ensure_Minimize_the_number_of_simultaneous_connections_to_the_Internet_or_a_Windows_Domain_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.2_L1_Ensure_WDigest_Authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.2.1_L1_Ensure_Include_command_line_in_process_creation_events_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.11.1_L1_Ensure_Boot-Start_Driver_Initialization_Policy_is_set_to_Enabled_Good_unknown_and_bad_but_critical"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.2_L1_Ensure_Configure_registry_policy_processing_Do_not_apply_during_periodic_background_processing_is_set_to_Enabled_FALSE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.3_L1_Ensure_Configure_registry_policy_processing_Process_even_if_the_Group_Policy_objects_have_not_changed_is_set_to_Enabled_TRUE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.4_L1_Ensure_Turn_off_background_refresh_of_Group_Policy_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.1_L1_Ensure_Do_not_display_network_selection_UI_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.2_L1_Ensure_Do_not_enumerate_connected_users_on_domain-joined_computers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.3_L1_Ensure_Enumerate_local_users_on_domain-joined_computers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.4_L1_Ensure_Turn_off_app_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.5_L1_Ensure_Turn_on_convenience_PIN_sign-in_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.1_L1_Ensure_Configure_Offer_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.2_L1_Ensure_Configure_Solicited_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.6.1_L1_Ensure_Allow_Microsoft_accounts_to_be_optional_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.1_L1_Ensure_Disallow_Autoplay_for_non-volume_devices_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.2_L1_Ensure_Set_the_default_behavior_for_AutoRun_is_set_to_Enabled_Do_not_execute_any_autorun_commands"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.3_L1_Ensure_Turn_off_Autoplay_is_set_to_Enabled_All_drives"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.1_L1_Ensure_Do_not_display_the_password_reveal_button_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.2_L1_Ensure_Enumerate_administrator_accounts_on_elevation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.1_L1_Ensure_EMET_5.5_or_higher_is_installed"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.2_L1_Ensure_Default_Action_and_Mitigation_Settings_is_set_to_Enabled_plus_subsettings"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.3_L1_Ensure_Default_Protections_for_Internet_Explorer_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.4_L1_Ensure_Default_Protections_for_Popular_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.5_L1_Ensure_Default_Protections_for_Recommended_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.6_L1_Ensure_System_ASLR_is_set_to_Enabled_Application_Opt-In"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.7_L1_Ensure_System_DEP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.8_L1_Ensure_System_SEHOP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.1_L1_Ensure_Application_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.2_L1_Ensure_Application_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.1_L1_Ensure_Security_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.2_L1_Ensure_Security_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_196608_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.1_L1_Ensure_Setup_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.2_L1_Ensure_Setup_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.1_L1_Ensure_System_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.2_L1_Ensure_System_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.2_L1_Ensure_Configure_Windows_SmartScreen_is_set_to_Enabled_Require_approval_from_an_administrator_before_running_downloaded_unknown_software"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.3_L1_Ensure_Turn_off_Data_Execution_Prevention_for_Explorer_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.4_L1_Ensure_Turn_off_heap_termination_on_corruption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.5_L1_Ensure_Turn_off_shell_protocol_protected_mode_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.2.2_L1_Ensure_Do_not_allow_passwords_to_be_saved_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.2_L1_Ensure_Do_not_allow_drive_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.1_L1_Ensure_Always_prompt_for_password_upon_connection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.2_L1_Ensure_Require_secure_RPC_communication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.3_L1_Ensure_Set_client_connection_encryption_level_is_set_to_Enabled_High_Level"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.2_L1_Ensure_Do_not_use_temporary_folders_per_session_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.1_L1_Ensure_Do_not_delete_temp_folders_upon_exit_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.49.1_L1_Ensure_Prevent_downloading_of_enclosures_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.2_L1_Ensure_Allow_indexing_of_encrypted_files_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.54.1_L1_Ensure_Prevent_the_usage_of_SkyDrive_for_file_storage_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.1_L1_Ensure_Turn_off_Automatic_Download_and_Install_of_updates_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.2_L1_Ensure_Turn_off_the_offer_to_update_to_the_latest_version_of_Windows_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.2.1_L1_Ensure_Configure_Default_consent_is_set_to_Enabled_Always_ask_before_sending_data"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.3_L1_Ensure_Automatically_send_memory_dumps_for_OS-generated_error_reports_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.1_L1_Ensure_Allow_user_control_over_installs_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.2_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.70.1_L1_Ensure_Sign-in_last_interactive_user_automatically_after_a_system-initiated_restart_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.1_L1_Ensure_Turn_on_PowerShell_Script_Block_Logging_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.2_L1_Ensure_Turn_on_PowerShell_Transcription_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.3_L1_Ensure_Disallow_Digest_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.3_L1_Ensure_Disallow_WinRM_from_storing_RunAs_credentials_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.1_L1_Ensure_Configure_Automatic_Updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.2_L1_Ensure_Configure_Automatic_Updates_Scheduled_install_day_is_set_to_0_-_Every_day"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.3_L1_Ensure_No_auto-restart_with_logged_on_users_for_scheduled_automatic_updates_installations_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.1_L1_Ensure_Enable_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.2_L1_Ensure_Force_specific_screen_saver_Screen_saver_executable_name_is_set_to_Enabled_scrnsave.scr"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.3_L1_Ensure_Password_protect_the_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.4_L1_Ensure_Screen_saver_timeout_is_set_to_Enabled_900_seconds_or_fewer_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.5.1.1_L1_Ensure_Turn_off_toast_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.1_L1_Ensure_Do_not_preserve_zone_information_in_file_attachments_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.2_L1_Ensure_Notify_antivirus_programs_when_opening_attachments_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.25.1_L1_Ensure_Prevent_users_from_sharing_files_within_their_profile._is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.37.1_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
                selector="DC"/>
</Profile>
Level 1 - Member Server

Items in this profile apply to Member Servers and intend to:

  • be practical and prudent;
  • provide a clear security benefit; and
  • not inhibit the utility of the technology beyond acceptable means.

Items in this profile also apply to Member Servers that have the following Roles enabled:

  • AD Certificate Services
  • DHCP Server
  • DNS Server
  • File Server
  • Hyper-V
  • Network Policy and Access Services
  • Print Server
  • Remote Access Services
  • Remote Desktop Services
  • Web Server
Show Profile XML
<Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         id="xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Member_Server">
   <title xml:lang="en">Level 1 - Member Server</title>
   <description xml:lang="en">
      <p xmlns="http://www.w3.org/1999/xhtml">Items in this profile apply to Member Servers and intend to:</p>
      <ul xmlns="http://www.w3.org/1999/xhtml">
         <li>be practical and prudent;</li>
         <li>provide a clear security benefit; and</li>
         <li>not inhibit the utility of the technology beyond acceptable means.</li>
      </ul>
      <p xmlns="http://www.w3.org/1999/xhtml">Items in this profile also apply to Member Servers that have the following Roles enabled:</p>
      <ul xmlns="http://www.w3.org/1999/xhtml">
         <li>AD Certificate Services</li>
         <li>DHCP Server</li>
         <li>DNS Server</li>
         <li>File Server</li>
         <li>Hyper-V</li>
         <li>Network Policy and Access Services</li>
         <li>Print Server</li>
         <li>Remote Access Services</li>
         <li>Remote Desktop Services</li>
         <li>Web Server</li>
      </ul>
   </description>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1_L1_Ensure_Enforce_password_history_is_set_to_24_or_more_passwords"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_L1_Ensure_Maximum_password_age_is_set_to_60_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_L1_Ensure_Minimum_password_age_is_set_to_1_or_more_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_L1_Ensure_Minimum_password_length_is_set_to_14_or_more_characters"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_L1_Ensure_Password_must_meet_complexity_requirements_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_L1_Ensure_Store_passwords_using_reversible_encryption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_L1_Ensure_Account_lockout_duration_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_L1_Ensure_Account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.3_L1_Ensure_Reset_account_lockout_counter_after_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1_L1_Ensure_Access_Credential_Manager_as_a_trusted_caller_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_L1_Ensure_Act_as_part_of_the_operating_system_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_L1_Ensure_Adjust_memory_quotas_for_a_process_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_L1_Ensure_Back_up_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_L1_Ensure_Change_the_system_time_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_L1_Ensure_Change_the_time_zone_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_L1_Ensure_Create_a_pagefile_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_L1_Ensure_Create_a_token_object_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_L1_Ensure_Create_global_objects_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_L1_Ensure_Create_permanent_shared_objects_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_L1_Configure_Create_symbolic_links"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_L1_Ensure_Debug_programs_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.18_L1_Ensure_Deny_log_on_as_a_batch_job_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.19_L1_Ensure_Deny_log_on_as_a_service_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.20_L1_Ensure_Deny_log_on_locally_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.21_L1_Ensure_Deny_log_on_through_Remote_Desktop_Services_to_include_Guests_Local_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.23_L1_Ensure_Force_shutdown_from_a_remote_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.24_L1_Ensure_Generate_security_audits_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.26_L1_Ensure_Increase_scheduling_priority_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.27_L1_Ensure_Load_and_unload_device_drivers_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.28_L1_Ensure_Lock_pages_in_memory_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.30_L1_Configure_Manage_auditing_and_security_log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.31_L1_Ensure_Modify_an_object_label_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.32_L1_Ensure_Modify_firmware_environment_values_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.33_L1_Ensure_Perform_volume_maintenance_tasks_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.34_L1_Ensure_Profile_single_process_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.35_L1_Ensure_Profile_system_performance_is_set_to_Administrators_NT_SERVICEWdiServiceHost"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.36_L1_Ensure_Replace_a_process_level_token_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.37_L1_Ensure_Restore_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.38_L1_Ensure_Shut_down_the_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.40_L1_Ensure_Take_ownership_of_files_or_other_objects_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.1_L1_Ensure_Accounts_Administrator_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.2_L1_Ensure_Accounts_Block_Microsoft_accounts_is_set_to_Users_cant_add_or_log_on_with_Microsoft_accounts"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.3_L1_Ensure_Accounts_Guest_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.4_L1_Ensure_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.5_L1_Configure_Accounts_Rename_administrator_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.6_L1_Configure_Accounts_Rename_guest_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.1_L1_Ensure_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.2_L1_Ensure_Audit_Shut_down_system_immediately_if_unable_to_log_security_audits_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.1_L1_Ensure_Devices_Allowed_to_format_and_eject_removable_media_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.2_L1_Ensure_Devices_Prevent_users_from_installing_printer_drivers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.1_L1_Ensure_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.2_L1_Ensure_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.3_L1_Ensure_Domain_member_Digitally_sign_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.4_L1_Ensure_Domain_member_Disable_machine_account_password_changes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.5_L1_Ensure_Domain_member_Maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.6_L1_Ensure_Domain_member_Require_strong_Windows_2000_or_later_session_key_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.1_L1_Ensure_Interactive_logon_Do_not_display_last_user_name_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.2_L1_Ensure_Interactive_logon_Do_not_require_CTRLALTDEL_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.3_L1_Ensure_Interactive_logon_Machine_inactivity_limit_is_set_to_900_or_fewer_seconds_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.4_L1_Configure_Interactive_logon_Message_text_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.5_L1_Configure_Interactive_logon_Message_title_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.7_L1_Ensure_Interactive_logon_Prompt_user_to_change_password_before_expiration_is_set_to_between_5_and_14_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.8_L1_Ensure_Interactive_logon_Require_Domain_Controller_Authentication_to_unlock_workstation_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.9_L1_Ensure_Interactive_logon_Smart_card_removal_behavior_is_set_to_Lock_Workstation_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.1_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.2_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.3_L1_Ensure_Microsoft_network_client_Send_unencrypted_password_to_third-party_SMB_servers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.1_L1_Ensure_Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session_is_set_to_15_or_fewer_minutes_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.2_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.3_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.4_L1_Ensure_Microsoft_network_server_Disconnect_clients_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.5_L1_Ensure_Microsoft_network_server_Server_SPN_target_name_validation_level_is_set_to_Accept_if_provided_by_client_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.1_L1_Ensure_Network_access_Allow_anonymous_SIDName_translation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.2_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.3_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.5_L1_Ensure_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.7_L1_Ensure_Network_access_Remotely_accessible_registry_paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.8_L1_Ensure_Network_access_Remotely_accessible_registry_paths_and_sub-paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.9_L1_Ensure_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.10_L1_Ensure_Network_access_Shares_that_can_be_accessed_anonymously_is_set_to_None"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.11_L1_Ensure_Network_access_Sharing_and_security_model_for_local_accounts_is_set_to_Classic_-_local_users_authenticate_as_themselves"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.1_L1_Ensure_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.2_L1_Ensure_Network_security_Allow_LocalSystem_NULL_session_fallback_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.3_L1_Ensure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.4_L1_Ensure_Network_Security_Configure_encryption_types_allowed_for_Kerberos_is_set_to_RC4_HMAC_MD5_AES128_HMAC_SHA1_AES256_HMAC_SHA1_Future_encryption_types"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.5_L1_Ensure_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.6_L1_Ensure_Network_security_Force_logoff_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.7_L1_Ensure_Network_security_LAN_Manager_authentication_level_is_set_to_Send_NTLMv2_response_only._Refuse_LM__NTLM"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.8_L1_Ensure_Network_security_LDAP_client_signing_requirements_is_set_to_Negotiate_signing_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.9_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.10_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.13.1_L1_Ensure_Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.1_L1_Ensure_System_objects_Require_case_insensitivity_for_non-Windows_subsystems_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.2_L1_Ensure_System_objects_Strengthen_default_permissions_of_internal_system_objects_e.g._Symbolic_Links_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.1_L1_Ensure_User_Account_Control_Admin_Approval_Mode_for_the_Built-in_Administrator_account_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.2_L1_Ensure_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.3_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_is_set_to_Prompt_for_consent_on_the_secure_desktop"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.4_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_is_set_to_Automatically_deny_elevation_requests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.5_L1_Ensure_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.6_L1_Ensure_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.7_L1_Ensure_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.8_L1_Ensure_User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.9_L1_Ensure_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per-user_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.1_L1_Ensure_Windows_Firewall_Domain_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.2_L1_Ensure_Windows_Firewall_Domain_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.3_L1_Ensure_Windows_Firewall_Domain_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.4_L1_Ensure_Windows_Firewall_Domain_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.5_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.6_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.7_L1_Ensure_Windows_Firewall_Domain_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewalldomainfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.8_L1_Ensure_Windows_Firewall_Domain_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.9_L1_Ensure_Windows_Firewall_Domain_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.10_L1_Ensure_Windows_Firewall_Domain_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.1_L1_Ensure_Windows_Firewall_Private_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.2_L1_Ensure_Windows_Firewall_Private_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.3_L1_Ensure_Windows_Firewall_Private_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.4_L1_Ensure_Windows_Firewall_Private_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.5_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.6_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.7_L1_Ensure_Windows_Firewall_Private_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallprivatefw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.8_L1_Ensure_Windows_Firewall_Private_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.9_L1_Ensure_Windows_Firewall_Private_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.10_L1_Ensure_Windows_Firewall_Private_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.1_L1_Ensure_Windows_Firewall_Public_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.2_L1_Ensure_Windows_Firewall_Public_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.3_L1_Ensure_Windows_Firewall_Public_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.4_L1_Ensure_Windows_Firewall_Public_Settings_Display_a_notification_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.5_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_firewall_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.6_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_connection_security_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.7_L1_Ensure_Windows_Firewall_Public_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallpublicfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.8_L1_Ensure_Windows_Firewall_Public_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.9_L1_Ensure_Windows_Firewall_Public_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.10_L1_Ensure_Windows_Firewall_Public_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.1.1_L1_Ensure_Audit_Credential_Validation_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.1_L1_Ensure_Audit_Application_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.2_L1_Ensure_Audit_Computer_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.4_L1_Ensure_Audit_Other_Account_Management_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.5_L1_Ensure_Audit_Security_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.6_L1_Ensure_Audit_User_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.3.1_L1_Ensure_Audit_Process_Creation_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.1_L1_Ensure_Audit_Account_Lockout_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.2_L1_Ensure_Audit_Logoff_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.3_L1_Ensure_Audit_Logon_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.4_L1_Ensure_Audit_Other_LogonLogoff_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.5_L1_Ensure_Audit_Special_Logon_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.6.1_L1_Ensure_Audit_Removable_Storage_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.1_L1_Ensure_Audit_Audit_Policy_Change_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.2_L1_Ensure_Audit_Authentication_Policy_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.8.1_L1_Ensure_Audit_Sensitive_Privilege_Use_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.1_L1_Ensure_Audit_IPsec_Driver_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.2_L1_Ensure_Audit_Other_System_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.3_L1_Ensure_Audit_Security_State_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.4_L1_Ensure_Audit_Security_System_Extension_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.5_L1_Ensure_Audit_System_Integrity_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.1_L1_Ensure_Prevent_enabling_lock_screen_camera_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.2_L1_Ensure_Prevent_enabling_lock_screen_slide_show_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.1_L1_Ensure_LAPS_AdmPwd_GPO_Extension__CSE_is_installed_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.2_L1_Ensure_Do_not_allow_password_expiration_time_longer_than_required_by_policy_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.3_L1_Ensure_Enable_Local_Admin_Password_Management_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.4_L1_Ensure_Password_Settings_Password_Complexity_is_set_to_Enabled_Large_letters__small_letters__numbers__special_characters_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.5_L1_Ensure_Password_Settings_Password_Length_is_set_to_Enabled_15_or_more_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.6_L1_Ensure_Password_Settings_Password_Age_Days_is_set_to_Enabled_30_or_fewer_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.1_L1_Ensure_MSS_AutoAdminLogon_Enable_Automatic_Logon_not_recommended_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.2_L1_Ensure_MSS_DisableIPSourceRouting_IPv6_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.3_L1_Ensure_MSS_DisableIPSourceRouting_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.4_L1_Ensure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.6_L1_Ensure_MSS_NoNameReleaseOnDemand_Allow_the_computer_to_ignore_NetBIOS_name_release_requests_except_from_WINS_servers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.8_L1_Ensure_MSS_SafeDllSearchMode_Enable_Safe_DLL_search_mode_recommended_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.9_L1_Ensure_MSS_ScreenSaverGracePeriod_The_time_in_seconds_before_the_screen_saver_grace_period_expires_0_recommended_is_set_to_Enabled_5_or_fewer_seconds"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.12_L1_Ensure_MSS_WarningLevel_Percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning_is_set_to_Enabled_90_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.2_L1_Ensure_Prohibit_installation_and_configuration_of_Network_Bridge_on_your_DNS_domain_network_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.3_L1_Ensure_Require_domain_users_to_elevate_when_setting_a_networks_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.13.1_L1_Ensure_Hardened_UNC_Paths_is_set_to_Enabled_with_Require_Mutual_Authentication_and_Require_Integrity_set_for_all_NETLOGON_and_SYSVOL_shares"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.20.1_L1_Ensure_Minimize_the_number_of_simultaneous_connections_to_the_Internet_or_a_Windows_Domain_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.1_L1_Ensure_Apply_UAC_restrictions_to_local_accounts_on_network_logons_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.2_L1_Ensure_WDigest_Authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.2.1_L1_Ensure_Include_command_line_in_process_creation_events_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.11.1_L1_Ensure_Boot-Start_Driver_Initialization_Policy_is_set_to_Enabled_Good_unknown_and_bad_but_critical"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.2_L1_Ensure_Configure_registry_policy_processing_Do_not_apply_during_periodic_background_processing_is_set_to_Enabled_FALSE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.3_L1_Ensure_Configure_registry_policy_processing_Process_even_if_the_Group_Policy_objects_have_not_changed_is_set_to_Enabled_TRUE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.4_L1_Ensure_Turn_off_background_refresh_of_Group_Policy_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.1_L1_Ensure_Do_not_display_network_selection_UI_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.2_L1_Ensure_Do_not_enumerate_connected_users_on_domain-joined_computers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.3_L1_Ensure_Enumerate_local_users_on_domain-joined_computers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.4_L1_Ensure_Turn_off_app_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.5_L1_Ensure_Turn_on_convenience_PIN_sign-in_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.1_L1_Ensure_Configure_Offer_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.2_L1_Ensure_Configure_Solicited_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.31.1_L1_Ensure_Enable_RPC_Endpoint_Mapper_Client_Authentication_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.6.1_L1_Ensure_Allow_Microsoft_accounts_to_be_optional_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.1_L1_Ensure_Disallow_Autoplay_for_non-volume_devices_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.2_L1_Ensure_Set_the_default_behavior_for_AutoRun_is_set_to_Enabled_Do_not_execute_any_autorun_commands"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.3_L1_Ensure_Turn_off_Autoplay_is_set_to_Enabled_All_drives"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.1_L1_Ensure_Do_not_display_the_password_reveal_button_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.2_L1_Ensure_Enumerate_administrator_accounts_on_elevation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.1_L1_Ensure_EMET_5.5_or_higher_is_installed"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.2_L1_Ensure_Default_Action_and_Mitigation_Settings_is_set_to_Enabled_plus_subsettings"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.3_L1_Ensure_Default_Protections_for_Internet_Explorer_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.4_L1_Ensure_Default_Protections_for_Popular_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.5_L1_Ensure_Default_Protections_for_Recommended_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.6_L1_Ensure_System_ASLR_is_set_to_Enabled_Application_Opt-In"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.7_L1_Ensure_System_DEP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.8_L1_Ensure_System_SEHOP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.1_L1_Ensure_Application_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.2_L1_Ensure_Application_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.1_L1_Ensure_Security_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.2_L1_Ensure_Security_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_196608_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.1_L1_Ensure_Setup_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.2_L1_Ensure_Setup_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.1_L1_Ensure_System_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.2_L1_Ensure_System_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.2_L1_Ensure_Configure_Windows_SmartScreen_is_set_to_Enabled_Require_approval_from_an_administrator_before_running_downloaded_unknown_software"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.3_L1_Ensure_Turn_off_Data_Execution_Prevention_for_Explorer_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.4_L1_Ensure_Turn_off_heap_termination_on_corruption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.5_L1_Ensure_Turn_off_shell_protocol_protected_mode_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.2.2_L1_Ensure_Do_not_allow_passwords_to_be_saved_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.2_L1_Ensure_Do_not_allow_drive_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.1_L1_Ensure_Always_prompt_for_password_upon_connection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.3_L1_Ensure_Set_client_connection_encryption_level_is_set_to_Enabled_High_Level"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.2_L1_Ensure_Require_secure_RPC_communication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.1_L1_Ensure_Do_not_delete_temp_folders_upon_exit_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.2_L1_Ensure_Do_not_use_temporary_folders_per_session_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.49.1_L1_Ensure_Prevent_downloading_of_enclosures_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.2_L1_Ensure_Allow_indexing_of_encrypted_files_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.54.1_L1_Ensure_Prevent_the_usage_of_SkyDrive_for_file_storage_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.1_L1_Ensure_Turn_off_Automatic_Download_and_Install_of_updates_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.2_L1_Ensure_Turn_off_the_offer_to_update_to_the_latest_version_of_Windows_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.2.1_L1_Ensure_Configure_Default_consent_is_set_to_Enabled_Always_ask_before_sending_data"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.3_L1_Ensure_Automatically_send_memory_dumps_for_OS-generated_error_reports_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.1_L1_Ensure_Allow_user_control_over_installs_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.2_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.70.1_L1_Ensure_Sign-in_last_interactive_user_automatically_after_a_system-initiated_restart_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.1_L1_Ensure_Turn_on_PowerShell_Script_Block_Logging_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.2_L1_Ensure_Turn_on_PowerShell_Transcription_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.3_L1_Ensure_Disallow_Digest_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.3_L1_Ensure_Disallow_WinRM_from_storing_RunAs_credentials_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.1_L1_Ensure_Configure_Automatic_Updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.2_L1_Ensure_Configure_Automatic_Updates_Scheduled_install_day_is_set_to_0_-_Every_day"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.3_L1_Ensure_No_auto-restart_with_logged_on_users_for_scheduled_automatic_updates_installations_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.1_L1_Ensure_Enable_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.2_L1_Ensure_Force_specific_screen_saver_Screen_saver_executable_name_is_set_to_Enabled_scrnsave.scr"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.3_L1_Ensure_Password_protect_the_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.4_L1_Ensure_Screen_saver_timeout_is_set_to_Enabled_900_seconds_or_fewer_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.5.1.1_L1_Ensure_Turn_off_toast_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.1_L1_Ensure_Do_not_preserve_zone_information_in_file_attachments_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.2_L1_Ensure_Notify_antivirus_programs_when_opening_attachments_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.25.1_L1_Ensure_Prevent_users_from_sharing_files_within_their_profile._is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.37.1_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
                selector="MS"/>
</Profile>
Level 2 - Domain Controller

