Ensure ‘Perform volume maintenance tasks’ is set to ‘Administrators’
Details This policy setting allows users to manage the system’s volume or disk configuration, which could allow a user to...
- Home
- Security Hardening
- CIS Microsoft Windows Server 2016 STIG DC L1 V1.1.0
CIS Microsoft Windows Server 2016 STIG DC L1 V1.1.0
Ensure ‘Profile single process’ is set to ‘Administrators’
Details This policy setting determines which users can use tools to monitor the performance of non-system processes. Typically, you do...Ensure ‘Profile system performance’ is set to ‘Administrators, NT SERVICEWdiServiceHost’
Details This policy setting allows users to use tools to view the performance of different system processes, which could be...Ensure ‘Replace a process level token’ is set to ‘LOCAL SERVICE, NETWORK SERVICE’
Details This policy setting allows one process or service to start another service or process with a different security access...Ensure ‘Reset account lockout counter after’ is set to ’15 or more minute(s)’
Details This policy setting determines the length of time before the Account lockout threshold resets to zero. The default value...Ensure ‘Restore files and directories’ is set to ‘Administrators’
Details This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed...Ensure ‘Shut down the system’ is set to ‘Administrators’
Details This policy setting determines which users who are logged on locally to the computers in your environment can shut...Ensure ‘Store passwords using reversible encryption’ is set to ‘Disabled’
Details This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides...Ensure ‘Synchronize directory service data’ is set to ‘No One’ (DC only)
Details This security setting determines which users and groups have the authority to synchronize all directory service data. This is...Ensure ‘Take ownership of files or other objects’ is set to ‘Administrators’
Details This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right...