Home
Security Hardening
CIS Microsoft Windows Server 2008 R2 Domain Controller L1 V3 2.0

CIS Microsoft Windows Server 2008 R2 Domain Controller L1 V3 2.0

Configure ‘Accounts: Rename administrator account’
Details The built-in local administrator account is a well-known account name that attackers will target. It is recommended to choose...
Ensure ‘Access Credential Manager as a trusted caller’ is set to ‘No One’
Details This security setting is used by Credential Manager during Backup and Restore. No accounts should have this user right,...
Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS’ (DC only)
Details This policy setting allows other users on the network to connect to the computer and is required by various...
Ensure ‘Account lockout duration’ is set to ’15 or more minute(s)’
Details This policy setting determines the length of time that must pass before a locked account is unlocked and a...
Ensure ‘Account lockout threshold’ is set to ’10 or fewer invalid logon attempt(s), but not 0′
Details This policy setting determines the number of failed logon attempts before the account is locked. Setting this policy to...
Ensure ‘Accounts: Limit local account use of blank passwords to console logon only’ is set to ‘Enabled’
Details This policy setting determines whether local accounts that are not password protected can be used to log on from...
Ensure ‘Act as part of the operating system’ is set to ‘No One’
Details This policy setting allows a process to assume the identity of any user and thus gain access to the...
Ensure ‘Add workstations to domain’ is set to ‘Administrators’ (DC only)
Details This policy setting specifies which users can add computer workstations to the domain. For this policy setting to take...
Ensure ‘Adjust memory quotas for a process’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE’
Details This policy setting allows a user to adjust the maximum amount of memory that is available to a process....
Ensure ‘Allow log on locally’ is set to ‘Administrators’
Details This policy setting determines which users can interactively log on to computers in your environment. Logons that are initiated...

CIS Microsoft Windows Server 2008 R2 Domain Controller L1 V3 2.0

Configure ‘Accounts: Rename administrator account’

Ensure ‘Access Credential Manager as a trusted caller’ is set to ‘No One’

Ensure ‘Access this computer from the network’ is set to ‘Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS’ (DC only)

Ensure ‘Account lockout duration’ is set to ’15 or more minute(s)’

Ensure ‘Account lockout threshold’ is set to ’10 or fewer invalid logon attempt(s), but not 0′

Ensure ‘Accounts: Limit local account use of blank passwords to console logon only’ is set to ‘Enabled’

Ensure ‘Act as part of the operating system’ is set to ‘No One’

Ensure ‘Add workstations to domain’ is set to ‘Administrators’ (DC only)

Ensure ‘Adjust memory quotas for a process’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE’

Ensure ‘Allow log on locally’ is set to ‘Administrators’