This profile extends the "Level 1 - Domain Controller" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is paramount
  • acts as defense in depth measure
  • may negatively inhibit the utility or performance of the technology
Show Profile XML
<Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         id="xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Domain_Controller">
   <title xml:lang="en">Level 2 - Domain Controller</title>
   <description xml:lang="en">
      <p xmlns="http://www.w3.org/1999/xhtml">This profile extends the "Level 1 - Domain Controller" profile. Items in this profile exhibit one or more of the following characteristics:</p>
      <ul xmlns="http://www.w3.org/1999/xhtml">
         <li>are intended for environments or use cases where security is paramount</li>
         <li>acts as defense in depth measure</li>
         <li>may negatively inhibit the utility or performance of the technology</li>
      </ul>
   </description>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1_L1_Ensure_Enforce_password_history_is_set_to_24_or_more_passwords"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_L1_Ensure_Maximum_password_age_is_set_to_60_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_L1_Ensure_Minimum_password_age_is_set_to_1_or_more_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_L1_Ensure_Minimum_password_length_is_set_to_14_or_more_characters"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_L1_Ensure_Password_must_meet_complexity_requirements_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_L1_Ensure_Store_passwords_using_reversible_encryption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_L1_Ensure_Account_lockout_duration_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_L1_Ensure_Account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.3_L1_Ensure_Reset_account_lockout_counter_after_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1_L1_Ensure_Access_Credential_Manager_as_a_trusted_caller_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_L1_Ensure_Act_as_part_of_the_operating_system_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.4_L1_Ensure_Add_workstations_to_domain_is_set_to_Administrators_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_L1_Ensure_Adjust_memory_quotas_for_a_process_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_L1_Ensure_Back_up_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_L1_Ensure_Change_the_system_time_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_L1_Ensure_Change_the_time_zone_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_L1_Ensure_Create_a_pagefile_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_L1_Ensure_Create_a_token_object_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_L1_Ensure_Create_global_objects_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_L1_Ensure_Create_permanent_shared_objects_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_L1_Configure_Create_symbolic_links"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_L1_Ensure_Debug_programs_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.18_L1_Ensure_Deny_log_on_as_a_batch_job_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.19_L1_Ensure_Deny_log_on_as_a_service_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.20_L1_Ensure_Deny_log_on_locally_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.21_L1_Ensure_Deny_log_on_through_Remote_Desktop_Services_to_include_Guests_Local_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.23_L1_Ensure_Force_shutdown_from_a_remote_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.24_L1_Ensure_Generate_security_audits_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.26_L1_Ensure_Increase_scheduling_priority_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.27_L1_Ensure_Load_and_unload_device_drivers_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.28_L1_Ensure_Lock_pages_in_memory_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.29_L2_Ensure_Log_on_as_a_batch_job_is_set_to_Administrators_DC_Only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.30_L1_Configure_Manage_auditing_and_security_log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.31_L1_Ensure_Modify_an_object_label_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.32_L1_Ensure_Modify_firmware_environment_values_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.33_L1_Ensure_Perform_volume_maintenance_tasks_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.34_L1_Ensure_Profile_single_process_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.35_L1_Ensure_Profile_system_performance_is_set_to_Administrators_NT_SERVICEWdiServiceHost"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.36_L1_Ensure_Replace_a_process_level_token_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.37_L1_Ensure_Restore_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.38_L1_Ensure_Shut_down_the_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.39_L1_Ensure_Synchronize_directory_service_data_is_set_to_No_One_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.40_L1_Ensure_Take_ownership_of_files_or_other_objects_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.1_L1_Ensure_Accounts_Administrator_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.2_L1_Ensure_Accounts_Block_Microsoft_accounts_is_set_to_Users_cant_add_or_log_on_with_Microsoft_accounts"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.3_L1_Ensure_Accounts_Guest_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.4_L1_Ensure_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.5_L1_Configure_Accounts_Rename_administrator_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.6_L1_Configure_Accounts_Rename_guest_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.1_L1_Ensure_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.2_L1_Ensure_Audit_Shut_down_system_immediately_if_unable_to_log_security_audits_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.1_L1_Ensure_Devices_Allowed_to_format_and_eject_removable_media_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.2_L1_Ensure_Devices_Prevent_users_from_installing_printer_drivers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.1_L1_Ensure_Domain_controller_Allow_server_operators_to_schedule_tasks_is_set_to_Disabled_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.2_L1_Ensure_Domain_controller_LDAP_server_signing_requirements_is_set_to_Require_signing_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.5.3_L1_Ensure_Domain_controller_Refuse_machine_account_password_changes_is_set_to_Disabled_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.1_L1_Ensure_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.2_L1_Ensure_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.3_L1_Ensure_Domain_member_Digitally_sign_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.4_L1_Ensure_Domain_member_Disable_machine_account_password_changes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.5_L1_Ensure_Domain_member_Maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.6_L1_Ensure_Domain_member_Require_strong_Windows_2000_or_later_session_key_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.1_L1_Ensure_Interactive_logon_Do_not_display_last_user_name_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.2_L1_Ensure_Interactive_logon_Do_not_require_CTRLALTDEL_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.3_L1_Ensure_Interactive_logon_Machine_inactivity_limit_is_set_to_900_or_fewer_seconds_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.4_L1_Configure_Interactive_logon_Message_text_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.5_L1_Configure_Interactive_logon_Message_title_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.7_L1_Ensure_Interactive_logon_Prompt_user_to_change_password_before_expiration_is_set_to_between_5_and_14_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.9_L1_Ensure_Interactive_logon_Smart_card_removal_behavior_is_set_to_Lock_Workstation_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.1_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.2_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.3_L1_Ensure_Microsoft_network_client_Send_unencrypted_password_to_third-party_SMB_servers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.1_L1_Ensure_Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session_is_set_to_15_or_fewer_minutes_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.2_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.3_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.4_L1_Ensure_Microsoft_network_server_Disconnect_clients_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.5_L1_Ensure_Microsoft_network_server_Server_SPN_target_name_validation_level_is_set_to_Accept_if_provided_by_client_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.1_L1_Ensure_Network_access_Allow_anonymous_SIDName_translation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.2_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.3_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.4_L2_Ensure_Network_access_Do_not_allow_storage_of_passwords_and_credentials_for_network_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.5_L1_Ensure_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.7_L1_Ensure_Network_access_Remotely_accessible_registry_paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.8_L1_Ensure_Network_access_Remotely_accessible_registry_paths_and_sub-paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.9_L1_Ensure_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.10_L1_Ensure_Network_access_Shares_that_can_be_accessed_anonymously_is_set_to_None"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.11_L1_Ensure_Network_access_Sharing_and_security_model_for_local_accounts_is_set_to_Classic_-_local_users_authenticate_as_themselves"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.1_L1_Ensure_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.2_L1_Ensure_Network_security_Allow_LocalSystem_NULL_session_fallback_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.3_L1_Ensure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.4_L1_Ensure_Network_Security_Configure_encryption_types_allowed_for_Kerberos_is_set_to_RC4_HMAC_MD5_AES128_HMAC_SHA1_AES256_HMAC_SHA1_Future_encryption_types"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.5_L1_Ensure_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.6_L1_Ensure_Network_security_Force_logoff_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.7_L1_Ensure_Network_security_LAN_Manager_authentication_level_is_set_to_Send_NTLMv2_response_only._Refuse_LM__NTLM"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.8_L1_Ensure_Network_security_LDAP_client_signing_requirements_is_set_to_Negotiate_signing_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.9_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.10_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.13.1_L1_Ensure_Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.1_L1_Ensure_System_objects_Require_case_insensitivity_for_non-Windows_subsystems_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.2_L1_Ensure_System_objects_Strengthen_default_permissions_of_internal_system_objects_e.g._Symbolic_Links_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.1_L1_Ensure_User_Account_Control_Admin_Approval_Mode_for_the_Built-in_Administrator_account_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.2_L1_Ensure_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.3_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_is_set_to_Prompt_for_consent_on_the_secure_desktop"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.4_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_is_set_to_Automatically_deny_elevation_requests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.5_L1_Ensure_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.6_L1_Ensure_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.7_L1_Ensure_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.8_L1_Ensure_User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.9_L1_Ensure_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per-user_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.1_L1_Ensure_Windows_Firewall_Domain_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.2_L1_Ensure_Windows_Firewall_Domain_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.3_L1_Ensure_Windows_Firewall_Domain_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.4_L1_Ensure_Windows_Firewall_Domain_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.5_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.6_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.7_L1_Ensure_Windows_Firewall_Domain_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewalldomainfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.8_L1_Ensure_Windows_Firewall_Domain_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.9_L1_Ensure_Windows_Firewall_Domain_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.10_L1_Ensure_Windows_Firewall_Domain_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.1_L1_Ensure_Windows_Firewall_Private_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.2_L1_Ensure_Windows_Firewall_Private_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.3_L1_Ensure_Windows_Firewall_Private_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.4_L1_Ensure_Windows_Firewall_Private_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.5_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.6_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.7_L1_Ensure_Windows_Firewall_Private_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallprivatefw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.8_L1_Ensure_Windows_Firewall_Private_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.9_L1_Ensure_Windows_Firewall_Private_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.10_L1_Ensure_Windows_Firewall_Private_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.1_L1_Ensure_Windows_Firewall_Public_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.2_L1_Ensure_Windows_Firewall_Public_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.3_L1_Ensure_Windows_Firewall_Public_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.4_L1_Ensure_Windows_Firewall_Public_Settings_Display_a_notification_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.5_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_firewall_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.6_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_connection_security_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.7_L1_Ensure_Windows_Firewall_Public_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallpublicfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.8_L1_Ensure_Windows_Firewall_Public_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.9_L1_Ensure_Windows_Firewall_Public_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.10_L1_Ensure_Windows_Firewall_Public_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.1.1_L1_Ensure_Audit_Credential_Validation_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.1_L1_Ensure_Audit_Application_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.2_L1_Ensure_Audit_Computer_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.3_L1_Ensure_Audit_Distribution_Group_Management_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.4_L1_Ensure_Audit_Other_Account_Management_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.5_L1_Ensure_Audit_Security_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.6_L1_Ensure_Audit_User_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.3.1_L1_Ensure_Audit_Process_Creation_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.4.1_L1_Ensure_Audit_Directory_Service_Access_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.4.2_L1_Ensure_Audit_Directory_Service_Changes_is_set_to_Success_and_Failure_DC_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.1_L1_Ensure_Audit_Account_Lockout_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.2_L1_Ensure_Audit_Logoff_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.3_L1_Ensure_Audit_Logon_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.4_L1_Ensure_Audit_Other_LogonLogoff_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.5_L1_Ensure_Audit_Special_Logon_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.6.1_L1_Ensure_Audit_Removable_Storage_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.1_L1_Ensure_Audit_Audit_Policy_Change_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.2_L1_Ensure_Audit_Authentication_Policy_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.8.1_L1_Ensure_Audit_Sensitive_Privilege_Use_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.1_L1_Ensure_Audit_IPsec_Driver_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.2_L1_Ensure_Audit_Other_System_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.3_L1_Ensure_Audit_Security_State_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.4_L1_Ensure_Audit_Security_System_Extension_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.5_L1_Ensure_Audit_System_Integrity_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.1_L1_Ensure_Prevent_enabling_lock_screen_camera_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.2_L1_Ensure_Prevent_enabling_lock_screen_slide_show_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.1_L1_Ensure_MSS_AutoAdminLogon_Enable_Automatic_Logon_not_recommended_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.2_L1_Ensure_MSS_DisableIPSourceRouting_IPv6_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.3_L1_Ensure_MSS_DisableIPSourceRouting_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.4_L1_Ensure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.5_L2_Ensure_MSS_KeepAliveTime_How_often_keep-alive_packets_are_sent_in_milliseconds_is_set_to_Enabled_300000_or_5_minutes_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.6_L1_Ensure_MSS_NoNameReleaseOnDemand_Allow_the_computer_to_ignore_NetBIOS_name_release_requests_except_from_WINS_servers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.7_L2_Ensure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.8_L1_Ensure_MSS_SafeDllSearchMode_Enable_Safe_DLL_search_mode_recommended_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.9_L1_Ensure_MSS_ScreenSaverGracePeriod_The_time_in_seconds_before_the_screen_saver_grace_period_expires_0_recommended_is_set_to_Enabled_5_or_fewer_seconds"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.10_L2_Ensure_MSS_TcpMaxDataRetransmissions_IPv6_How_many_times_unacknowledged_data_is_retransmitted_is_set_to_Enabled_3"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.11_L2_Ensure_MSS_TcpMaxDataRetransmissions_How_many_times_unacknowledged_data_is_retransmitted_is_set_to_Enabled_3"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.12_L1_Ensure_MSS_WarningLevel_Percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning_is_set_to_Enabled_90_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.8.1_L2_Ensure_Turn_on_Mapper_IO_LLTDIO_driver_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.8.2_L2_Ensure_Turn_on_Responder_RSPNDR_driver_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.9.2_L2_Ensure_Turn_off_Microsoft_Peer-to-Peer_Networking_Services_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.2_L1_Ensure_Prohibit_installation_and_configuration_of_Network_Bridge_on_your_DNS_domain_network_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.3_L1_Ensure_Require_domain_users_to_elevate_when_setting_a_networks_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.13.1_L1_Ensure_Hardened_UNC_Paths_is_set_to_Enabled_with_Require_Mutual_Authentication_and_Require_Integrity_set_for_all_NETLOGON_and_SYSVOL_shares"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.18.2.1_L2_Disable_IPv6_Ensure_TCPIP6_Parameter_DisabledComponents_is_set_to_0xff_255"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.19.1_L2_Ensure_Configuration_of_wireless_settings_using_Windows_Connect_Now_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.19.2_L2_Ensure_Prohibit_access_of_the_Windows_Connect_Now_wizards_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.20.1_L1_Ensure_Minimize_the_number_of_simultaneous_connections_to_the_Internet_or_a_Windows_Domain_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.2_L1_Ensure_WDigest_Authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.2.1_L1_Ensure_Include_command_line_in_process_creation_events_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.11.1_L1_Ensure_Boot-Start_Driver_Initialization_Policy_is_set_to_Enabled_Good_unknown_and_bad_but_critical"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.2_L1_Ensure_Configure_registry_policy_processing_Do_not_apply_during_periodic_background_processing_is_set_to_Enabled_FALSE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.3_L1_Ensure_Configure_registry_policy_processing_Process_even_if_the_Group_Policy_objects_have_not_changed_is_set_to_Enabled_TRUE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.4_L1_Ensure_Turn_off_background_refresh_of_Group_Policy_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.1_L2_Ensure_Turn_off_access_to_the_Store_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.2_L2_Ensure_Turn_off_downloading_of_print_drivers_over_HTTP_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.3_L2_Ensure_Turn_off_handwriting_personalization_data_sharing_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.4_L2_Ensure_Turn_off_handwriting_recognition_error_reporting_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.5_L2_Ensure_Turn_off_Internet_Connection_Wizard_if_URL_connection_is_referring_to_Microsoft.com_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.6_L2_Ensure_Turn_off_Internet_download_for_Web_publishing_and_online_ordering_wizards_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.7_L2_Ensure_Turn_off_printing_over_HTTP_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.8_L2_Ensure_Turn_off_Registration_if_URL_connection_is_referring_to_Microsoft.com_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.9_L2_Ensure_Turn_off_Search_Companion_content_file_updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.10_L2_Ensure_Turn_off_the_Order_Prints_picture_task_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.11_L2_Ensure_Turn_off_the_Publish_to_Web_task_for_files_and_folders_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.12_L2_Ensure_Turn_off_the_Windows_Messenger_Customer_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.13_L2_Ensure_Turn_off_Windows_Customer_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.14_L2_Ensure_Turn_off_Windows_Error_Reporting_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.23.1_L2_Ensure_Disallow_copying_of_user_input_methods_to_the_system_account_for_sign-in_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.1_L1_Ensure_Do_not_display_network_selection_UI_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.2_L1_Ensure_Do_not_enumerate_connected_users_on_domain-joined_computers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.3_L1_Ensure_Enumerate_local_users_on_domain-joined_computers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.4_L1_Ensure_Turn_off_app_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.5_L1_Ensure_Turn_on_convenience_PIN_sign-in_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.28.4.1_L2_Ensure_Require_a_password_when_a_computer_wakes_on_battery_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.28.4.2_L2_Ensure_Require_a_password_when_a_computer_wakes_plugged_in_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.1_L1_Ensure_Configure_Offer_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.2_L1_Ensure_Configure_Solicited_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.38.5.1_L2_Ensure_Microsoft_Support_Diagnostic_Tool_Turn_on_MSDT_interactive_communication_with_support_provider_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.38.11.1_L2_Ensure_EnableDisable_PerfTrack_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.43.1.1_L2_Ensure_Enable_Windows_NTP_Client_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.6.1_L1_Ensure_Allow_Microsoft_accounts_to_be_optional_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.1_L1_Ensure_Disallow_Autoplay_for_non-volume_devices_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.2_L1_Ensure_Set_the_default_behavior_for_AutoRun_is_set_to_Enabled_Do_not_execute_any_autorun_commands"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.3_L1_Ensure_Turn_off_Autoplay_is_set_to_Enabled_All_drives"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.1_L1_Ensure_Do_not_display_the_password_reveal_button_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.2_L1_Ensure_Enumerate_administrator_accounts_on_elevation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.1_L1_Ensure_EMET_5.5_or_higher_is_installed"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.2_L1_Ensure_Default_Action_and_Mitigation_Settings_is_set_to_Enabled_plus_subsettings"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.3_L1_Ensure_Default_Protections_for_Internet_Explorer_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.4_L1_Ensure_Default_Protections_for_Popular_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.5_L1_Ensure_Default_Protections_for_Recommended_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.6_L1_Ensure_System_ASLR_is_set_to_Enabled_Application_Opt-In"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.7_L1_Ensure_System_DEP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.8_L1_Ensure_System_SEHOP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.1_L1_Ensure_Application_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.2_L1_Ensure_Application_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.1_L1_Ensure_Security_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.2_L1_Ensure_Security_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_196608_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.1_L1_Ensure_Setup_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.2_L1_Ensure_Setup_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.1_L1_Ensure_System_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.2_L1_Ensure_System_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.2_L1_Ensure_Configure_Windows_SmartScreen_is_set_to_Enabled_Require_approval_from_an_administrator_before_running_downloaded_unknown_software"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.3_L1_Ensure_Turn_off_Data_Execution_Prevention_for_Explorer_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.4_L1_Ensure_Turn_off_heap_termination_on_corruption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.5_L1_Ensure_Turn_off_shell_protocol_protected_mode_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.35.1_L2_Ensure_Turn_off_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.2.2_L1_Ensure_Do_not_allow_passwords_to_be_saved_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.2.1_L2_Ensure_Restrict_Remote_Desktop_Services_users_to_a_single_Remote_Desktop_Services_session_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.2_L1_Ensure_Do_not_allow_drive_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.1_L2_Ensure_Do_not_allow_COM_port_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.4_L2_Ensure_Do_not_allow_supported_Plug_and_Play_device_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.3_L2_Ensure_Do_not_allow_LPT_port_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.1_L1_Ensure_Always_prompt_for_password_upon_connection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.3_L1_Ensure_Set_client_connection_encryption_level_is_set_to_Enabled_High_Level"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.2_L1_Ensure_Require_secure_RPC_communication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.10.2_L2_Ensure_Set_time_limit_for_disconnected_sessions_is_set_to_Enabled_1_minute"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.10.1_L2_Ensure_Set_time_limit_for_active_but_idle_Remote_Desktop_Services_sessions_is_set_to_Enabled_15_minutes_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.2_L1_Ensure_Do_not_use_temporary_folders_per_session_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.1_L1_Ensure_Do_not_delete_temp_folders_upon_exit_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.49.1_L1_Ensure_Prevent_downloading_of_enclosures_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.2_L1_Ensure_Allow_indexing_of_encrypted_files_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.3_L2_Ensure_Set_what_information_is_shared_in_Search_is_set_to_Enabled_Anonymous_info"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.54.1_L1_Ensure_Prevent_the_usage_of_SkyDrive_for_file_storage_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.56.1_L2_Ensure_Turn_off_KMS_Client_Online_AVS_Validation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.1_L1_Ensure_Turn_off_Automatic_Download_and_Install_of_updates_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.2_L1_Ensure_Turn_off_the_offer_to_update_to_the_latest_version_of_Windows_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.3_L2_Ensure_Turn_off_the_Store_application_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.66.3.1_L2_Ensure_Join_Microsoft_MAPS_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.2.1_L1_Ensure_Configure_Default_consent_is_set_to_Enabled_Always_ask_before_sending_data"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.3_L1_Ensure_Automatically_send_memory_dumps_for_OS-generated_error_reports_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.1_L1_Ensure_Allow_user_control_over_installs_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.2_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.3_L2_Ensure_Prevent_Internet_Explorer_security_prompt_for_Windows_Installer_scripts_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.70.1_L1_Ensure_Sign-in_last_interactive_user_automatically_after_a_system-initiated_restart_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.1_L1_Ensure_Turn_on_PowerShell_Script_Block_Logging_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.2_L1_Ensure_Turn_on_PowerShell_Transcription_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.3_L1_Ensure_Disallow_Digest_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.3_L1_Ensure_Disallow_WinRM_from_storing_RunAs_credentials_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.82.1_L2_Ensure_Allow_Remote_Shell_Access_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.1_L1_Ensure_Configure_Automatic_Updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.2_L1_Ensure_Configure_Automatic_Updates_Scheduled_install_day_is_set_to_0_-_Every_day"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.3_L1_Ensure_No_auto-restart_with_logged_on_users_for_scheduled_automatic_updates_installations_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.1_L1_Ensure_Enable_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.2_L1_Ensure_Force_specific_screen_saver_Screen_saver_executable_name_is_set_to_Enabled_scrnsave.scr"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.3_L1_Ensure_Password_protect_the_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.4_L1_Ensure_Screen_saver_timeout_is_set_to_Enabled_900_seconds_or_fewer_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.5.1.1_L1_Ensure_Turn_off_toast_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.6.5.1.1_L2_Ensure_Turn_off_Help_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.1_L1_Ensure_Do_not_preserve_zone_information_in_file_attachments_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.2_L1_Ensure_Notify_antivirus_programs_when_opening_attachments_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.25.1_L1_Ensure_Prevent_users_from_sharing_files_within_their_profile._is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.37.1_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.41.2.1_L2_Ensure_Prevent_Codec_Download_is_set_to_Enabled"
           selected="true"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
                selector="DC"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
                selector="DC"/>
</Profile>
Level 2 - Member Server

