Home
Security Hardening
CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Deny access to this computer from the network’ to include ‘Guests’ (DC only)
Details This policy setting prohibits users from connecting to a computer from across the network, which would allow users to...
Ensure ‘Deny log on as a batch job’ to include ‘Guests’ (STIG DC only)
Details This policy setting determines which accounts will not be able to log on to the computer as a batch...
Ensure ‘Deny log on as a service’ to include ‘No one’ (STIG DC only)
Details This security setting determines which service accounts are prevented from registering a process as a service. This user right...
Ensure ‘Deny log on locally’ to include ‘Guests’ (STIG DC only)
Details This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the...
Ensure ‘Deny log on through Remote Desktop Services’ to include ‘Guests’ (DC only)
Details This policy setting determines whether users can log on as Remote Desktop clients. After the baseline Member Server is...
Ensure ‘Enable computer and user accounts to be trusted for delegation’ is set to ‘Administrators’ (DC only)
Details This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory....
Ensure ‘Enforce password history’ is set to ’24 or more password(s)’
Details This policy setting determines the number of renewed, unique passwords that have to be associated with a user account...
Ensure ‘Enforce user logon restrictions’ is set to ‘Enabled’ (STIG DC only)
Details This security setting determines whether the Kerberos V5 Key Distribution Center (KDC) validates every request for a session ticket...
Ensure ‘Force shutdown from a remote system’ is set to ‘Administrators’
Details This policy setting allows users to shut down Windows Vista-based and newer computers from remote locations on the network....
Ensure ‘Generate security audits’ is set to ‘LOCAL SERVICE, NETWORK SERVICE’
Details This policy setting determines which users or processes can generate audit records in the Security log. The recommended state...

Prev Next

CIS Microsoft Windows Server 2016 STIG DC STIG V1.1.0

Ensure ‘Deny access to this computer from the network’ to include ‘Guests’ (DC only)

Ensure ‘Deny log on as a batch job’ to include ‘Guests’ (STIG DC only)

Ensure ‘Deny log on as a service’ to include ‘No one’ (STIG DC only)

Ensure ‘Deny log on locally’ to include ‘Guests’ (STIG DC only)

Ensure ‘Deny log on through Remote Desktop Services’ to include ‘Guests’ (DC only)

Ensure ‘Enable computer and user accounts to be trusted for delegation’ is set to ‘Administrators’ (DC only)

Ensure ‘Enforce password history’ is set to ’24 or more password(s)’

Ensure ‘Enforce user logon restrictions’ is set to ‘Enabled’ (STIG DC only)

Ensure ‘Force shutdown from a remote system’ is set to ‘Administrators’

Ensure ‘Generate security audits’ is set to ‘LOCAL SERVICE, NETWORK SERVICE’