Policy security settings
DCOM: Computer access restrictions in Security Descriptor Definition Language (SDDL) syntax are not defined.
DCOM: There are no computer startup restrictions defined in the security descriptor definition language (SDDL) syntax.
Microsoft network server: Automatically log off users when login time runs out is enabled.
Microsoft web server: Digital signature communication (if the customer agrees) has been disabled.
Microsoft web server: Digital signature communication is (always) disabled.
Microsoft web server: the idle time required before suspending the session is 1 minute.
Microsoft network customers: send unencrypted passwords to third-party SMB servers. invalid
Microsoft Network Client: Digital signature communication (if the server agrees) is enabled.
Microsoft Network Client: Digital signature communication is (always) disabled.
Recovery Console: Disable floppy disk copying and access to all drives and folders.
Recovery Console: Disable automatic system management login.
Close: Clearing the virtual memory page file has been disabled.
Power off: Allow power off before logging in.
Interactive login: the last deactivated user name is not displayed.
Interactive login: there is no need to press CTRL+ALT+DEL, which is not defined.
Interactive Login: The number of previous logins that can be buffered (when the domain controller is unavailable) is 10 logins.
Interactive logon: Require domain controller authentication to log off Workstation is disabled.
Interactive login: smart card is not defined.
Interactive login: When the user tries to log in, the message title is undefined.
Interactive login: the message text when the user tries to log in.
Interactive login: prompt the user to change the password 14 days before the password expires.
Interactive login: smart card removal operation has no operation.
Device: Prohibiting users from installing printer drivers has been disabled.
Device: By default, the installation of unsigned drivers will continue.
Device: Allow logout without logging in. Has been enabled.
Device: Allows you to format and eject removable media administrators.
Device: Only locally logged-in users can access the CD. Has been disabled.
Device: Only locally logged-in users can access floppy disks. Has been disabled.
Audit: Auditing the use of backup and restore permissions has been disabled.
Audit: Audit access to global system objects has been disabled.
Audit: If the security audit cannot be recorded, shut down the system immediately. The system has been disabled.
Network security: LAN manager authentication level sends LM & amp; NTLM's response
Network security: LDAP client signature requires negotiation signature.
Network security: Next time you change your password, don't store the hash value of LAN Manager enabled.
Network security: Forced logout has been disabled after the login time expired.
Network security settings: There is no minimum session security based on NTLM SSP (including secure RPC) server.
Network security settings: there is no minimum session security based on NTLM SSP (including secure RPC) customers.
Network access: the enjoyment of local accounts and the classic security mode-local users verify themselves.
Network access: anonymous enumeration of SAM accounts is not allowed.
Network access: SAM account is not allowed and anonymous enumeration of * * * is enabled.
Network Access: Storing credentials for network authentication is not allowed, or. Internet passport is disabled.
Network access: COMCFG, DFS$ with anonymous access.
Network access: anonymously accessible named pipes Comnap, ComNode, SQL \ Query, Spoolss, LLSRPC, Browser.
Network access: remotely accessible registry path System \ currentcontrolset \ control \ product options, system \ currentcontrolset \ control \ prints, system \ current Control set \ Control \ Server Applications,System \ current Control set \ Services \ event log,Software\Microsoft\OLAP Server,Software \ Microsoft \ Windows NT \ current version,System \ current Control set \ Control \ content index,System \ current Control set \ Control \ Terminal Server,System \ current Control set \ Control \ Terminal Server \ user config,System \ current Control
Network access: Applying Everyone permission to anonymous users has been disabled.
Network access: Allow anonymous SID/ name translation not applicable.
System objects: Non-Windows subsystems do not need to be case-sensitive. Has been enabled.
System object: the creator of the object, and the default owner of the object created by members of the administrators group.
System Object: Enables enhanced default permissions for internal system objects, such as symbolic links.
System encryption: encryption using FIPS compatible algorithm, hashing and signature have been disabled.
Domain member: Enable digital encryption of secure channel data (if possible).
Domain member: Digital encryption or signature of secure channel data is (always) enabled.
Domain member: Enable digital signature of secure channel data (if possible).
Domain member: The required strong session key (Windows 2000 or later) has been disabled.
Domain controller: LDAP server signing requirements are not defined.
Domain controller: Disable changing the machine account password is disabled.
Domain controller: refused to change the undefined machine account password.
Domain controller: Allow server operators to schedule undefined tasks.
Domain controller: The longest life of machine account password is 30 days.
Account: Administrator account status is not applicable.
Account: The guest account status is not applicable.
Account: Local accounts with empty passwords are only allowed to enable console login.
Accounts: Rename the Guest account guest
Accounts: Rename System Administrator Account Administrator.
Policy security settings
Passwords must meet the complexity requirements. Has been disabled.
The minimum password length is 0 characters.
The longest life of a password is 42 days.
The minimum password lifetime is 0 days.
Enforce passwords remembered by password history 0
Storing reversibly encrypted passwords for all users in the domain has been disabled.
Policy security settings
Audit policy change without audit
Audit login events are not audited.
Audit Object Access No Audit
Audit process tracking without audit
Audit directory service access No audit
Audit authority does not use audit.
Audit system events that are not audited.
Audit account login event is not audited.
Audit account management without audit.
Policy security settings
Backup file and directory administrators, backup operators
Generate security audit local service and network service.
Create token object
Create a global object manager, interactive, and service.
Create page file manager
Create a permanent object of enjoyment.
Remove computer administrators, users and advanced users from the docking station.
Everyone who accesses this computer from the network, guests, administrators, users, super users, backup operators.
Force the administrator to shut down from the remote system.
Debugger administrator
Adjust the memory quotas of process local service, network service and administrator.
Change the system time administrator, superuser
Turn off system administrators, users, superusers and backup operators.
Manage audit and security log administrators
Restore file and directory administrators, backup operators
Denied local login * s-1-5-21-kloc-0/71556 7821-220523388-725345543-1002.
Access to this computer from the network is denied.
Refuse to log in as a service
Refuse to log in as a batch job
Lock pages in memory
Configure single-process administrators, advanced users
Configure the system performance manager
Get the ownership manager of a file or other object.
Simulated client administrator, post-authentication service.
Replace process-level token local service, network service.
Skip the traversal and check everyone, administrators, users, superusers and backup operators.
Denied login through Terminal Services.
Allow administrators and remote desktop users to log in through terminal services.
Synchronize directory service data
Modify firmware environment value manager
Run as an operating system
Add workstations to the domain
Allow trusted computers and user accounts for delegation.
Local login guests, administrators, users, superusers and backup operators.
Improve progress priority administrator
Administrators perform volume maintenance tasks.
Administrator for loading and unloading device drivers
Log on to the network service as a service.
Log in as a batch job * s-1-5-21-kloc-0/556 7821-220523388-72534543-1002.
Policy security settings
Resetting the account lockout counter is not applicable.
Account lockout time is not applicable.
Invalid login for account lockout threshold 0.