This profile extends the "Level 1 - Member Server" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is paramount
  • acts as defense in depth measure
  • may negatively inhibit the utility or performance of the technology
Show Profile XML
<Profile xmlns="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         id="xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Member_Server">
   <title xml:lang="en">Level 2 - Member Server</title>
   <description xml:lang="en">
      <p xmlns="http://www.w3.org/1999/xhtml">This profile extends the "Level 1 - Member Server" profile. Items in this profile exhibit one or more of the following characteristics:</p>
      <ul xmlns="http://www.w3.org/1999/xhtml">
         <li>are intended for environments or use cases where security is paramount</li>
         <li>acts as defense in depth measure</li>
         <li>may negatively inhibit the utility or performance of the technology</li>
      </ul>
   </description>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1_L1_Ensure_Enforce_password_history_is_set_to_24_or_more_passwords"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_L1_Ensure_Maximum_password_age_is_set_to_60_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_L1_Ensure_Minimum_password_age_is_set_to_1_or_more_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_L1_Ensure_Minimum_password_length_is_set_to_14_or_more_characters"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_L1_Ensure_Password_must_meet_complexity_requirements_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_L1_Ensure_Store_passwords_using_reversible_encryption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_L1_Ensure_Account_lockout_duration_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_L1_Ensure_Account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_1.2.3_L1_Ensure_Reset_account_lockout_counter_after_is_set_to_15_or_more_minutes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1_L1_Ensure_Access_Credential_Manager_as_a_trusted_caller_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_L1_Ensure_Act_as_part_of_the_operating_system_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.5_L1_Ensure_Adjust_memory_quotas_for_a_process_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.8_L1_Ensure_Back_up_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.9_L1_Ensure_Change_the_system_time_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.10_L1_Ensure_Change_the_time_zone_is_set_to_Administrators_LOCAL_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.11_L1_Ensure_Create_a_pagefile_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.12_L1_Ensure_Create_a_token_object_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.13_L1_Ensure_Create_global_objects_is_set_to_Administrators_LOCAL_SERVICE_NETWORK_SERVICE_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.14_L1_Ensure_Create_permanent_shared_objects_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.15_L1_Configure_Create_symbolic_links"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.16_L1_Ensure_Debug_programs_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.18_L1_Ensure_Deny_log_on_as_a_batch_job_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.19_L1_Ensure_Deny_log_on_as_a_service_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.20_L1_Ensure_Deny_log_on_locally_to_include_Guests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.21_L1_Ensure_Deny_log_on_through_Remote_Desktop_Services_to_include_Guests_Local_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.23_L1_Ensure_Force_shutdown_from_a_remote_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.24_L1_Ensure_Generate_security_audits_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.26_L1_Ensure_Increase_scheduling_priority_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.27_L1_Ensure_Load_and_unload_device_drivers_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.28_L1_Ensure_Lock_pages_in_memory_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.30_L1_Configure_Manage_auditing_and_security_log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.31_L1_Ensure_Modify_an_object_label_is_set_to_No_One"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.32_L1_Ensure_Modify_firmware_environment_values_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.33_L1_Ensure_Perform_volume_maintenance_tasks_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.34_L1_Ensure_Profile_single_process_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.35_L1_Ensure_Profile_system_performance_is_set_to_Administrators_NT_SERVICEWdiServiceHost"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.36_L1_Ensure_Replace_a_process_level_token_is_set_to_LOCAL_SERVICE_NETWORK_SERVICE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.37_L1_Ensure_Restore_files_and_directories_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.38_L1_Ensure_Shut_down_the_system_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.2.40_L1_Ensure_Take_ownership_of_files_or_other_objects_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.1_L1_Ensure_Accounts_Administrator_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.2_L1_Ensure_Accounts_Block_Microsoft_accounts_is_set_to_Users_cant_add_or_log_on_with_Microsoft_accounts"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.3_L1_Ensure_Accounts_Guest_account_status_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.4_L1_Ensure_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.5_L1_Configure_Accounts_Rename_administrator_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.1.6_L1_Configure_Accounts_Rename_guest_account"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.1_L1_Ensure_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.2.2_L1_Ensure_Audit_Shut_down_system_immediately_if_unable_to_log_security_audits_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.1_L1_Ensure_Devices_Allowed_to_format_and_eject_removable_media_is_set_to_Administrators"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.4.2_L1_Ensure_Devices_Prevent_users_from_installing_printer_drivers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.1_L1_Ensure_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.2_L1_Ensure_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.3_L1_Ensure_Domain_member_Digitally_sign_secure_channel_data_when_possible_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.4_L1_Ensure_Domain_member_Disable_machine_account_password_changes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.5_L1_Ensure_Domain_member_Maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.6.6_L1_Ensure_Domain_member_Require_strong_Windows_2000_or_later_session_key_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.1_L1_Ensure_Interactive_logon_Do_not_display_last_user_name_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.2_L1_Ensure_Interactive_logon_Do_not_require_CTRLALTDEL_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.3_L1_Ensure_Interactive_logon_Machine_inactivity_limit_is_set_to_900_or_fewer_seconds_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.4_L1_Configure_Interactive_logon_Message_text_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.5_L1_Configure_Interactive_logon_Message_title_for_users_attempting_to_log_on"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.6_L2_Ensure_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_is_set_to_4_or_fewer_logons_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.7_L1_Ensure_Interactive_logon_Prompt_user_to_change_password_before_expiration_is_set_to_between_5_and_14_days"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.8_L1_Ensure_Interactive_logon_Require_Domain_Controller_Authentication_to_unlock_workstation_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.7.9_L1_Ensure_Interactive_logon_Smart_card_removal_behavior_is_set_to_Lock_Workstation_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.1_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.2_L1_Ensure_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.8.3_L1_Ensure_Microsoft_network_client_Send_unencrypted_password_to_third-party_SMB_servers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.1_L1_Ensure_Microsoft_network_server_Amount_of_idle_time_required_before_suspending_session_is_set_to_15_or_fewer_minutes_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.2_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_always_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.3_L1_Ensure_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.4_L1_Ensure_Microsoft_network_server_Disconnect_clients_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.9.5_L1_Ensure_Microsoft_network_server_Server_SPN_target_name_validation_level_is_set_to_Accept_if_provided_by_client_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.1_L1_Ensure_Network_access_Allow_anonymous_SIDName_translation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.2_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.3_L1_Ensure_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.4_L2_Ensure_Network_access_Do_not_allow_storage_of_passwords_and_credentials_for_network_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.5_L1_Ensure_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.7_L1_Ensure_Network_access_Remotely_accessible_registry_paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.8_L1_Ensure_Network_access_Remotely_accessible_registry_paths_and_sub-paths"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.9_L1_Ensure_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.10_L1_Ensure_Network_access_Shares_that_can_be_accessed_anonymously_is_set_to_None"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.11_L1_Ensure_Network_access_Sharing_and_security_model_for_local_accounts_is_set_to_Classic_-_local_users_authenticate_as_themselves"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.1_L1_Ensure_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.2_L1_Ensure_Network_security_Allow_LocalSystem_NULL_session_fallback_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.3_L1_Ensure_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.4_L1_Ensure_Network_Security_Configure_encryption_types_allowed_for_Kerberos_is_set_to_RC4_HMAC_MD5_AES128_HMAC_SHA1_AES256_HMAC_SHA1_Future_encryption_types"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.5_L1_Ensure_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.6_L1_Ensure_Network_security_Force_logoff_when_logon_hours_expire_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.7_L1_Ensure_Network_security_LAN_Manager_authentication_level_is_set_to_Send_NTLMv2_response_only._Refuse_LM__NTLM"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.8_L1_Ensure_Network_security_LDAP_client_signing_requirements_is_set_to_Negotiate_signing_or_higher"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.9_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.11.10_L1_Ensure_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_is_set_to_Require_NTLMv2_session_security_Require_128-bit_encryption"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.13.1_L1_Ensure_Shutdown_Allow_system_to_be_shut_down_without_having_to_log_on_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.1_L1_Ensure_System_objects_Require_case_insensitivity_for_non-Windows_subsystems_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.15.2_L1_Ensure_System_objects_Strengthen_default_permissions_of_internal_system_objects_e.g._Symbolic_Links_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.1_L1_Ensure_User_Account_Control_Admin_Approval_Mode_for_the_Built-in_Administrator_account_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.2_L1_Ensure_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.3_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_is_set_to_Prompt_for_consent_on_the_secure_desktop"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.4_L1_Ensure_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_is_set_to_Automatically_deny_elevation_requests"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.5_L1_Ensure_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.6_L1_Ensure_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.7_L1_Ensure_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.8_L1_Ensure_User_Account_Control_Switch_to_the_secure_desktop_when_prompting_for_elevation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_2.3.17.9_L1_Ensure_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per-user_locations_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.1_L1_Ensure_Windows_Firewall_Domain_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.2_L1_Ensure_Windows_Firewall_Domain_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.3_L1_Ensure_Windows_Firewall_Domain_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.4_L1_Ensure_Windows_Firewall_Domain_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.5_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.6_L1_Ensure_Windows_Firewall_Domain_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.7_L1_Ensure_Windows_Firewall_Domain_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewalldomainfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.8_L1_Ensure_Windows_Firewall_Domain_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.9_L1_Ensure_Windows_Firewall_Domain_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.1.10_L1_Ensure_Windows_Firewall_Domain_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.1_L1_Ensure_Windows_Firewall_Private_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.2_L1_Ensure_Windows_Firewall_Private_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.3_L1_Ensure_Windows_Firewall_Private_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.4_L1_Ensure_Windows_Firewall_Private_Settings_Display_a_notification_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.5_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_firewall_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.6_L1_Ensure_Windows_Firewall_Private_Settings_Apply_local_connection_security_rules_is_set_to_Yes_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.7_L1_Ensure_Windows_Firewall_Private_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallprivatefw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.8_L1_Ensure_Windows_Firewall_Private_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.9_L1_Ensure_Windows_Firewall_Private_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.2.10_L1_Ensure_Windows_Firewall_Private_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.1_L1_Ensure_Windows_Firewall_Public_Firewall_state_is_set_to_On_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.2_L1_Ensure_Windows_Firewall_Public_Inbound_connections_is_set_to_Block_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.3_L1_Ensure_Windows_Firewall_Public_Outbound_connections_is_set_to_Allow_default"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.4_L1_Ensure_Windows_Firewall_Public_Settings_Display_a_notification_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.5_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_firewall_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.6_L1_Ensure_Windows_Firewall_Public_Settings_Apply_local_connection_security_rules_is_set_to_No"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.7_L1_Ensure_Windows_Firewall_Public_Logging_Name_is_set_to_SYSTEMROOTSystem32logfilesfirewallpublicfw.log"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.8_L1_Ensure_Windows_Firewall_Public_Logging_Size_limit_KB_is_set_to_16384_KB_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.9_L1_Ensure_Windows_Firewall_Public_Logging_Log_dropped_packets_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_9.3.10_L1_Ensure_Windows_Firewall_Public_Logging_Log_successful_connections_is_set_to_Yes"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.1.1_L1_Ensure_Audit_Credential_Validation_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.1_L1_Ensure_Audit_Application_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.2_L1_Ensure_Audit_Computer_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.4_L1_Ensure_Audit_Other_Account_Management_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.5_L1_Ensure_Audit_Security_Group_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.2.6_L1_Ensure_Audit_User_Account_Management_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.3.1_L1_Ensure_Audit_Process_Creation_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.1_L1_Ensure_Audit_Account_Lockout_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.2_L1_Ensure_Audit_Logoff_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.3_L1_Ensure_Audit_Logon_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.4_L1_Ensure_Audit_Other_LogonLogoff_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.5.5_L1_Ensure_Audit_Special_Logon_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.6.1_L1_Ensure_Audit_Removable_Storage_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.1_L1_Ensure_Audit_Audit_Policy_Change_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.7.2_L1_Ensure_Audit_Authentication_Policy_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.8.1_L1_Ensure_Audit_Sensitive_Privilege_Use_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.1_L1_Ensure_Audit_IPsec_Driver_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.2_L1_Ensure_Audit_Other_System_Events_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.3_L1_Ensure_Audit_Security_State_Change_is_set_to_Success"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.4_L1_Ensure_Audit_Security_System_Extension_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_17.9.5_L1_Ensure_Audit_System_Integrity_is_set_to_Success_and_Failure"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.1_L1_Ensure_Prevent_enabling_lock_screen_camera_