sd/SecurityBaseline_AL_WorkgroupMember/2411.1.psd1
|
# Copyright (c) Microsoft Corporation. All rights reserved. # Autogenerated. Do not edit. @{ Metadata = @' {"name":"SecurityBaseline/AL/WorkgroupMember","description":"","version":"2411.1","settings":[{"name":"AfdDisableAddressSharing","description":"System Services Afd DisableAddressSharing","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Afd\\Parameters","value":"DisableAddressSharing"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"16f2e42a-e89d-43a3-b904-cb4d312a8e4a","name":"AllowAnonymousSIDOrNameTranslation","description":"Network access: Allow anonymous SID/Name translation","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_AllowAnonymousSIDOrNameTranslation","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_AllowAnonymousSIDOrNameTranslation"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"AllowCustomSSPAPIntoLSASS","description":"Allow Custom SSPs and APs to be loaded into LSASS","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"AllowCustomSSPsAPs"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"01f87552-0d92-477a-91f6-1beb5b0c8b0e","name":"AllowedToFormatAndEjectRemovableMedia","description":"Devices: Allowed to format and eject removable media","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia","get":"Result/LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia"}},"schema":{"type":"string","minimum":0,"maximum":1},"default":"0","compliance":{"oneOf":[{"const":"0"},{"const":""}]}},{"id":"403670e7-8c1b-4c09-81f8-9c2f3c3ebe30","name":"AllowICMPRedirectsToOverrideOSPFGeneratedRoutes","description":"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters","value":"EnableICMPRedirect"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"0b2803c7-33ac-4407-80f0-f09940bbe940","name":"AllowLocalSystemNULLSessionFallback","description":"Network security: Allow LocalSystem NULL session fallback","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemNULLSessionFallback","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemNULLSessionFallback"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"e7d5034f-5652-4180-90c8-c49130acb3c6","name":"AllowLocalSystemToUseComputerIdentityForNTLM","description":"Network security: Allow Local System to use computer identity for NTLM","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"8ad78d25-6140-4899-9565-e053ce7d9a66","name":"AllowPKU2UAuthenticationAllowOnlineID","description":"Network Security: Allow PKU2U authentication requests to this computer to use online identities","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\pku2u","value":"AllowOnlineID"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"fa4d7c0b-987e-47f6-bf8b-f38f49e7c00b","name":"AllowSystemToBeShutDownWithoutHavingToLogOn","description":"Shutdown: Allow system to be shut down without having to log on","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn","get":"Result/LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"8f624a01-c694-4d61-9d85-bf6d9a4be86d","name":"AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers","description":"MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters","value":"NoNameReleaseOnDemand"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"467c29d0-b1be-4113-937c-65583cedf2f0","name":"AllowUIAccessApplicationsToPromptForElevation","description":"User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"4383c5e5-ea15-4e94-a170-fd61b3fda9f1","name":"AmountOfIdleTimeRequiredBeforeSuspendingSession","description":"Microsoft network server: Amount of idle time required before suspending session","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession"}},"schema":{"type":"integer","minimum":1,"maximum":15},"default":15,"compliance":{"minimum":1,"maximum":15}},{"id":"c1557cd3-5d47-42af-b4e0-993ec42cd697","name":"AppCompatAppCompatTurnOffProgramInventory","description":"Turn off Inventory Collector","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppCompat","value":"DisableInventory"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"ApplicationIdentityStartupType","description":"Application Identity","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppIDSvc","value":"Start"},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"const":2}},{"id":"5d42c180-4350-49ec-9bb6-e51e1258022c","name":"ApplicationManagementMSIAllowUserControlOverInstall","description":"Allow user control over installs","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/ApplicationManagement/MSIAllowUserControlOverInstall","get":"Result/ApplicationManagement/MSIAllowUserControlOverInstall"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"2eda113a-0fb7-446c-856a-83e010d36671","name":"ApplicationManagementMSIAlwaysInstallWithElevatedPrivileges","description":"Always install with elevated privileges","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges","get":"Result/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"de7af76f-e469-4a4e-94fd-99f0cccd54b6","name":"AppRuntimeAllowMicrosoftAccountsToBeOptional","description":"Allow Microsoft accounts to be optional","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"MSAOptional"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"103de8e8-643e-4b0e-b4a4-a85830239a53","name":"AuditAccountLockout","description":"Audit Account Lockout","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditAccountLockout","get":"Result/Audit/AccountLogonLogoff_AuditAccountLockout"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"enum":[2,3]}},{"id":"42db0bec-e47f-49f6-a0af-59798f0feefe","name":"AuditAuthenticationPolicyChange","description":"Audit Authentication Policy Change","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PolicyChange_AuditAuthenticationPolicyChange","get":"Result/Audit/PolicyChange_AuditAuthenticationPolicyChange"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"ca5d1a59-f141-441d-a57e-6f8bdf078ff3","name":"AuditAuthorizationPolicyChange","description":"Audit Authorization Policy Change","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PolicyChange_AuditAuthorizationPolicyChange","get":"Result/Audit/PolicyChange_AuditAuthorizationPolicyChange"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"name":"AuditBackupAndRestorePrivilege","description":"Audit: Audit the use of Backup and Restore privilege","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Audit_AuditTheUseOfBackupAndRestoreprivilege","get":"Result/LocalPoliciesSecurityOptions/Audit_AuditTheUseOfBackupAndRestoreprivilege"}},"schema":{"type":"string","metaType":"b64","oneOf":[{"const":"MDA="},{"const":"MQ=="}]},"default":"MDA=","compliance":{"const":"MDA="}},{"id":"88b87546-b3c8-434f-9cc6-01e117033296","name":"AuditChangeCategoryOther","description":"Audit events generated by other security policy changes that are not audited in the policy change category","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PolicyChange_AuditOtherPolicyChangeEvents","get":"Result/Audit/PolicyChange_AuditOtherPolicyChangeEvents"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"enum":[2,3]}},{"name":"AuditClientDoesNotSupportEncryption","description":"Audit client does not support encryption","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanServer","value":"AuditClientDoesNotSupportEncryption"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"AuditClientDoesNotSupportSigning","description":"Audit client does not support signing","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanServer","value":"AuditClientDoesNotSupportSigning"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"4f8fd732-facf-4184-a29c-61fdd40db89d","name":"AuditCredentialValidation","description":"Audit Credential Validation","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogon_AuditCredentialValidation","get":"Result/Audit/AccountLogon_AuditCredentialValidation"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"04212107-de72-4eb7-a427-1876b5604a98","name":"AuditDetailedFileShare","description":"Audit Detailed File Share","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditDetailedFileShare","get":"Result/Audit/ObjectAccess_AuditDetailedFileShare"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"enum":[2,3]}},{"id":"1926dc04-79ea-4a6e-9e35-892c27876bf5","name":"AuditFileShare","description":"Audit File Share","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditFileShare","get":"Result/Audit/ObjectAccess_AuditFileShare"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"name":"AuditFilteringPlatformConnection","description":"Audit Filtering Platform Connection","severity":"informational","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditFilteringPlatformConnection","get":"Result/Audit/ObjectAccess_AuditFilteringPlatformConnection"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"const":2}},{"name":"AuditFilteringPlatformPacketDrop","description":"Audit Filtering Platform Packet Drop","severity":"informational","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditFilteringPlatformPacketDrop","get":"Result/Audit/ObjectAccess_AuditFilteringPlatformPacketDrop"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"const":2}},{"id":"babda20b-1bc0-4204-9745-0cd584dcbb2b","name":"AuditGroupMembership","description":"Audit Group Membership","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditGroupMembership","get":"Result/Audit/AccountLogonLogoff_AuditGroupMembership"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"name":"AuditInsecureGuestLogon","description":"Audit insecure guest logon","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanServer","value":"AuditInsecureGuestLogon"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"5c532b76-16c0-4a8c-ac67-015b93f458dc","name":"AuditIPsecDriver","description":"Audit IPsec Driver","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/System_AuditIPsecDriver","get":"Result/Audit/System_AuditIPsecDriver"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"e1174067-f117-4d7f-9584-fd93eedd566f","name":"AuditLogoff","description":"Audit Logoff","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditLogoff","get":"Result/Audit/AccountLogonLogoff_AuditLogoff"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"5b5ac074-b108-4acf-aeca-5baabc276538","name":"AuditLogon","description":"Audit Logon","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditLogon","get":"Result/Audit/AccountLogonLogoff_AuditLogon"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"f6c7cdd1-b504-4e9e-a272-1aa2f441daa3","name":"AuditMPSSVCRuleLevelPolicyChange","description":"Audit MPSSVC Rule-Level Policy Change","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange","get":"Result/Audit/PolicyChange_AuditMPSSVCRuleLevelPolicyChange"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"fa518c7b-96bc-45e6-8fee-2c99186a010d","name":"AuditOtherLogonLogoffEvents","description":"Audit Other Logon/Logoff Events","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents","get":"Result/Audit/AccountLogonLogoff_AuditOtherLogonLogoffEvents"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"acd96120-83a4-44a9-9e62-127012287e49","name":"AuditOtherObjectAccessEvents","description":"Audit Other Object Access Events","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditOtherObjectAccessEvents","get":"Result/Audit/ObjectAccess_AuditOtherObjectAccessEvents"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"3f78e74e-1601-4bcc-b2c0-5408642d4b81","name":"AuditOtherSystemEvents","description":"Audit Other System Events","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/System_AuditOtherSystemEvents","get":"Result/Audit/System_AuditOtherSystemEvents"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"5046d960-670d-4fef-973a-cf242a97147e","name":"AuditPnPExternalDevice","description":"Audit when plug and play detects an external device","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/DetailedTracking_AuditPNPActivity","get":"Result/Audit/DetailedTracking_AuditPNPActivity"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"enum":[1,3]}},{"id":"d5db6e13-eef5-45ac-a8f3-18a0b1fcd8f9","name":"AuditPolicyChange","description":"Audit Policy Change","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PolicyChange_AuditPolicyChange","get":"Result/Audit/PolicyChange_AuditPolicyChange"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"enum":[1,3]}},{"id":"6b3dc518-61f4-4a47-920c-0411674596a0","name":"AuditProcessCreatedOrStarted","description":"Audit events generated when a process is created or starts","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/DetailedTracking_AuditProcessCreation","get":"Result/Audit/DetailedTracking_AuditProcessCreation"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"enum":[1,3]}},{"id":"b88b1d85-5f3c-4235-91ab-6d8b5e767311","name":"AuditRemovableStorage","description":"Audit Removable Storage","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/ObjectAccess_AuditRemovableStorage","get":"Result/Audit/ObjectAccess_AuditRemovableStorage"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"515db7da-c244-445b-b093-cf3c09ad8970","name":"AuditSecurityGroupManagement","description":"Audit Security Group Management","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountManagement_AuditSecurityGroupManagement","get":"Result/Audit/AccountManagement_AuditSecurityGroupManagement"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"761f9127-3d19-44af-87a2-09b10b21ecf2","name":"AuditSecurityStateChange","description":"Audit Security State