Home
Security Hardening
CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Allow log on locally’ is set to ‘Administrators’
Details This policy setting determines which users can interactively log on to computers in your environment. Logons that are initiated...
Ensure ‘Allow log on through Remote Desktop Services’ is set to ‘Administrators’ (DC only)
Details This policy setting determines which users or groups have the right to log on as a Remote Desktop Services...
Ensure ‘Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings’ is set to ‘Enabled’
Details This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. The Audit Policy...
Ensure ‘Back up files and directories’ is set to ‘Administrators’
Details This policy setting allows users to circumvent file and directory permissions to back up the system. This user right...
Ensure ‘Create a pagefile’ is set to ‘Administrators’
Details This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or...
Ensure ‘Create a token object’ is set to ‘No One’
Details This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive...
Ensure ‘Create global objects’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE’
Details This policy setting determines whether users can create global objects that are available to all sessions. Users can still...
Ensure ‘Create permanent shared objects’ is set to ‘No One’
Details This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel...
Ensure ‘Create symbolic links’ is set to ‘Administrators’ (STIG MS and DC only)
Details This policy setting determines which users can create symbolic links. In Windows Vista, existing NTFS file system objects, such...
Ensure ‘Debug programs’ is set to ‘Administrators’
Details This policy setting determines which user accounts will have the right to attach a debugger to any process or...

Prev Next

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Allow log on locally’ is set to ‘Administrators’

Ensure ‘Allow log on through Remote Desktop Services’ is set to ‘Administrators’ (DC only)

Ensure ‘Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings’ is set to ‘Enabled’

Ensure ‘Back up files and directories’ is set to ‘Administrators’

Ensure ‘Create a pagefile’ is set to ‘Administrators’

Ensure ‘Create a token object’ is set to ‘No One’

Ensure ‘Create global objects’ is set to ‘Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE’

Ensure ‘Create permanent shared objects’ is set to ‘No One’

Ensure ‘Create symbolic links’ is set to ‘Administrators’ (STIG MS and DC only)

Ensure ‘Debug programs’ is set to ‘Administrators’