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.1.1.2_L1_Ensure_Prevent_enabling_lock_screen_slide_show_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.1_L1_Ensure_LAPS_AdmPwd_GPO_Extension__CSE_is_installed_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.2_L1_Ensure_Do_not_allow_password_expiration_time_longer_than_required_by_policy_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.3_L1_Ensure_Enable_Local_Admin_Password_Management_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.4_L1_Ensure_Password_Settings_Password_Complexity_is_set_to_Enabled_Large_letters__small_letters__numbers__special_characters_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.5_L1_Ensure_Password_Settings_Password_Length_is_set_to_Enabled_15_or_more_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.2.6_L1_Ensure_Password_Settings_Password_Age_Days_is_set_to_Enabled_30_or_fewer_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.1_L1_Ensure_MSS_AutoAdminLogon_Enable_Automatic_Logon_not_recommended_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.2_L1_Ensure_MSS_DisableIPSourceRouting_IPv6_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.3_L1_Ensure_MSS_DisableIPSourceRouting_IP_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_Enabled_Highest_protection_source_routing_is_completely_disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.4_L1_Ensure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.5_L2_Ensure_MSS_KeepAliveTime_How_often_keep-alive_packets_are_sent_in_milliseconds_is_set_to_Enabled_300000_or_5_minutes_recommended"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.6_L1_Ensure_MSS_NoNameReleaseOnDemand_Allow_the_computer_to_ignore_NetBIOS_name_release_requests_except_from_WINS_servers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.7_L2_Ensure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.8_L1_Ensure_MSS_SafeDllSearchMode_Enable_Safe_DLL_search_mode_recommended_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.9_L1_Ensure_MSS_ScreenSaverGracePeriod_The_time_in_seconds_before_the_screen_saver_grace_period_expires_0_recommended_is_set_to_Enabled_5_or_fewer_seconds"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.10_L2_Ensure_MSS_TcpMaxDataRetransmissions_IPv6_How_many_times_unacknowledged_data_is_retransmitted_is_set_to_Enabled_3"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.11_L2_Ensure_MSS_TcpMaxDataRetransmissions_How_many_times_unacknowledged_data_is_retransmitted_is_set_to_Enabled_3"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.3.12_L1_Ensure_MSS_WarningLevel_Percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning_is_set_to_Enabled_90_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.8.1_L2_Ensure_Turn_on_Mapper_IO_LLTDIO_driver_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.8.2_L2_Ensure_Turn_on_Responder_RSPNDR_driver_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.9.2_L2_Ensure_Turn_off_Microsoft_Peer-to-Peer_Networking_Services_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.2_L1_Ensure_Prohibit_installation_and_configuration_of_Network_Bridge_on_your_DNS_domain_network_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.10.3_L1_Ensure_Require_domain_users_to_elevate_when_setting_a_networks_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.13.1_L1_Ensure_Hardened_UNC_Paths_is_set_to_Enabled_with_Require_Mutual_Authentication_and_Require_Integrity_set_for_all_NETLOGON_and_SYSVOL_shares"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.18.2.1_L2_Disable_IPv6_Ensure_TCPIP6_Parameter_DisabledComponents_is_set_to_0xff_255"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.19.1_L2_Ensure_Configuration_of_wireless_settings_using_Windows_Connect_Now_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.19.2_L2_Ensure_Prohibit_access_of_the_Windows_Connect_Now_wizards_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.20.1_L1_Ensure_Minimize_the_number_of_simultaneous_connections_to_the_Internet_or_a_Windows_Domain_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.4.20.2_L2_Ensure_Prohibit_connection_to_non-domain_networks_when_connected_to_domain_authenticated_network_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.1_L1_Ensure_Apply_UAC_restrictions_to_local_accounts_on_network_logons_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.6.2_L1_Ensure_WDigest_Authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.2.1_L1_Ensure_Include_command_line_in_process_creation_events_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.11.1_L1_Ensure_Boot-Start_Driver_Initialization_Policy_is_set_to_Enabled_Good_unknown_and_bad_but_critical"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.2_L1_Ensure_Configure_registry_policy_processing_Do_not_apply_during_periodic_background_processing_is_set_to_Enabled_FALSE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.3_L1_Ensure_Configure_registry_policy_processing_Process_even_if_the_Group_Policy_objects_have_not_changed_is_set_to_Enabled_TRUE"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.18.4_L1_Ensure_Turn_off_background_refresh_of_Group_Policy_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.1_L2_Ensure_Turn_off_access_to_the_Store_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.2_L2_Ensure_Turn_off_downloading_of_print_drivers_over_HTTP_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.3_L2_Ensure_Turn_off_handwriting_personalization_data_sharing_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.4_L2_Ensure_Turn_off_handwriting_recognition_error_reporting_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.5_L2_Ensure_Turn_off_Internet_Connection_Wizard_if_URL_connection_is_referring_to_Microsoft.com_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.6_L2_Ensure_Turn_off_Internet_download_for_Web_publishing_and_online_ordering_wizards_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.7_L2_Ensure_Turn_off_printing_over_HTTP_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.8_L2_Ensure_Turn_off_Registration_if_URL_connection_is_referring_to_Microsoft.com_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.9_L2_Ensure_Turn_off_Search_Companion_content_file_updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.10_L2_Ensure_Turn_off_the_Order_Prints_picture_task_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.11_L2_Ensure_Turn_off_the_Publish_to_Web_task_for_files_and_folders_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.12_L2_Ensure_Turn_off_the_Windows_Messenger_Customer_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.13_L2_Ensure_Turn_off_Windows_Customer_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.19.1.14_L2_Ensure_Turn_off_Windows_Error_Reporting_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.23.1_L2_Ensure_Disallow_copying_of_user_input_methods_to_the_system_account_for_sign-in_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.1_L1_Ensure_Do_not_display_network_selection_UI_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.2_L1_Ensure_Do_not_enumerate_connected_users_on_domain-joined_computers_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.3_L1_Ensure_Enumerate_local_users_on_domain-joined_computers_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.4_L1_Ensure_Turn_off_app_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.24.5_L1_Ensure_Turn_on_convenience_PIN_sign-in_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.28.4.1_L2_Ensure_Require_a_password_when_a_computer_wakes_on_battery_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.28.4.2_L2_Ensure_Require_a_password_when_a_computer_wakes_plugged_in_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.1_L1_Ensure_Configure_Offer_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.30.2_L1_Ensure_Configure_Solicited_Remote_Assistance_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.31.1_L1_Ensure_Enable_RPC_Endpoint_Mapper_Client_Authentication_is_set_to_Enabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.31.2_L2_Ensure_Restrict_Unauthenticated_RPC_clients_is_set_to_Enabled_Authenticated_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.38.5.1_L2_Ensure_Microsoft_Support_Diagnostic_Tool_Turn_on_MSDT_interactive_communication_with_support_provider_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.38.11.1_L2_Ensure_EnableDisable_PerfTrack_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.43.1.1_L2_Ensure_Enable_Windows_NTP_Client_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.8.43.1.2_L2_Ensure_Enable_Windows_NTP_Server_is_set_to_Disabled_MS_only"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.6.1_L1_Ensure_Allow_Microsoft_accounts_to_be_optional_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.1_L1_Ensure_Disallow_Autoplay_for_non-volume_devices_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.2_L1_Ensure_Set_the_default_behavior_for_AutoRun_is_set_to_Enabled_Do_not_execute_any_autorun_commands"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.8.3_L1_Ensure_Turn_off_Autoplay_is_set_to_Enabled_All_drives"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.1_L1_Ensure_Do_not_display_the_password_reveal_button_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.13.2_L1_Ensure_Enumerate_administrator_accounts_on_elevation_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.1_L1_Ensure_EMET_5.5_or_higher_is_installed"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.2_L1_Ensure_Default_Action_and_Mitigation_Settings_is_set_to_Enabled_plus_subsettings"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.3_L1_Ensure_Default_Protections_for_Internet_Explorer_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.4_L1_Ensure_Default_Protections_for_Popular_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.5_L1_Ensure_Default_Protections_for_Recommended_Software_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.6_L1_Ensure_System_ASLR_is_set_to_Enabled_Application_Opt-In"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.7_L1_Ensure_System_DEP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.22.8_L1_Ensure_System_SEHOP_is_set_to_Enabled_Application_Opt-Out"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.1_L1_Ensure_Application_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.1.2_L1_Ensure_Application_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.1_L1_Ensure_Security_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.2.2_L1_Ensure_Security_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_196608_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.1_L1_Ensure_Setup_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.3.2_L1_Ensure_Setup_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.1_L1_Ensure_System_Control_Event_Log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.24.4.2_L1_Ensure_System_Specify_the_maximum_log_file_size_KB_is_set_to_Enabled_32768_or_greater"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.2_L1_Ensure_Configure_Windows_SmartScreen_is_set_to_Enabled_Require_approval_from_an_administrator_before_running_downloaded_unknown_software"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.3_L1_Ensure_Turn_off_Data_Execution_Prevention_for_Explorer_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.4_L1_Ensure_Turn_off_heap_termination_on_corruption_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.28.5_L1_Ensure_Turn_off_shell_protocol_protected_mode_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.35.1_L2_Ensure_Turn_off_location_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.2.2_L1_Ensure_Do_not_allow_passwords_to_be_saved_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.2.1_L2_Ensure_Restrict_Remote_Desktop_Services_users_to_a_single_Remote_Desktop_Services_session_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.1_L2_Ensure_Do_not_allow_COM_port_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.2_L1_Ensure_Do_not_allow_drive_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.4_L2_Ensure_Do_not_allow_supported_Plug_and_Play_device_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.3.3_L2_Ensure_Do_not_allow_LPT_port_redirection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.1_L1_Ensure_Always_prompt_for_password_upon_connection_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.2_L1_Ensure_Require_secure_RPC_communication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.9.3_L1_Ensure_Set_client_connection_encryption_level_is_set_to_Enabled_High_Level"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.10.2_L2_Ensure_Set_time_limit_for_disconnected_sessions_is_set_to_Enabled_1_minute"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.10.1_L2_Ensure_Set_time_limit_for_active_but_idle_Remote_Desktop_Services_sessions_is_set_to_Enabled_15_minutes_or_less"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.2_L1_Ensure_Do_not_use_temporary_folders_per_session_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.48.3.11.1_L1_Ensure_Do_not_delete_temp_folders_upon_exit_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.49.1_L1_Ensure_Prevent_downloading_of_enclosures_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.2_L1_Ensure_Allow_indexing_of_encrypted_files_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.50.3_L2_Ensure_Set_what_information_is_shared_in_Search_is_set_to_Enabled_Anonymous_info"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.54.1_L1_Ensure_Prevent_the_usage_of_SkyDrive_for_file_storage_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.56.1_L2_Ensure_Turn_off_KMS_Client_Online_AVS_Validation_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.1_L1_Ensure_Turn_off_Automatic_Download_and_Install_of_updates_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.2_L1_Ensure_Turn_off_the_offer_to_update_to_the_latest_version_of_Windows_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.58.3_L2_Ensure_Turn_off_the_Store_application_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.66.3.1_L2_Ensure_Join_Microsoft_MAPS_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.2.1_L1_Ensure_Configure_Default_consent_is_set_to_Enabled_Always_ask_before_sending_data"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.67.3_L1_Ensure_Automatically_send_memory_dumps_for_OS-generated_error_reports_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.1_L1_Ensure_Allow_user_control_over_installs_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.2_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.69.3_L2_Ensure_Prevent_Internet_Explorer_security_prompt_for_Windows_Installer_scripts_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.70.1_L1_Ensure_Sign-in_last_interactive_user_automatically_after_a_system-initiated_restart_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.1_L1_Ensure_Turn_on_PowerShell_Script_Block_Logging_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.79.2_L1_Ensure_Turn_on_PowerShell_Transcription_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.1.3_L1_Ensure_Disallow_Digest_authentication_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.1_L1_Ensure_Allow_Basic_authentication_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.2_L1_Ensure_Allow_unencrypted_traffic_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.81.2.3_L1_Ensure_Disallow_WinRM_from_storing_RunAs_credentials_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.82.1_L2_Ensure_Allow_Remote_Shell_Access_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.1_L1_Ensure_Configure_Automatic_Updates_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.2_L1_Ensure_Configure_Automatic_Updates_Scheduled_install_day_is_set_to_0_-_Every_day"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_18.9.85.3_L1_Ensure_No_auto-restart_with_logged_on_users_for_scheduled_automatic_updates_installations_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.1_L1_Ensure_Enable_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.2_L1_Ensure_Force_specific_screen_saver_Screen_saver_executable_name_is_set_to_Enabled_scrnsave.scr"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.3_L1_Ensure_Password_protect_the_screen_saver_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.1.3.4_L1_Ensure_Screen_saver_timeout_is_set_to_Enabled_900_seconds_or_fewer_but_not_0"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.5.1.1_L1_Ensure_Turn_off_toast_notifications_on_the_lock_screen_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.6.5.1.1_L2_Ensure_Turn_off_Help_Experience_Improvement_Program_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.1_L1_Ensure_Do_not_preserve_zone_information_in_file_attachments_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.4.2_L1_Ensure_Notify_antivirus_programs_when_opening_attachments_is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.25.1_L1_Ensure_Prevent_users_from_sharing_files_within_their_profile._is_set_to_Enabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.37.1_L1_Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled"
           selected="true"/>
   <select idref="xccdf_org.cisecurity.benchmarks_rule_19.7.41.2.1_L2_Ensure_Prevent_Codec_Download_is_set_to_Enabled"
           selected="true"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.6_L1_Configure_Allow_log_on_locally"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.7_L1_Configure_Allow_log_on_through_Remote_Desktop_Services"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.17_L1_Configure_Deny_access_to_this_computer_from_the_network"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.22_L1_Configure_Enable_computer_and_user_accounts_to_be_trusted_for_delegation"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.2.25_L1_Configure_Impersonate_a_client_after_authentication"
                selector="MS"/>
   <refine-rule idref="xccdf_org.cisecurity.benchmarks_rule_2.3.10.6_L1_Configure_Network_access_Named_Pipes_that_can_be_accessed_anonymously"
                selector="MS"/>
</Profile>