Change","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/System_AuditSecurityStateChange","get":"Result/Audit/System_AuditSecurityStateChange"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"8042f614-f21e-4dca-ba3f-c8b25523b6b2","name":"AuditSecuritySystemExtension","description":"Audit Security System Extension","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/System_AuditSecuritySystemExtension","get":"Result/Audit/System_AuditSecuritySystemExtension"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"aa426f30-e6ff-4c6a-9d59-2ef82a504157","name":"AuditSensitivePrivilegeUse","description":"Audit Sensitive Privilege Use","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/PrivilegeUse_AuditSensitivePrivilegeUse","get":"Result/Audit/PrivilegeUse_AuditSensitivePrivilegeUse"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"name":"AuditServerDoesNotSupportEncryption","description":"Audit server does not support encryption","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"AuditServerDoesNotSupportEncryption"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"AuditServerDoesNotSupportSigning","description":"Audit server does not support signing","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"AuditServerDoesNotSupportSigning"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"1648f727-644b-4454-a472-b1a803342e8a","name":"AuditSettingsIncludeCmdLine","description":"Include command line in process creation events","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Audit","value":"ProcessCreationIncludeCmdLine_Enabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"8ee0776b-3b84-47bf-9594-e14e29fcc8ff","name":"AuditSpecialLogon","description":"Audit Special Logon","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountLogonLogoff_AuditSpecialLogon","get":"Result/Audit/AccountLogonLogoff_AuditSpecialLogon"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"enum":[1,3]}},{"id":"d5056b06-4651-4698-b5d2-83e6b092e471","name":"AuditSystemIntegrity","description":"Audit System Integrity","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/System_AuditSystemIntegrity","get":"Result/Audit/System_AuditSystemIntegrity"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"7e4d9fe1-eb3f-49ac-bb5b-d417df7e6d6c","name":"AuditUserAccountManagement","description":"Audit User Account Management","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Audit/AccountManagement_AuditUserAccountManagement","get":"Result/Audit/AccountManagement_AuditUserAccountManagement"}},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"id":"420cf8af-038e-4d06-89a4-aa8bfaec0191","name":"AutoplayDisallowAutoplayForNonVolumeDevices","description":"Disallow Autoplay for non-volume devices","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer","value":"NoAutoplayfornonVolume"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"7869ddef-04ab-4cc5-90f2-5e6fd1540cba","name":"AutoplaySetDefaultAutoRunBehavior","description":"Set the default behavior for AutoRun","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","value":"NoAutorun"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d0f025af-b24b-49ab-9b75-60f485ed5407","name":"AutoplayTurnOffAutoPlay","description":"Turn off Autoplay","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","value":"NoDriveTypeAutoRun"},"schema":{"type":"integer","enum":[181,255]},"default":255,"compliance":{"const":255}},{"id":"fc8a4401-ff7a-4a6d-add4-758acce6b76c","name":"BehaviorOfTheElevationPromptForAdministrators","description":"User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators"}},"schema":{"type":"integer","minimum":0,"maximum":5},"default":2,"compliance":{"minimum":1,"maximum":2}},{"id":"ea132d56-9c29-4d2a-bc92-fc81f616e540","name":"BehaviorOfTheElevationPromptForStandardUsers","description":"User Account Control: Behavior of the elevation prompt for standard users","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"Bitlocker_EncryptionMethodWithXtsFdv","description":"Choose drive encryption method and cipher strength MethodWithXtsFdv","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"EncryptionMethodWithXtsFdv"},"schema":{"type":"integer","maximum":7},"default":7,"compliance":{"const":7}},{"name":"Bitlocker_EncryptionMethodWithXtsOs","description":"Choose drive encryption method and cipher strength MethodWithXtsOs","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"EncryptionMethodWithXtsOs"},"schema":{"type":"integer","maximum":7},"default":7,"compliance":{"const":7}},{"name":"Bitlocker_EncryptionMethodWithXtsRdv","description":"Choose drive encryption method and cipher strength MethodWithXtsRdv","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"EncryptionMethodWithXtsRdv"},"schema":{"type":"integer","maximum":7},"default":7,"compliance":{"const":7}},{"name":"Bitlocker_FDVActiveDirectoryBackup","description":"Choose how BitLocker-protected fixed drives can be recovered FDVActiveDirectoryBackup","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVActiveDirectoryBackup"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_FDVActiveDirectoryInfoToStore","description":"Choose how BitLocker-protected fixed drives can be recovered FDVActiveDirectoryInfoToStore","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVActiveDirectoryInfoToStore"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_FDVHideRecoveryPage","description":"Choose how BitLocker-protected fixed drives can be recovered FDVHideRecoveryPage","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVHideRecoveryPage"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"Bitlocker_FDVManageDRA","description":"Choose how BitLocker-protected fixed drives can be recovered FDVManageDRA","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVManageDRA"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_FDVRecovery","description":"Choose how BitLocker-protected fixed drives can be recovered FDVRecovery","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVRecovery"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_FDVRecoveryKey","description":"Choose how BitLocker-protected fixed drives can be recovered FDVRecoveryKey","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVRecoveryKey"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"Bitlocker_FDVRecoveryPassword","description":"Choose how BitLocker-protected fixed drives can be recovered FDVRecoveryPassword","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVRecoveryPassword"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"Bitlocker_FDVRequireActiveDirectoryBackup","description":"Choose how BitLocker-protected operating system drives can be recovered FDVRequireActiveDirectoryBackup","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"FDVRequireActiveDirectoryBackup"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"Bitlocker_OSActiveDirectoryBackup","description":"Choose how BitLocker-protected operating system drives can be recovered OSActiveDirectoryBackup","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSActiveDirectoryBackup"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_OSActiveDirectoryInfoToStore","description":"Choose how BitLocker-protected operating system drives can be recovered OSActiveDirectoryInfoToStore","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSActiveDirectoryInfoToStore"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_OSHideRecoveryPage","description":"Choose how BitLocker-protected operating system drives can be recovered OSHideRecoveryPage","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSHideRecoveryPage"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"Bitlocker_OSManageDRA","description":"Choose how BitLocker-protected operating system drives can be recovered OSManageDRA","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSManageDRA"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_OSRecovery","description":"Choose how BitLocker-protected operating system drives can be recovered OSRecovery","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSRecovery"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"Bitlocker_OSRecoveryKey","description":"Choose how BitLocker-protected operating system drives can be recovered OSRecoveryKey","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSRecoveryKey"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"Bitlocker_OSRecoveryPassword","description":"Choose how BitLocker-protected operating system drives can be recovered OSRecoveryPassword","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSRecoveryPassword"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"Bitlocker_OSRequireActiveDirectoryBackup","description":"Choose how BitLocker-protected operating system drives can be recovered OSRequireActiveDirectoryBackup","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE","value":"OSRequireActiveDirectoryBackup"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"a15a5700-6efb-46af-bf52-1b1104f2aa20","name":"BlockConsumerMicrosoftAccounts","description":"Block all consumer Microsoft account user authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftAccount","value":"DisableUserAuth"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"BlockNetbiosDiscovery","description":"Block NetBIOS-based discovery for domain controller location","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters","value":"BlockNetbiosDiscovery"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"BlockNTLM","description":"Block NTLM (LM NTLM NTLMv2)","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"BlockNTLM"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"minimum":0,"maximum":1}},{"name":"BlockNTLMServerExceptionList","description":"Block NTLM Server Exception List","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"BlockNTLMServerExceptionList"},"schema":{"type":"string","metaType":"multistring"},"compliance":{"oneOf":[{"const":""},{"const":null}]}},{"id":"7470f80e-a3d3-4ca9-84e8-7a97a317b2e1","name":"ClearVirtualMemoryPageFile","description":"Shutdown: Clear virtual memory pagefile","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile","get":"Result/LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"ConfigureKernelShadowStacksLaunch","description":"Turn On Virtualization Based Security | KernelShadowStackLaunch","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard","value":"ConfigureKernelShadowStacksLaunch"},"schema":{"type":"integer","minimum":0,"maximum":3},"default":2,"compliance":{"minimum":1,"maximum":2}},{"name":"ConfigureSMBV1ClientDriver","description":"Configure SMB v1 client driver","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MrxSmb10","value":"Start"},"schema":{"type":"integer","minimum":0,"maximum":4},"default":4,"compliance":{"const":4}},{"id":"a002b800-92a4-45cb-bbee-76c91739ddff","name":"ConfigureSMBV1Server","description":"Disable SMB v1 server","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters","value":"SMB1"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"7b2c4a66-7e3a-421e-9e2b-ccb11762b20e","name":"ConnectivityDisableDownloadingOfPrintDriversOverHTTP","description":"Turn off downloading of print drivers over HTTP","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers","value":"DisableWebPnPDownload"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"357272d2-2018-455e-935c-8777473661dd","name":"ConnectivityProhibitInstallationAndConfigurationOfNetworkBridge","description":"Prohibit installation and configuration of Network Bridge on your DNS domain network","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Network Connections","value":"NC_AllowNetBridge_NLA"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"37e5e1d9-b9d2-454b-bf3f-124682309155","name":"CredentialProvidersAllowPINLogon","description":"Turn on convenience PIN sign-in","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"AllowDomainPINLogon"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"feb86a88-2259-4ba0-b68e-2dbb7a43b4ce","name":"CredentialsDelegationRemoteHostAllowsDelegationOfNonExportableCredentials","description":"Remote host allows delegation of non-exportable credentials","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CredentialsDelegation","value":"AllowProtectedCreds"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"be3a95af-edc4-4252-a1c0-6c74f3b5b8a7","name":"CredentialsUIDisablePasswordReveal","description":"Do not display the password reveal button","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CredUI","value":"DisablePasswordReveal"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"e6eab28a-1dc8-4fb5-b88b-4e10f239e67c","name":"CredentialsUIEnumerateAdministrators","description":"Enumerate administrator accounts on elevation","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\CredUI","value":"EnumerateAdministrators"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"20670f2c-01b1-4f5b-9dff-023c697babdb","name":"CredSspAllowEncryptionOracle","description":"Encryption Oracle Remediation for CredSSP protocol","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\CredSSP\\Parameters","value":"AllowEncryptionOracle"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"979ae5a3-dba6-47b1-9644-7e74ed6d7eae","name":"CryptographyAllowedKerberosEncryptionTypes","description":"Network Security: Configure encryption types allowed for Kerberos","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"SupportedEncryptionTypes"},"schema":{"type":"integer","const":2147483640},"default":2147483640,"compliance":{"const":2147483640}},{"name":"CryptographyEccCurve","description":"SSL Cryptography