Nessus Report

Nessus Scan Report

03/Dec/2013:03:12:53

Table Of Contents
Compliance 'FAILED'
1.1.1 Enforce Password History: 24 passwords
1.1.3 Minimum Password Age: 1 day
1.1.4 Minimum Password Length: 8 characters
1.1.5 Password Must Meet Complexity Requirements: Enabled
1.3.1 Audit Policy: System: IPsec Driver: Success and Failure
1.3.2 Audit Policy: System: Security State Change: Success and Failure
1.3.3 Audit Policy: System: Security System Extension: Success and Failure
1.3.11 Audit Policy: Detailed Tracking: Process Creation: Success (minimum).
1.3.12 Audit Policy: Policy Change: Audit Policy Change: Success and Failure.
1.3.14 Audit Policy: Account Management: Computer Account Management: Success (minimum)
1.3.16 Audit Policy: Account Management: Other Account Management Events: Success (minimum)
1.3.19 Audit Policy: Account Logon: Credential Validation: Success (minimum)
1.7.6 User Account Control: Run all administrators in Admin Approval Mode: Enabled
1.8.12 Deny Access to this Computer from the Network: Guests
1.8.26 Replace a Process Level Token: Network Service and Network Service
1.8.31 Deny Log on Locally: Guests
1.9.4 Accounts: Rename guest account: Not equal to guest
1.9.24 Interactive logon: Message text for users attempting to log on: Configure to your organization's security policy
1.9.25 Interactive logon: Message title for users attempting to log on: Configured to your organization's security policy.
1.9.40 MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic: Multicast, broadcast, and ISAKMP are exempt
1.9.41 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers: Enabled
1.9.47 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning: 90%
1.12.7 Registry policy processing
1.13.7 Password protect the screen saver = Enabled
1.13.8 Force specific screen saver = scrnsave.scr
1.13.9 Screen Saver timeout = at most 900 seconds
Compliance 'SKIPPED'
Compliance 'PASSED'
1.1.2 Maximum Password Age: 90 minutes
1.1.6 Store Passwords Using Reversible Encryption: Disabled
1.1.7 Account Lockout Duration: 15 minutes (minimum)
1.1.8 Account Lockout Threshold: maximum of 50 attempts
1.1.9 Reset Account Lockout Counter After: 15 minutes (minimum)
1.2.10 Audit: Shut Down System Immediately if Unable to Log Security Audits: Disabled
1.2.11 Audit: Force Audit Policy Subcategory Settings (Windows Vista or Later) to Override Audit Policy Category Settings: Enabled
1.3.4 Audit Policy: System: Security Integrity: Success and Failure
1.3.5 Audit Policy: Logon-Logoff: Logoff: Success (minimum).
1.3.6 Audit Policy: Logon-Logoff: Logon: Success (minimum).
1.3.7 Audit Policy: Logon-Logoff: Special Logon: Success (minimum).
1.3.8 Audit Policy: Object Access: File System: No Auditing or Failure or Success or Success and Failure.
1.3.9 Audit Policy: Object Access: Registry: No Auditing or Failure or Success or Success and Failure.
1.3.10 Audit Policy: Privilege Use: Sensitive Privilege Use: No Auditing or Failure or Success or Success and Failure.
1.3.13 Audit Policy: Policy Change: Authentication Policy Change: Success (minimum)
1.3.15 Audit Policy: Account Management: Distribution Group Management: No Auditing or Failure or Success or Success and Failure.
1.3.17 Audit Policy: Account Management: Security Group Management: Success (minimum)
1.3.18 Audit Policy: Account Management: User Account Management: Success (minimum)
1.8.1 Access this Computer from the Network: Users and Administrators.
1.8.2 Act as part of the Operating System: No One
1.8.6 Change the System Time: Local Service and Administrators
1.8.7 Create a Pagefile: Administrators
1.8.8 Create a Token Object: No One should have this right
1.8.10 Create Permanent Shared Objects: No one should have this right
1.8.11 Debug Programs
1.8.13 Enable Computer and User Accounts to be Trusted for Delegation: No One should have this right
1.8.14 Force Shutdown from a Remote System: Administrators
1.8.15 Impersonate a Client After Authentication: Administrators, Service, Local Service and Network Service
1.8.16 Increase Scheduling Priority: Administrators
1.8.17 Load and Unload Device Drivers
1.8.18 Lock Pages in Memory: No One should have this user right
1.8.19 Manage Auditing and Security Log: Administrators
1.8.20 Modify Firmware Environment Values: Administrators
1.8.21 Modify an Object Label: No one should have this right
1.8.22 Perform Volume Maintenance Tasks: Administrators
1.8.24 Profile System Performance: Administrators and NT SERVICE\WdiServiceHost or wdiservicehost
1.8.25 Remove Computer from Docking Station: Administrators and Users
1.8.27 Shutdown the System: Administrators and Users
1.8.28 Allow Log on Locally: Administrators and Users
1.8.30 Create Symbolic Links: Administrators
1.8.33 Generate Security Audits: Local Service and Network Service
1.8.38 Take Ownership of Files or Other Objects: Administrators
1.8.39 Access Credential Manager as a Trusted Caller: No One
1.9.1 Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers: NTLM2 session security, Require 128-bit encryption
1.9.3 Accounts: Rename administrator account: Not equal to Administrator or Admin
1.9.6 Accounts: Guest account status: Disabled
1.9.7 Network access: Allow anonymous SID/Name translation: Disabled
1.9.8 Accounts: Limit local account use of blank passwords to console logon only: Enabled
1.9.9 Devices: Allowed to format and eject removable media: Administrators and Interactive Users
1.9.10 Devices: Prevent users from installing printer drivers: Enabled
1.9.13 Domain member: Digitally encrypt or sign secure channel data (always): Enabled
1.9.14 Domain member: Digitally encrypt secure channel data (when possible): Enabled
1.9.15 Domain member: Digitally sign secure channel data (when possible): Enabled