Assessment Results

w Benchmark Item Result
1 Account Policies
1.1 Password Policy
1.0 1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)' Pass
1.0 1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' Fail
1.0 1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)' Pass
1.0 1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)' Pass
1.0 1.1.5 (L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled' Unknown
1.0 1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled' Unknown
1.2 Account Lockout Policy
1.0 1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)' Pass
1.0 1.2.2 (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0' Pass
1.0 1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' Pass
2 Local Policies
2.1 Audit Policy
2.2 User Rights Assignment
1.0 2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One' Pass
1.0 2.2.2 (L1) Configure 'Access this computer from the network' Pass
1.0 2.2.3 (L1) Ensure 'Act as part of the operating system' is set to 'No One' Pass
1.0 2.2.5 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' Pass
1.0 2.2.6 (L1) Configure 'Allow log on locally' Pass
1.0 2.2.7 (L1) Configure 'Allow log on through Remote Desktop Services' Pass
1.0 2.2.8 (L1) Ensure 'Back up files and directories' is set to 'Administrators' Pass
1.0 2.2.9 (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE' Pass
1.0 2.2.10 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE' Pass
1.0 2.2.11 (L1) Ensure 'Create a pagefile' is set to 'Administrators' Pass
1.0 2.2.12 (L1) Ensure 'Create a token object' is set to 'No One' Pass
1.0 2.2.13 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' Pass
1.0 2.2.14 (L1) Ensure 'Create permanent shared objects' is set to 'No One' Pass
1.0 2.2.15 (L1) Configure 'Create symbolic links' Pass
1.0 2.2.16 (L1) Ensure 'Debug programs' is set to 'Administrators' Pass
1.0 2.2.17 (L1) Configure 'Deny access to this computer from the network' Pass
1.0 2.2.18 (L1) Ensure 'Deny log on as a batch job' to include 'Guests' Pass
1.0 2.2.19 (L1) Ensure 'Deny log on as a service' to include 'Guests' Pass
1.0 2.2.20 (L1) Ensure 'Deny log on locally' to include 'Guests' Pass
1.0 2.2.21 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests, Local account' Fail
1.0 2.2.22 (L1) Configure 'Enable computer and user accounts to be trusted for delegation' Pass
1.0 2.2.23 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' Pass
1.0 2.2.24 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' Pass
1.0 2.2.25 (L1) Configure 'Impersonate a client after authentication' Fail
1.0 2.2.26 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' Pass
1.0 2.2.27 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators' Pass
1.0 2.2.28 (L1) Ensure 'Lock pages in memory' is set to 'No One' Pass
1.0 2.2.30 (L1) Configure 'Manage auditing and security log' Pass
1.0 2.2.31 (L1) Ensure 'Modify an object label' is set to 'No One' Pass
1.0 2.2.32 (L1) Ensure 'Modify firmware environment values' is set to 'Administrators' Pass
1.0 2.2.33 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' Pass
1.0 2.2.34 (L1) Ensure 'Profile single process' is set to 'Administrators' Pass
1.0 2.2.35 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' Pass
1.0 2.2.36 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' Pass
1.0 2.2.37 (L1) Ensure 'Restore files and directories' is set to 'Administrators' Pass
1.0 2.2.38 (L1) Ensure 'Shut down the system' is set to 'Administrators' Pass
1.0 2.2.40 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' Pass
2.3 Security Options
2.3.1 Accounts
1.0 2.3.1.1 (L1) Ensure 'Accounts: Administrator account status' is set to 'Disabled' Fail
1.0 2.3.1.2 (L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' Pass
1.0 2.3.1.3 (L1) Ensure 'Accounts: Guest account status' is set to 'Disabled' Pass
1.0 2.3.1.4 (L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' Pass
1.0 2.3.1.5 (L1) Configure 'Accounts: Rename administrator account' Pass
1.0 2.3.1.6 (L1) Configure 'Accounts: Rename guest account' Pass
2.3.2 Audit
1.0 2.3.2.1 (L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' Pass
1.0 2.3.2.2 (L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' Pass
2.3.3 DCOM
2.3.4 Devices
1.0 2.3.4.1 (L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' Pass
1.0 2.3.4.2 (L1) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' Pass
2.3.5 Domain controller
2.3.6 Domain member
1.0 2.3.6.1 (L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' Pass
1.0 2.3.6.2 (L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' Pass
1.0 2.3.6.3 (L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' Pass
1.0 2.3.6.4 (L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' Pass
1.0 2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0' Pass
1.0 2.3.6.6 (L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' Pass
2.3.7 Interactive logon
1.0 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' Pass
1.0 2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' Pass
1.0 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' Pass
1.0 2.3.7.4 (L1) Configure 'Interactive logon: Message text for users attempting to log on' Pass
1.0 2.3.7.5 (L1) Configure 'Interactive logon: Message title for users attempting to log on' Pass
1.0 2.3.7.7 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' Pass
1.0 2.3.7.8 (L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) Pass
1.0 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher Pass
2.3.8 Microsoft network client
1.0 2.3.8.1 (L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' Pass
1.0 2.3.8.2 (L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' Pass
1.0 2.3.8.3 (L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' Pass
2.3.9 Microsoft network server
1.0 2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0' Pass
1.0 2.3.9.2 (L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' Pass
1.0 2.3.9.3 (L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' Pass
1.0 2.3.9.4 (L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' Pass
1.0 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher Pass
2.3.10 Network access
1.0 2.3.10.1 (L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled' Unknown
1.0 2.3.10.2 (L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' Pass
1.0 2.3.10.3 (L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' Pass
1.0 2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' Pass
1.0 2.3.10.6 (L1) Configure 'Network access: Named Pipes that can be accessed anonymously' Pass
1.0 2.3.10.7 (L1) Ensure 'Network access: Remotely accessible registry paths' Pass
1.0 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' Pass
1.0 2.3.10.9 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' Pass
1.0 2.3.10.10 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' Pass
1.0 2.3.10.11 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' Pass
2.3.11 Network security
1.0 2.3.11.1 (L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' Pass
1.0 2.3.11.2 (L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' Pass
1.0 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' Pass
1.0 2.3.11.4 (L1) Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' Pass
1.0 2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' Pass
1.0 2.3.11.6 (L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' Pass
1.0 2.3.11.7 (L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' Pass
1.0 2.3.11.8 (L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher Pass
1.0 2.3.11.9 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' Pass
1.0 2.3.11.10 (L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' Pass
2.3.12 Recovery console
2.3.13 Shutdown
1.0 2.3.13.1 (L1) Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' Pass
2.3.14 System cryptography
2.3.15 System objects
1.0 2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' Pass
1.0 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' Pass
2.3.16 System settings
2.3.17 User Account Control
1.0 2.3.17.1 (L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled' Pass
1.0 2.3.17.2 (L1) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' Pass
1.0 2.3.17.3 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' Pass
1.0 2.3.17.4 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' Pass
1.0 2.3.17.5 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' Pass
1.0 2.3.17.6 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' Pass
1.0 2.3.17.7 (L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' Pass
1.0 2.3.17.8 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' Pass
1.0 2.3.17.9 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' Pass
3 Event Log
4 Restricted Groups
5 System Services
6 Registry
7 File System
8 Wired Network (IEEE 802.3) Policies
9 Windows Firewall With Advanced Security
9.1 Domain Profile
1.0 9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)' Pass
1.0 9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' Pass
1.0 9.1.3 (L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' Pass
1.0 9.1.4 (L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No' Pass
1.0 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)' Pass
1.0 9.1.6 (L1) Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)' Pass
1.0 9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log' Pass
1.0 9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' Pass
1.0 9.1.9 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' Pass
1.0 9.1.10 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' Pass
9.2 Private Profile
1.0 9.2.1 (L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)' Pass
1.0 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' Pass
1.0 9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' Pass
1.0 9.2.4 (L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' Pass
1.0 9.2.5 (L1) Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)' Pass
1.0 9.2.6 (L1) Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)' Pass
1.0 9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log' Pass
1.0 9.2.8 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' Pass
1.0 9.2.9 (L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' Pass
1.0 9.2.10 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes' Pass
9.3 Public Profile
1.0 9.3.1 (L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)' Pass
1.0 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' Pass
1.0 9.3.3 (L1) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' Pass
1.0 9.3.4 (L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes' Fail
1.0 9.3.5 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No' Fail
1.0 9.3.6 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' Fail
1.0 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\publicfw.log' Pass
1.0 9.3.8 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' Pass
1.0 9.3.9 (L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' Pass
1.0 9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' Pass
10 Network List Manager Policies
11 Wireless Network (IEEE 802.11) Policies
12 Public Key Policies
13 Software Restriction Policies
14 Network Access Protection NAP Client Configuration
15 Application Control Policies
16 IP Security Policies
17 Advanced Audit Policy Configuration
17.1 Account Logon
1.0 17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure' Pass
17.2 Account Management
1.0 17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure' Pass
1.0 17.2.2 (L1) Ensure 'Audit Computer Account Management' is set to 'Success and Failure' Pass
1.0 17.2.4 (L1) Ensure 'Audit Other Account Management Events' is set to 'Success and Failure' Pass
1.0 17.2.5 (L1) Ensure 'Audit Security Group Management' is set to 'Success and Failure' Pass
1.0 17.2.6 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure' Pass
17.3 Detailed Tracking
1.0 17.3.1 (L1) Ensure 'Audit Process Creation' is set to 'Success' Pass
17.4 DS Access
17.5 Logon/Logoff
1.0 17.5.1 (L1) Ensure 'Audit Account Lockout' is set to 'Success' Pass
1.0 17.5.2 (L1) Ensure 'Audit Logoff' is set to 'Success' Pass
1.0 17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure' Pass
1.0 17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' Pass
1.0 17.5.5 (L1) Ensure 'Audit Special Logon' is set to 'Success' Pass
17.6 Object Access
1.0 17.6.1 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure' Pass
17.7 Policy Change
1.0 17.7.1 (L1) Ensure 'Audit Audit Policy Change' is set to 'Success and Failure' Pass
1.0 17.7.2 (L1) Ensure 'Audit Authentication Policy Change' is set to 'Success' Pass
17.8 Privilege Use
1.0 17.8.1 (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure' Pass
17.9 System
1.0 17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure' Pass
1.0 17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure' Pass
1.0 17.9.3 (L1) Ensure 'Audit Security State Change' is set to 'Success' Pass
1.0 17.9.4 (L1) Ensure 'Audit Security System Extension' is set to 'Success and Failure' Pass
1.0 17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure' Pass
18 Administrative Templates (Computer)
18.1 Control Panel
18.1.1 Personalization
1.0 18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' Pass
1.0 18.1.1.2 (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' Pass
18.2 LAPS
1.0 18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) Pass
1.0 18.2.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only) Pass
1.0 18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) Pass
1.0 18.2.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' (MS only) Pass
1.0 18.2.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only) Pass
1.0 18.2.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only) Pass
18.3 MSS (Legacy)
1.0 18.3.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' Pass
1.0 18.3.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' Pass
1.0 18.3.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' Pass