EccCurves","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL\\00010002","value":"EccCurves"},"schema":{"type":"array","metaType":"multistring","delimiter":",","items":{"type":"string","enum":["curve25519","NistP256","NistP384"]}},"default":"NistP256,NistP384","compliance":{"delimiter":",","items":{"enum":["NistP256","NistP384"]}}},{"id":"a07ccc0e-fc6a-48d7-a46c-9c7d464c5439","name":"CryptographyForceStrongKeyProtection","description":"System Cryptography: Force strong key protection for user keys stored on the computer","severity":"important","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Cryptography/ConfigureSystemCryptographyForceStrongKeyProtection","get":"Result/Cryptography/ConfigureSystemCryptographyForceStrongKeyProtection"}},"schema":{"type":"integer","minimum":1,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"CryptographySSLCipherSuites","description":"SSL Cryptography Cipher suites","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL\\00010002","value":"Functions"},"schema":{"type":"string","delimiter":",","items":{"enum":["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_NULL_SHA256","TLS_RSA_WITH_NULL_SHA","TLS_PSK_WITH_AES_256_GCM_SHA384","TLS_PSK_WITH_AES_128_GCM_SHA256","TLS_PSK_WITH_AES_256_CBC_SHA384","TLS_PSK_WITH_AES_128_CBC_SHA256","TLS_PSK_WITH_NULL_SHA384","TLS_PSK_WITH_NULL_SHA256"]}},"default":"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","compliance":{"delimiter":",","items":{"enum":["TLS_AES_128_GCM_SHA256","TLS_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"]}}},{"id":"19a185ff-1009-4079-937a-dace5e3c2f50","name":"DetectApplicationInstallationsAndPromptForElevation","description":"User Account Control: Detect application installations and prompt for elevation","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DeviceGuardLsaCfgFlags","description":"Turn on CredentialGuard","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa","value":"LsaCfgFlags"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"DeviceGuardRequireMicrosoftSignedBootChain","description":"Secured-Core Require MicrosoftSignedBootChain","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard","value":"RequireMicrosoftSignedBootChain"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DeviceGuardRequirePlatformSecurityFeatures","description":"Secured-Core Require Platform Security (Secure Boot, DMA)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceGuard/RequirePlatformSecurityFeatures","get":"Result/DeviceGuard/RequirePlatformSecurityFeatures"}},"schema":{"type":"integer","enum":[1,3]},"default":1,"compliance":{"enum":[1,3]}},{"name":"DeviceGuardRequireUEFIMemoryAttributesTable","description":"Secured-Core Require UEFI Memory Attribute Table","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceGuard","value":"HVCIMATRequired"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d11ed6f2-03ae-4deb-94d9-096b7e6789cb","name":"DeviceInstallationPreventDeviceMetadataFromNetwork","description":"Prevent device metadata retrieval from the Internet","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata","value":"PreventDeviceMetadataFromNetwork"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DeviceLockAccountLockoutPolicy","description":"Account lockout policy","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/AccountLockoutPolicy","get":"Result/DeviceLock/AccountLockoutPolicy"}},"schema":{"type":"string","allOf":[{"pattern":"ResetAccountLockoutCounterAfter:[1][5-9]|[2-9]\\d|[1-9]\\d{2,}"},{"pattern":"AccountLockoutDuration:[1][5-9]|[2-9]\\d|[1-9]\\d{2,}"},{"pattern":"AccountLockoutThreshold:[1-3]"}]},"default":"AccountLockoutDuration:15, AccountLockoutThreshold:3, ResetAccountLockoutCounterAfter:15","compliance":{"allOf":[{"pattern":"ResetAccountLockoutCounterAfter:[1][5-9]|[2-9]\\d|[1-9]\\d{2,}"},{"pattern":"AccountLockoutDuration:[1][5-9]|[2-9]\\d|[1-9]\\d{2,}"},{"pattern":"AccountLockoutThreshold:[1-3]"}]}},{"id":"adb052b7-c17e-4b8c-86b8-d81b6a89af20","name":"DeviceLockClearTextPassword","description":"Store passwords using reversible encryption","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/ClearTextPassword","get":"Result/DeviceLock/ClearTextPassword"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"d43b43ec-abd0-4420-ba8c-d4e53b057205","name":"DeviceLockMaximumPasswordAge","description":"Maximum password age","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/MaximumPasswordAge","get":"Result/DeviceLock/MaximumPasswordAge"}},"schema":{"type":"integer","minimum":1,"maximum":999},"default":42,"compliance":{"minimum":1,"maximum":70}},{"id":"bc9d4fef-9e33-48fc-bcbd-b53e60caf4a2","name":"DeviceLockMinDevicePasswordLength","description":"Minimum password length","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/MinDevicePasswordLength","get":"Result/DeviceLock/MinDevicePasswordLength"}},"schema":{"type":"integer","minimum":7,"maximum":99},"default":14,"compliance":{"minimum":14}},{"id":"45bdfbf8-155f-41f8-b9cf-72f1ba26c5be","name":"DeviceLockMinimumPasswordAge","description":"Minimum password age","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/MinimumPasswordAge","get":"Result/DeviceLock/MinimumPasswordAge"}},"schema":{"type":"integer","minimum":1,"maximum":998},"default":1,"compliance":{"minimum":1}},{"id":"299d1595-5ab2-4ef5-b287-6477c0df5178","name":"DeviceLockPasswordComplexity","description":"Password must meet complexity requirements","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/PasswordComplexity","get":"Result/DeviceLock/PasswordComplexity"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"dad8097d-db46-4df3-9839-a8504e60c878","name":"DeviceLockPasswordHistorySize","description":"Enforce password history","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DeviceLock/PasswordHistorySize","get":"Result/DeviceLock/PasswordHistorySize"}},"schema":{"type":"integer","minimum":0,"maximum":24},"default":24,"compliance":{"const":24}},{"name":"DeviceLockPreventEnablingLockScreenCamera","description":"Prevent enabling lock screen camera","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization","value":"NoLockScreenCamera"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DeviceLockPreventLockScreenSlideShow","description":"Prevent enabling lock screen slide show","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Personalization","value":"NoLockScreenSlideshow"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"41a8be7d-69bd-48f4-ae77-9568cf7b15d1","name":"DigitallySignCommunicationsAlwaysClient","description":"Microsoft network client: Digitally sign communications (always)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"032b5976-1c4b-4c68-bc5d-0c65e35306b2","name":"DigitallySignCommunicationsAlwaysServer","description":"Microsoft network server: Digitally sign communications (always)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"b625a003-d015-436e-89fb-fb2dfe71ae0f","name":"DigitallySignCommunicationsIfClientAgrees","description":"Microsoft network server: Digitally sign communications (if client agrees)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"342046f5-c7d3-46b7-96db-7e4be82542d3","name":"DigitallySignCommunicationsIfServerAgrees","description":"Microsoft network client: Digitally sign communications (if server agrees)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"21c5bcb7-432e-4eaa-a01a-0cda8db73e62","name":"DisableEnclosureDownloading","description":"Prevent downloading of enclosures","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds","value":"DisableEnclosureDownload"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DisableNameResolutionUsingNetbios","description":"Disabling Name Resolution using NETBIOS","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters","value":"EnableNetbios"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"16394616-4a4d-4416-9985-b8a3251eb70c","name":"DisableSMBv1Client","description":"Disable SMB v1 client (remove dependency on LanmanWorkstation)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation","value":"DependOnService"},"schema":{"type":"string","metaType":"multistring"},"default":"Bowser,MRxSmb20,NSI","compliance":{"delimiter":",","items":{"enum":["Bowser","MRxSmb20","NSI"]}}},{"id":"32899900-6b73-4cdd-906d-702e00bae698","name":"DisconnectClientsWhenLogonHoursExpire","description":"Microsoft network server: Disconnect clients when logon hours expire","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DmaGuardDeviceEnumerationPolicy","description":"Enumeration policy for external devices incompatible with Kernel DMA Protection","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/DmaGuard/DeviceEnumerationPolicy","get":"Result/DmaGuard/DeviceEnumerationPolicy"}},"schema":{"type":"integer","minimum":0,"maximum":2},"default":0,"compliance":{"enum":[0,1]}},{"id":"94276972-d64d-43bc-ae92-8b609f2d114b","name":"DnsClientTurn_Off_Multicast","description":"Turn off multicast name resolution","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient","value":"EnableMulticast"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"f1a63002-7ac3-11eb-9596-f5560b7cfdf8","name":"DODownloadMode","description":"Delivery Optimization: Download Mode Methods","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization","value":"DODownloadMode"},"schema":{"type":"integer","enum":[0,1,2,3,99,100]},"default":2,"compliance":{"enum":[0,1,2,99,100]}},{"id":"9503a7be-372f-4591-9dcd-f7de48b7f7e8","name":"DoNotAllowAnonymousEnumerationOfSAMAccounts","description":"Network access: Do not allow anonymous enumeration of SAM accounts","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"id":"87822480-3af9-4cf1-b0d2-93ceb957b129","name":"DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","description":"Network access: Do not allow anonymous enumeration of SAM accounts and shares","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication","description":"Network access: Do not allow storage of passwords and credentials for network authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa","value":"DisableDomainCreds"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"9e11215f-9b0b-4ca6-ad5b-d1a0c989af36","name":"DoNotDisplayLastSignedIn","description":"Interactive logon: Do not display last user name","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn","get":"Result/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"c2e85522-5e4f-4295-8111-5b2ab815af32","name":"DoNotRequireCTRLALTDEL","description":"Interactive logon: Do not require CTRL+ALT+DEL","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL","get":"Result/LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"EnableAuthEpResolution","description":"Enable RPC Endpoint Mapper Client Authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Rpc","value":"EnableAuthEpResolution"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"EnableAuthRateLimiter","description":"Enable authentication rate limiter","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanServer","value":"EnableAuthRateLimiter"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"name":"EnableAuthRateLimiterTimeout","description":"Enable authentication rate limiter (Delay Timeout)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanManServer\\Parameters","value":"InvalidAuthenticationDelayTimeInMs"},"schema":{"type":"integer","minimum":0,"maximum":5000},"default":2000,"compliance":{"minimum":2000,"maximum":5000}},{"id":"3270e2d2-c01d-49fe-baf7-950fb5bbe642","name":"EnabledNTPClient","description":"Enable Windows NTP Client","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\NtpClient","value":"Enabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d3d9ac7b-8bcc-42e8-8752-29902eda04dd","name":"EnableGuestAccountStatus","description":"Accounts: Guest account status","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus","get":"Result/LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"EnableMailslotsLanmanServer","description":"Enable remote mailslots (Lanman Server)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Browser","value":"EnableMailslots"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"EnableMailslotsLanmanWorkstation","description":"Enable remote mailslots (Lanman Workstation)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkProvider","value":"EnableMailslots"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"EnableNetbios","description":"Configure NetBIOS settings","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient","value":"EnableNetbios"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"2f9a914c-e88c-401b-9c21-5ddb94b31b4a","name":"EnableStructuredExceptionHandlingOverwriteProtection","description":"Enable Structured Exception Handling Overwrite Protection (SEHOP)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\kernel","value":"DisableExceptionChainValidation"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"EncryptNTFSPagingFile","description":"System Policies NtfsEncryptPagingFile","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies","value":"NtfsEncryptPagingFile"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"1b1dcdbf-d949-44da-b942-0fc2eb225985","name":"EventLogChannelSecurityLogRetention","description":"Security: Control Event Log behavior when the log file reaches its maximum size","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Security","value":"Retention"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"5bfb71c2-897f-4ccb-b7d5-7181b1f2527a","name":"EventLogChannelSetupLogMaxSize","description":"Setup: Specify the maximum log file size (KB)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Setup","value":"MaxSize"},"schema":{"type":"integer","minimum":32768},"default":32768,"compliance":{"minimum":32768}},{"id":"31f0541c-879f-473d-bf6b-e0aef89f0b45","name":"EventLogChannelSetupLogRetention","description":"Setup: Control Event Log