UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Windows 7 Security Technical Implementation Guide


Overview

Date Finding Count (324)
2016-06-08 CAT I (High): 35 CAT II (Med): 225 CAT III (Low): 64
STIG Description
The Windows 7 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements were developed from DoD consensus, as well as the Windows 7 Security Guide and security templates published by Microsoft Corporation. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-1074 High An approved, up-to-date, DoD antivirus program must be installed and used.
V-1073 High Systems must be at supported service pack (SP) or release levels.
V-34974 High The Windows Installer Always install with elevated privileges must be disabled.
V-39137 High The Enhanced Mitigation Experience Toolkit (EMET) v5.5 or later must be installed on the system.
V-26479 High Unauthorized accounts must not have the Create a token object user right.
V-3337 High Anonymous SID/Name translation must not be allowed.
V-1081 High Local volumes must be formatted using NTFS.
V-6834 High Named pipes and shares can be accessed anonymously.
V-1159 High The Recovery Console option is set to permit automatic logon to the system.
V-1152 High Anonymous access to the registry must be restricted.
V-1153 High The Lan Manager authentication level must be set to send NTLMv2 response only, and to refuse LM and NTLM.
V-2374 High The system is configured to autoplay removable media.
V-32282 High Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key.
V-1093 High Anonymous enumeration of shares must be restricted.
V-1140 High Users with administrative privilege must be documented and have separate accounts for administrative duties and normal operational tasks.
V-26283 High Anonymous enumeration of SAM accounts will not be allowed.
V-2908 High Unencrypted remote access to system services must not be permitted.
V-36451 High Policy must require that administrative user accounts not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.
V-1127 High Only administrators responsible for the system must have Administrator rights on the system.
V-3339 High Unauthorized remotely accessible registry paths must not be configured.
V-7002 High DoD information system access does not require the use of a password.
V-22692 High The default autorun behavior must be configured to prevent autorun commands.
V-18010 High Unauthorized accounts must not have the Debug programs user right.
V-26070 High Standard user accounts must only have Read permissions to the Winlogon registry key.
V-68847 High Structured Exception Handling Overwrite Protection (SEHOP) must be turned on.
V-68843 High Data Execution Prevention (DEP) must be configured to at least OptOut.
V-36664 High The system must not use removable media as the boot loader.
V-3343 High Solicited Remote Assistance is allowed.
V-3340 High Unauthorized shares can be accessed anonymously.
V-3347 High Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
V-3379 High The system is configured to store the LAN Manager hash of the password in the SAM.
V-3344 High The use of local accounts with blank passwords is not restricted to console logons only.
V-4443 High Unauthorized remotely accessible registry paths and sub-paths must not be configured.
V-3338 High Named pipes that can be accessed anonymously must be configured to contain no values.
V-1102 High The Act as part of the operating system user right must be granted to no accounts.
V-1077 Medium Permissions for event logs must conform to minimum requirements.
V-1072 Medium Shared user accounts must not be permitted on the system.
V-1070 Medium Physical security of the Automated Information System (AIS) does not meet DISA requirements.
V-26499 Medium Unauthorized accounts must not have the Perform volume maintenance tasks user right.
V-14259 Medium Prevent printing over HTTP.
V-26551 Medium The system will be configured to audit "System -> IPSec Driver" successes.
V-26576 Medium The IP-HTTPS IPv6 transition technology will be disabled.
V-26577 Medium The ISATAP IPv6 transition technology will be disabled.
V-26575 Medium The 6to4 IPv6 transition technology will be disabled.
V-26553 Medium The system will be configured to audit "System -> Security State Change" successes.
V-3383 Medium The system is not configured to use FIPS compliant algorithms for encryption, hashing, and signing.
V-3381 Medium The system is not configured to recommended LDAP client signing requirements.
V-3380 Medium The system must be configured to force users to log off when their allowed logon hours expire.
V-26478 Medium Unauthorized accounts must not have the Create a pagefile user right.
V-26476 Medium Unauthorized accounts must not have the Change the system time user right.
V-3469 Medium Group Policies must be refreshed in the background if the user is logged on.
V-26473 Medium Unauthorized accounts must not have the Allow log on through Remote Desktop Services user right.
V-26472 Medium Unauthorized accounts will not have the "Allow log on locally" user right.
