Escolar Documentos
Profissional Documentos
Cultura Documentos
iting'
Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing'
Set 'Audit Policy: Object Access: Filtering Platform Connection' to 'No Auditing
'
Set 'Audit Policy: Privilege Use: Non Sensitive Privilege Use' to 'No Auditing'
Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing'
Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'
Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing'
Set 'Audit Policy: Object Access: Removable Storage' to 'No Auditing'
Set 'Audit Policy: Logon-Logoff: IPsec Main Mode' to 'No Auditing'
Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure
'
Set 'Audit Policy: Account Logon: Kerberos Service Ticket Operations' to 'No Aud
iting'
Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure'
Set 'Audit Policy: Detailed Tracking: Process Creation' to 'Success'
Set 'Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing'
Set 'Audit Policy: Object Access: SAM' to 'No Auditing'
Set 'Audit Policy: Object Access: File System' to 'No Auditing'
Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success'
Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with
Configure 'Accounts: Rename guest account'
Set 'Accounts: Administrator account status' to 'Disabled'
Configure 'Accounts: Rename administrator account'
Set 'Accounts: Guest account status' to 'Disabled'
Set 'Accounts: Limit local account use of blank passwords to console logon only'
to 'Enabled'
Set 'Audit: Shut down system immediately if unable to log security audits' to 'D
isabled'
Set 'Audit: Force audit policy subcategory settings (Windows Vista or later) to
override audit policy category settings' to 'Enabled'
Configure 'Audit: Audit the use of Backup and Restore privilege'
Configure 'Audit: Audit the access of global system objects'
Configure 'DCOM: Machine Launch Restrictions in Security Descriptor Definition L
anguage (SDDL) syntax'
Configure 'DCOM: Machine Access Restrictions in Security Descriptor Definition L
anguage (SDDL) syntax'
Configure 'Devices: Allow undock without having to log on'
Configure 'Devices: Restrict floppy access to locally logged-on user only' (Not
Scored) .. 146
Set 'Devices: Allowed to format and eject removable media' to 'Administrators an
d Interactive Users'
Configure 'Devices: Restrict CD-ROM access to locally logged-on user only'
Configure 'Devices: Prevent users from installing printer drivers'
Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enab
led'
Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enab
led'
Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'E
nabled'
Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)
'
Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to '
Enabled'
Set 'Domain member: Disable machine account password changes' to 'Disabled'
Set 'Interactive logon: Machine account lockout threshold' to 10 or fewer invali
d logon attempts
Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation'
Configure 'Interactive logon: Require smart card'
Set 'startup (minutes)' to '10 or more minute(s)'