1.9.16 Domain member: Disable machine account password changes: Disabled
1.9.17 Domain member: Maximum machine account password age: Maximum of 30 days
1.9.18 Domain member: Require strong (Windows 2000 or later) session key: Enabled
1.9.19 Interactive logon: Do not display last user name: Enabled
1.9.20 Interactive logon: Number of previous logons to cache (in case domain controller is not available): 2 logons
1.9.21 Interactive logon: Prompt user to change password before expiration: 14 days
1.9.22 Interactive logon: Require Domain Controller authentication to unlock workstation: Enabled
1.9.23 Interactive logon: Smart card removal behavior: Lock Workstation
1.9.27 Microsoft network client: Digitally sign communications (always): Enabled
1.9.28 Microsoft network client: Digitally sign communications (if server agrees): Enabled
1.9.29 Microsoft network client: Send unencrypted password to third-party SMB servers: Disabled
1.9.30 Microsoft network server: Amount of idle time required before suspending session: Maximum of 15 minutes
1.9.31 Microsoft network server: Digitally sign communications (always): Enabled
1.9.32 Microsoft network server: Digitally sign communications (if client agrees): Enabled
1.9.33 Microsoft network server: Disconnect clients when logon hours expire: Enabled
1.9.35 MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended): Disabled
1.9.44 MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended): Enabled
1.9.45 MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires: 0 Seconds
1.9.48 Network access: Do not allow anonymous enumeration of SAM accounts: Enabled
1.9.49 Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled
1.9.50 Network access: Let Everyone permissions apply to anonymous users: Disabled
1.9.55 Network access: Sharing and security model for local accounts: Classic - local users authenticate as themselves
1.9.56 Network security: Do not store LAN Manager hash value on next password change: Enabled
1.9.57 Network security: LAN Manager authentication level: Send NTLMv2 response only and Refuse LM
1.9.58 Network security: LDAP client signing requirements: Negotiate signing
1.9.59 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients: Require NTLMv2 session security, Require 128 - bit encryption.
1.9.60 Recovery console: Allow automatic administrative logon: Disabled
1.9.65 System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links): Enabled
1.9.73 Interactive logon: Do not require CTRL+ALT+DEL: Disabled
1.13.1 Do not preserve zone information in file attachments: Disabled
1.13.10 Enable screen saver = Enabled
Compliance 'INFO', 'WARNING', 'ERROR'
1.4.1 Application: Maximum Log Size (KB): 32 MB
1.4.2 Application: Retain Old Events: Disabled (overwrite old events)
1.4.3 Security: Maximum Log Size (KB): 80 MB
1.4.4 Security: Retain Old Events: Disabled (overwrite old events)
1.4.5 System: Maximum Log Size (KB): 32 MB
1.4.6 System: Retain Old Events: Disabled (overwrite old events)
1.5.1 Windows Firewall: Domain: Firewall State: Enabled
1.5.2 Windows Firewall: Domain: Inbound Connections: Block
1.5.3 Windows Firewall: Domain: Display a Notification: Yes: Display a notification.
1.5.4 Windows Firewall: Domain: Allow Unicast Response: No (do not allow unicast response).
1.5.7 Windows Firewall: Private: Firewall State: On
1.5.8 Windows Firewall: Private: Inbound Connections: Block Inbound Connections
1.5.9 Windows Firewall: Private: Display a Notification: Yes: Display a notification.
1.5.10 Windows Firewall: Private: Allow Unicast Response: No (do not allow unicast response)
1.5.13 Windows Firewall: Public: Firewall State: On
1.5.14 Windows Firewall: Public: Inbound Connections: Block inbound connections
1.5.15 Windows Firewall: Public: Display a Notification: No
1.5.16 Windows Firewall: Public: Allow Unicast Response: No (disallow unicast response)
1.5.17 Windows Firewall: Public: Apply Local Firewall Rules: No
1.5.18 Windows Firewall: Public: Apply Local Connection Security Rules: No
1.6.1 Configure Automatic Updates - 'AUOptions = 3'
1.6.1 Configure Automatic Updates - 'NoAutoUpdate = 0'
1.6.2 Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box: Disabled
1.6.3 No auto-restart with logged on users for scheduled automatic updates installations: Disabled
1.6.4 Reschedule Automatic Updates Scheduled Installations: Enabled
1.9.66 System cryptography: Force strong key protection for user keys stored on the computer: Prompt the User each time a key is first used
1.9.72 Network security: Allow PKU2U authentication requests to this computer to use online identities: Disabled
1.10.1 Always prompt client for password upon connection: Enabled
1.10.2 Set client connection encryption level: Enabled to High Level
1.10.5 Do not allow passwords to be saved: Enabled
1.11.1 Turn off downloading of print drivers over HTTP: Enabled
1.11.2 Turn off the 'Publish to Web' task for files and folders: Enabled
1.11.3 Turn off Internet download for Web publishing and online ordering wizards: Enabled
1.11.4 Turn off printing over HTTP: Enabled
1.11.5 Turn off Search Companion content file updates: Enabled
1.11.6 Turn off the Windows Messenger Customer Experience Improvement Program: Enabled
1.12.1 Require a Password When a Computer Wakes (On Battery): Enabled
1.12.2 Require a Password When a Computer Wakes (Plugged In): Enabled
1.12.4 Turn off Data Execution Prevention for Explorer: Disabled
1.12.10 Restrictions for Unauthenticated RPC Clients: Enabled and Authenticated.
1.12.12 Turn off Autoplay: Enabled for all drives
1.12.15 Prevent the computer from joining a homegroup: Enabled
1.13.2 Hide mechanisms to remove zone information: Enabled
1.13.3 Notify antivirus programs when opening attachments: Enabled