behavior when the log file reaches its maximum size","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Setup","value":"Retention"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"8656ed1c-72e2-4d49-811b-aaec42521ae0","name":"EventLogChannelSystemLogRetention","description":"System: Control Event Log behavior when the log file reaches its maximum size","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\System","value":"Retention"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"ae110ac5-8387-464d-8790-e29ffce8f8d9","name":"EventLogPercentageThresholdSecurityEventLogMaximumSizeReached","description":"MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Security","value":"WarningLevel"},"schema":{"type":"integer","minimum":50,"maximum":90},"default":90,"compliance":{"minimum":50,"maximum":90}},{"id":"dec8589f-4e06-4a11-9c6c-2b1464f07075","name":"EventLogServiceControlEventLogBehavior","description":"Application: Control Event Log behavior when the log file reaches its maximum size","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Application","value":"Retention"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"e7e377d1-d6e0-4acc-a073-75b3243a646e","name":"EventLogServiceSpecifyMaximumFileSizeApplicationLog","description":"Application: Specify the maximum log file size (KB)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Application","value":"MaxSize"},"schema":{"type":"integer","minimum":32768},"default":32768,"compliance":{"minimum":32768}},{"id":"c139db2e-8dea-418e-bf7c-372ec0278e31","name":"EventLogServiceSpecifyMaximumFileSizeSecurityLog","description":"Security: Specify the maximum log file size (KB)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\Security","value":"MaxSize"},"schema":{"type":"integer","minimum":196608},"default":196608,"compliance":{"minimum":196608}},{"id":"3e20b64c-0356-4e95-ba4e-2ebd51e10bb9","name":"EventLogServiceSpecifyMaximumFileSizeSystemLog","description":"System: Specify the maximum log file size (KB)","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\EventLog\\System","value":"MaxSize"},"schema":{"type":"integer","minimum":32768},"default":32768,"compliance":{"minimum":32768}},{"id":"4e4d02fa-8f06-4dd3-a443-cce86dd8fb19","name":"ExperienceAllowWindowsConsumerFeatures","description":"Turn off Microsoft consumer experiences","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Experience/AllowWindowsConsumerFeatures","get":"Result/Experience/AllowWindowsConsumerFeatures"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"id":"dd3e3ed2-65d2-484f-b909-c9001e347671","name":"ExperienceDisableConsumerAccountStateContent","description":"Turn off cloud consumer account state content","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Experience/DisableConsumerAccountStateContent","get":"Result/Experience/DisableConsumerAccountStateContent"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"596d3922-71a7-49ce-b34b-1f5e63ff03da","name":"ExperienceDoNotShowFeedbackNotifications","description":"Do not show feedback notifications","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection","value":"DoNotShowFeedbackNotifications"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"a76d6552-cd22-4a2c-adc1-50f8705cad17","name":"FileExplorerTurnOffHeapTerminationOnCorruption","description":"Turn off heap termination on corruption","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer","value":"NoHeapTerminationOnCorruption"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"28b5cfb6-7548-44f9-9f43-a542644fa1fd","name":"FirewallPrivateProfileApplyLocalConnectionSecurityRules","description":"Windows Firewall: Private: Settings: Apply local connection security rules","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"AllowLocalIPsecPolicyMerge"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"a636e099-8e2b-4653-a2bb-3689c151f9cc","name":"FirewallPrivateProfileApplyLocalFirewallRules","description":"Windows Firewall: Private: Settings: Apply local firewall rules","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"AllowLocalPolicyMerge"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d177f27b-8d9b-4bb1-a45c-5f3a11384d1f","name":"FirewallPrivateProfileDisplayNotification","description":"Windows Firewall: Private: Settings: Display a notification","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"DisableNotifications"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"52bb00ec-987c-4f16-a81d-96ef84259bea","name":"FirewallPrivateProfileInboundConnection","description":"Windows Firewall: Private: Inbound connections","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"DefaultInboundAction"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"be3bba5f-7bd3-4574-b6c2-93341e01b8c0","name":"FirewallPrivateProfileLogDroppedPackets","description":"Windows Firewall: Private: Logging: Log dropped packets","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging","value":"LogDroppedPackets"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"c3bdeda2-0740-42b6-aac2-7d7234f3a557","name":"FirewallPrivateProfileLogFileMaxSize","description":"Windows Firewall: Private: Logging: Size limit (KB)","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging","value":"LogFileSize"},"schema":{"type":"integer","minimum":16384},"default":16384,"compliance":{"minimum":16384}},{"id":"4c40870a-fe76-4e52-a71c-8344d17a9bc3","name":"FirewallPrivateProfileLogFileName","description":"Windows Firewall: Private: Logging: Name","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging","value":"LogFilePath"},"schema":{"type":"string"},"default":"%SystemRoot%\\System32\\logfiles\\firewall\\privatefw.log","compliance":{"pattern":".log"}},{"id":"396f1552-406d-4b58-b4a6-fc56c75eb70a","name":"FirewallPrivateProfileLogSuccessfulConnections","description":"Windows Firewall: Private: Logging: Log successful connections","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile\\Logging","value":"LogSuccessfulConnections"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"c98cfb4e-113f-4a25-a080-ab1f7d0f8f38","name":"FirewallPrivateProfileOutboundConnection","description":"Windows Firewall: Private: Outbound connections","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"DefaultOutboundAction"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"c8e1851a-fb32-4197-a1c0-d9da262d37f1","name":"FirewallPrivateProfileState","description":"Windows Firewall: Private: Firewall state","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"EnableFirewall"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"3dcf28a5-e199-4b78-8933-7828dfde4b9d","name":"FirewallPrivateProfileUnicastResponse","description":"Windows Firewall: Private: Allow unicast response","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PrivateProfile","value":"DisableUnicastResponsesToMulticastBroadcast"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"10a43735-527c-46f0-a95c-954a8f9594dc","name":"FirewallPublicProfileApplyLocalConnectionSecurityRules","description":"Windows Firewall: Public: Settings: Apply local connection security rules","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"AllowLocalIPsecPolicyMerge"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"e82b54b4-ef4d-474c-b06e-036dd076cbec","name":"FirewallPublicProfileApplyLocalFirewallRules","description":"Windows Firewall: Public: Settings: Apply local firewall rules","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"AllowLocalPolicyMerge"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"f34e3441-5977-432b-899b-119fc66e1b08","name":"FirewallPublicProfileDisplayNotification","description":"Windows Firewall: Public: Settings: Display a notification","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"DisableNotifications"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d33c1242-a351-4a00-8a0c-0b50f44441ef","name":"FirewallPublicProfileInboundConnection","description":"Windows Firewall: Public: Inbound connections","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"DefaultInboundAction"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"4ef05db7-7bdc-4a89-b488-31893914e994","name":"FirewallPublicProfileLogDroppedPackets","description":"Windows Firewall: Public: Logging: Log dropped packets","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging","value":"LogDroppedPackets"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"8c115a38-7ea4-4aa8-9115-c78e31bdb411","name":"FirewallPublicProfileLogFileMaxSize","description":"Windows Firewall: Public: Logging: Size limit (KB)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging","value":"LogFileSize"},"schema":{"type":"integer","minimum":16384},"default":16384,"compliance":{"minimum":16384}},{"id":"2614f6be-da8e-4dbc-89d9-7ba4d63564c7","name":"FirewallPublicProfileLogFileName","description":"Windows Firewall: Public: Logging: Name","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging","value":"LogFilePath"},"schema":{"type":"string"},"default":"%SystemRoot%\\System32\\logfiles\\firewall\\publicfw.log","compliance":{"pattern":".log"}},{"id":"2f38577d-b711-4eb3-bdc8-b423fc013ed2","name":"FirewallPublicProfileLogSuccessfulConnections","description":"Windows Firewall: Public: Logging: Log successful connections","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile\\Logging","value":"LogSuccessfulConnections"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"753e721c-be46-47f4-9571-8509ca5c1e61","name":"FirewallPublicProfileOutboundConnection","description":"Windows Firewall: Public: Outbound connections","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"DefaultOutboundAction"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"5e33a15a-7db0-4a1d-b771-db3764f3a625","name":"FirewallPublicProfileState","description":"Windows Firewall: Public: Firewall state","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"EnableFirewall"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"b72cc850-f180-4479-abce-2b72815afead","name":"FirewallPublicProfileUnicastResponse","description":"Windows Firewall: Public: Allow unicast response","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\PublicProfile","value":"DisableUnicastResponsesToMulticastBroadcast"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"0179cc92-ef40-40b9-9aaa-41aaf3f9f355","name":"ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings","description":"Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings","get":"Result/LocalPoliciesSecurityOptions/Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"e588914e-fbb8-4926-9ccf-8ea781b07610","name":"GroupPolicyEnableCDP","description":"Continue experiences on this device","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"EnableCdp"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"99cd4fc9-bcf1-4def-8ce6-5a3c4ea8f8c9","name":"GroupPolicyNoBackgroundPolicy","description":"Configure registry policy processing: Do not apply during periodic background processing","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Group Policy\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}","value":"NoBackgroundPolicy"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"b2e8d5f9-3d4e-4b8b-b6a1-ddcd60f437b9","name":"GroupPolicyNoGPOListChanges","description":"Configure registry policy processing: Process even if the Group Policy objects have not changed","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Group Policy\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}","value":"NoGPOListChanges"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"0571e435-5c84-48bb-b1c9-6e7eae13715a","name":"ICMNC_ExitOnISP","description":"Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Internet Connection Wizard","value":"ExitOnMSICW"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"8718a173-58d6-42ab-a37d-0819c398b5f5","name":"ImpersonateClient","description":"Impersonate a client after authentication","severity":"important","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ImpersonateClient","get":"Result/UserRights/ImpersonateClient"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-6,*S-1-5-19,*S-1-5-20","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-6","*S-1-5-19","*S-1-5-20"]}}},{"id":"276603c5-bd48-407a-949f-6dbbb5b3f61d","name":"IPSourceRoutingProtectionLevel","description":"MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters","value":"DisableIPSourceRouting"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"id":"d0b4769e-bbfa-4fe0-b6e8-1fd4977d76dd","name":"IPv6SourceRoutingProtectionLevel","description":"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters","value":"DisableIPSourceRouting"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"name":"KDCHashAlgorithms","description":"Configure hash algorithms for certificate logon (KDC)","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters","value":"PKINITHashAlgorithmConfigurationEnabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KDCHashAlgorithmsSHA1","description":"Configure hash algorithms for certificate logon (KDC) - SHA1","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters","value":"PKINITSHA1"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KDCHashAlgorithmsSHA256","description":"Configure hash algorithms for certificate logon (KDC) - SHA256","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters","value":"PKINITSHA256"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KDCHashAlgorithmsSHA384","description":"Configure hash algorithms for certificate logon (KDC) - SHA384","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters","value":"PKINITSHA384"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KDCHashAlgorithmsSHA512","description":"Configure