V-26471 Medium Unauthorized accounts must not have the Adjust memory quotas for a process user right.
V-26470 Medium Unauthorized accounts must not have the Access this computer from the network user right.
V-26533 Medium The system will be configured to audit "Account Management -> Other Account Management Events" successes.
V-26547 Medium The system will be configured to audit "Policy Change -> Audit Policy Change" failures.
V-3245 Medium File share permissions must be reconfigured to remove the Everyone group.
V-15725 Medium The More Gadgets link must be disabled.
V-15724 Medium Unsigned gadgets must not be installed.
V-15727 Medium Prevent users from sharing files from within their profiles.
V-15726 Medium User-installed gadgets must be turned off.
V-15823 Medium Software certificate installation files must be removed from a system.
V-15722 Medium Prevent Windows Media Digital Rights Management (DRM) from accessing the Internet.
V-56511 Medium The Windows Error Reporting Service must be running and configured to start automatically.
V-16006 Medium The system must not have unnecessary features installed.
V-16008 Medium UAC - All application are elevated.
V-3666 Medium The system must be configured to meet the minimum session security requirement for NTLM SSP based servers.
V-26503 Medium Unauthorized accounts must not have the Replace a process level token user right.
V-26501 Medium Unauthorized accounts must not have the Profile system performance user right.
V-1089 Medium The required legal notice must be configured to display before console logon.
V-26483 Medium The Deny log on as a batch job user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.
V-1168 Medium Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.
V-26505 Medium Unauthorized accounts must not have the Shut down the system user right.
V-26504 Medium Unauthorized accounts must not have the Restore files and directories user right.
V-1164 Medium Outgoing secure channel traffic is not signed when possible.
V-1166 Medium The Windows SMB client is not enabled to perform SMB packet signing when possible.
V-1163 Medium Outgoing secure channel traffic is not encrypted when possible.
V-1162 Medium The Windows SMB server is not enabled to perform SMB packet signing when possible.
V-3470 Medium The system must be configured to prevent unsolicited remote assistance offers.
V-26469 Medium Unauthorized accounts must not have the Access Credential Manager as a trusted caller user right.
V-14240 Medium User Account Control - Run all admins in Admin Approval Mode.
V-3479 Medium The system is not configured to use Safe DLL search mode.
V-36705 Medium The Enhanced Mitigation Experience Toolkit (EMET) system-wide Data Execution Prevention (DEP) must be enabled and configured to at least Application Opt Out.
V-36706 Medium The Enhanced Mitigation Experience Toolkit (EMET) system-wide Structured Exception Handler Overwrite Protection (SEHOP) must be configured to Application Opt Out.
V-36701 Medium The Enhanced Mitigation Experience Toolkit (EMET) system-wide Address Space Layout Randomization (ASLR) must be enabled and configured to Application Opt In.
V-14256 Medium Web publishing and online ordering wizards prevented from downloading list of providers.
V-36704 Medium The Enhanced Mitigation Experience Toolkit (EMET) Default Protections for Popular Software must be enabled.
V-14242 Medium User Account Control - Non UAC compliant applications run in virtualized file and registry entries.
V-26582 Medium The System event log must be configured to a minimum size requirement.
V-26581 Medium The Setup event log must be configured to a minimum size requirement.
V-26580 Medium The Security event log size must be configured to 196608 KB or greater.
V-36702 Medium The Enhanced Mitigation Experience Toolkit (EMET) Default Protections for Internet Explorer must be enabled.
V-15697 Medium Disable the Responder network protocol driver.
V-15696 Medium Disable the Mapper I/O Driver.
V-6836 Medium For systems utilizing a logon ID as the individual identifier, passwords must be a minimum of 14 characters in length.
V-6832 Medium The Windows SMB client is not enabled to always perform SMB packet signing.
V-6833 Medium The Windows SMB server is not enabled to always perform SMB packet signing.
V-6831 Medium Outgoing secure channel traffic is not encrypted or signed.
V-14262 Medium IPv6 must be disabled until a deliberate transition strategy has been implemented.
V-14261 Medium Windows is prevented from using Windows Update to search for drivers.
V-14260 Medium Computer prevented from downloading print driver packages over HTTP.
V-1150 Medium The built-in Windows password complexity policy must be enabled.