Compliance 'FAILED'

[-] Collapse All
[+] Expand All

1.1.1 Enforce Password History: 24 passwords

Info

Ensure a control is set up to prevent a password from being reused by an end user.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[24..4294967295]

Hosts

192.168.1.243 0

1.1.3 Minimum Password Age: 1 day

Info

Ensure a control is set up that defines a limit on the number of days a password must be used before it can be changed This will help against brute force attacks. Brute force attacks walk through all of the possible character combinations until a match is found.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[1..4294967295]

Hosts

192.168.1.243 0

1.1.4 Minimum Password Length: 8 characters

Info

Brute force attacks walk through all the possible character combinations. Password length with seven or fewer characters are quickly identified and a 8 character length password can be broken into two 4 character passwords. The more characters the harder it will be to crack because the attacker will have to keep breaking the password down into sections.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[8..4294967295]

Hosts

192.168.1.243 0

1.1.5 Password Must Meet Complexity Requirements: Enabled

Info

This control determines if new passwords are required to satisfy a certain level of complexity. If enabled then new passwords must be longer than 6 characters, are not derived from the user's user name and or real name. Also, the new password must contain characters from at least three distinct character classes (uppercase, lowercase, integer, non-alphanumeric).

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"enabled"

Hosts

192.168.1.243 "disabled"

1.3.1 Audit Policy: System: IPsec Driver: Success and Failure

Info

This control determines if Internet Protocol security (IPsec) auditing is enabled.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.2 Audit Policy: System: Security State Change: Success and Failure

Info

This control determines if auditing for system state changes is enabled.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success, failure"

Hosts

192.168.1.243 "success"

1.3.3 Audit Policy: System: Security System Extension: Success and Failure

Info

This control determines if auditing is enabled for the loading of extension code.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.11 Audit Policy: Detailed Tracking: Process Creation: Success (minimum).

Info

This control determines the level of auditing for when a process is created and the name of the program which created it.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.12 Audit Policy: Policy Change: Audit Policy Change: Success and Failure.

Info

This control determines the level of auditing enabled for when a change in audit policy occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success, failure"

Hosts

192.168.1.243 "success"

1.3.14 Audit Policy: Account Management: Computer Account Management: Success (minimum)

Info

This control determines the level of auditing enabled for when a computer account management event occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.16 Audit Policy: Account Management: Other Account Management Events: Success (minimum)

Info

This control determines the level of auditing enabled for when an account management event occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.19 Audit Policy: Account Logon: Credential Validation: Success (minimum)

Info

This control determines if auditing is enabled to report the results of validation tests on credentials submitted by users account logon request.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.7.6 User Account Control: Run all administrators in Admin Approval Mode: Enabled

Info

This control is the UAC on/off switch and defines whether users and administrators are prompted when they attempt to perform administrative operations. Current_Value = Disabled. Re-enable this setting to check the behavior of the UAC.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 The following AND condition has failed:
{
1.7.6 User Account Control: Run all administrators in Admin Approval Mode: Enabled:
Remote value: 0
Policy value: 1
}

1.8.12 Deny Access to this Computer from the Network: Guests

Info

This control determines who is not permitted to connect to the local computer from the network.
Update {GUEST_ACCT} with the appropriate value for the local environment

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"{guest_acct}"

Hosts

192.168.1.243 "guests"

1.8.26 Replace a Process Level Token: Network Service and Network Service

Info

This control determines if a process is allowed to start another service or process with a different security access token.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"local service" && "network service"

Hosts

192.168.1.243 "sqlserver2005mssqluser$win-52nmlk4ofs8$sqlexpress" && "network service" && "local service"

1.8.31 Deny Log on Locally: Guests

Info

This control determines if a user is prevented from logging onto the system locally.
Update {GUEST_ACCT} with the appropriate value for the local environment

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"{guest_acct}"

Hosts

192.168.1.243 "guests" && "homegroupuser$"

1.9.4 Accounts: Rename guest account: Not equal to guest

Info

This control recommends choosing a name for the built-in local guess account that is different from the default.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"guest"

Hosts

192.168.1.243 "Guest"

1.9.24 Interactive logon: Message text for users attempting to log on: Configure to your organization's security policy

Info

This control defines the text message displayed when a user logs into the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 ""

1.9.25 Interactive logon: Message title for users attempting to log on: Configured to your organization's security policy.