hash algorithms for certificate logon (KDC) - SHA512","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\KDC\\Parameters","value":"PKINITSHA512"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KerberosHashAlgorithms","description":"Configure hash algorithms for certificate logon (Kerberos)","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"PKInitHashAlgorithmConfigurationEnabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KerberosHashAlgorithmsSHA1","description":"Configure hash algorithms for certificate logon (Kerberos) - SHA1","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"PKInitSHA1"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KerberosHashAlgorithmsSHA256","description":"Configure hash algorithms for certificate logon (Kerberos) - SHA256","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"PKInitSHA256"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KerberosHashAlgorithmsSHA384","description":"Configure hash algorithms for certificate logon (Kerberos) - SHA384","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"PKInitSHA384"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"KerberosHashAlgorithmsSHA512","description":"Configure hash algorithms for certificate logon (Kerberos) - SHA512","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters","value":"PKInitSHA512"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"315cc7e3-7252-47ce-af2f-9abf243fac16","name":"LANManagerAuthenticationLevel","description":"Network security: LAN Manager authentication level","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel"}},"schema":{"type":"integer","minimum":0,"maximum":5},"default":5,"compliance":{"const":5}},{"id":"09ed81b2-8dba-4009-84f9-dcfd6009ed0d","name":"LanmanWorkstationEnableInsecureGuestLogons","description":"Enable insecure guest logons","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LanmanWorkstation/EnableInsecureGuestLogons","get":"Result/LanmanWorkstation/EnableInsecureGuestLogons"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"4ff2ed85-48d7-4e38-bdb8-6c7df3286882","name":"LDAPClientSigningRequirements","description":"Network security: LDAP client signing requirements","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_LDAPClientSigningRequirements","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_LDAPClientSigningRequirements"}},"schema":{"type":"integer","minimum":0,"maximum":2},"default":1,"compliance":{"minimum":1,"maximum":2}},{"id":"f97fe90f-c009-4139-8562-9893e9c49b44","name":"LetEveryonePermissionsApplyToAnonymousUsers","description":"Network access: Let Everyone permissions apply to anonymous users","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"3715ec67-6cd4-49c0-8c82-27001a0e332b","name":"LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","description":"Accounts: Limit local account use of blank passwords to console logon only","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","get":"Result/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"name":"LogOnAsBatchJob","description":"Log on as a batch job","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/LogOnAsBatchJob","get":"Result/UserRights/LogOnAsBatchJob"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-551,*S-1-5-32-559","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-551","*S-1-5-32-559"]},"unevaluatedItems":false}},{"name":"LogOnAsService","description":"Log on as a service","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/LogOnAsService","get":"Result/UserRights/LogOnAsService"}},"schema":{"type":"string"},"default":"*S-1-5-80-0,*S-1-5-83-0,*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-80-0","*S-1-5-83-0","*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"cac31d47-c8ea-440f-af85-7697f483b21e","name":"LogonBlockUserFromShowingAccountDetailsOnSignin","description":"Block user from showing account details on sign-in","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"BlockUserFromShowingAccountDetailsOnSignin"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"LSAPPLProtection","description":"Enable LSA PPL Protection","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa","value":"RunAsPPL"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"minimum":1,"maximum":2}},{"id":"691b418f-e20e-4d4a-b084-3b7563f38879","name":"MachineInactivityLimit","description":"Interactive logon: Machine inactivity limit","severity":"important","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit","get":"Result/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit"}},"schema":{"type":"integer","minimum":0,"maximum":900},"default":900,"compliance":{"minimum":1,"maximum":900}},{"id":"36f1578b-8702-488a-b213-6e30963e8958","name":"MessageTextUserLogon","description":"Interactive logon: Message text for users attempting to log on","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"LegalNoticeText"},"schema":{"type":"string"},"compliance":{"not":{"oneOf":[{"const":""},{"const":null}]}}},{"id":"80cb1237-8de9-4124-b6bc-b077e67f2557","name":"MessageTextUserLogonTitle","description":"Interactive logon: Message title for users attempting to log on","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"LegalNoticeCaption"},"schema":{"type":"string"},"compliance":{"not":{"oneOf":[{"const":""},{"const":null}]}}},{"id":"2a074d39-eee4-4bfe-b1e7-4132c033a762","name":"MinimumSessionSecurityForNTLMSSPBasedClients","description":"Network security: Minimum session security for NTLM SSP based (including secure RPC) clients","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients"}},"schema":{"type":"integer"},"default":537395200,"compliance":{"const":537395200}},{"id":"6ed9ad58-c9de-4a8b-9512-8fe5421ac8a7","name":"MinimumSessionSecurityForNTLMSSPBasedServers","description":"Network security: Minimum session security for NTLM SSP based (including secure RPC) servers","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers"}},"schema":{"type":"integer"},"default":537395200,"compliance":{"const":537395200}},{"name":"MinimumSMBClientVersion","description":"Mandate the minimum version of SMB Client","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"MinSmb2Dialect"},"schema":{"type":"integer","enum":[514,528,768,770,785]},"default":768,"compliance":{"enum":[768,770,785]}},{"name":"MinimumSMBServerVersion","description":"Mandate the minimum version of SMB Server","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanServer","value":"MinSmb2Dialect"},"schema":{"type":"integer","enum":[514,528,768,770,785]},"default":768,"compliance":{"enum":[768,770,785]}},{"name":"MitigationOptionsFontBlocking","description":"WindowsNT MitigationOptions MitigationOptions FontBocking","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\MitigationOptions","value":"MitigationOptions_FontBocking"},"schema":{"type":"string","oneOf":[{"const":"0"},{"const":"1000000000000"}]},"default":"1000000000000","compliance":{"const":"1000000000000"}},{"id":"d1a15c43-08e0-4d7f-a3f1-e8253fa2083e","name":"NetBTNodeTypeConfiguration","description":"NetBT NodeType configuration","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT\\Parameters","value":"NodeType"},"schema":{"type":"integer","minimum":1,"maximum":2}},{"id":"4b2ea54f-7c16-4490-8687-cc52c3135b7e","name":"NetworkConnectionsNC_ShowSharedAccessUI","description":"Prohibit use of Internet Connection Sharing on your DNS domain network","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Network Connections","value":"NC_ShowSharedAccessUI"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"NetworkSecurityForceLogoffWhenLogonHoursExpire","description":"Network security: Force logoff when logon hours expire","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkSecurity_ForceLogoffWhenLogonHoursExpire","get":"Result/LocalPoliciesSecurityOptions/NetworkSecurity_ForceLogoffWhenLogonHoursExpire"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"600ea254-773b-43b5-be89-ca8221e96279","name":"OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","description":"User Account Control: Only elevate UIAccess applications that are installed in secure locations","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"OSPlatformValidation_UEFI_Enabled","description":"Configure TPM platform validation profile for native UEFI firmware configurations","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\OSPlatformValidation_UEFI","value":"Enabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"OverrideMinimumEnabledDTLSVersionClient","description":"Override Minimum Enabled DTLS Version Client","severity":"important","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Cryptography/OverrideMinimumEnabledDTLSVersionClient","get":"Result/Cryptography/OverrideMinimumEnabledDTLSVersionClient"}},"schema":{"type":"string","oneOf":[{"const":"1.0"},{"const":"1.1"},{"const":"1.2"}]},"default":"1.2","compliance":{"const":"1.2"}},{"name":"OverrideMinimumEnabledDTLSVersionServer","description":"Override Minimum Enabled DTLS Version Server","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Cryptography/OverrideMinimumEnabledDTLSVersionServer","get":"Result/Cryptography/OverrideMinimumEnabledDTLSVersionServer"}},"schema":{"type":"string","oneOf":[{"const":"1.0"},{"const":"1.1"},{"const":"1.2"}]},"default":"1.2","compliance":{"const":"1.2"}},{"name":"OverrideMinimumEnabledTLSVersionClient","description":"Override Minimum Enabled TLS Version Client","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Cryptography/OverrideMinimumEnabledTLSVersionClient","get":"Result/Cryptography/OverrideMinimumEnabledTLSVersionClient"}},"schema":{"type":"string","oneOf":[{"const":"1.1"},{"const":"1.1"},{"const":"1.2"},{"const":"1.3"}]},"default":"1.2","compliance":{"oneOf":[{"const":"1.2"},{"const":"1.3"}]}},{"name":"OverrideMinimumEnabledTLSVersionServer","description":"Override Minimum Enabled TLS Version Server","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Cryptography/OverrideMinimumEnabledTLSVersionServer","get":"Result/Cryptography/OverrideMinimumEnabledTLSVersionServer"}},"schema":{"type":"string","oneOf":[{"const":"1.1"},{"const":"1.1"},{"const":"1.2"},{"const":"1.3"}]},"default":"1.2","compliance":{"oneOf":[{"const":"1.2"},{"const":"1.3"}]}},{"id":"181da750-0ecf-4af3-8724-ab1d6718fd6b","name":"PowerShellExecutionPolicyEnableTranscripting","description":"Turn on PowerShell Transcription","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\Transcription","value":"EnableTranscripting"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"5502808d-7049-4378-b9f7-038b70777483","name":"PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters","description":"Devices: Prevent users from installing printer drivers","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters","get":"Result/LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"id":"514725e3-fa3e-4f3a-9d58-a31449937003","name":"PrintersRestrictDriverInstallationToAdministrators","description":"Limits print driver installation to Administrators","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint","value":"RestrictDriverInstallationToAdministrators"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"11ca2201-2673-4f04-bad3-3265e1a53a5b","name":"PrivacyAllowInputPersonalization","description":"Allow Input Personalization","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/Privacy/AllowInputPersonalization","get":"Result/Privacy/AllowInputPersonalization"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"032b9c30-0082-4199-b1ae-2f1fcafd59c6","name":"PromptUserToChangePasswordBeforeExpiration","description":"Interactive logon: Prompt user to change password before expiration","severity":"informational","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/InteractiveLogon_PromptUserToChangePasswordBeforeExpiration","get":"Result/LocalPoliciesSecurityOptions/InteractiveLogon_PromptUserToChangePasswordBeforeExpiration"}},"schema":{"type":"integer","minimum":5,"maximum":14},"default":14,"compliance":{"minimum":5,"maximum":14}},{"id":"ea1bbc42-7c24-4ced-8ea7-7b16ff4763b5","name":"RDPPortNumber","description":"Detect change from default RDP port","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp","value":"PortNumber"},"schema":{"type":"integer","minimum":1024,"maximum":65535},"default":3389,"compliance":{"const":3389}},{"name":"RecoveryConsoleAllowFloppyCopyAndAllDrives","description":"Recovery console: Allow floppy copy and access to all drives and all folders","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders","get":"Result/LocalPoliciesSecurityOptions/RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"b17eabc0-5d73-4861-acc8-d5b97bc53f12","name":"RemoteAssistanceSolicitedRemoteAssistance","description":"Configure Solicited Remote Assistance","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"fAllowToGetHelp"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"7450d70c-391d-4932-be4a-3f3bfecc0eb5","name":"RemoteAssistanceUnsolicitedRemoteAssistance","description":"Configure Offer Remote Assistance","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"fAllowUnsolicited"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"93c677e7-e7c8-49c4-bb46-d40dad88f17b","name":"RemoteDesktopServicesClientConnectionEncryptionLevel","description":"Set client connection encryption level","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"MinEncryptionLevel"},"schema":{"type":"integer","minimum":1,"maximum":4},"default":3,"compliance":{"minimum":3,"maximum":4}},{"id":"3085af32-217a-4e4b-ba6c-a81c342f8d2c","name":"RemoteDesktopServicesDoNotAllowDriveRedirection","description":"Do not allow drive