V-1154 Medium Ctrl+Alt+Del security attention sequence is disabled.
V-3385 Medium The system must be configured to require case insensitivity for non-Windows subsystems.
V-14269 Medium Hide mechanism for removing zone information from file attachments.
V-1157 Medium The Smart Card removal option must be configured to Force Logoff or Lock Workstation.
V-1099 Medium The account lockout duration must be configured to require an administrator to unlock an account.
V-1098 Medium The period of time before the invalid logon counter is reset must be configured to at least 60 minutes.
V-2372 Medium Reversible password encryption must be disabled.
V-14254 Medium Client computers required to authenticate for RPC communication.
V-1097 Medium The system must lockout accounts after 3 invalid logon attempts within a specified time period.
V-3382 Medium The system must be configured to meet the minimum session security requirement for NTLM SSP based clients.
V-42420 Medium A host-based firewall must be installed and enabled on the system.
V-3376 Medium The system is configured to permit storage of passwords and credentials.
V-26578 Medium The Teredo IPv6 transition technology will be disabled.
V-3374 Medium The system is not configured to require a strong session key.
V-36439 Medium Local administrator accounts must have their privileged token filtered to prevent elevated privileges from being used over the network on domain systems.
V-1119 Medium Booting into alternate operating systems is permitted.
V-3378 Medium The system is not configured to use the Classic security model.
V-1171 Medium Ejection of removable NTFS media is not restricted to administrators.
V-26548 Medium The system will be configured to audit "Policy Change -> Authentication Policy Change" successes.
V-15682 Medium Attachments must be prevented from being downloaded from RSS feeds.
V-15683 Medium Shell protocol runs in protected mode.
V-1145 Medium Automatic logons must be disabled.
V-1141 Medium Unencrypted passwords must not be sent to third-party SMB Servers.
V-15685 Medium Prevent users from changing Windows installer options.
V-57473 Medium The maximum number of error reports to queue on a system must be configured to 50 or greater.
V-57471 Medium The system must be configured to add all error reports to the queue.
V-57477 Medium The system must be configured to automatically consent to send all data requested by a local or DOD-wide error collection site.
V-14271 Medium Application account passwords must meet DoD requirements for length, complexity and changes.
V-57475 Medium The system must be configured to attempt to forward queued error reports once a day.
V-57479 Medium The system must be configured to permit the default consent levels of Windows Error Reporting to override any other consent policy setting.
V-3458 Medium Remote Desktop Services idle session time limit does not meet the requirement.
V-26541 Medium The system will be configured to audit "Logon/Logoff -> Logon" successes.
V-14239 Medium User Account Control - Elevate UIAccess applications that are in secure locations.
V-3453 Medium Remote Desktop Services is not configured to always prompt a client for passwords upon connection.
V-3457 Medium Remote Desktop Services is not configured to set a time limit for disconnected sessions.
V-3456 Medium Remote Desktop Services is not configured to delete temporary folders.
V-3455 Medium Remote Desktop Services must be configured to use session-specific temporary folders.
V-3454 Medium Remote Desktop Services is not configured with the client connection encryption set to the required level.
V-14270 Medium Notify antivirus when file attachments are opened.
V-36440 Medium Inbound exceptions to the firewall on domain workstations must only allow authorized management systems and remote management hosts.
V-14248 Medium Users must be prevented from connecting using Remote Desktop Services.
V-15713 Medium Turn off Windows Defender SpyNet reporting.
V-1130 Medium Permissions for system files and directories must conform to minimum requirements.
V-26474 Medium Unauthorized accounts must not have the Back up files and directories user right.
V-15674 Medium Disable Internet File Association Service.
V-14241 Medium User Account Control - Switch to secure desktop.
V-57461 Medium The system must be configured to send error reports on TCP port 1232.
V-26538 Medium The system will be configured to audit "Account Management -> User Account Management" failures.
V-26539 Medium The system will be configured to audit "Detailed Tracking -> Process Creation" successes.
V-57465 Medium The system must be configured to store all data in the error report archive.
V-14247 Medium Terminal Services / Remote Desktop Service - Prevent password saving in the Remote Desktop Client.
V-57467 Medium The maximum number of error reports to archive on a system must be configured to 100 or greater.