Info

This control defines the text that appears in the title bar of the windows the user sees when they are logging into the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 ""

1.9.40 MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic: Multicast, broadcast, and ISAKMP are exempt

Info

This control defines whether IPsec exemptions could be configured for various type of network traffic such as Internet Key Exchange (IKE) and Kerberos authentication protocol.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

3

Hosts

192.168.1.243 1

1.9.41 MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers: Enabled

Info

This control defines whether a computer disregards NetBIOS name release requests except those from WINS server in the SCE.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 NULL

1.9.47 MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning: 90%

Info

This control defines whether an entry is added to the Security event log when the log reaches a user-defined threshold.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..90]

Hosts

192.168.1.243 NULL

1.12.7 Registry policy processing

Info

This control defines when and how registry policies are updated. Current_Setting: This check is Enabled but 'Process even if the GPO is not changed' is not enabled.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 The following AND condition has failed:
{
1.12.7 Registry policy processing (NoBackgroundPolicy):
REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND
}

1.13.7 Password protect the screen saver = Enabled

Info

This control enforces password protection on the system when screen saver is enabled.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 NULL

1.13.8 Force specific screen saver = scrnsave.scr

Info

This control defines which screen saver will run on the computer for all profiles.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"scrnsave.scr"

Hosts

192.168.1.243 ""

1.13.9 Screen Saver timeout = at most 900 seconds

Info

This control defines the timeout setting for screen saver.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..900]

Hosts

192.168.1.243 NULL

Compliance 'SKIPPED'

[-] Collapse All
[+] Expand All

Compliance 'PASSED'

[-] Collapse All
[+] Expand All

1.1.2 Maximum Password Age: 90 minutes

Info

Ensure a control is set up that defines a limit on the number of days a password is valid before it expires. This will help against brute force attacks. Brute force attacks walk through all of the possible character combinations until a match is found.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..90]

Hosts

192.168.1.243 0

1.1.6 Store Passwords Using Reversible Encryption: Disabled

Info

Ensure user credentials are stored in a hashed format.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"disabled"

Hosts

192.168.1.243 "disabled"

1.1.7 Account Lockout Duration: 15 minutes (minimum)

Info

Ensure a control is defined that enforces a minimum number of minutes a user must wait before a locked account is unlocked. If this is set to 0 minutes then the account will remain locked until an administrator manually unlocks the account.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[15..4294967295]

Hosts

192.168.1.243 30

1.1.8 Account Lockout Threshold: maximum of 50 attempts

Info

Ensure a control is defined that enforces the number of failed logon attempts before locking a users account.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..50]

Hosts

192.168.1.243 0

1.1.9 Reset Account Lockout Counter After: 15 minutes (minimum)

Info

Ensure a control is defined that counts the number of invalid attempts until the lockout threshold is reached, or the counter is reset.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[15..4294967295]

Hosts

192.168.1.243 30

1.2.10 Audit: Shut Down System Immediately if Unable to Log Security Audits: Disabled

Info

This control will shut down the system if the system is unable to generate logs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"disabled"

Hosts

192.168.1.243 "disabled"

1.2.11 Audit: Force Audit Policy Subcategory Settings (Windows Vista or Later) to Override Audit Policy Category Settings: Enabled

Info

This setting causes Windows to recognize audit subcategories over legacy audit policies. Current_Value = Enabled. Windows is currently using Audit Policy Subcategory settings over Legacy Audit Policy settings (recommended)

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243

1.3.4 Audit Policy: System: Security Integrity: Success and Failure

Info

This control determines if auditing is enabled for violations against the integrity of the security subsystem.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success, failure"

Hosts

192.168.1.243 "success, failure"

1.3.5 Audit Policy: Logon-Logoff: Logoff: Success (minimum).

Info

This control determines if auditing is enabled for when a user logs off of the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.3.6 Audit Policy: Logon-Logoff: Logon: Success (minimum).

Info

This control determines if auditing is enabled for when a user attempts to log on to the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.3.7 Audit Policy: Logon-Logoff: Special Logon: Success (minimum).

Info

This control determines if auditing is enabled for when a special logon is used.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.3.8 Audit Policy: Object Access: File System: No Auditing or Failure or Success or Success and Failure.

Info

This control determines the level of auditing that is set for when file objects are accessed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"no auditing" || "failure" || "success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.9 Audit Policy: Object Access: Registry: No Auditing or Failure or Success or Success and Failure.

Info

This control determines the level of auditing that is set for when registry objects are accessed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"no auditing" || "failure" || "success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.10 Audit Policy: Privilege Use: Sensitive Privilege Use: No Auditing or Failure or Success or Success and Failure.

