TOC & Recently Viewed

Recently Viewed Topics

Predefined Policies

Policy

Usage

Password Policy

name: "Enforce password history"

value: POLICY_DWORD

 

name: "Maximum password age"

value: TIME_DAY

 

name: "Minimum password age"

value: TIME_DAY

 

name: "Minimum password length"

value: POLICY_DWORD

 

name: "Password must meet complexity requirements"

value: POLICY_SET

Account Lockout Policy

name: "Account lockout duration"

value: TIME_MINUTE

or

name: "Account lockout duration"

value: TIME_SECOND

 

name: "Account lockout threshold"

value: POLICY_DWORD

 

name: "Reset lockout account counter after"

value: TIME_MINUTE

 

name: "Enforce user logon restrictions"

value: POLICY_SET

Kerberos Policy

name: "Maximum lifetime for service ticket"

value: TIME_MINUTE

 

name: "Maximum lifetime for user ticket"

value: TIME_HOUR

 

name: "Maximum lifetime for user renewal ticket"

value: TIME_DAY

 

name: "Maximum tolerance for computer clock synchronization"

value: TIME_MINUTE

Audit Policy

name: "Audit account logon events"

value: AUDIT_SET

 

name: "Audit account management"

value: AUDIT_SET

 

name: "Audit directory service access"

value: AUDIT_SET

 

name: "Audit logon events"

value: AUDIT_SET

 

name: "Audit object access"

value: AUDIT_SET

 

name: "Audit policy change"

value: AUDIT_SET

 

name: "Audit privilege use"

value: AUDIT_SET

 

name: "Audit process tracking"

value: AUDIT_SET

 

name: "Audit system events"

value: AUDIT_SET

Accounts

name: "Accounts: Administrator account status"

value: POLICY_SET

 

name: "Accounts: Guest account status"

value: POLICY_SET

 

name: "Accounts: Limit local account use of blank password to console logon only"

value: POLICY_SET

 

name: "Accounts: Rename administrator account"

value: POLICY_TEXT

 

name: "Accounts: Rename guest account"

value: POLICY_TEXT

Audit

name: "Audit: Audit the access of global system objects"

value: POLICY_SET

 

name: "Audit: Audit the use of Backup and Restore privilege"

value: POLICY_SET

 

name: "Audit: Shut down system immediately if unable to log security audits"

value: POLICY_SET

DCOM

name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax"

value: POLICY_TEXT

 

name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"

value: POLICY_TEXT

Devices

name: "Devices: Allow undock without having to log on"

value: POLICY_SET

 

name: "Devices: Allowed to format and eject removable media"

value: DASD_SET

 

name: "Devices: Prevent users from installing printer drivers"

value: POLICY_SET

 

name: "Devices: Restrict CD-ROM access to locally logged-on user only"

value: POLICY_SET

 

name: "Devices: Restrict floppy access to locally logged-on user only"

value: POLICY_SET

 

name: "Devices: Unsigned driver installation behavior"

value: DRIVER_SET

Domain Controller

name: "Domain controller: Allow server operators to schedule tasks"

value: POLICY_SET

 

name: "Domain controller: LDAP server signing requirements"

value: LDAP_SET

 

name: "Domain controller: Refuse machine account password changes"

value: POLICY_SET

Domain Member

name: "Domain member: Digitally encrypt or sign secure channel data (always)"

value: POLICY_SET

 

name: "Domain member: Digitally encrypt secure channel data (when possible)"

value: POLICY_SET

 

name: "Domain member: Digitally sign secure channel data (when possible)"

value: POLICY_SET

 

name: "Domain member: Disable machine account password changes"

value: POLICY_SET

 

name: "Domain member: Maximum machine account password age"

value: POLICY_DAY

 

name: "Domain member: Require strong (Windows 2000 or later) session key"

value: POLICY_SET

Interactive Logon

name: "Interactive logon: Display user information when the session is locked"

value: LOCKEDID_SET

 

name: "Interactive logon: Do not display last user name"

value: POLICY_SET

 

name: "Interactive logon: Do not require CTRL+ALT+DEL"

value: POLICY_SET

 

name: "Interactive logon: Message text for users attempting to log on"

value: POLICY_TEXT

 

name: "Interactive logon: Message title for users attempting to log on"

value: POLICY_TEXT

 

name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"

value: POLICY_DWORD

 