V-14249 Medium Terminal Services / Remote Desktop Services - Local drives prevented from sharing with Terminal Servers/Remote Session Hosts.
V-57469 Medium The system must be configured to queue error reports until a local or DOD-wide collector is available.
V-26530 Medium The system will be configured to audit "Account Logon -> Credential Validation" failures.
V-26531 Medium The system will be configured to audit "Account Management -> Computer Account Management" successes.
V-26536 Medium The system will be configured to audit "Account Management -> Security Group Management" failures.
V-26537 Medium The system will be configured to audit "Account Management -> User Account Management" successes.
V-26534 Medium The system will be configured to audit "Account Management -> Other Account Management Events" failures.
V-26535 Medium The system will be configured to audit "Account Management -> Security Group Management" successes.
V-15666 Medium Turn off Windows Peer-to-Peer Networking Services.
V-57637 Medium The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
V-26540 Medium The system will be configured to audit "Logon/Logoff -> Logoff" successes.
V-14228 Medium Auditing Access of Global System Objects must be turned off.
V-3377 Medium The system is configured to give anonymous users Everyone rights.
V-6840 Medium System mechanisms must be implemented to enforce automatic expiration of passwords.
V-1115 Medium The built-in administrator account must be renamed.
V-14237 Medium User Account Control is configured to detect application installations.
V-1114 Medium The built-in guest account must be renamed.
V-3480 Medium Media Player must be configured to prevent automatic checking for updates.
V-14243 Medium Require username and password to elevate a running application.
V-26529 Medium The system will be configured to audit "Account Logon -> Credential Validation" successes.
V-15667 Medium Prohibit Network Bridge in Windows.
V-26532 Medium The system will be configured to audit "Account Management -> Computer Account Management" failures.
V-21975 Medium Prevent the system from joining a homegroup.
V-57459 Medium The system must be configured to use SSL to forward error reports.
V-57455 Medium The system must be configured to prevent the display of error messages to the user.
V-57457 Medium The system must be configured to store error reports locally, on the system or in the enclave, and not send them to Microsoft.
V-1113 Medium The built-in guest account must be disabled.
V-14253 Medium Restrict unauthenticated RPC clients.
V-15684 Medium IE security prompt is enabled for web-based installations.
V-3828 Medium Security-related software patches are not applied.
V-26549 Medium The system will be configured to audit "Privilege Use -> Sensitive Privilege Use" successes.
V-32274 Medium The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed.
V-26546 Medium The system will be configured to audit "Policy Change -> Audit Policy Change" successes.
V-26543 Medium The system will be configured to audit "Logon/Logoff -> Special Logon" successes.
V-26542 Medium The system will be configured to audit "Logon/Logoff -> Logon" failures.
V-32272 Medium The DoD Root Certificate must be installed.
V-32273 Medium The External CA Root Certificate must be installed.
V-36663 Medium System BIOS or system controllers must have administrator accounts/passwords configured.
V-40195 Medium System BIOS or system controllers must not allow user-level access.
V-21980 Medium Explorer Data Execution Prevention is disabled.
V-4448 Medium Group Policy objects are not reprocessed if they have not changed.
V-1122 Medium The system must be configured with a password-protected screen saver.
V-14225 Medium Administrator passwords must be changed as required.
V-14224 Medium The site must have a contingency for emergency administration of the system.
V-26495 Medium Unauthorized accounts must not have the Log on as a batch job user right.
V-26494 Medium Unauthorized accounts must not have the Lock pages in memory user right.
V-36703 Medium The Enhanced Mitigation Experience Toolkit (EMET) Default Protections for Recommended Software must be enabled.
V-26496 Medium Unauthorized accounts must not have the Manage auditing and security log user right.
V-26558 Medium The system will be configured to audit "System -> System Integrity" failures.
V-26493 Medium Unauthorized accounts must not have the Load and unload device drivers user right.
V-26492 Medium Unauthorized accounts must not have the Increase scheduling priority user right.
V-26554 Medium The system will be configured to audit "System -> Security State Change" failures.
V-14229 Medium Audit of backup and restore privileges is not turned off.
V-26556 Medium The system will be configured to audit "System -> Security System Extension" failures.
V-26557 Medium The system will be configured to audit "System -> System Integrity" successes.
V-26550 Medium The system will be configured to audit "Privilege Use -> Sensitive Privilege Use" failures.