Info

This control determines the level of auditing for when a user account or service uses sensitive privilege.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"no auditing" || "failure" || "success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.13 Audit Policy: Policy Change: Authentication Policy Change: Success (minimum)

Info

This control determines the level of auditing enabled for when a change in authentication policy occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.3.15 Audit Policy: Account Management: Distribution Group Management: No Auditing or Failure or Success or Success and Failure.

Info

This control determines the level of auditing enabled for when a distribution group management event occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"no auditing" || "failure" || "success" || "success, failure"

Hosts

192.168.1.243 "no auditing"

1.3.17 Audit Policy: Account Management: Security Group Management: Success (minimum)

Info

This control determines the level of auditing enabled for when a security group management event occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.3.18 Audit Policy: Account Management: User Account Management: Success (minimum)

Info

This control determines the level of auditing enabled for when a user account management event occurs.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"success" || "success, failure"

Hosts

192.168.1.243 "success"

1.8.1 Access this Computer from the Network: Users and Administrators.

Info

This control determines which users on the network are allowed to connect to this computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"users" && "administrators"

Hosts

192.168.1.243 "users" && "administrators"

1.8.2 Act as part of the Operating System: No One

Info

This control determines if a process is allowed to assume the identity of any other user.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.6 Change the System Time: Local Service and Administrators

Info

This control determines who is allowed to change the time and date of the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"local service" && "administrators"

Hosts

192.168.1.243 "administrators" && "local service"

1.8.7 Create a Pagefile: Administrators

Info

When most or all of the physical memory is used by active processes, the pages of physical memory that daemon processes are using is then written to a secure location on the hard drive. This will free up more physical memory for active processes. This control determines who is allowed to modify the size of a pagefile.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.8 Create a Token Object: No One should have this right

Info

This control determines the ability to alter the access token object for any process or logged on user.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.10 Create Permanent Shared Objects: No one should have this right

Info

This control determines who is allowed to create new shared objects.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.11 Debug Programs

Info

This control determines who is allowed to attach a debugger to any process or the kernel.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.13 Enable Computer and User Accounts to be Trusted for Delegation: No One should have this right

Info

This control determines if a user account is allowed to change the Trusted for Delegation setting on a computer object in AD.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.14 Force Shutdown from a Remote System: Administrators

Info

This control determines if a user account is allowed to remotely shutdown a computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.15 Impersonate a Client After Authentication: Administrators, Service, Local Service and Network Service

Info

This control determines if a service or application that executes under a given account is allowed to impersonate the account of a connecting client after the client has authenticated to the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators" && "service" && "local service" && "network service"

Hosts

192.168.1.243 "service" && "administrators" && "network service" && "local service"

1.8.16 Increase Scheduling Priority: Administrators

Info

This control determines if a user is allowed to change the base priority class for a process.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.17 Load and Unload Device Drivers

Info

This control determines if a user account is allowed to dynamically load a new device driver on the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.18 Lock Pages in Memory: No One should have this user right

Info

This control determines if a process is allowed to keep data in physical memory.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.19 Manage Auditing and Security Log: Administrators

Info

This control determines if a user is allowed to change auditing options for files and directories and clear the Security log.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.20 Modify Firmware Environment Values: Administrators

Info

This control determines if a user is allowed to configure the system-wide environment variables that affect hardware configuration.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.21 Modify an Object Label: No one should have this right

Info

This control determines if a user is allowed to modify the integrity label of objects that are owned by other users.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.8.22 Perform Volume Maintenance Tasks: Administrators

Info

This control determines if a user is allowed to manage the system's volume or disk configuration.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.24 Profile System Performance: Administrators and NT SERVICE\WdiServiceHost or wdiservicehost

Info

This control determines if a user is allowed to use tools to view the performance of system process.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators" && ("nt service\wdiservicehost" || "wdiservicehost")

Hosts

192.168.1.243 "wdiservicehost" && "administrators"

1.8.25 Remove Computer from Docking Station: Administrators and Users

Info

This control determines if a user is allowed to click the Eject PC on the Start menu to undock the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators" && "users"

Hosts

192.168.1.243 "users" && "administrators"

1.8.27 Shutdown the System: Administrators and Users

Info

This control determines if a user is allowed to shutdown the operating system when someone is logged into the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators" && "users"

Hosts

192.168.1.243 "users" && "administrators"

1.8.28 Allow Log on Locally: Administrators and Users

Info

This control determines if a user is allowed to interactively logon to computers in another user's environment.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators" && "users"

Hosts

192.168.1.243 "users" && "administrators"

1.8.30 Create Symbolic Links: Administrators

Info

This control determines if a user is allowed to create symbolic links on the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.33 Generate Security Audits: Local Service and Network Service

Info

This control determines if a user is allowed to produce audit records in the Security Log.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"local service" && "network service"

Hosts

192.168.1.243 "network service" && "local service"

1.8.38 Take Ownership of Files or Other Objects: Administrators

Info

This control determines if a user is allowed to take ownership of files, folders, registry keys, processes, or threads.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrators"

