Home
Security Hardening
CIS Windows Server 2012 DC L2 V2.2.0

CIS Windows Server 2012 DC L2 V2.2.0

Ensure ‘Do not allow supported Plug and Play device redirection’ is set to ‘Enabled’
Details This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable...
Ensure ‘Enable/Disable PerfTrack’ is set to ‘Disabled’
Details This policy setting specifies whether to enable or disable tracking of responsiveness events. The recommended state for this setting...
Ensure ‘Enable Windows NTP Client’ is set to ‘Enabled’
Details This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your computer...
Ensure ‘Join Microsoft MAPS’ is set to ‘Disabled’
Details This policy setting allows you to join Microsoft Active Protection Service (MAPS), which Microsoft has now renamed to ‘Windows...
Ensure ‘Log on as a batch job’ is set to ‘Administrators’ (DC Only)
Details This policy setting allows accounts to log on using the task scheduler service. Because the task scheduler is often...
Ensure ‘Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider’ is set to ‘Disabled’
Details This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data...
Ensure ‘MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds’ is set to ‘Enabled: 300,000 or 5 minutes (recommended)’
Details This value controls how often TCP attempts to verify that an idle connection is still intact by sending a...
Ensure ‘MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)’ is set to ‘Disabled’
Details This setting is used to enable or disable the Internet Router Discovery Protocol (IRDP), which allows the system to...
Ensure ‘MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’
Details This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection...
Ensure ‘MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’
Details This setting controls the number of times that TCP retransmits an individual data segment (non-connect segment) before the connection...

Prev Next

CIS Windows Server 2012 DC L2 V2.2.0

Ensure ‘Do not allow supported Plug and Play device redirection’ is set to ‘Enabled’

Ensure ‘Enable/Disable PerfTrack’ is set to ‘Disabled’

Ensure ‘Enable Windows NTP Client’ is set to ‘Enabled’

Ensure ‘Join Microsoft MAPS’ is set to ‘Disabled’

Ensure ‘Log on as a batch job’ is set to ‘Administrators’ (DC Only)

Ensure ‘Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider’ is set to ‘Disabled’

Ensure ‘MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds’ is set to ‘Enabled: 300,000 or 5 minutes (recommended)’

Ensure ‘MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)’ is set to ‘Disabled’

Ensure ‘MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’

Ensure ‘MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted’ is set to ‘Enabled: 3’