name: "Interactive logon: Prompt user to change password before expiration"

value: POLICY_DWORD

 

name: "Interactive logon: Require Domain Controller authentication to unlock workstation"

value: POLICY_SET

 

name: "Interactive logon: Require smart card"

value: POLICY_SET

 

name: "Interactive logon: Smart card removal behavior"

value: SMARTCARD_SET

Microsoft Network Client

name: "Microsoft network client: Digitally sign communications (always)"

value: POLICY_SET

 

name: "Microsoft network client: Digitally sign communications (if server agrees)"

value: POLICY_SET

 

name: "Microsoft network client: Send unencrypted password to third-party SMB servers"

value: POLICY_SET

Microsoft Network Server

name: "Microsoft network server: Amount of idle time required before suspending session"

value: POLICY_DWORD

 

name: "Microsoft network server: Digitally sign communications (always)"

value: POLICY_SET

 

name: "Microsoft network server: Digitally sign communications (if client agrees)"

value: POLICY_SET

 

name: "Microsoft network server: Disconnect clients when logon hours expire"

value: POLICY_SET

Network Access

name: "Network access: Allow anonymous SID/Name translation"

value: POLICY_SET

 

name: "Network access: Do not allow anonymous enumeration of SAM accounts"

value: POLICY_SET

 

name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"

value: POLICY_SET

 

name: "Network access: Do not allow storage of credentials or .NET Passports for network authentication"

value: POLICY_SET

 

name: "Network access: Let Everyone permissions apply to anonymous users"

value: POLICY_SET

 

name: "Network access: Named Pipes that can be accessed anonymously"

value: POLICY_MULTI_TEXT

 

name: "Network access: Remotely accessible registry paths and sub-paths"

value: POLICY_MULTI_TEXT

 

name: "Network access: Remotely accessible registry paths"

value: POLICY_MULTI_TEXT

 

name: "Network access: Restrict anonymous access to Named Pipes and Shares"

value: POLICY_SET

 

name: "Network access: Shares that can be accessed anonymously"

value: POLICY_MULTI_TEXT

 

name: "Network access: Sharing and security model for local accounts"

value: LOCALACCOUNT_SET

Network Security

name: "Network security: Do not store LAN Manager hash value on next password change"

value: POLICY_SET

 

name: "Network security: Force logoff when logon hours expire"

value: POLICY_SET

 

name: "Network security: LAN Manager authentication level"

value: LANMAN_SET

 

name: "Network security: LDAP client signing requirements"

value: LDAPCLIENT_SET

 

name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"

value: NTLMSSP_SET

 

name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"

value: NTLMSSP_SET

Recovery Console

name: "Recovery console: Allow automatic administrative logon"

value: POLICY_SET

 

name: "Recovery console: Allow floppy copy and access to all drives and all folders"

value: POLICY_SET

Shutdown

name: "Shutdown: Allow system to be shut down without having to log on"

value: POLICY_SET

 

name: "Shutdown: Clear virtual memory pagefile"

value: POLICY_SET

System Cryptography

name: "System cryptography: Force strong key protection for user keys stored on the computer"

value: CRYPTO_SET

 

name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

value: POLICY_SET

System Objects

name: "System objects: Default owner for objects created by members of the Administrators group"

value: OBJECT_SET

 

name: "System objects: Require case insensitivity for non-Windows subsystems"

value: POLICY_SET

 

name: "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"

value: POLICY_SET

System Settings

name: "System settings: Optional subsystems"

value: POLICY_MULTI_TEXT

 

name: "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies"

value: POLICY_SET

Event Log

name: "Maximum application log size"

value: POLICY_KBYTE

 

name: "Maximum security log size"

value: POLICY_KBYTE

 

name: "Maximum system log size"

value: POLICY_KBYTE

 

name: "Prevent local guests group from accessing application log"

value: POLICY_SET

 

name: "Prevent local guests group from accessing security log"

value: POLICY_SET

 

name: "Prevent local guests group from accessing system log"

value: POLICY_SET

 

name: "Retain application log"

value: POLICY_DAY

 

name: "Retain security log"

value: POLICY_DAY

 

name: "Retain system log"

value: POLICY_DAY

 

name: "Retention method for application log"

value: EVENT_METHOD

 

name: "Retention method for security log"

value: EVENT_METHOD

 

name: "Retention method for system log"

value: EVENT_METHOD

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.