Hosts

192.168.1.243 "administrators"

1.8.39 Access Credential Manager as a Trusted Caller: No One

Info

This control determines if a user is allowed to access user credentials through the Credential Manager.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

""

Hosts

192.168.1.243 NULL

1.9.1 Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers: NTLM2 session security, Require 128-bit encryption

Info

This control determines the minimum security requirements for establishing sessions with NTLM SSP servers.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

537395200

Hosts

192.168.1.243 537395200

1.9.3 Accounts: Rename administrator account: Not equal to Administrator or Admin

Info

This control recommends choosing a name for the built-in local administrator account that is different from the default. See 1.9.7. The default name of 'Administrator' on the highest level account should be changed; not renaming the account may provide an attacker the ability to guess the account information, as knowing only half of the account information is required to access a system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"administrator" || "admin"

Hosts

192.168.1.243 "Administrator"

1.9.6 Accounts: Guest account status: Disabled

Info

The Guest account can provide some regulation to unauthenticated users.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"disabled"

Hosts

192.168.1.243 "disabled"

1.9.7 Network access: Allow anonymous SID/Name translation: Disabled

Info

This control defines whether an anonymous user is allowed to request security identifier (SID) for another user or use an SID to retrieve the corresponding user name. See 1.9.3. Built-in user accounts, such as 'Administrator', should be renamed to prevent an attacker from being able to guess through the use of anonymous SID/name translation.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"disabled"

Hosts

192.168.1.243 "disabled"

1.9.8 Accounts: Limit local account use of blank passwords to console logon only: Enabled

Info

Windows divides computer logons into two main types: console or local logons and remote logons.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.9 Devices: Allowed to format and eject removable media: Administrators and Interactive Users

Info

This control governs the type of users that have authority to remove NTFS formatted media from the computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

2

Hosts

192.168.1.243 2

1.9.10 Devices: Prevent users from installing printer drivers: Enabled

Info

Users typically need the ability to install and configure their own printers. However, printer driver installation loads code directly into the privileged space of the operating system kernel.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.13 Domain member: Digitally encrypt or sign secure channel data (always): Enabled

Info

This control defines whether a signature or encryption is required for all secure channel traffic initiated by domain members.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.14 Domain member: Digitally encrypt secure channel data (when possible): Enabled

Info

This control defines whether a system will try to negotiate encryption for all secure channel traffic initiated by domain members.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.15 Domain member: Digitally sign secure channel data (when possible): Enabled

Info

This control defines whether a system will try to negotiate digital signatures for all secure channel traffic initiated by domain members.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.16 Domain member: Disable machine account password changes: Disabled

Info

This control defines whether a domain member can periodically change its computer account password.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.17 Domain member: Maximum machine account password age: Maximum of 30 days

Info

This control defines how many days a domain member can use the same password before it expires.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..30]

Hosts

192.168.1.243 30

1.9.18 Domain member: Require strong (Windows 2000 or later) session key: Enabled

Info

This control defines whether secure channel communication requires a strong (128-bit) session key.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.19 Interactive logon: Do not display last user name: Enabled

Info

Anyone attempting to log into a computer may see the name of the last valid user who logged on to that system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.20 Interactive logon: Number of previous logons to cache (in case domain controller is not available): 2 logons

Info

This control defines whether a user can log on to a Windows domain using cached account information.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

2

Hosts

192.168.1.243 2

1.9.21 Interactive logon: Prompt user to change password before expiration: 14 days

Info

This control defines how many days in advance a user is notified before their password must be changed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

14

Hosts

192.168.1.243 14

1.9.22 Interactive logon: Require Domain Controller authentication to unlock workstation: Enabled

Info

This control defines whether a user is requires Domain Controller authentication to unlock a computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.23 Interactive logon: Smart card removal behavior: Lock Workstation

Info

This control defines what happens when the smart card for a logged on user is removed from the smart card reader.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

"1"

Hosts

192.168.1.243 "1"

1.9.27 Microsoft network client: Digitally sign communications (always): Enabled

Info

This control defines whether packet signing is required by the SMB client component.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.28 Microsoft network client: Digitally sign communications (if server agrees): Enabled

Info

This control defines whether the SMB client will attempt to negotiate SMB packet signing.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.29 Microsoft network client: Send unencrypted password to third-party SMB servers: Disabled

Info

This control defines whether a server can transmit passwords in plaintext across the network to other computers that offer SMB services.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.30 Microsoft network server: Amount of idle time required before suspending session: Maximum of 15 minutes

Info

This control defines the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

[0..15]

Hosts

192.168.1.243 15

1.9.31 Microsoft network server: Digitally sign communications (always): Enabled

Info

This control determines if the server side SMB service is required to perform SMB packet signing.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.32 Microsoft network server: Digitally sign communications (if client agrees): Enabled

Info

This control defines whether a server side SMB service will sign SMB packets for a client connection.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.33 Microsoft network server: Disconnect clients when logon hours expire: Enabled

Info

This control defines whether to disconnect a session when the user's valid logon hours expire.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.35 MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended): Disabled

Info

This control defines whether a user with physical access to a computer is able to automatically log on.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.44 MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended): Enabled

Info

This control defines whether an application is forced to begin its DLL search in the system path before searching the current working folder.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.45 MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires: 0 Seconds

Info

This control defines how many seconds between when the screen saver is launched and when the computer console is actually locked.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.48 Network access: Do not allow anonymous enumeration of SAM accounts: Enabled

Info

This control defines whether an anonymous user is allowed to enumerate the accounts in the Security Accounts Manager (SAM).