V-26498 Medium Unauthorized accounts must not have the Modify firmware environment values user right.
V-26552 Medium The system will be configured to audit "System -> IPSec Driver" failures.
V-1155 Medium The Deny access to this computer from the network user right on workstations must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and unauthenticated access on all systems.
V-16047 Medium The built-in administrator account must be disabled.
V-15700 Medium Disable remote access to the plug and play interface.
V-15706 Medium Password is required on resume from sleep (plugged in).
V-15705 Medium Password is required on resume from sleep (on battery).
V-14268 Medium Preserve zone information when saving attachments.
V-16048 Medium Disable Help Ratings feed back.
V-16021 Medium Help Experience Improvement Program is disabled.
V-16020 Medium Windows Customer Experience Improvement Program is disabled.
V-15717 Medium The system must be configured to allow a local or DOD-wide collector to request additional error reporting diagnostic data to be sent.
V-1107 Medium The password history must be configured to 24 passwords remembered.
V-26497 Medium Unauthorized accounts must not have the Modify an object label user right.
V-1105 Medium The minimum password age must be configured to at least 1 day.
V-1104 Medium The maximum password age must be configured to 60 days or less.
V-21951 Medium Services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity vs. authenticating anonymously.
V-21950 Medium The service principal name (SPN) target name validation level must be configured to Accept if provided by client.
V-21953 Medium PKU2U authentication using online identities must be prevented.
V-21952 Medium NTLM must be prevented from falling back to a Null session.
V-21954 Medium The use of DES encryption suites must not be allowed for Kerberos encryption.
V-26579 Medium The Application event log must be configured to a minimum size requirement.
V-26491 Medium Unauthorized accounts must not have the Increase a process working set user right.
V-14234 Medium User Account Control for the built In admin runs in Admin Approval Mode
V-14235 Medium User Account Control is configured for the appropriate elevation prompt for administrators
V-14236 Medium User Account Control is configured for the appropriate elevation prompt for standard users.
V-28285 Medium Unauthorized users must not have the Log on as a service User Right.
V-26482 Medium Unauthorized accounts must not have the Create symbolic links user right.
V-15698 Medium The configuration of wireless devices using Windows Connect Now will be disabled.
V-26480 Medium Unauthorized accounts must not have the Create global objects user right.
V-26481 Medium Unauthorized accounts must not have the Create permanent shared objects user right.
V-26486 Medium The Deny log on through Remote Desktop Services user right on workstations must prevent all access if RDS is not used by the organization. If RDS is used, it must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems and unauthenticated access on all systems.
V-26487 Medium Unauthorized accounts must not have the Enable computer and user accounts to be trusted for delegation user right.
V-26484 Medium The Deny log on as a service user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems. No other groups or accounts must be assigned this right.
V-26485 Medium The Deny log on locally user right on workstations must be configured to prevent access from highly privileged domain accounts on domain systems and unauthenticated access on all systems.
V-26490 Medium Unauthorized accounts must not have the Impersonate a client after authentication user right.
V-26488 Medium Unauthorized accounts must not have the Force shutdown from a remote system user right.
V-26489 Medium Unauthorized accounts must not have the Generate security audits user right.
V-15699 Medium Disable the Windows Connect Now wizards.
V-15711 Medium Turn off indexing of encrypted files.
V-26500 Medium Unauthorized accounts must not have the Profile single process user right.
V-15714 Medium The system must be configured to save Error Reporting events and messages to the system event log.
V-15715 Medium The system must be configured to generate error reports.
V-26555 Medium The system will be configured to audit "System -> Security System Extension" successes.
V-57463 Medium The system must be configured to archive error reports.
V-21973 Medium Turn off autoplay for non-volume devices.
V-14230 Medium Audit policy using subcategories is enabled.
V-40237 Medium The US DoD CCEB Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed into the Untrusted Certificates Store.
V-26506 Medium Unauthorized accounts must not have the Take ownership of files or other objects user right.
V-1076 Low System information backups are not created, updated, and protected according to DISA requirements.
V-1075 Low The system allows shutdown from the logon dialog box.
V-1174 Low The amount of idle time required before suspending a session must be properly set.
V-1173 Low The default permissions of global system objects are not increased.