1.0 18.3.4 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' Pass
1.0 18.3.6 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' Pass
1.0 18.3.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' Pass
1.0 18.3.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' Pass
1.0 18.3.12 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' Pass
18.4 Network
18.4.1 Background Intelligent Transfer Service (BITS)
18.4.2 BranchCache
18.4.3 DirectAccess Client Experience Settings
18.4.4 DNS Client
18.4.5 Hotspot Authentication
18.4.6 Lanman Server
18.4.7 Lanman Workstation
18.4.8 Link-Layer Topology Discovery
18.4.9 Microsoft Peer-to-Peer Networking Services
18.4.9.1 Peer Name Resolution Protocol
18.4.10 Network Connections
18.4.10.1 Windows Firewall
1.0 18.4.10.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' Pass
1.0 18.4.10.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' Pass
18.4.11 Network Connectivity Status Indicator
18.4.12 Network Isolation
18.4.13 Network Provider
1.0 18.4.13.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares' Pass
18.4.14 Offline Files
18.4.15 QoS Packet Scheduler
18.4.16 SNMP
18.4.17 SSL Configuration Settings
18.4.18 TCPIP Settings
18.4.18.1 IPv6 Transition Technologies
18.4.18.2 Parameters
18.4.19 Windows Connect Now
18.4.20 Windows Connection Manager
1.0 18.4.20.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled' Pass
18.5 Printers
18.6 SCM: Pass the Hash Mitigations
1.0 18.6.1 (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' (MS only) Pass
1.0 18.6.2 (L1) Ensure 'WDigest Authentication' is set to 'Disabled' Pass
18.7 Start Menu and Taskbar
18.8 System
18.8.1 Access-Denied Assistance
18.8.2 Audit Process Creation
1.0 18.8.2.1 (L1) Ensure 'Include command line in process creation events' is set to 'Disabled' Pass
18.8.3 Credentials Delegation
18.8.4 Device Guard
18.8.5 Device Installation
18.8.6 Device Redirection
18.8.7 Disk NV Cache
18.8.8 Disk Quotas
18.8.9 Distributed COM
18.8.10 Driver Installation
18.8.11 Early Launch Antimalware
1.0 18.8.11.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' Pass
18.8.12 Enhanced Storage Access
18.8.13 File Classification Infrastructure
18.8.14 File Share Shadow Copy Agent
18.8.15 File Share Shadow Copy Provider
18.8.16 Filesystem
18.8.17 Folder Redirection
18.8.18 Group Policy
18.8.18.1 Logging and tracing
1.0 18.8.18.2 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' Pass
1.0 18.8.18.3 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' Pass
1.0 18.8.18.4 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' Pass
18.8.19 Internet Communication Management
18.8.19.1 Internet Communication settings
18.8.20 iSCSI
18.8.21 KDC
18.8.22 Kerberos
18.8.23 Locale Services
18.8.24 Logon
1.0 18.8.24.1 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled' Pass
1.0 18.8.24.2 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' Pass
1.0 18.8.24.3 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' Pass
1.0 18.8.24.4 (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' Pass
1.0 18.8.24.5 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' Pass
18.8.25 Mitigation Options
18.8.26 Net Logon
18.8.27 Performance Control Panel
18.8.28 Power Management
18.8.28.1 Button Settings
18.8.28.2 Hard Disk Settings
18.8.28.3 Notification Settings
18.8.28.4 Sleep Settings
18.8.29 Recovery
18.8.30 Remote Assistance
1.0 18.8.30.1 (L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' Pass
1.0 18.8.30.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' Pass
18.8.31 Remote Procedure Call
1.0 18.8.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only) Pass
18.8.32 Removable Storage Access
18.8.33 Scripts
18.8.34 Server Manager
18.8.35 Shutdown
18.8.36 Shutdown Options
18.8.37 System Restore
18.8.38 Troubleshooting and Diagnostics
18.8.38.1 Application Compatibility Diagnostics
18.8.38.2 Corrupted File Recovery
18.8.38.3 Disk Diagnostic
18.8.38.4 Fault Tolerant Heap
18.8.38.5 Microsoft Support Diagnostic Tool
18.8.38.6 MSI Corrupted File Recovery
18.8.38.7 Scheduled Maintenance
18.8.38.8 Scripted Diagnostics
18.8.38.9 Windows Boot Performance Diagnostics
18.8.38.10 Windows Memory Leak Diagnosis
18.8.38.11 Windows Performance PerfTrack
18.8.39 Trusted Platform Module Services
18.8.40 User Profiles
18.8.41 Windows File Protection
18.8.42 Windows HotStart
18.8.43 Windows Time Service
18.8.43.1 Time Providers
18.9 Windows Components
18.9.1 Active Directory Federation Services
18.9.2 ActiveX Installer Service
18.9.3 Add features to Windows 8 / 8.1 / 10
18.9.4 App Package Deployment
18.9.5 App Privacy
18.9.6 App runtime
1.0 18.9.6.1 (L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' Pass
18.9.7 Application Compatibility
18.9.8 AutoPlay Policies
1.0 18.9.8.1 (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' Pass
1.0 18.9.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' Pass
1.0 18.9.8.3 (L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives' Pass
18.9.9 Backup
18.9.10 Biometrics
18.9.11 BitLocker Drive Encryption
18.9.12 Cloud Content
18.9.13 Credential User Interface
1.0 18.9.13.1 (L1) Ensure 'Do not display the password reveal button' is set to 'Enabled' Pass
1.0 18.9.13.2 (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' Pass
18.9.14 Data Collection and Preview Builds
18.9.15 Delivery Optimization
18.9.16 Desktop Gadgets
18.9.17 Desktop Window Manager
18.9.18 Device and Driver Compatibility
18.9.19 Device Registration (formerly Workplace Join)
18.9.20 Digital Locker
18.9.21 Edge UI
18.9.22 EMET
1.0 18.9.22.1 (L1) Ensure 'EMET 5.5' or higher is installed Pass
1.0 18.9.22.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) Pass
1.0 18.9.22.3 (L1) Ensure 'Default Protections for Internet Explorer' is set to 'Enabled' Pass
1.0 18.9.22.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' Pass
1.0 18.9.22.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled' Pass
1.0 18.9.22.6 (L1) Ensure 'System ASLR' is set to 'Enabled: Application Opt-In' Pass
1.0 18.9.22.7 (L1) Ensure 'System DEP' is set to 'Enabled: Application Opt-Out' Pass
1.0 18.9.22.8 (L1) Ensure 'System SEHOP' is set to 'Enabled: Application Opt-Out' Pass
18.9.23 Event Forwarding
18.9.24 Event Log Service
18.9.24.1 Application
1.0 18.9.24.1.1 (L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' Pass
1.0 18.9.24.1.2 (L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' Pass
18.9.24.2 Security
1.0 18.9.24.2.1 (L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' Pass
1.0 18.9.24.2.2 (L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' Pass
18.9.24.3 Setup
1.0 18.9.24.3.1 (L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' Pass
1.0 18.9.24.3.2 (L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' Pass
18.9.24.4 System
1.0 18.9.24.4.1 (L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' Pass
1.0 18.9.24.4.2 (L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' Pass
18.9.25 Event Logging
18.9.26 Event Viewer
18.9.27 Family Safety
18.9.28 File Explorer
18.9.28.1 Previous Versions
1.0 18.9.28.2 (L1) Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software' Pass
1.0 18.9.28.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' Pass
1.0 18.9.28.4 (L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled' Pass
1.0 18.9.28.5 (L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' Pass
18.9.29 File History
18.9.30 Game Explorer
18.9.31 HomeGroup
18.9.32 Import Video
18.9.33 Internet Explorer
18.9.34 Internet Information Services
18.9.35 Location and Sensors
18.9.36 Maintenance Scheduler
18.9.37 Maps
18.9.38 Microsoft Edge
18.9.39 Microsoft Passport for Work
18.9.40 NetMeeting
18.9.41 Network Access Protection
18.9.42 Network Projector
18.9.43 OneDrive
18.9.44 Online Assistance
18.9.45 Password Synchronization
18.9.46 Portable Operating System
18.9.47 Presentation Settings
18.9.48 Remote Desktop Services (formerly Terminal Services)
18.9.48.1 RD Licensing
18.9.48.2 Remote Desktop Connection Client
18.9.48.2.1 RemoteFX USB Device Redirection
1.0 18.9.48.2.2 (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled' Pass
18.9.48.3 Remote Desktop Session Host
18.9.48.3.1 Application Compatibility
18.9.48.3.2 Connections
18.9.48.3.3 Device and Resource Redirection
1.0 18.9.48.3.3.2 (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled' Fail
18.9.48.3.4 Licensing
18.9.48.3.5 Printer Redirection
18.9.48.3.6 Profiles
18.9.48.3.7 RD Connection Broker
18.9.48.3.8 Remote Session Environment
18.9.48.3.9 Security
1.0 18.9.48.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' Pass
1.0 18.9.48.3.9.2 (L1) Ensure 'Require secure RPC communication' is set to 'Enabled' Pass
1.0 18.9.48.3.9.3 (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' Pass
18.9.48.3.10 Session Time Limits
18.9.48.3.11 Temporary folders
1.0 18.9.48.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' Pass
1.0 18.9.48.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled' Pass
18.9.49 RSS Feeds
1.0 18.9.49.1 (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled' Pass
18.9.50 Search
18.9.50.1 OCR
1.0 18.9.50.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled' Pass
18.9.51 Security Center
18.9.52 Server for NIS
18.9.53 Shutdown Options
18.9.54 SkyDrive
1.0 18.9.54.1 (L1) Ensure 'Prevent the usage of SkyDrive for file storage' is set to 'Enabled' Pass
18.9.55 Smart Card
18.9.56 Software Protection Platform
18.9.57 Sound Recorder
18.9.58 Store
1.0 18.9.58.1 (L1) Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled' Pass
1.0 18.9.58.2 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' Pass
18.9.59 Sync your settings
18.9.60 Tablet PC
18.9.61 Task Scheduler
18.9.62 Text Input
18.9.63 Windows Calendar
18.9.64 Windows Color System
18.9.65 Windows Customer Experience Improvement Program
18.9.66 Windows Defender
18.9.66.1 Client Interface
18.9.66.2 Exclusions
18.9.66.3 MAPS
18.9.67 Windows Error Reporting
18.9.67.1 Advanced Error Reporting Settings
18.9.67.2 Consent
1.0 18.9.67.2.1 (L1) Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' Pass
1.0 18.9.67.3 (L1) Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' Pass
18.9.68 Windows Game Recording and Broadcasting
18.9.69 Windows Installer
1.0 18.9.69.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled' Pass
1.0 18.9.69.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' Pass
18.9.70 Windows Logon Options
1.0 18.9.70.1 (L1) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled' Pass
18.9.71 Windows Mail
18.9.72 Windows Media Center
18.9.73 Windows Media Digital Rights Management
18.9.74 Windows Media Player
18.9.75 Windows Meeting Space
18.9.76 Windows Messenger
18.9.77 Windows Mobility Center
18.9.78 Windows Movie Maker
18.9.79 Windows PowerShell
1.0 18.9.79.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled' Pass
1.0 18.9.79.2 (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' Pass
18.9.80 Windows Reliability Analysis
18.9.81 Windows Remote Management (WinRM)
18.9.81.1 WinRM Client
1.0 18.9.81.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled' Pass
1.0 18.9.81.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Pass
1.0 18.9.81.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled' Pass
18.9.81.2 WinRM Service
1.0 18.9.81.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled' Pass
1.0 18.9.81.2.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Pass
1.0 18.9.81.2.3 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' Pass
18.9.82 Windows Remote Shell
18.9.83 Windows SideShow
18.9.84 Windows System Resource Manager
18.9.85 Windows Update
1.0 18.9.85.1 (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled' Pass
1.0 18.9.85.2 (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' Pass
1.0 18.9.85.3 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' Pass
19 Administrative Templates (User)
19.1 Control Panel
19.1.1 Add or Remove Programs
19.1.2 Display
19.1.3 Personalization
1.0 19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' Pass
1.0 19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' Pass
1.0 19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' Pass
1.0 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' Pass
19.2 Desktop
19.3 Network
19.4 Shared Folders
19.5 Start Menu and Taskbar
19.5.1 Notifications
1.0 19.5.1.1 (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled' Pass
19.6 System
19.6.1 Ctrl+Alt+Del Options
19.6.2 Driver Installation
19.6.3 Folder Redirection
19.6.4 Group Policy
19.6.5 Internet Communication Management
19.6.5.1 Internet Communication settings
19.7 Windows Components
19.7.1 Add features to Windows 8 / 8.1 / 10
19.7.2 App runtime
19.7.3 Application Compatibility
19.7.4 Attachment Manager
1.0 19.7.4.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' Pass
1.0 19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' Pass
19.7.5 AutoPlay Policies
19.7.6 Backup
19.7.7 Credential User Interface
19.7.8 Desktop Gadgets
19.7.9 Desktop Windows Manager
19.7.10 Digital Locker
19.7.11 Edge UI
19.7.12 EMET
19.7.13 File Explorer
19.7.14 File Revocation
19.7.15 IME
19.7.16 Import Video
19.7.17 Instant Search
19.7.18 Internet Explorer
19.7.19 Location and Sensors
19.7.20 Microsoft Edge
19.7.21 Microsoft Management Console
19.7.22 Microsoft Passport for Work
19.7.23 NetMeeting
19.7.24 Network Projector
19.7.25 Network Sharing
1.0 19.7.25.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' Pass
19.7.26 Presentation Settings
19.7.27 Remote Desktop Services
19.7.28 RSS Feeds
19.7.29 Search
19.7.30 Sound Recorder
19.7.31 Store
19.7.32 Tablet PC
19.7.33 Task Scheduler
19.7.34 Windows Calendar
19.7.35 Windows Color System
19.7.36 Windows Error Reporting
19.7.37 Windows Installer
1.0 19.7.37.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' Pass
19.7.38 Windows Logon Options
19.7.39 Windows Mail
19.7.40 Windows Media Center
19.7.41 Windows Media Player
19.7.41.1 Networking
19.7.41.2 Playback

Assessment Details

1 Account Policies

This section contains recommendations for account policies.