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.49 Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled

Info

This control defines whether an anonymous user is allowed to enumerate the accounts and shares in the Security Accounts Manager (SAM).

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.50 Network access: Let Everyone permissions apply to anonymous users: Disabled

Info

This control defines what additional permissions are assigned for anonymous connections to the computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.55 Network access: Sharing and security model for local accounts: Classic - local users authenticate as themselves

Info

This control defines how network logons that use local accounts are authenticated.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.56 Network security: Do not store LAN Manager hash value on next password change: Enabled

Info

This control defines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.57 Network security: LAN Manager authentication level: Send NTLMv2 response only and Refuse LM

Info

This control defines LAN Manager authentication level.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

4

Hosts

192.168.1.243 4

1.9.58 Network security: LDAP client signing requirements: Negotiate signing

Info

This control defines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.59 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients: Require NTLMv2 session security, Require 128 - bit encryption.

Info

This control allows a client computer to require the negotiation of message confidentiality (encryption), message integrity, 128-bit encryption, or NTLMv2 session security.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

537395200

Hosts

192.168.1.243 537395200

1.9.60 Recovery console: Allow automatic administrative logon: Disabled

Info

This control defines whether the administrator account is automatically logged on to the recovery console.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.9.65 System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links): Enabled

Info

This control defines the strength of the default discretionary access control list (DACL) to help secure shared objects on the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

1

Hosts

192.168.1.243 1

1.9.73 Interactive logon: Do not require CTRL+ALT+DEL: Disabled

Info

This control defines whether a user must press CTRL+ALT+DEL before they log on.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

0

Hosts

192.168.1.243 0

1.13.1 Do not preserve zone information in file attachments: Disabled

Info

This control defines whether the zone of origin of the file attachments is preserved.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Policy Value

2

Hosts

192.168.1.243 NULL

1.13.10 Enable screen saver = Enabled

Info

This control defines whether a user is allowed to run screen savers or not. Current_Value = Disabled Screen Saver must be enabled in order to help protect against unauthorized access to the console. When this is re-enabled checks regarding the screen saver's behavior will execute.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243

Compliance 'INFO', 'WARNING', 'ERROR'

[-] Collapse All
[+] Expand All

1.4.1 Application: Maximum Log Size (KB): 32 MB

Info

This control determines the maximum size for the Application log file in kilobytes.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.4.2 Application: Retain Old Events: Disabled (overwrite old events)

Info

This control determines the Event Log behavior when the Application log file reaches its max size. If this is disabled then older events will be overwritten by new events.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.4.3 Security: Maximum Log Size (KB): 80 MB

Info

This control determines the maximum size for the Security log file in kilobytes.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.4.4 Security: Retain Old Events: Disabled (overwrite old events)

Info

This control determines the Event Log behavior when the Security log file reaches its max size. If this is disabled then older events will be overwritten by new events.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.4.5 System: Maximum Log Size (KB): 32 MB

Info

This control determines the maximum size for the System log file in kilobytes.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.4.6 System: Retain Old Events: Disabled (overwrite old events)

Info

This control determines the Event Log behavior when the System log file reaches its max size. If this is disabled then older events will be overwritten by new events.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.1 Windows Firewall: Domain: Firewall State: Enabled

Info

This control determines if the settings for this profile will be used by the Windows Firewall.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.2 Windows Firewall: Domain: Inbound Connections: Block

Info

This control determines if inbound connections are blocked or allowed for this profile.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.3 Windows Firewall: Domain: Display a Notification: Yes: Display a notification.

Info

This control determines if Windows Firewall will display when a program is blocked from receiving inbound connections.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.4 Windows Firewall: Domain: Allow Unicast Response: No (do not allow unicast response).

Info

This control determines if Windows Firewall will allow unicast responses to the local computer's outgoing multicast or broadcast messages to be received or blocked.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.7 Windows Firewall: Private: Firewall State: On

Info

This control determines if the Windows Firewall will utilize the settings for this profile to filter network traffic.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.8 Windows Firewall: Private: Inbound Connections: Block Inbound Connections

Info

This control determines if inbound connections are blocked or allowed for this profile.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.9 Windows Firewall: Private: Display a Notification: Yes: Display a notification.