V-26477 Low Unauthorized accounts must not have the Change the time zone user right.
V-26475 Low Unauthorized accounts must not have the Bypass traverse checking user right.
V-26359 Low The Windows dialog box title for the legal banner must be configured.
V-3375 Low Domain Controller authentication is not required to unlock the workstation.
V-26502 Low Unauthorized accounts must not have the Remove computer from docking station user right.
V-1165 Low The computer account password is prevented from being reset.
V-15701 Low Enable restore points for device driver installations.
V-14231 Low The system must be configured to hide the computer from the browse list.
V-3472 Low The system is configured to use an unauthorized time server.
V-1084 Low System pagefile is cleared upon shutdown.
V-1085 Low Floppy media devices are not allocated upon user logon.
V-11806 Low The system is configured to allow the display of the last user name on the logon screen.
V-1158 Low The Recovery Console SET command must be disabled.
V-1151 Low Print driver installation privilege must be restricted to administrators.
V-1090 Low Caching of logon credentials must be limited.
V-3373 Low The maximum age for machine account passwords is not set to requirements.
V-15686 Low Prevent users from installing vendor signed updates.
V-15687 Low Prevent first use dialog boxes for Windows Media Player from displaying for users.
V-1148 Low Local users must not exist on a system in a domain.
V-15718 Low Disable heap termination on corruption in Windows Explorer.
V-1136 Low Users are not forcibly disconnected when logon hours expire.
V-1135 Low Printer share permissions must be restricted to Print for non administrators.
V-15676 Low Order Prints Online is blocked.
V-1172 Low Users are not warned in advance that their passwords will expire.
V-15672 Low Event Viewer events.asp links are available.
V-4438 Low The system must limit how many times unacknowledged TCP data is retransmitted.
V-15719 Low Users must be notified if the logon server was inaccessible and cached credentials were used.
V-1128 Low Security configuration tools are not being used to configure platforms for security compliance.
V-21974 Low Turn off downloading of game updates.
V-1112 Low Outdated or unused accounts must be removed from the system.
V-21971 Low Prevent the Application Compatibility Program Inventory from collecting data and sending the information to Microsoft.
V-21970 Low Disable Performance PerfTrack.
V-21978 Low Windows Anytime Upgrade is not disabled.
V-15680 Low The classic logon screen must be required for user logons.
V-4113 Low The system is configured for a greater keep-alive time than recommended.
V-4112 Low The system is configured to detect and configure default gateway addresses.
V-4111 Low The system is configured to redirect ICMP.
V-4110 Low The system is configured to allow IP source routing.
V-21967 Low Prevent Microsoft Support Diagnostic Tool (MSDT) interactive communication with Microsoft.
V-4116 Low The system must be configured to ignore NetBIOS name release requests except from WINS servers.
V-4442 Low This check verifies that Windows is configured to have password protection take effect within a limited time frame when the screen saver becomes active.
V-21964 Low Device metadata retrieval from the Internet must be prevented.
V-21965 Low Prevent Windows Update for device driver search
V-21966 Low Prevent handwriting personalization data sharing with Microsoft.
V-21960 Low Require domain users to elevate when setting a network’s location.
V-21961 Low Route all Direct Access traffic through internal network.
V-21963 Low Prevent searching Windows Update for point and print drivers.
V-4108 Low The system must generate an audit event when the audit log reaches a percentage of full threshold.
V-21969 Low Prevent access to Windows Online Troubleshooting Service (WOTS).
V-15703 Low Users will not be prompted to search Windows Update for device drivers.
V-15702 Low A Windows error report is not sent when a generic driver is installed.
V-15707 Low Session logging for Remote Assistance is enabled.
V-15704 Low Handwriting recognition error reports (Tablet PCs) are not sent to Microsoft.
V-15709 Low Disable Game Explorer information downloads.
V-56421 Low The touch keyboard or input panel must not highlight keys as passwords are entered.
V-17373 Low Secure Removable Media – CD-ROM
V-21955 Low IPv6 source routing must be configured to highest protection.
V-21956 Low IPv6 TCP data retransmissions must be configured to prevent resources from becoming exhausted.
V-14232 Low IPSec exemptions are limited.
V-15712 Low Indexing of mail items in Exchange folders when Outlook is running in uncached mode must be turned off.