redirection","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"fDisableCdm"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"0979b47f-fbbf-46ad-8def-768256fa012a","name":"RemoteDesktopServicesDoNotAllowPasswordSaving","description":"Do not allow passwords to be saved","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"DisablePasswordSaving"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"d9794f70-e03c-40e5-a812-d2878c0eb6d5","name":"RemoteDesktopServicesPromptForPasswordUponConnection","description":"Always prompt for password upon connection","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"fPromptForPassword"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"01d9a108-3379-4c5a-8236-1a724bcccff1","name":"RemoteDesktopServicesRequireSecureRPCCommunication","description":"Require secure RPC communication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"fEncryptRPCTraffic"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"116b0718-b9fb-4b6f-855d-05c6ca97369e","name":"RemotelyAccessibleRegistryPaths","description":"Network access: Remotely accessible registry paths","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_RemotelyAccessibleRegistryPaths","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_RemotelyAccessibleRegistryPaths"}},"schema":{"type":"string","metaType":"multistring"},"default":"System\\CurrentControlSet\\Control\\ProductOptions,System\\CurrentControlSet\\Control\\Server Applications,Software\\Microsoft\\Windows NT\\CurrentVersion","compliance":{"oneOf":[{"const":"System\\CurrentControlSet\\Control\\ProductOptions,System\\CurrentControlSet\\Control\\Server Applications,Software\\Microsoft\\Windows NT\\CurrentVersion"},{"const":""}]}},{"id":"e261ce65-922a-4573-b2f4-eaf7633cd97c","name":"RemotelyAccessibleRegistryPathsAndSubpaths","description":"Network access: Remotely accessible registry paths and sub-paths","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths"}},"schema":{"type":"string","metaType":"multistring"},"default":"System\\CurrentControlSet\\Control\\Print\\Printers,System\\CurrentControlSet\\Services\\Eventlog,Software\\Microsoft\\OLAP Server,Software\\Microsoft\\Windows NT\\CurrentVersion\\Print,Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows,System\\CurrentControlSet\\Control\\ContentIndex,System\\CurrentControlSet\\Control\\Terminal Server,System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig,System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration,Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib,System\\CurrentControlSet\\Services\\SysmonLog","compliance":{"oneOf":[{"const":"System\\CurrentControlSet\\Control\\Print\\Printers,System\\CurrentControlSet\\Services\\Eventlog,Software\\Microsoft\\OLAP Server,Software\\Microsoft\\Windows NT\\CurrentVersion\\Print,Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows,System\\CurrentControlSet\\Control\\ContentIndex,System\\CurrentControlSet\\Control\\Terminal Server,System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig,System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration,Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib,System\\CurrentControlSet\\Services\\SysmonLog"},{"const":""}]}},{"id":"abb1bcab-f4da-4a9c-be63-7564a0bca7b8","name":"RemoteManagementAllowBasicAuthentication_Client","description":"Remote management (WinRM) Allow Basic authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client","value":"AllowBasic"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"RemoteManagementAllowBasicAuthentication_Service","description":"Remote management (WinRM) Allow Basic authentication - Service","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"AllowBasic"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"name":"RemoteManagementAllowRemoteServerManagement","description":"Allow remote server management through WinRM","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"AllowAutoConfig"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"RemoteManagementAllowRemoteServerManagement_IPv4Filter","description":"Allow remote server management through WinRM-IPv4Filter","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"IPv4Filter"},"schema":{"type":"string"},"default":"*","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*"}}]}},{"name":"RemoteManagementAllowRemoteServerManagement_IPv6Filter","description":"Allow remote server management through WinRM-IPv6Filter","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"IPv6Filter"},"schema":{"type":"string"},"default":"*","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*"}}]}},{"id":"2785f384-9901-4c9d-8dca-8ff2b5068fde","name":"RemoteManagementAllowUnencryptedTraffic_Client","description":"Remote management (WinRM) Allow unencrypted traffic","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client","value":"AllowUnencryptedTraffic"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"RemoteManagementAllowUnencryptedTraffic_Service","description":"Remote management (WinRM) Allow unencrypted traffic - Service","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"AllowUnencryptedTraffic"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"34edb7eb-697c-4be9-8830-5aa5b031372e","name":"RemoteManagementDisallowDigestAuthentication","description":"Remote management (WinRM) Disallow Digest authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Client","value":"AllowDigest"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"5fc2dc21-a630-45ee-a62d-5e3d87a45a84","name":"RemoteManagementDisallowStoringOfRunAsCredentials","description":"Remote management (WinRM) Disallow WinRM from storing RunAs credentials","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WinRM\\Service","value":"DisableRunAs"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"RemoteProcedureCallRestrictUnauthenticatedRPCClients","description":"Restrict Unauthenticated RPC clients","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Rpc","value":"RestrictRemoteClients"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"e8b0cc71-407d-4de9-a8db-4c60ef3ac70a","name":"RenameAdministratorAccount","description":"Accounts: Rename administrator account","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount","get":"Result/LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount"}},"schema":{"type":"string"},"compliance":{"not":{"const":"Administrator"}}},{"id":"a1272685-6a0d-4008-9d40-fc5c83a8fd8f","name":"RenameGuestAccount","description":"Accounts: Rename guest account","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount","get":"Result/LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount"}},"schema":{"type":"string"},"compliance":{"not":{"const":"Guest"}}},{"id":"0be33574-5e6c-4cfe-8b84-18819338eb6e","name":"RequireCaseInsensitivityForNonWindowsSubsystems","description":"System objects: Require case insensitivity for non-Windows subsystems","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems","get":"Result/LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"name":"RequireEncryption","description":"Require Encryption","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LanmanWorkstation","value":"RequireEncryption"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"minimum":0,"maximum":1}},{"name":"RequirePasswordWhenComputerWakesOnBattery","description":"Require a password when a computer wakes (on battery)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51","value":"DCSettingIndex"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"RequirePasswordWhenComputerWakesPluggedIn","description":"Require a password when a computer wakes (plugged in)","severity":"informational","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Power\\PowerSettings\\0e796bdb-100d-47d6-a2d5-f7d2daa51f51","value":"ACSettingIndex"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"RequireWindowsHelloForBusinessOrSmartCard","description":"Interactive logon: Require Windows Hello for Business or smart card","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"ScForceOption"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"const":0}},{"id":"f55109a7-2248-4c55-a7b0-bebdcb9530d5","name":"RestrictAnonymousAccessToNamedPipesAndShares","description":"Network access: Restrict anonymous access to Named Pipes and Shares","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"oneOf":[{"const":1},{"const":null}]}},{"id":"e4c0c45f-6a72-4e66-b792-32a4ebf36f1c","name":"RestrictClientsAllowedToMakeRemoteCallsToSAM","description":"Network access: Restrict clients allowed to make remote calls to SAM","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM"}},"schema":{"type":"string"},"default":"O:BAG:BAD:(A;;RC;;;BA)","compliance":{"oneOf":[{"const":"O:BAG:BAD:(A;;RC;;;BA)"},{"const":""}]}},{"id":"1d099cbe-a327-42cd-9562-9896389c4263","name":"RunAllAdministratorsInAdminApprovalMode","description":"User Account Control: Run all administrators in Admin Approval Mode","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"e1b7d5ea-8e40-47ae-b53e-910959c6649e","name":"SafeDllSearchMode","description":"MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager","value":"SafeDllSearchMode"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"SAMRPCPasswordChangePolicy","description":"Configure SAM change password RPC methods policy","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\SAM","value":"SamrChangeUserPasswordApiPolicy"},"schema":{"type":"integer","minimum":0,"maximum":2},"default":2,"compliance":{"const":2}},{"id":"484c747f-1418-4c27-a944-c3b1e1690b33","name":"SearchAllowIndexingEncryptedStoresOrItems","description":"Allow indexing of encrypted files","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search","value":"AllowIndexingEncryptedStoresOrItems"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"a14a2808-588b-4233-b342-9dc1cecf2b0a","name":"SendUnencryptedPasswordToThirdPartySMBServers","description":"Microsoft network client: Send unencrypted password to third-party SMB servers","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"e9118234-b52b-4b54-ae1a-893a63fe859d","name":"ServerSPNTargetNameValidationLevel","description":"Microsoft network server: Server SPN target name validation level","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel","get":"Result/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel"}},"schema":{"type":"integer","minimum":0,"maximum":1}},{"id":"ee6b9d20-8c62-4f14-8719-a425e09244ed","name":"SharesThatCanBeAccessedAnonymously","description":"Network access: Shares that can be accessed anonymously","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_SharesThatCanBeAccessedAnonymously","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_SharesThatCanBeAccessedAnonymously"}},"schema":{"type":"string","metaType":"multistring"},"compliance":{"oneOf":[{"const":""},{"const":null}]}},{"id":"3e42b5fc-08b2-4a9a-ad80-dafe9033cbc3","name":"SharingAndSecurityModelForLocalAccounts","description":"Network access: Sharing and security model for local accounts","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/NetworkAccess_SharingAndSecurityModelForLocalAccounts","get":"Result/LocalPoliciesSecurityOptions/NetworkAccess_SharingAndSecurityModelForLocalAccounts"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"b2538b69-4020-4d50-9f63-581b673a014c","name":"ShellDataExecutionPrevention","description":"Turn off Data Execution Prevention for Explorer","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer","value":"NoDataExecutionPrevention"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"id":"6907b165-e70a-4b88-b624-3e32a15c93b1","name":"ShutdownSystemImmediatelyIfUnableToLogSecurityAudits","description":"Audit: Shut down system immediately if unable to log security audits","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits","get":"Result/LocalPoliciesSecurityOptions/Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"SideChannel_AttackMitigation_FeatureSettingsOverride","description":"Configuring speculative execution side-channel mitigation FeatureSettingsOverride","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management","value":"FeatureSettingsOverride"},"schema":{"type":"integer","minimum":0,"maximum":83886152},"default":83886152,"compliance":{"const":83886152}},{"name":"SideChannel_AttackMitigation_FeatureSettingsOverride_Mask","description":"Configuring speculative execution side-channel mitigation FeatureSettingsOverrideMask","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management","value":"FeatureSettingsOverrideMask"},"schema":{"type":"integer","minimum":0,"maximum":3},"default":3,"compliance":{"const":3}},{"name":"SideChannel_AttackMitigation_Virtualization_MinVmVersionForCpuBasedMitigations","description":"Protect against microarchitectural and execution side-channel vulnerabilities","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Virtualization","value":"MinVmVersionForCpuBasedMitigations"},"schema":{"type":"string"},"default":"1.0","compliance":{"const":"1.0"}},{"name":"SmartCardRemovalBehavior","description":"Interactive logon: Smart card removal behavior","severity":"important","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior","get":"Result/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior"}},"schema":{"type":"string","minimum":1,"maximum":2},"default":"1","compliance":{"const":1}},{"id":"1e3ae441-8bd6-4736-94aa-ac56a430131c","name":"SmartScreenEnableSmartScreenInShell","description":"Configure Windows Defender SmartScreen","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"EnableSmartScreen"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"SmartScreenPreventOverrideForFilesInShell","description":"Configure Windows Defender SmartScreen - Warn and Prevent bypass (Added)","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"ShellSmartScreenLevel"},"schema":{"type":"string","oneOf":[{"const":"Warn"},{"const":"Block"}]},"default":"Block","compliance":{"const":"Block"}},{"id":"8db231ff-6c9a-46f8-84de-ebea4507ffe9","name":"StrengthenDefaultPermissionsOfInternalSystemObjects","description":"System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects","get":"Result/LocalPoliciesSecurityOptions/SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"21a9a771-ef63-419c-bee4-8619f19a77ff","name":"SwitchToTheSecureDesktopWhenPromptingForElevation","description":"User Account Control: Switch to the secure desktop when prompting for elevation","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"14afe28a-6199-49ff-9789-dabb89ed714e","name":"SystemAllowTelemetry","description":"Allow Diagnostic Data","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection","value":"AllowTelemetry"},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"minimum":0,"maximum":1}},{"id":"3c336cee-a852-4673-82e9-c7e130af7bc7","name":"SystemBootStartDriverInitialization","description":"Boot-Start Driver Initialization Policy","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\EarlyLaunch","value":"DriverLoadPolicy"},"schema":{"type":"integer","enum":[1,3,7,8]},"default":3,"compliance":{"oneOf":[{"const":8},{"const":1},{"const":3},{"const":null}]}},{"id":"2b36f636-e882-4b90-92c1-1f55f325053b","name":"SystemEnableSoftwareRestrictionPolicies","description":"System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers","value":"AuthenticodeEnabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"8191b0f8-0855-491f-9ded-7260dc79af3e","name":"SystemMinimizeInternetConnections","description":"Minimize the number of simultaneous connections to the Internet or a Windows Domain","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WcmSvc\\GroupPolicy","value":"fMinimizeConnections"},"schema":{"type":"integer","minimum":0,"maximum":3},"default":1,"compliance":{"const":1}},{"id":"843079e3-4803-4b52-8b36-c554c4623204","name":"SystemWindowsSearchService","description":"Disable Windows Search Service","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wsearch","value":"Start"},"schema":{"type":"integer","minimum":0,"maximum":4},"default":4,"compliance":{"const":4}},{"id":"28b43132-0b7f-4839-9116-8c33ac9ee424","name":"TerminalServerTS_TEMP_DELETE","description":"Do not delete temp folders upon exit","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"DeleteTempDirsOnExit"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"832730a2-cc1f-4f77-bb8c-6315d210666f","name":"TerminalServerTS_TEMP_PER_SESSION","description":"Do not use temporary folders per session","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"PerSessionTempDir"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"a5a0d2d3-909d-4954-a083-4fb40fcdc181","name":"TerminalServerTS_USER_AUTHENTICATION_POLICY","description":"Require user authentication for remote connections by using Network Level Authentication","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services","value":"UserAuthentication"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"TurnOff_Windows_Error_Reporting","description":"Turn off Windows Error Reporting","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Error Reporting","value":"Disabled"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"TurnOffPrintingOverHTTP","description":"Turn off printing over HTTP","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers","value":"DisableHTTPPrinting"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"967531f7-69cd-4a38-a517-3ebf4e5284cd","name":"UseAdminApprovalMode","description":"User Account Control: Admin Approval Mode for the Built-in Administrator account","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"131ecdaf-4a45-44ef-8d8e-eb7f4acf2fa6","name":"UserRightsAccessCredentialManagerAsTrustedCaller","description":"Access Credential Manager as a trusted caller","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/AccessCredentialManagerAsTrustedCaller","get":"Result/UserRights/AccessCredentialManagerAsTrustedCaller"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"3f2d92c2-5850-4f2d-b245-f5089aa975dd","name":"UserRightsAccessFromNetwork","description":"Access this computer from the network","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/AccessFromNetwork","get":"Result/UserRights/AccessFromNetwork"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-11","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-11"]}}},{"id":"c7f8ee96-6b8e-47e8-80b1-2e0985edeafd","name":"UserRightsActAsPartOfTheOperatingSystem","description":"Act as part of the operating system","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ActAsPartOfTheOperatingSystem","get":"Result/UserRights/ActAsPartOfTheOperatingSystem"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"f1943ce4-9d62-4aff-aa89-d8ddcab0173e","name":"UserRightsAdjustMemoryQuotasForProcess","description":"Adjust memory quotas for a process","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/AdjustMemoryQuotasForProcess","get":"Result/UserRights/AdjustMemoryQuotasForProcess"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-19,*S-1-5-20","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-19","*S-1-5-20"]}}},{"id":"051545a4-179e-4c04-9e9b-8f33821ef36f","name":"UserRightsAllowLocalLogOn","description":"Allow log on locally","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/AllowLocalLogOn","get":"Result/UserRights/AllowLocalLogOn"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]}}},{"id":"574f0e8d-83ca-4a46-a6cd-8dd062ab32dd","name":"UserRightsAllowLogOnThroughRemoteDesktop","description":"Allow log on through Remote Desktop Services","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/AllowLogOnThroughRemoteDesktop","get":"Result/UserRights/AllowLogOnThroughRemoteDesktop"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-555","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-555"]}}},{"id":"877cfb8a-1504-4641-9caf-405768ff91f4","name":"UserRightsBackupFilesAndDirectories","description":"Back up files and directories","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/BackupFilesAndDirectories","get":"Result/UserRights/BackupFilesAndDirectories"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-551","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-551","*S-1-5-32-549"]}}},{"id":"a30f6d7d-f3dc-442c-8a1f-921123c6250c","name":"UserRightsBypassTraverseChecking","description":"Bypass traverse checking","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/BypassTraverseChecking","get":"Result/UserRights/BypassTraverseChecking"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-11,*S-1-5-32-551,*S-1-5-19,*S-1-5-20","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-11","*S-1-5-32-551","*S-1-5-19","*S-1-5-20"]}}},{"id":"8b6f479f-13a9-40d1-a2d6-bd9c27d2b7dc","name":"UserRightsChangeSystemTime","description":"Change the system time","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ChangeSystemTime","get":"Result/UserRights/ChangeSystemTime"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-549,*S-1-5-19","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-549","*S-1-5-19"]}}},{"id":"8ed0c2c5-af57-4434-9ae8-fe93bc39bfd0","name":"UserRightsChangeTimeZone","description":"Change the time zone","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ChangeTimeZone","get":"Result/UserRights/ChangeTimeZone"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-19","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-19"]}}},{"id":"c0a4a0ed-1585-4857-8e2b-30b1bb48c6ea","name":"UserRightsCreateGlobalObjects","description":"Create global objects","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/CreateGlobalObjects","get":"Result/UserRights/CreateGlobalObjects"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-6,*S-1-5-19,*S-1-5-20","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-6","*S-1-5-19","*S-1-5-20"]}}},{"id":"04251e82-4442-4923-ac77-992891a5042b","name":"UserRightsCreatePageFile","description":"Create a pagefile","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/CreatePageFile","get":"Result/UserRights/CreatePageFile"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"03766d3c-81c2-438e-8192-91787f2ae69a","name":"UserRightsCreatePermanentSharedObjects","description":"Create permanent shared objects","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/CreatePermanentSharedObjects","get":"Result/UserRights/CreatePermanentSharedObjects"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"e97bdde4-ccec-42e6-a17f-7993cb03a0d6","name":"UserRightsCreateSymbolicLinks","description":"Create symbolic links","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/CreateSymbolicLinks","get":"Result/UserRights/CreateSymbolicLinks"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-85-0","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-85-0"]}}},{"id":"d3f866fb-8adf-4ec6-adc7-93bb9ebcccdd","name":"UserRightsCreateToken","description":"Create a token object","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/CreateToken","get":"Result/UserRights/CreateToken"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"f7d5fa8e-54ed-4e3e-a531-8ed38114bdab","name":"UserRightsDebugPrograms","description":"Debug programs","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DebugPrograms","get":"Result/UserRights/DebugPrograms"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"fbe348fd-0402-4e31-8482-66ae9ae82ea2","name":"UserRightsDenyAccessFromNetwork","description":"Deny access to this computer from the network","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DenyAccessFromNetwork","get":"Result/UserRights/DenyAccessFromNetwork"}},"schema":{"type":"string"},"default":"*S-1-5-32-546","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*S-1-5-32-546"}}]}},{"id":"b7432fc2-51ba-4ddf-83dd-ca7f92e670c1","name":"UserRightsDenyLocalLogOn","description":"Deny log on locally","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DenyLocalLogOn","get":"Result/UserRights/DenyLocalLogOn"}},"schema":{"type":"string"},"default":"*S-1-5-32-546","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*S-1-5-32-546"}}]}},{"id":"49258884-b2f0-4a4e-b66a-6954bb8473bf","name":"UserRightsDenyLogOnAsBatchJob","description":"Deny log on as a batch job","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DenyLogOnAsBatchJob","get":"Result/UserRights/DenyLogOnAsBatchJob"}},"schema":{"type":"string"},"default":"*S-1-5-32-546","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*S-1-5-32-546"}}]}},{"id":"3b993f8f-245d-4f4e-9e8b-f94cbc71c3f6","name":"UserRightsDenyLogOnAsService","description":"Deny log on as a service","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DenyLogOnAsService","get":"Result/UserRights/DenyLogOnAsService"}},"schema":{"type":"string"},"default":"*S-1-5-32-546","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*S-1-5-32-546"}}]}},{"id":"60e0c2c9-0b14-44fe-83d6-2b7095e06674","name":"UserRightsDenyRemoteDesktopServicesLogOn","description":"Deny log on through Remote Desktop Services","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/DenyRemoteDesktopServicesLogOn","get":"Result/UserRights/DenyRemoteDesktopServicesLogOn"}},"schema":{"type":"string"},"default":"*S-1-5-32-546","compliance":{"delimiter":",","allOf":[{"contains":{"const":"*S-1-5-32-546"}}]}},{"id":"045634b9-61c9-414f-ad91-74dcfee9c076","name":"UserRightsEnableDelegation","description":"Enable computer and user accounts to be trusted for delegation","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/EnableDelegation","get":"Result/UserRights/EnableDelegation"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"46e66c68-266e-4bdc-9ebe-4c5164c0acfe","name":"UserRightsGenerateSecurityAudits","description":"Generate security audits","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/GenerateSecurityAudits","get":"Result/UserRights/GenerateSecurityAudits"}},"schema":{"type":"string"},"default":"*S-1-5-19,*S-1-5-20,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415","compliance":{"delimiter":",","items":{"enum":["*S-1-5-19","*S-1-5-20","*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415"]}}},{"id":"23d0f843-e7bf-40e9-82cb-6299b35e52ab","name":"UserRightsIncreaseProcessWorkingSet","description":"Increase a process working set","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/IncreaseProcessWorkingSet","get":"Result/UserRights/IncreaseProcessWorkingSet"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-19","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-19"]}}},{"id":"69a86f33-b475-407e-a09f-55e78ca4e473","name":"UserRightsIncreaseSchedulingPriority","description":"Increase scheduling priority","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/IncreaseSchedulingPriority","get":"Result/UserRights/IncreaseSchedulingPriority"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-90-0"]}}},{"id":"50f4447d-0bdd-4e8c-ba06-2e0b22ec5d04","name":"UserRightsLoadUnloadDeviceDrivers","description":"Load and unload device drivers","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/LoadUnloadDeviceDrivers","get":"Result/UserRights/LoadUnloadDeviceDrivers"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]}}},{"id":"6e635d8c-3496-4c66-b734-c46ebccc5d38","name":"UserRightsLockMemory","description":"Lock pages in memory","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/LockMemory","get":"Result/UserRights/LockMemory"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"5d72b92f-e6b0-4898-b24a-49241c3a70a4","name":"UserRightsManageAuditingAndSecurityLog","description":"Manage