1.1 Password Policy

This section contains recommendations for password policy.

Pass

1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'

Description:

This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value for this policy setting must be between 0 and 24 passwords. The default value for Windows Vista is 0 passwords, but the default setting in a domain is 24 passwords. To maintain the effectiveness of this policy setting, use the Minimum password age setting to prevent users from repeatedly changing their password.

The recommended state for this setting is: 24 or more password(s).

The longer a user uses the same password, the greater the chance that an attacker can determine the password through brute force attacks. Also, any accounts that may have been compromised will remain exploitable for as long as the password is left unchanged. If password changes are required but password reuse is not prevented, or if users continually reuse a small number of passwords, the effectiveness of a good password policy is greatly reduced.

If you specify a low number for this policy setting, users will be able to use the same small number of passwords repeatedly. If you do not also configure the Minimum password age setting, users might repeatedly change their passwords until they can reuse their original password.

To establish the recommended configuration via GP, set the following UI path to 24 or more password(s):

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history

Impact:

The major impact of this configuration is that users must create a new password every time they are required to change their old one. If users are required to change their passwords to new unique values, there is an increased risk of users who write their passwords somewhere so that they do not forget them. Another risk is that users may create passwords that change incrementally (for example, password01, password02, and so on) to facilitate memorization but make them easier to guess. Also, an excessively low value for the Minimum password age setting will likely increase administrative overhead, because users who forget their passwords might ask the help desk to reset them frequently.

Set 'Enforce password history' to '24 or more password(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Enforce Password History to be greater than or equal to 24 24

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.1_L1_Ensure_Enforce_password_history_is_set_to_24_or_more_passwords"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:25.921Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-37166-6</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1002"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Enforce password history' to '24 or more password(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1002"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1002"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1002">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="24" dt="int" ev="24" name="password_hist_len" op="greater than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1002"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.1.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1002"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37166-6 -- More
    CCE Information
    CCE-IDv5: CCE-37166-6
    Published On:
    Last Modified On:

Fail

1.1.2 (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'

Description:

This policy setting defines how long a user can use their password before it expires.

Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire.

Because attackers can crack passwords, the more frequently you change the password the less opportunity an attacker has to use a cracked password. However, the lower this value is set, the higher the potential for an increase in calls to help desk support due to users having to change their password or forgetting which password is current.

The recommended state for this setting is 60 or fewer days, but not 0.

The longer a password exists the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the Maximum password age setting to 0 so that users are never required to change their passwords is a major security risk because that allows a compromised password to be used by the malicious user for as long as the valid user is authorized access.

To establish the recommended configuration via GP, set the following UI path to 60 or fewer days, but not 0:

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age

Impact:

If the Maximum password age setting is too low, users are required to change their passwords very often. Such a configuration can reduce security in the organization, because users might write their passwords in an insecure location or lose them. If the value for this policy setting is too high, the level of security within an organization is reduced because it allows potential attackers more time in which to discover user passwords or to use compromised accounts.

All of the following tests or sub-groups must pass:
Set 'Maximum password age' to '60 or fewer day(s)' -- Less
CIS-CAT Expected... CIS-CAT Collected...
the Max Password Age to be less than or equal to 5184000 15552000
Ensure 'Maximum password age' is not '0' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Max Password Age to be greater than 0 15552000

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.2_L1_Ensure_Maximum_password_age_is_set_to_60_or_fewer_days_but_not_0"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:25.280Z"
             version="1"
             weight="1.0">
   <result>fail</result>
   <ident system="http://cce.mitre.org">CCE-37167-4</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1003"
                    definition_negate="false">
         <cis:and negated="false" result="false">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Maximum password age' to '60 or fewer day(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1003"
                               result="false"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1003"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1003">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="15552000" dt="int" ev="5184000" name="max_passwd_age"
                                         op="less than or equal"
                                         result="false"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Ensure 'Maximum password age' is not '0'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1004"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1004"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1004">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="15552000" dt="int" ev="0" name="max_passwd_age" op="greater than"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1003"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.2.1_var"/>
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1004"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.2.2_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1003"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37167-4 -- More
    CCE Information
    CCE-IDv5: CCE-37167-4
    Published On:
    Last Modified On:

Pass

1.1.3 (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'

Description:

This policy setting determines the number of days that you must use a password before you can change it. The range of values for this policy setting is between 1 and 999 days. (You may also set the value to 0 to allow immediate password changes.) The default value for this setting is 0 days.

The recommended state for this setting is: 1 or more day(s).

Users may have favorite passwords that they like to use because they are easy to remember and they believe that their password choice is secure from compromise. Unfortunately, passwords are compromised and if an attacker is targeting a specific individual user account, with foreknowledge of data about that user, reuse of old passwords can cause a security breach. To address password reuse a combination of security settings is required. Using this policy setting with the Enforce password history setting prevents the easy reuse of old passwords. For example, if you configure the Enforce password history setting to ensure that users cannot reuse any of their last 12 passwords, they could change their password 13 times in a few minutes and reuse the password they started with, unless you also configure the Minimum password age setting to a number that is greater than 0. You must configure this policy setting to a number that is greater than 0 for the Enforce password history setting to be effective.

To establish the recommended configuration via GP, set the following UI path to 1 or more day(s):

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age

Impact:

If an administrator sets a password for a user but wants that user to change the password when the user first logs on, the administrator must select the User must change password at next logon check box, or the user will not be able to change the password until the next day.

Set 'Minimum password age' to '1 or more day(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Min Password Age to be greater than or equal to 86400 86400

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.3_L1_Ensure_Minimum_password_age_is_set_to_1_or_more_days"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:26.530Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-37073-4</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1004"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Minimum password age' to '1 or more day(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1005"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1005"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1005">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="86400" dt="int" ev="86400" name="min_passwd_age" op="greater than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1005"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.3.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1004"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37073-4 -- More
    CCE Information
    CCE-IDv5: CCE-37073-4
    Published On:
    Last Modified On:

Pass

1.1.4 (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'

Description:

This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps "pass phrase" is a better term than "password." In Microsoft Windows 2000 or later, pass phrases can be quite long and can include spaces. Therefore, a phrase such as "I want to drink a $5 milkshake" is a valid pass phrase; it is a considerably stronger password than an 8 or 10 character string of random numbers and letters, and yet is easier to remember. Users must be educated about the proper selection and maintenance of passwords, especially with regard to password length.
In enterprise environments, the ideal value for the Minimum password length setting is 14 characters, however you should adjust this value to meet your organization's business requirements.

The recommended state for this setting is: 14 or more character(s).

Types of password attacks include dictionary attacks (which attempt to use common words and phrases) and brute force attacks (which try every possible combination of characters). Also, attackers sometimes try to obtain the account database so they can use tools to discover the accounts and passwords.

To establish the recommended configuration via GP, set the following UI path to 14 or more character(s):

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length

Impact:

Requirements for extremely long passwords can actually decrease the security of an organization, because users might leave the information in an insecure location or lose it. If very long passwords are required, mistyped passwords could cause account lockouts and increase the volume of help desk calls. If your organization has issues with forgotten passwords due to password length requirements, consider teaching your users about pass phrases, which are often easier to remember and, due to the larger number of character combinations, much harder to discover.

Note: Older versions of Windows such as Windows 98 and Windows NT 4.0 do not support passwords that are longer than 14 characters. Computers that run these older operating systems are unable to authenticate with computers or domains that use accounts that require long passwords.

Set 'Minimum password length' to '14 or more character(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Min Password Length to be greater than or equal to 14 14

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.4_L1_Ensure_Minimum_password_length_is_set_to_14_or_more_characters"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:22.593Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-36534-6</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1005"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Minimum password length' to '14 or more character(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1006"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1006"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1006">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="14" dt="int" ev="14" name="min_passwd_len" op="greater than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1006"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.4.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1005"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-36534-6 -- More
    CCE Information
    CCE-IDv5: CCE-36534-6
    Published On:
    Last Modified On:

Unknown

1.1.5 (L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'

Description:

This policy setting checks all new passwords to ensure that they meet basic requirements for strong passwords.

When this policy is enabled, passwords must meet the following minimum requirements:
- Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
- Be at least six characters in length
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
- A catch-all category of any Unicode character that does not fall under the previous four categories. This fifth category can be regionally specific.

Each additional character in a password increases its complexity exponentially. For instance, a seven-character, all lower-case alphabetic password would have 267 (approximately 8 x 109 or 8 billion) possible combinations. At 1,000,000 attempts per second (a capability of many password-cracking utilities), it would only take 133 minutes to crack. A seven-character alphabetic password with case sensitivity has 527 combinations. A seven-character case-sensitive alphanumeric password without punctuation has 627 combinations. An eight-character password has 268 (or 2 x 1011) possible combinations. Although this might seem to be a large number, at 1,000,000 attempts per second it would take only 59 hours to try all possible passwords. Remember, these times will significantly increase for passwords that use ALT characters and other special keyboard characters such as "!" or "@". Proper use of the password settings can help make it difficult to mount a brute force attack.

The recommended state for this setting is: Enabled.

Passwords that contain only alphanumeric characters are extremely easy to discover with several publicly available tools.

To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements

Impact:

If the default password complexity configuration is retained, additional help desk calls for locked-out accounts could occur because users might not be accustomed to passwords that contain non-alphabetic characters. However, all users should be able to comply with the complexity requirement with minimal difficulty.

If your organization has more stringent security requirements, you can create a custom version of the Passfilt.dll file that allows the use of arbitrarily complex password strength rules. For example, a custom password filter might require the use of non-upper row characters. (Upper row characters are those that require you to hold down the SHIFT key and press any of the digits between 1 and 0.) A custom password filter might also perform a dictionary check to verify that the proposed password does not contain common dictionary words or fragments.

Also, the use of ALT key character combinations can greatly enhance the complexity of a password. However, such stringent password requirements can result in unhappy users and an extremely busy help desk. Alternatively, your organization could consider a requirement for all administrator passwords to use ALT characters in the 01280159 range. (ALT characters outside of this range can represent standard alphanumeric characters that would not add additional complexity to the password.)

Set 'Password must meet complexity requirements' to 'Enabled' -- More
CIS-CAT Expected... CIS-CAT Collected...
CIS-CAT was unable to collect any results for the 'Password must meet complexity requirements' setting. Note that the 'Password must meet complexity requirements' setting on a non-domain-joined target is not available for collection.

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.5_L1_Ensure_Password_must_meet_complexity_requirements_is_set_to_Enabled"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:21.718Z"
             version="1"
             weight="1.0">
   <result>unknown</result>
   <ident system="http://cce.mitre.org">CCE-37063-5</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1006"
                    definition_negate="false">
         <cis:and negated="false" result="unknown">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Password must meet complexity requirements' to 'Enabled'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1007"
                               result="unknown"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1007"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1007">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="Unknown" dt="boolean" ev="1" name="password_complexity" op="equals"
                                         result="unknown"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1007"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.5.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1006"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37063-5 -- More
    CCE Information
    CCE-IDv5: CCE-37063-5
    Published On:
    Last Modified On:

Unknown

1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'

Description:

This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes. Passwords that are stored with reversible encryption are essentially the same as plaintext versions of the passwords.

The recommended state for this setting is: Disabled.

Enabling this policy setting allows the operating system to store passwords in a weaker format that is much more susceptible to compromise and weakens your system security.

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption

Impact:

If your organization uses either the CHAP authentication protocol through remote access or IAS services or Digest Authentication in IIS, you must configure this policy setting to Enabled. This setting is extremely dangerous to apply through Group Policy on a user-by-user basis, because it requires the appropriate user account object to be opened in Active Directory Users and Computers.

Set 'Store passwords using reversible encryption' to 'Disabled' -- More
CIS-CAT Expected... CIS-CAT Collected...
CIS-CAT was unable to collect any results for the 'Store passwords using reversible encryption' setting. Note that the 'Store passwords using reversible encryption' setting on a non-domain-joined target is not available for collection.

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.1.6_L1_Ensure_Store_passwords_using_reversible_encryption_is_set_to_Disabled"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:26.890Z"
             version="1"
             weight="1.0">
   <result>unknown</result>
   <ident system="http://cce.mitre.org">CCE-36286-3</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1007"
                    definition_negate="false">
         <cis:and negated="false" result="unknown">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Store passwords using reversible encryption' to 'Disabled'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1008"
                               result="unknown"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1008"
                               type="passwordpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1008">
                  <cis:evidence_item itemref="427979367">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="Unknown" dt="boolean" ev="0" name="reversible_encryption" op="equals"
                                         result="unknown"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1008"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.1.6.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1007"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-36286-3 -- More
    CCE Information
    CCE-IDv5: CCE-36286-3
    Published On:
    Last Modified On:

1.2 Account Lockout Policy

This section contains recommendations for account lockout policy.

Pass

1.2.1 (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'

Description:

This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. The setting does this by specifying the number of minutes a locked out account will remain unavailable. If the value for this policy setting is configured to 0, locked out accounts will remain locked out until an administrator manually unlocks them.

Although it might seem like a good idea to configure the value for this policy setting to a high value, such a configuration will likely increase the number of calls that the help desk receives to unlock accounts locked by mistake. Users should be aware of the length of time a lock remains in place, so that they realize they only need to call the help desk if they have an extremely urgent need to regain access to their computer.

The recommended state for this setting is: 15 or more minute(s).

A denial of service (DoS) condition can be created if an attacker abuses the Account lockout threshold and repeatedly attempts to log on with a specific account. Once you configure the Account lockout threshold setting, the account will be locked out after the specified number of failed attempts. If you configure the Account lockout duration setting to 0, then the account will remain locked out until an administrator unlocks it manually.

To establish the recommended configuration via GP, set the following UI path to 15 or more minute(s):

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout duration

Impact:

Although it may seem like a good idea to configure this policy setting to never automatically unlock an account, such a configuration can increase the number of requests that your organization's help desk receives to unlock accounts that were locked by mistake.

Set 'Account lockout duration' to '15 or more minute(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Lockout Duration to be greater than or equal to 900 900

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.2.1_L1_Ensure_Account_lockout_duration_is_set_to_15_or_more_minutes"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:23.062Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-37034-6</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1008"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Account lockout duration' to '15 or more minute(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1009"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1009"
                               type="lockoutpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1009">
                  <cis:evidence_item itemref="819489363">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="900" dt="int" ev="900" name="lockout_duration" op="greater than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1009"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.2.1.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1008"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37034-6 -- More
    CCE Information
    CCE-IDv5: CCE-37034-6
    Published On:
    Last Modified On:

Pass

1.2.2 (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'

Description:

This policy setting determines the number of failed logon attempts before the account is locked. Setting this policy to 0 does not conform with the benchmark as doing so disables the account lockout threshold.

The recommended state for this setting is: 10 or fewer invalid logon attempt(s), but not 0.

Setting an account lockout threshold reduces the likelihood that an online password brute force attack will be successful. Setting the account lockout threshold too low introduces risk of increased accidental lockouts and/or a malicious actor intentionally locking out accounts.

To establish the recommended configuration via GP, set the following UI path to 10 or fewer invalid login attempt(s), but not 0:

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold

Impact:

If this policy setting is enabled, a locked-out account will not be usable until it is reset by an administrator or until the account lockout duration expires. This setting may generate additional help desk calls.

If you enforce this setting an attacker could cause a denial of service condition by deliberately generating failed logons for multiple user, therefore you should also configure the Account Lockout Duration to a relatively low value.

If you configure the Account Lockout Threshold to 0, there is a possibility that an attacker's attempt to discover passwords with a brute force password attack might go undetected if a robust audit mechanism is not in place.