Info

This control determines if Windows Firewall will display when a program is blocked from receiving inbound connections.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.10 Windows Firewall: Private: Allow Unicast Response: No (do not allow unicast response)

Info

This control determines if Windows Firewall will allow unicast responses to the local computer's outgoing multicast or broadcast messages to be received or blocked.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.13 Windows Firewall: Public: Firewall State: On

Info

This control determines if the Windows Firewall will utilize the settings for this profile to filter network traffic.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.14 Windows Firewall: Public: Inbound Connections: Block inbound connections

Info

This control determines if inbound connections are blocked or allowed for this profile.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.15 Windows Firewall: Public: Display a Notification: No

Info

This control determines if Windows Firewall will display when a program is blocked from receiving inbound connections.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.16 Windows Firewall: Public: Allow Unicast Response: No (disallow unicast response)

Info

This control determines if Windows Firewall will allow unicast responses to the local computer's outgoing multicast or broadcast messages to be received or blocked.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.17 Windows Firewall: Public: Apply Local Firewall Rules: No

Info

This control determines if the local administrator is allowed to create local firewall rules.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.5.18 Windows Firewall: Public: Apply Local Connection Security Rules: No

Info

This control determines if the local administrator is allowed to create local connection security rules.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.6.1 Configure Automatic Updates - 'AUOptions = 3'

Info

This control determines if Windows is configured for security updates from Windows Update or WSUS.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.6.1 Configure Automatic Updates - 'NoAutoUpdate = 0'

Info

This control determines if Windows is configured for security updates from Windows Update or WSUS.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.6.2 Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box: Disabled

Info

This control determines if Windows is configured to display the Shut Down Windows dialog box when updates are installed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.6.3 No auto-restart with logged on users for scheduled automatic updates installations: Disabled

Info

This control determines if Automatic Updates will wait to restart when a user is logged onto the system.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.6.4 Reschedule Automatic Updates Scheduled Installations: Enabled

Info

This control determines if delay automatic updates installations is set which would occur on computer startup.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.9.66 System cryptography: Force strong key protection for user keys stored on the computer: Prompt the User each time a key is first used

Info

This control defines whether a user's private key requires a password to be used.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_QUERY_VALUE: an error happened while querying the value

Windows error code: ERROR_FILE_NOT_FOUND

1.9.72 Network security: Allow PKU2U authentication requests to this computer to use online identities: Disabled

Info

This control determine if PKU2U authentication requests utilizing online (Windows Live) identities will be successfully authenticated against this computer.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.10.1 Always prompt client for password upon connection: Enabled

Info

This control defines whether Terminal Services or Remote Desktop will prompt for a password even if it was already provided in the Remote Desktop Connection client.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_QUERY_VALUE: an error happened while querying the value

Windows error code: ERROR_FILE_NOT_FOUND

1.10.2 Set client connection encryption level: Enabled to High Level

Info

This control defines whether the computer that hosts a remote connection will enforce an encryption level for the connection.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_QUERY_VALUE: an error happened while querying the value

Windows error code: ERROR_FILE_NOT_FOUND

1.10.5 Do not allow passwords to be saved: Enabled

Info

This control defines whether the Terminal Services client will save passwords.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_QUERY_VALUE: an error happened while querying the value

Windows error code: ERROR_FILE_NOT_FOUND

1.11.1 Turn off downloading of print drivers over HTTP: Enabled

Info

This control defines whether the computer can download print driver packages over HTTP.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.11.2 Turn off the 'Publish to Web' task for files and folders: Enabled

Info

This control defines whether to make the tasks for publishing files, folders and selected items to web available from File and Folder Tasks in Window folders.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.11.3 Turn off Internet download for Web publishing and online ordering wizards: Enabled

Info

This control defines whether Windows will download a list of providers for the Web publishing and online ordering wizards.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.11.4 Turn off printing over HTTP: Enabled

Info

This control defines whether a client computer is allowed to print over HTTP.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.11.5 Turn off Search Companion content file updates: Enabled

Info

This control defines whether Search Companion should automatically download content updates during local and Internet searches.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.11.6 Turn off the Windows Messenger Customer Experience Improvement Program: Enabled

Info

This control defines whether Windows Messenger will collect and send anonymous information on Windows Messenger usage.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.1 Require a Password When a Computer Wakes (On Battery): Enabled

Info

This control determines if Windows requires a password after it resumes from sleep.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.2 Require a Password When a Computer Wakes (Plugged In): Enabled

Info

This control determines if Windows requires a password after it resumes from sleep.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.4 Turn off Data Execution Prevention for Explorer: Disabled

Info

This control defines whether Data Execute Prevention (DEP) is enabled or disabled for the explorer process.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.10 Restrictions for Unauthenticated RPC Clients: Enabled and Authenticated.

Info

This control defines the RPC Runtime on an RPC server to restrict unauthenticated RPC clients from connecting to the RPC server.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.12 Turn off Autoplay: Enabled for all drives

Info

This control defines whether autoplay is allowed.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.12.15 Prevent the computer from joining a homegroup: Enabled

Info

This control prevents the computer from joining a homegroup.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.13.2 Hide mechanisms to remove zone information: Enabled

Info

This control defines whether a user is allowed to remove the zone information from saved file attachments.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND

1.13.3 Notify antivirus programs when opening attachments: Enabled

Info

This control defines whether antivirus program to be notified when opening attachments.

Audit File

CIS_MS_Windows_7_Enterprise_Desktop_v1.2.0.audit

Hosts

192.168.1.243 REG_ERROR_OPEN_KEY: an error happened while opening the key

Windows error code: ERROR_FILE_NOT_FOUND