auditing and security log","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ManageAuditingAndSecurityLog","get":"Result/UserRights/ManageAuditingAndSecurityLog"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"506fa45a-f043-46b0-bca9-da87e2f2618b","name":"UserRightsManageVolume","description":"Perform volume maintenance tasks","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ManageVolume","get":"Result/UserRights/ManageVolume"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"910405d5-3ee9-427c-baf1-77c69c7c209d","name":"UserRightsModifyFirmwareEnvironment","description":"Modify firmware environment values","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ModifyFirmwareEnvironment","get":"Result/UserRights/ModifyFirmwareEnvironment"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"25c07385-c03d-4f61-b4d2-13852635abb7","name":"UserRightsModifyObjectLabel","description":"Modify an object label","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ModifyObjectLabel","get":"Result/UserRights/ModifyObjectLabel"}},"schema":{"type":"string"},"default":"","compliance":{"const":""}},{"id":"aec3dc3b-3625-47ea-8e11-fef4b1be8adb","name":"UserRightsProfileSingleProcess","description":"Profile single process","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ProfileSingleProcess","get":"Result/UserRights/ProfileSingleProcess"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"e61c2d81-389a-4e59-bf19-2a6db7a0dc0b","name":"UserRightsProfileSystemPerformance","description":"Profile system performance","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ProfileSystemPerformance","get":"Result/UserRights/ProfileSystemPerformance"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"]}}},{"id":"3531261f-1644-4d10-9242-8e35ef386a83","name":"UserRightsRemoteShutdown","description":"Force shutdown from a remote system","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/RemoteShutdown","get":"Result/UserRights/RemoteShutdown"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"08a4b141-c737-404e-8617-9830268e8bfa","name":"UserRightsReplaceProcessLevelToken","description":"Replace a process level token","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ReplaceProcessLevelToken","get":"Result/UserRights/ReplaceProcessLevelToken"}},"schema":{"type":"string"},"default":"*S-1-5-19,*S-1-5-20","compliance":{"delimiter":",","items":{"enum":["*S-1-5-19","*S-1-5-20"]}}},{"id":"1baa8699-ca1c-466b-b17c-f8eab728b0ee","name":"UserRightsRestoreFilesAndDirectories","description":"Restore files and directories","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/RestoreFilesAndDirectories","get":"Result/UserRights/RestoreFilesAndDirectories"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-551","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-551"]}}},{"id":"ef0eefbb-e845-47f3-af9a-3409296d3264","name":"UserRightsShutDownTheSystem","description":"Shut down the system","severity":"warning","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/ShutDownTheSystem","get":"Result/UserRights/ShutDownTheSystem"}},"schema":{"type":"string"},"default":"*S-1-5-32-544,*S-1-5-32-551","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544","*S-1-5-32-551"]}}},{"id":"b8841a6a-97b1-485b-9f3c-e5ccef30d2e6","name":"UserRightsTakeOwnership","description":"Take ownership of files or other objects","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/UserRights/TakeOwnership","get":"Result/UserRights/TakeOwnership"}},"schema":{"type":"string"},"default":"*S-1-5-32-544","compliance":{"delimiter":",","items":{"enum":["*S-1-5-32-544"]},"unevaluatedItems":false}},{"id":"61f7469c-c76a-4265-b84f-d838adb06436","name":"VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","description":"User Account Control: Virtualize file and registry write failures to per-user locations","severity":"critical","provider":{"type":"csp","name":"./Vendor/MSFT/Policy","path":{"set":"Config/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","get":"Result/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations"}},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"94cc076f-0e88-4398-ac29-d0dc7170303f","name":"WindowsExplorerShellProtocolProtectedModeTitle_2","description":"Turn off shell protocol protected mode","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer","value":"PreXPSP2ShellProtocolBehavior"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":0,"compliance":{"oneOf":[{"const":0},{"const":null}]}},{"name":"WindowsHelloAntiSpoofing","description":"Configure enhanced anti-spoofing","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Biometrics\\FacialFeatures","value":"EnhancedAntiSpoofing"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"b784a87e-4aa2-4f61-8b3f-38abff6dac22","name":"WindowsLogonAllowAutomaticRestartSignOn","description":"Sign-in last interactive user automatically after a system-initiated restart","severity":"critical","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"DisableAutomaticRestartSignOn"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"WindowsLogonConfigAutomaticRestartSignOn","description":"Sign-in and lock last interactive user automatically after a restart","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System","value":"AutomaticRestartSignOnConfig"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"bea7aff2-db2d-4db7-bf47-0e475db398a3","name":"WindowsLogonDisableLockScreenAppNotifications","description":"Turn off app notifications on the lock screen","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"DisableLockScreenAppNotifications"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"1ce9d867-2a1f-4e0d-8ee9-bc3606f9302c","name":"WindowsLogonDontDisplayNetworkSelectionUI","description":"Do not display network selection UI","severity":"warning","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System","value":"DontDisplayNetworkSelectionUI"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"id":"b5c7204a-96b7-4fb9-a7fa-5201b89f5146","name":"WindowsPowerShellTurnOnPowerShellScriptBlockLogging","description":"Turn on PowerShell Script Block Logging","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging","value":"EnableScriptBlockLogging"},"schema":{"type":"integer","minimum":0,"maximum":1},"default":1,"compliance":{"const":1}},{"name":"WinVerityTrustSignatureValidationVulnerabilityMitigation1","description":"WinVerifyTrust Signature Validation vulnerability Mitigation 1","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Wintrust\\Config","value":"EnableCertPaddingCheck"},"schema":{"type":"string","minimum":0,"maximum":1},"default":"1","compliance":{"const":1}},{"name":"WinVerityTrustSignatureValidationVulnerabilityMitigation2","description":"WinVerifyTrust Signature Validation vulnerability Mitigation 2","severity":"important","provider":{"type":"registry","path":"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Cryptography\\Wintrust\\Config","value":"EnableCertPaddingCheck"},"schema":{"type":"string","minimum":0,"maximum":1},"default":"1","compliance":{"const":1}}],"alias":{"get":"msftinventory","set":"msftpolicies"},"context":"device"} '@ } # SIG # Begin signature block # MIIoOwYJKoZIhvcNAQcCoIIoLDCCKCgCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAeYD9Sz8qi9Ppe # 4h9FWj6o79572bwbmNU6R3wjmG6CnqCCDYUwggYDMIID66ADAgECAhMzAAAEA73V # lV0POxitAAAAAAQDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTEzWhcNMjUwOTExMjAxMTEzWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCfdGddwIOnbRYUyg03O3iz19XXZPmuhEmW/5uyEN+8mgxl+HJGeLGBR8YButGV # LVK38RxcVcPYyFGQXcKcxgih4w4y4zJi3GvawLYHlsNExQwz+v0jgY/aejBS2EJY # oUhLVE+UzRihV8ooxoftsmKLb2xb7BoFS6UAo3Zz4afnOdqI7FGoi7g4vx/0MIdi # kwTn5N56TdIv3mwfkZCFmrsKpN0zR8HD8WYsvH3xKkG7u/xdqmhPPqMmnI2jOFw/ # /n2aL8W7i1Pasja8PnRXH/QaVH0M1nanL+LI9TsMb/enWfXOW65Gne5cqMN9Uofv # ENtdwwEmJ3bZrcI9u4LZAkujAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU6m4qAkpz4641iK2irF8eWsSBcBkw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMjkyNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AFFo/6E4LX51IqFuoKvUsi80QytGI5ASQ9zsPpBa0z78hutiJd6w154JkcIx/f7r # EBK4NhD4DIFNfRiVdI7EacEs7OAS6QHF7Nt+eFRNOTtgHb9PExRy4EI/jnMwzQJV # NokTxu2WgHr/fBsWs6G9AcIgvHjWNN3qRSrhsgEdqHc0bRDUf8UILAdEZOMBvKLC # rmf+kJPEvPldgK7hFO/L9kmcVe67BnKejDKO73Sa56AJOhM7CkeATrJFxO9GLXos # oKvrwBvynxAg18W+pagTAkJefzneuWSmniTurPCUE2JnvW7DalvONDOtG01sIVAB # +ahO2wcUPa2Zm9AiDVBWTMz9XUoKMcvngi2oqbsDLhbK+pYrRUgRpNt0y1sxZsXO # raGRF8lM2cWvtEkV5UL+TQM1ppv5unDHkW8JS+QnfPbB8dZVRyRmMQ4aY/tx5x5+ # sX6semJ//FbiclSMxSI+zINu1jYerdUwuCi+P6p7SmQmClhDM+6Q+btE2FtpsU0W # +r6RdYFf/P+nK6j2otl9Nvr3tWLu+WXmz8MGM+18ynJ+lYbSmFWcAj7SYziAfT0s # IwlQRFkyC71tsIZUhBHtxPliGUu362lIO0Lpe0DOrg8lspnEWOkHnCT5JEnWCbzu # iVt8RX1IV07uIveNZuOBWLVCzWJjEGa+HhaEtavjy6i7MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGgwwghoIAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAQDvdWVXQ87GK0AAAAA # BAMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJQ1 # afaIVBSdlja3ZB7SEly5+MeEL2dF7oPlRHDGQaiaMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAFu3inyroo3suOSsirvlri7YPcLZjt7mKf4dK # gpKRyMjfIV1Pe8oxaxA9enYRatbmeJjT+Dd/jU/NnbHozVWR6NxMwWmcy3vsLzr8 # 65Al+yk3+uDTCFt2I+4RIdReXzmTD4Myfuye3fAI7DVowOIQGTNhqtdd88oVXNc4 # u/IS+xCUmSbhWVB0y8tn/0f477M25KUL+AYNetY5YRKhHewWVEE5DtJBCmqW5cs8 # /6YHroHmi+vnoF5FxE+2cvU7xR3+jtANRGYHcSEpvVmaVbaZOdkM0qPV32jIf1rC # ZW0b0sfpV88VPC0EyKaaPZ5MLrvKb5ntL3rLo3RTgIHqyga98aGCF5YwgheSBgor # BgEEAYI3AwMBMYIXgjCCF34GCSqGSIb3DQEHAqCCF28wghdrAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCAFjHVT+2ou9aS3zpvSDzIczarZ4DpOJfj3 # ByJm7LKx+AIGZzu0DJUoGBMyMDI0MTExOTAyMTkzMi4xNDlaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046OTYwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHsMIIHIDCCBQigAwIBAgITMwAAAe+JP1ahWMyo2gAB # AAAB7zANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzEyMDYxODQ1NDhaFw0yNTAzMDUxODQ1NDhaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTYwMC0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjC1jinwzgHwhOakZqy17o # E4BIBKsm5kX4DUmCBWI0lFVpEiK5mZ2Kh59soL4ns52phFMQYGG5kypCipungwP9 # Nob4VGVE6aoMo5hZ9NytXR5ZRgb9Z8NR6EmLKICRhD4sojPMg/RnGRTcdf7/TYvy # M10jLjmLyKEegMHfvIwPmM+AP7hzQLfExDdqCJ2u64Gd5XlnrFOku5U9jLOKk1y7 # 0c+Twt04/RLqruv1fGP8LmYmtHvrB4TcBsADXSmcFjh0VgQkX4zXFwqnIG8rgY+z # DqJYQNZP8O1Yo4kSckHT43XC0oM40ye2+9l/rTYiDFM3nlZe2jhtOkGCO6GqiTp5 # 0xI9ITpJXi0vEek8AejT4PKMEO2bPxU63p63uZbjdN5L+lgIcCNMCNI0SIopS4ga # VR4Sy/IoDv1vDWpe+I28/Ky8jWTeed0O3HxPJMZqX4QB3I6DnwZrHiKn6oE38tgB # TCCAKvEoYOTg7r2lF0Iubt/3+VPvKtTCUbZPFOG8jZt9q6AFodlvQntiolYIYtqS # rLyXAQIlXGhZ4gNcv4dv1YAilnbWA9CsnYh+OKEFr/4w4M69lI+yaoZ3L/t/UfXp # T/+yc7hS/FolcmrGFJTBYlS4nE1cuKblwZ/UOG26SLhDONWXGZDKMJKN53oOLSSk # 4ldR0HlsbT4heLlWlOElJQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFO1MWqKFwrCb # trw9P8A63bAVSJzLMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQAYGZa3aCDudbk9 # EVdkP8xcQGZuIAIPRx9K1CA7uRzBt80fC0aWkuYYhQMvHHJRHUobSM4Uw3zN7fHE # N8hhaBDb9NRaGnFWdtHxmJ9eMz6Jpn6KiIyi9U5Og7QCTZMl17n2w4eddq5vtk4r # RWOVvpiDBGJARKiXWB9u2ix0WH2EMFGHqjIhjWUXhPgR4C6NKFNXHvWvXecJ2WXr # JnvvQGXAfNJGETJZGpR41nUN3ijfiCSjFDxamGPsy5iYu904Hv9uuSXYd5m0Jxf2 # WNJSXkPGlNhrO27pPxgT111myAR61S3S2hc572zN9yoJEObE98Vy5KEM3ZX53cLe # fN81F1C9p/cAKkE6u9V6ryyl/qSgxu1UqeOZCtG/iaHSKMoxM7Mq4SMFsPT/8ieO # dwClYpcw0CjZe5KBx2xLa4B1neFib8J8/gSosjMdF3nHiyHx1YedZDtxSSgegeJs # i0fbUgdzsVMJYvqVw52WqQNu0GRC79ZuVreUVKdCJmUMBHBpTp6VFopL0Jf4Srgg # +zRD9iwbc9uZrn+89odpInbznYrnPKHiO26qe1ekNwl/d7ro2ItP/lghz0DoD7kE # GeikKJWHdto7eVJoJhkrUcanTuUH08g+NYwG6S+PjBSB/NyNF6bHa/xR+ceAYhcj # x0iBiv90Mn0JiGfnA2/hLj5evhTcAjCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNPMIICNwIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjk2MDAtMDVF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQBLcI81gxbea1Ex2mFbXx7ck+0g/6CBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6uYyiTAi # GA8yMDI0MTExODIxMzkyMVoYDzIwMjQxMTE5MjEzOTIxWjB2MDwGCisGAQQBhFkK # BAExLjAsMAoCBQDq5jKJAgEAMAkCAQACAU4CAf8wBwIBAAICE2IwCgIFAOrnhAkC # AQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEK # MAgCAQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAMooQ6b4ciUHS5Dnk7PVxjl8C # zz3IBnKzMCcm3LWGULlp49Eovd1uVg3ZeCLqm8maeXn7Ch/zmouAq3pfrjuhbxZ1 # 2xmMnTb9z2eOOa7T6RDvnTWC/H6QgnhgBPKZNZrWuZIiQ9b1YkBFcqmLwJiRtoLq # nNZmpB+lEt7k5KMKGHpxROLRM+oN5y+9G4GCAluH1QpZH7j52oRfq4hYOIsg2FDS # zn8JZuPgDhfHEgj9UdsRybvBcQahLjaRpO3We/vsNzrxdgp/MlQT+btSGW6c08cd # sIEOTNDLCgVvuV26PRUoldNpqqhP+soVfFb0Ms5F2el/DOWCgRm00cz26XRaCzGC # BA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # 74k/VqFYzKjaAAEAAAHvMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMx # DQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEICVPSrgJne/jJTV1GYo6QZbu # pko105swm/Bk9bZfw1XsMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQg8GEo # RbgWjfBTPT01DHZrQNtx2xfyOi8zkuLMeafJf6MwgZgwgYCkfjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAe+JP1ahWMyo2gABAAAB7zAiBCAxP4zm # UC1a4XIOlAak2KVoDi0plmxBlmFW+CAQcHkupDANBgkqhkiG9w0BAQsFAASCAgB2 # Cy+qBFTPgHY+U7lQy+2gCZ8sPVUaoujWCvUz3/ptjVpwM+NpM0CY44D3+oH/csEH # vAh9qsEIvw54yZyvSttZLRfUN2pBslNLghHdnChURkLSOaoZrSEZXHC3/avSJul+ # SLGPCM4K98ZY56bjKpzDpWvfWi+sTByfYGVE7IewYrd4q5jhlFPYfHFl74fqKbco # HznEv63yZg+prDDr2yS9T9WXsqzcpk0Dqo94qSG5RVWZJMO49YWlWlgWv4JGD7ex # Fz+HxVOIOnOnxdWaZEickq1FZm8aabjf+TVAxILZ4eJQGmAJW4bRPqI4Up9N7Kwq # 8NPxE+3KjC6WMZSG31D5z+cO+EvP6M/t8sqzpvB5Ja6MAF0qtLVb3G7rogpWR34x # fD1VVPm3kvhoo060xLsnCiUjcR3jP+XWw/HvhSMYy9gndcEoeGc5MrQEPnHRTmQD # WbeeLGDLAZHVPi8wp2J+nWgWDVA//5nQ2grpkVFMHdX2bC2R7jfn4EPCgliThJuL # ZkVykTan+3t493N6uV0VK0UVqQKo69USSIi6QoVqq719frFBOjps3eXJ/gNVe7h6 # 0L8HMciQYAQY8EefIyBciaCm7GmlwYsCjr4kb4e4g1iYQnNggZMYdv8LKuG9xxUI # /eCYIzGdnNCRRKfLI4w4D/X8bxOURzgweCMvXzDTfA== # SIG # End signature block |