All of the following tests or sub-groups must pass:
Set 'Account lockout threshold' to '10 or fewer invalid logon attempt(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Account Lockout Threshold to be less than or equal to 10 10
Ensure 'Account lockout threshold' is not '0 invalid logon attempt(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Account Lockout Threshold to be greater than 0 10

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.2.2_L1_Ensure_Account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:23.827Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-36008-1</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1009"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Account lockout threshold' to '10 or fewer invalid logon attempt(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1010"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1010"
                               type="lockoutpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1010">
                  <cis:evidence_item itemref="819489363">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="10" dt="int" ev="10" name="lockout_threshold" op="less than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Ensure 'Account lockout threshold' is not '0 invalid logon attempt(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1011"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1011"
                               type="lockoutpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1011">
                  <cis:evidence_item itemref="819489363">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="10" dt="int" ev="0" name="lockout_threshold" op="greater than"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1010"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.2.2.1_var"/>
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1011"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.2.2.2_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1009"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-36008-1 -- More
    CCE Information
    CCE-IDv5: CCE-36008-1
    Published On:
    Last Modified On:

Pass

1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'

Description:

This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value for this policy setting is Not Defined. If the Account lockout threshold is defined, this reset time must be less than or equal to the value for the Account lockout duration setting.

If you leave this policy setting at its default value or configure the value to an interval that is too long, your environment could be vulnerable to a DoS attack. An attacker could maliciously perform a number of failed logon attempts on all users in the organization, which will lock out their accounts. If no policy were determined to reset the account lockout, it would be a manual task for administrators. Conversely, if a reasonable time value is configured for this policy setting, users would be locked out for a set period until all of the accounts are unlocked automatically.

The recommended state for this setting is: 15 or more minute(s).

Users can accidentally lock themselves out of their accounts if they mistype their password multiple times. To reduce the chance of such accidental lockouts, the Reset account lockout counter after setting determines the number of minutes that must elapse before the counter that tracks failed logon attempts and triggers lockouts is reset to 0.

To establish the recommended configuration via GP, set the following UI path to 15 or more minute(s):

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after

Impact:

If you do not configure this policy setting or if the value is configured to an interval that is too long, a DoS attack could occur. An attacker could maliciously attempt to log on to each user's account numerous times and lock out their accounts as described in the preceding paragraphs. If you do not configure the Reset account lockout counter after setting, administrators would have to manually unlock all accounts. If you configure this policy setting to a reasonable value the users would be locked out for some period, after which their accounts would unlock automatically. Be sure that you notify users of the values used for this policy setting so that they will wait for the lockout timer to expire before they call the help desk about their inability to log on.

Set 'Reset account lockout counter after' to '15 or more minute(s)' -- More
CIS-CAT Expected... CIS-CAT Collected...
the Reset Account Lockout Counter (sec) to be greater than or equal to 900 900

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_1.2.3_L1_Ensure_Reset_account_lockout_counter_after_is_set_to_15_or_more_minutes"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:31.624Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-36883-7</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1010"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'Reset account lockout counter after' to '15 or more minute(s)'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1012"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1012"
                               type="lockoutpolicy_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1012">
                  <cis:evidence_item itemref="819489363">
                     <cis:evidence_item_pk status="exists"/>
                     <cis:evidence_field cv="900" dt="int" ev="900" name="lockout_observation_window"
                                         op="greater than or equal"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-export export-name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:var:1012"
                    value-id="xccdf_org.cisecurity.benchmarks_value_1.2.3.1_var"/>
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1010"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-36883-7 -- More
    CCE Information
    CCE-IDv5: CCE-36883-7
    Published On:
    Last Modified On:

2 Local Policies

This section contains recommendations for local policies.

2.1 Audit Policy

This section is intentionally blank and exists to ensure the structure of Windows benchmarks is consistent.

2.2 User Rights Assignment

This section contains recommendations for user rights assignments.

Pass

2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'

Description:

This security setting is used by Credential Manager during Backup and Restore. No accounts should have this user right, as it is only assigned to Winlogon. Users' saved credentials might be compromised if this user right is assigned to other entities.

The recommended state for this setting is: No One.

If an account is given this right the user of the account may create an application that calls into Credential Manager and is returned the credentials for another user.

To establish the recommended configuration via GP, set the following UI path to No One:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access Credential Manager as a trusted caller

Impact:

None, this is the default configuration.

Set 'SeTrustedCredmanAccessNameRight' to 'No One' -- More
No Security Principals were found to be out of compliance.

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.1_L1_Ensure_Access_Credential_Manager_as_a_trusted_caller_is_set_to_No_One"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:22.452Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-37056-9</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1011"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'SeTrustedCredmanAccessNameRight' to 'No One'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:8000"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1013"
                               type="accesstoken_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1013">
                  <cis:evidence_item itemref="1591976620">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="997115392">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Administrators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="578121495">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Power Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1368911801">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Guests"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1982100441">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Distributed COM Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="835068371">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BUILTIN\IIS_IUSRS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2004963559">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="System Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="236596431">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NTLM Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2005089564">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="87481081">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Monitor Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="344205349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SChannel Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2018972108">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Digest Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2020849795">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\ALL SERVICES"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2045606304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1108580717">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Replicator"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="18550294">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="WINDOWS0\WinRMRemoteWMIUsers__"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1469332466">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="GuestAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="252870865">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Cryptographic Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="825325414">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Low Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1191511095">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="High Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="652902071">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Network Configuration Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="170585349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\WdiServiceHost"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336988399">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Remote Access Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="617342904">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Untrusted Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404624588">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Management Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="647023057">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BATCH"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="824419304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="709695273">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="DIALUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1280343976">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ANONYMOUS LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1956262076">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="553514138">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="INTERACTIVE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1614746686">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ENTERPRISE DOMAIN CONTROLLERS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="535837890">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="PROXY"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="232268593">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Print Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="541071812">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NULL SID"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="222059540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Backup Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="998640035">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Hyper-V Administrators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404817808">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Access Control Assistance Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="810033475">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Log Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="722747793">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336408486">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="50856286">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="235094365">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1225509864">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1240713551">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CONSOLE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1641899165">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="OWNER RIGHTS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2134553258">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Endpoint Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1360444220">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1238852422">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Everyone"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="51106871">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="AdminAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="868482719">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Desktop Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1664152924">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Event Log Readers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1546812143">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Plus Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1824489364">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="IUSR"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1284730040">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Management Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1963113645">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="This Organization"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="300480167">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="REMOTE INTERACTIVE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2042643275">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="TERMINAL SERVER USER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1940904002">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RESTRICTED"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1493054245">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Authenticated Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="218071964">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SELF"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1953134836">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Certificate Service DCOM Access"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="343005378">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="491441011">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SYSTEM"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="970411337">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT AUTHORITY\Local account"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="208384540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Protected Process Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1072482053">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle"
                                                    value="NT AUTHORITY\Local account and member of Administrators group"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setrustedcredmanaccessnameright"
                                         op="equals"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1011"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-37056-9 -- More
    CCE Information
    CCE-IDv5: CCE-37056-9
    Published On:
    Last Modified On:

Pass

2.2.2 (L1) Configure 'Access this computer from the network'

Description:

This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+).

  • Level 1 - Domain Controller. The recommended state for this setting is: Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS.
  • Level 1 - Member Server. The recommended state for this setting is: Administrators, Authenticated Users.

Users who can connect from their computer to the network can access resources on target computers for which they have permission. For example, the Access this computer from the network user right is required for users to connect to shared printers and folders. If this user right is assigned to the Everyone group, then anyone in the group will be able to read the files in those shared folders. However, this situation is unlikely for new installations of Windows Server 2003 with Service Pack 1 (SP1), because the default share and NTFS permissions in Windows Server 2003 do not include the Everyone group. This vulnerability may have a higher level of risk for computers that you upgrade from Windows NT 4.0 or Windows 2000, because the default permissions for these operating systems are not as restrictive as the default permissions in Windows Server 2003.

To establish the recommended configuration via GP, configure the following UI path:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access this computer from the network

Impact:

If you remove the Access this computer from the network user right on domain controllers for all users, no one will be able to log on to the domain or use network resources. If you remove this user right on member servers, users will not be able to connect to those servers through the network. Successful negotiation of IPsec connections requires that the initiating machine has this right, therefore it is recommended that it is assigned to the Users group. If you have installed optional components such as ASP.NET or Internet Information Services (IIS), you may need to assign this user right to additional accounts that are required by those components. It is important to verify that authorized users are assigned this user right for the computers they need to access the network.

Set 'SeNetworkLogonRight' to 'Administrators, Authenticated Users' for member server -- More
No Security Principals were found to be out of compliance.

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.2_L1_Configure_Access_this_computer_from_the_network"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:29.171Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-35818-4</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:10122"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'SeNetworkLogonRight' to 'Administrators, Authenticated Users' for member server"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:1015"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1015"
                               type="accesstoken_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1015">
                  <cis:evidence_item itemref="1940904002">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RESTRICTED"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="252870865">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Cryptographic Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="343005378">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336408486">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2005089564">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="970411337">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT AUTHORITY\Local account"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1963113645">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="This Organization"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1108580717">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Replicator"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404624588">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Management Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1360444220">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1824489364">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="IUSR"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="208384540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Protected Process Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="344205349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SChannel Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="825325414">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Low Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2004963559">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="System Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="868482719">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Desktop Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="578121495">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Power Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2018972108">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Digest Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1284730040">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Management Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1982100441">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Distributed COM Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="647023057">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BATCH"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="998640035">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Hyper-V Administrators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="18550294">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="WINDOWS0\WinRMRemoteWMIUsers__"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="709695273">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="DIALUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2045606304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="236596431">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NTLM Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1469332466">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="GuestAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1238852422">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Everyone"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="491441011">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SYSTEM"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1641899165">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="OWNER RIGHTS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="235094365">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="218071964">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SELF"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1953134836">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Certificate Service DCOM Access"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="170585349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\WdiServiceHost"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1614746686">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ENTERPRISE DOMAIN CONTROLLERS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="232268593">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Print Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="51106871">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="AdminAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="810033475">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Log Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336988399">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Remote Access Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2134553258">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Endpoint Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1956262076">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1191511095">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="High Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1546812143">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Plus Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1368911801">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Guests"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1664152924">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Event Log Readers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="617342904">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Untrusted Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1280343976">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ANONYMOUS LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="541071812">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NULL SID"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2042643275">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="TERMINAL SERVER USER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2020849795">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\ALL SERVICES"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1072482053">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle"
                                                    value="NT AUTHORITY\Local account and member of Administrators group"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="824419304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1591976620">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1225509864">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="222059540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Backup Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="50856286">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="835068371">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BUILTIN\IIS_IUSRS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="553514138">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="INTERACTIVE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1240713551">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CONSOLE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404817808">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Access Control Assistance Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="87481081">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Monitor Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="722747793">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="535837890">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="PROXY"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="652902071">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Network Configuration Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="300480167">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="REMOTE INTERACTIVE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="senetworklogonright" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check selector="MS" system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:10122"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-35818-4 -- More
    CCE Information
    CCE-IDv5: CCE-35818-4
    Published On:
    Last Modified On:

Pass

2.2.3 (L1) Ensure 'Act as part of the operating system' is set to 'No One'

Description:

This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.

The recommended state for this setting is: No One.

The Act as part of the operating system user right is extremely powerful. Anyone with this user right can take complete control of the computer and erase evidence of their activities.

To establish the recommended configuration via GP, set the following UI path to No One:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Act as part of the operating system

Impact:

There should be little or no impact because the Act as part of the operating system user right is rarely needed by any accounts other than the Local System account.

Set 'SetCbPrivilege' to 'No One' -- More
No Security Principals were found to be out of compliance.

Show Rule Result XML
<rule-result xmlns="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             idref="xccdf_org.cisecurity.benchmarks_rule_2.2.3_L1_Ensure_Act_as_part_of_the_operating_system_is_set_to_No_One"
             role="full"
             severity="unknown"
             time="2016-10-31T20:12:25.921Z"
             version="1"
             weight="1.0">
   <result>pass</result>
   <ident system="http://cce.mitre.org">CCE-36876-1</ident>
   <metadata>
      <cis:evidence xmlns:cis="http://benchmarks.cisecurity.org/evidence/1.0"
                    definition_id="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1013"
                    definition_negate="false">
         <cis:and negated="false" result="true">
            <cis:evidence_test check="all" check_existence="at_least_one_exists"
                               comment="Set 'SetCbPrivilege' to 'No One'"
                               negated="false"
                               ns="windows"
                               objref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:obj:8000"
                               result="true"
                               testref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:tst:1016"
                               type="accesstoken_test">
               <cis:evidence_state steref="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:ste:1016">
                  <cis:evidence_item itemref="1591976620">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="997115392">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Administrators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="578121495">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Power Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1368911801">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Guests"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1982100441">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Distributed COM Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="835068371">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BUILTIN\IIS_IUSRS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2004963559">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="System Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="236596431">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NTLM Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2005089564">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="87481081">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Monitor Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="344205349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SChannel Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2018972108">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Digest Authentication"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2020849795">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\ALL SERVICES"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2045606304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1108580717">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Replicator"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="18550294">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="WINDOWS0\WinRMRemoteWMIUsers__"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1469332466">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="GuestAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="252870865">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Cryptographic Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="825325414">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Low Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1191511095">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="High Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="652902071">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Network Configuration Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="170585349">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT SERVICE\WdiServiceHost"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336988399">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Remote Access Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="617342904">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Untrusted Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404624588">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Management Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="647023057">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="BATCH"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="824419304">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NETWORK"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="709695273">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="DIALUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1280343976">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ANONYMOUS LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1956262076">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="553514138">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="INTERACTIVE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1614746686">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="ENTERPRISE DOMAIN CONTROLLERS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="535837890">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="PROXY"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="232268593">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Print Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="541071812">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NULL SID"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="222059540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Backup Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="998640035">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Hyper-V Administrators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1404817808">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Access Control Assistance Operators"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="810033475">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Performance Log Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="722747793">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1336408486">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="50856286">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR GROUP SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="235094365">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CREATOR OWNER SERVER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1225509864">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1240713551">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="CONSOLE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1641899165">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="OWNER RIGHTS"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2134553258">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RDS Endpoint Servers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1360444220">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1238852422">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Everyone"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="51106871">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="AdminAccount"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="868482719">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Desktop Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1664152924">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Event Log Readers"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1546812143">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Medium Plus Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1824489364">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="IUSR"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1284730040">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Remote Management Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1963113645">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="This Organization"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="300480167">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="REMOTE INTERACTIVE LOGON"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="2042643275">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="TERMINAL SERVER USER"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1940904002">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="RESTRICTED"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1493054245">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Authenticated Users"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="218071964">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SELF"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1953134836">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Certificate Service DCOM Access"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="343005378">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="LOCAL SERVICE"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="491441011">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="SYSTEM"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="970411337">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="NT AUTHORITY\Local account"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="208384540">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle" value="Protected Process Mandatory Level"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
                  <cis:evidence_item itemref="1072482053">
                     <cis:evidence_item_pk status="exists">
                        <cis:evidence_item_pk_field name="security_principle"
                                                    value="NT AUTHORITY\Local account and member of Administrators group"/>
                     </cis:evidence_item_pk>
                     <cis:evidence_field cv="false" dt="boolean" ev="false" name="setcbprivilege" op="equals"
                                         result="true"/>
                  </cis:evidence_item>
               </cis:evidence_state>
            </cis:evidence_test>
         </cis:and>
      </cis:evidence>
   </metadata>
   <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
      <check-content-ref href="CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0-oval.xml"
                         name="oval:org.cisecurity.benchmarks.microsoft_windows_server_2012:def:1013"/>
   </check>
</rule-result>

References:

  • CCE-IDv5: CCE-36876-1 -- More
    CCE Information
    CCE-IDv5: CCE-36876-1
    Published On:
    Last Modified On:

Pass

2.2.5 (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'

Description:

This policy setting allows a user to adjust the maximum amount of memory that is available to a process. The ability to adjust memory quotas is useful for system tuning, but it can be abused. In the wrong hands, it could be used to launch a denial of service (DoS) attack.

The recommended state for this setting is: Administrators, LOCAL SERVICE, NETWORK SERVICE.

Note: A server that holds the Web Server (IIS) Role with Web Server Role Service will require a special exception to this recommendation, to allow IIS application pool(s) to be granted this user right.

A user with the Adjust memory quotas for a process privilege can reduce the amount of memory that is available to any process, which could cause business-critical network applications to become slow or to fail. In the wrong hands, this privilege could be used to start a denial of service (DoS) attack.

To establish the recommended configuration via GP, set the following UI path to Administrators, LOCAL SERVICE, NETWORK SERVICE:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Adjust memory quotas for a process

Impact:

Organizations that have not restricted users to roles with limited privileges will find it difficult to impose this countermeasure. Also, if you have installed optional components such as ASP.NET or IIS, you may need to assign the Adjust memory quotas for a process user right to additional accounts that are required by those components. Otherwise, this countermeasure should have no impact on most computers. If this user right is necessary for a user account, it can be assigned to a local computer account instead of a domain account.

Set 'SeIncreaseQuotaPrivilege' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' --